kyma-project · kyma-bot · Oct 15, 2024 · Sep 10, 2024 · Sep 12, 2024 · Sep 12, 2024
@@ -64,6 +64,7 @@ const (
 	ConditionTypeRuntimeProvisioned       RuntimeConditionType = "Provisioned"
 	ConditionTypeRuntimeProvisionedDryRun RuntimeConditionType = "ProvisionedDryRun"
 	ConditionTypeRuntimeKubeconfigReady   RuntimeConditionType = "KubeconfigReady"
+	ConditionTypeOidcConfigured           RuntimeConditionType = "OidcConfigured"
 	ConditionTypeRuntimeConfigured        RuntimeConditionType = "Configured"
 	ConditionTypeAuditLogConfigured       RuntimeConditionType = "AuditlogConfigured"
 	ConditionTypeRuntimeDeprovisioned     RuntimeConditionType = "Deprovisioned"
@@ -100,6 +101,8 @@ const (
 	ConditionReasonAuditLogConfigured           = RuntimeConditionReason("AuditLogConfigured")
 	ConditionReasonAuditLogError                = RuntimeConditionReason("AuditLogErr")
 	ConditionReasonAuditLogMissingRegionMapping = RuntimeConditionReason("AuditLogMissingRegionMappingErr")
+	ConditionReasonOidcConfigured               = RuntimeConditionReason("OidcConfigured")
+	ConditionReasonOidcError                    = RuntimeConditionReason("OidcConfigurationErr")
 )
 
 //+kubebuilder:object:root=true
@@ -164,7 +167,7 @@ type Kubernetes struct {
 }
 
 type APIServer struct {
-	OidcConfig           gardener.OIDCConfig    `json:"oidcConfig"`
+	OidcConfig           gardener.OIDCConfig    `json:"oidcConfig,omitempty"`
 	AdditionalOidcConfig *[]gardener.OIDCConfig `json:"additionalOidcConfig,omitempty"`
 }
 

@@ -26,16 +26,17 @@ import (
 
 	"github.com/gardener/gardener/pkg/apis/core/v1beta1"
 	gardener_apis "github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1"
+	gardener_oidc "github.com/gardener/oidc-webhook-authenticator/apis/authentication/v1alpha1"
 	"github.com/go-playground/validator/v10"
 	infrastructuremanagerv1 "github.com/kyma-project/infrastructure-manager/api/v1"
 	"github.com/kyma-project/infrastructure-manager/internal/auditlogging"
+	"github.com/kyma-project/infrastructure-manager/internal/config"
 	kubeconfig_controller "github.com/kyma-project/infrastructure-manager/internal/controller/kubeconfig"
 	"github.com/kyma-project/infrastructure-manager/internal/controller/metrics"
 	runtime_controller "github.com/kyma-project/infrastructure-manager/internal/controller/runtime"
 	"github.com/kyma-project/infrastructure-manager/internal/controller/runtime/fsm"
 	"github.com/kyma-project/infrastructure-manager/internal/gardener"
 	"github.com/kyma-project/infrastructure-manager/internal/gardener/kubeconfig"
-	"github.com/kyma-project/infrastructure-manager/internal/gardener/shoot"
 	"github.com/pkg/errors"
 	rbacv1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -58,6 +59,7 @@ func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 	utilruntime.Must(infrastructuremanagerv1.AddToScheme(scheme))
 	utilruntime.Must(rbacv1.AddToScheme(scheme))
+	utilruntime.Must(gardener_oidc.AddToScheme(scheme))
 	//+kubebuilder:scaffold:scheme
 }
 
@@ -163,7 +165,7 @@ func main() {
 	getReader := func() (io.Reader, error) {
 		return os.Open(converterConfigFilepath)
 	}
-	var converterConfig shoot.ConverterConfig
+	var converterConfig config.Config
 	if err = converterConfig.Load(getReader); err != nil {
 		setupLog.Error(err, "unable to load converter configuration")
 		os.Exit(1)
@@ -175,7 +177,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	err = validateAuditLogConfiguration(converterConfig.AuditLog.TenantConfigPath)
+	err = validateAuditLogConfiguration(converterConfig.ConverterConfig.AuditLog.TenantConfigPath)
 	if err != nil {
 		setupLog.Error(err, "invalid Audit Log configuration")
 		os.Exit(1)
@@ -184,7 +186,7 @@ func main() {
 	cfg := fsm.RCCfg{
 		Finalizer:         infrastructuremanagerv1.Finalizer,
 		ShootNamesapace:   gardenerNamespace,
-		ConverterConfig:   converterConfig,
+		Config:            converterConfig,
 		AuditLogMandatory: auditLogMandatory,
 	}
 	if shootSpecDumpEnabled {
@@ -240,13 +242,19 @@ func initGardenerClients(kubeconfigPath string, namespace string) (client.Client
 		return nil, nil, nil, err
 	}
 
-	shootClient := gardenerClientSet.Shoots(namespace)
-	dynamicKubeconfigAPI := gardenerClient.SubResource("adminkubeconfig")
-
 	err = v1beta1.AddToScheme(gardenerClient.Scheme())
 	if err != nil {
 		return nil, nil, nil, errors.Wrap(err, "failed to register Gardener schema")
 	}
+
+	err = gardener_oidc.AddToScheme(gardenerClient.Scheme())
+	if err != nil {
+		return nil, nil, nil, errors.Wrap(err, "failed to register Gardener schema")
+	}
+
+	shootClient := gardenerClientSet.Shoots(namespace)
+	dynamicKubeconfigAPI := gardenerClient.SubResource("adminkubeconfig")
+
 	return gardenerClient, shootClient, dynamicKubeconfigAPI, nil
 }
 

@@ -279,8 +279,6 @@ spec:
                                   the value '-'.
                                 type: string
                             type: object
-                        required:
-                        - oidcConfig
                         type: object
                       version:
                         type: string

@@ -7,6 +7,7 @@ require (
 	github.com/gardener/gardener-extension-provider-aws v1.56.1
 	github.com/gardener/gardener-extension-provider-gcp v1.37.0
 	github.com/gardener/gardener-extension-provider-openstack v1.41.0
+	github.com/gardener/oidc-webhook-authenticator v0.31.0
 	github.com/go-logr/logr v1.4.2
 	github.com/go-playground/validator/v10 v10.22.0
 	github.com/onsi/ginkgo/v2 v2.20.2
@@ -25,24 +26,25 @@ require (
 require (
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
 	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.2 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect
@@ -58,9 +60,9 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_model v0.6.0 // indirect
-	github.com/prometheus/common v0.48.0 // indirect
-	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.54.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
@@ -77,11 +79,12 @@ require (
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.30.1 // indirect
 	k8s.io/klog/v2 v2.120.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )
@@ -91,4 +94,5 @@ replace (
 	golang.org/x/sys => golang.org/x/sys v0.21.0
 	golang.org/x/text => golang.org/x/text v0.16.0
 	golang.org/x/tools => golang.org/x/tools v0.22.0
+	gopkg.in/square/go-jose.v2 => github.com/go-jose/go-jose/v4 v4.0.4
 )