Add organization members resource on organization creation

apiserver/organization/create.go

@@ -3,11 +3,14 @@ package organization
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	orgv1 "github.com/appuio/control-api/apis/organization/v1"
+	controlv1 "github.com/appuio/control-api/apis/v1"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apiserver/pkg/endpoints/request"
 	"k8s.io/apiserver/pkg/registry/rest"
 )
 
@@ -45,5 +48,37 @@ func (s *organizationStorage) create(ctx context.Context, org *orgv1.Organizatio
 		return nil, fmt.Errorf("failed to create organization: %w", err)
 	}
 
+	orgMembers := newOrganizationMembers(ctx, org.Name, "")
+
+	if err := s.members.CreateMembers(ctx, orgMembers); err != nil {
+		// rollback
+		_, deleteErr := s.namepaces.DeleteNamespace(ctx, org.Name, nil)
+		if deleteErr != nil {
+			err = fmt.Errorf("%w and failed to clean up namespace: %s", err, deleteErr.Error())
+		}
+		return nil, fmt.Errorf("failed to create organization: %w", err)
+
+	}
+
 	return org, nil
 }
+
+func newOrganizationMembers(ctx context.Context, organization, usernamePrefix string) *controlv1.OrganizationMembers {
+	userRefs := []controlv1.UserRef{}
+	user, ok := request.UserFrom(ctx)
+	if ok {
+		userRefs = append(userRefs, controlv1.UserRef{
+			ID: strings.TrimPrefix(user.GetName(), usernamePrefix),
+		})
+	}
+
+	return &controlv1.OrganizationMembers{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "members",
+			Namespace: organization,
+		},
+		Spec: controlv1.OrganizationMembersSpec{
+			UserRefs: userRefs,
+		},
+	}
+}

apiserver/organization/create_test.go

@@ -77,6 +77,8 @@ func TestOrganizationStorage_Create(t *testing.T) {
 			os, mnp, mauth := newMockedOrganizationStorage(ctrl)
 			mrb := mock.NewMockroleBindingCreator(ctrl)
 			os.rbac = mrb
+			mmemb := mock.NewMockmemberProvider(ctrl)
+			os.members = mmemb
 			mauth.EXPECT().
 				Authorize(gomock.Any(), isAuthRequest("create")).
 				Return(tc.authDecision.decision, tc.authDecision.reason, tc.authDecision.err).
@@ -89,6 +91,10 @@ func TestOrganizationStorage_Create(t *testing.T) {
 				CreateRoleBindings(gomock.Any(), gomock.Any()).
 				Return(nil).
 				AnyTimes()
+			mmemb.EXPECT().
+				CreateMembers(gomock.Any(), gomock.Any()).
+				Return(nil).
+				AnyTimes()
 
 			nopValidate := func(ctx context.Context, obj runtime.Object) error {
 				return nil

apiserver/organization/members.go

@@ -0,0 +1,24 @@
+package organization
+
+import (
+	"context"
+
+	controlv1 "github.com/appuio/control-api/apis/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// memberProvider is an abstraction for interacting with the OrganizationMembers Object
+//go:generate go run github.com/golang/mock/mockgen -source=$GOFILE -destination=./mock/$GOFILE
+type memberProvider interface {
+	CreateMembers(ctx context.Context, members *controlv1.OrganizationMembers) error
+}
+
+type kubeMemberProvider struct {
+	Client client.Client
+
+	usernamePrefix string
+}
+
+func (k kubeMemberProvider) CreateMembers(ctx context.Context, members *controlv1.OrganizationMembers) error {
+	return k.Client.Create(ctx, members)
+}

apiserver/organization/organization.go

@@ -4,6 +4,7 @@ import (
 	"errors"
 
 	orgv1 "github.com/appuio/control-api/apis/organization/v1"
+	controlv1 "github.com/appuio/control-api/apis/v1"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -26,6 +27,10 @@ func New(clusterRoles *[]string) restbuilder.ResourceHandlerProvider {
 		if err != nil {
 			return nil, err
 		}
+		err = controlv1.AddToScheme(c.Scheme())
+		if err != nil {
+			return nil, err
+		}
 		return &organizationStorage{
 			namepaces: &kubeNamespaceProvider{
 				Client: c,
@@ -37,12 +42,16 @@ func New(clusterRoles *[]string) restbuilder.ResourceHandlerProvider {
 				Client:       c,
 				ClusterRoles: *clusterRoles,
 			},
+			members: kubeMemberProvider{
+				Client: c,
+			},
 		}, nil
 	}
 }
 
 type organizationStorage struct {
 	namepaces  namespaceProvider
+	members    memberProvider
 	authorizer rbacAuthorizer
 
 	rbac         roleBindingCreator