update Gitea client, readme + token controller

controllers/pkg/giteaclient/giteaclient.go

@@ -56,37 +56,35 @@ func (r *gc) Start(ctx context.Context) {
 	LOOP:
 		time.Sleep(5 * time.Second)
 
+		gitURL, ok := os.LookupEnv("GIT_URL")
+		if !ok {
+			r.l.Error(fmt.Errorf("git url not defined"), "cannot connect to git server")
+			goto LOOP
+		}
+
+		namespace := os.Getenv("POD_NAMESPACE")
+		if gitNamesapce, ok := os.LookupEnv("GIT_NAMESPACE"); ok {
+			namespace = gitNamesapce
+		}
+		secretName := "git-user-secret"
+		if gitSecretName, ok := os.LookupEnv("GIT_SECRET_NAME"); ok {
+			namespace = gitSecretName
+		}
+
 		// get secret that was created when installing gitea
 		secret := &corev1.Secret{}
 		if err := r.client.Get(ctx, types.NamespacedName{
-			Namespace: os.Getenv("GIT_NAMESPACE"),
-			Name:      os.Getenv("GIT_SECRET_NAME"),
+			Namespace: namespace,
+			Name:      secretName,
 		},
 			secret); err != nil {
 			r.l.Error(err, "cannot get secret")
 			goto LOOP
 		}
 
-		service := &corev1.Service{}
-		if err := r.client.Get(ctx, types.NamespacedName{
-			Namespace: os.Getenv("GIT_NAMESPACE"),
-			Name:      os.Getenv("GIT_SERVICE_NAME"),
-		},
-			service); err != nil {
-			r.l.Error(err, "cannot get service")
-			goto LOOP
-		}
-
-		port := "3000"
-		if len(service.Spec.Ports) > 0 {
-			port = service.Spec.Ports[0].TargetPort.String()
-		}
-
-		r.l.Info("target", "address", fmt.Sprintf("http://%s.%s.svc.cluster.local:%s", os.Getenv("GIT_SERVICE_NAME"), os.Getenv("GIT_NAMESPACE"), port))
-
 		// To create/list tokens we can only use basic authentication using username and password
 		giteaClient, err := gitea.NewClient(
-			fmt.Sprintf("http://%s.%s.svc.cluster.local:%s", os.Getenv("GIT_SERVICE_NAME"), os.Getenv("GIT_NAMESPACE"), port),
+			gitURL,
 			getClientAuth(secret))
 		if err != nil {
 			r.l.Error(err, "cannot authenticate to gitea")

controllers/pkg/go.mod

@@ -15,7 +15,7 @@ require (
 	github.com/GoogleContainerTools/kpt/porch/api v0.0.0-20230504200302-14c7b353e6b6
 	github.com/go-logr/logr v1.2.4
 	github.com/google/go-cmp v0.5.9
-	github.com/nephio-project/api v0.0.0-20230517035137-712cea05edd0
+	github.com/nephio-project/api v0.0.0-20230522173958-63a41669b495
 	github.com/nephio-project/nephio/krm-functions/ipam-fn v0.0.0-20230519080401-f95bbb7f58a6
 	github.com/nephio-project/nephio/krm-functions/lib v0.0.0-20230508215739-b13457eda5c9
 	github.com/nephio-project/nephio/krm-functions/vlan-fn v0.0.0-20230519080401-f95bbb7f58a6

controllers/pkg/go.sum

@@ -141,8 +141,8 @@ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/nephio-project/api v0.0.0-20230517035137-712cea05edd0 h1:La6pHVwbKUz2Ujv7s6VWyTDhEJY/XM54BKAM1nAnh2w=
-github.com/nephio-project/api v0.0.0-20230517035137-712cea05edd0/go.mod h1:v2DHagSVdoKQxQXFBwGw0VWvvmw5EFNJ0JuFjhwsGwM=
+github.com/nephio-project/api v0.0.0-20230522173958-63a41669b495 h1:lKibqCJw7x5XKwev43GNGeEJwbx9twlVSLu2l5nDZBo=
+github.com/nephio-project/api v0.0.0-20230522173958-63a41669b495/go.mod h1:v2DHagSVdoKQxQXFBwGw0VWvvmw5EFNJ0JuFjhwsGwM=
 github.com/nephio-project/nephio/krm-functions/ipam-fn v0.0.0-20230519080401-f95bbb7f58a6 h1:4Im540v27uiAt7pLaXsHvjq+bPjo6yW6I1cmxhqP7iA=
 github.com/nephio-project/nephio/krm-functions/ipam-fn v0.0.0-20230519080401-f95bbb7f58a6/go.mod h1:f8MW/xm4uKycEAspdsVN9KBpmRbPtiTak+Kj00LGL1A=
 github.com/nephio-project/nephio/krm-functions/lib v0.0.0-20230508215739-b13457eda5c9 h1:fWHt9kSXIHLfA5rc77iiRUsmshFmm5hqWmmvsPAvVuw=

controllers/pkg/reconcilers/repository/README.md

@@ -6,23 +6,22 @@ For each repo CR the repo-controller handles the lifecycle of the repository in
 
 ## implementation
 
-The implementation assumes the repo-controller runs in the same cluster as the gitea server. Based on the environment variables we help the controller to connect to the gitea server.
+Based on the environment variables we help the controller to connect to the gitea server.
 
-The following environment variables are defined
+A secret is required to connect to the git server with username and password. The default name and namespace are resp. `git-user-secret ` and POD_NAMESPACE where the token controller runs.
+With the following environment variable the defaults can be changed:
+- GIT_SECRET_NAME: sets the name of the secret to connect to the git server
+- GIT_NAMESPACE: sets the namespace where to find the secret to connect to the git server
 
-- GIT_NAMESPACE: sets the namespace where the gitea server runs 
-- GIT_SECRET_NAME = the secret to connect to gitea 
-- GIT_SERVICE_NAME = the service to connect to gitea
+The URL to connect to the git server is provided through an environment variable. This is a mandatory environment variable
+
+- GIT_URL = https://172.18.0.200:3000
 
 example environment variables
 
 ```
-- name: "GIT_NAMESPACE"
-  value: "gitea"
-- name: "GIT_SECRET_NAME"
-  value: "git-user-secret"
-- name: "GIT_SERVICE_NAME"
-  value: "gitea-http"
+- name: "GIT_URL"
+  value: "https://172.18.0.200:3000"
 ```
 
 

controllers/pkg/reconcilers/repository/reconciler.go

@@ -23,6 +23,7 @@ import (
 
 	"code.gitea.io/sdk/gitea"
 	"github.com/go-logr/logr"
+	commonv1alpha1 "github.com/nephio-project/api/common/v1alpha1"
 	infrav1alpha1 "github.com/nephio-project/api/infra/v1alpha1"
 	"github.com/nephio-project/nephio/controllers/pkg/giteaclient"
 	ctrlconfig "github.com/nephio-project/nephio/controllers/pkg/reconcilers/config"
@@ -107,9 +108,11 @@ func (r *reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 		// repo being deleted
 		// Delete the repo from the git server
 		// when successfull remove the finalizer
-		if err := r.deleteRepo(ctx, giteaClient, cr); err != nil {
-			r.l.Error(err, "cannot delete repo in git server")
-			return ctrl.Result{Requeue: true}, errors.Wrap(r.Status().Update(ctx, cr), errUpdateStatus)
+		if cr.Spec.Lifecycle.DeletionPolicy == commonv1alpha1.DeletionDelete {
+			if err := r.deleteRepo(ctx, giteaClient, cr); err != nil {
+				r.l.Error(err, "cannot delete repo in git server")
+				return ctrl.Result{Requeue: true}, errors.Wrap(r.Status().Update(ctx, cr), errUpdateStatus)
+			}
 		}
 
 		if err := r.finalizer.RemoveFinalizer(ctx, cr); err != nil {

controllers/pkg/reconcilers/token/README.md

@@ -6,23 +6,22 @@ The token is immutable, so if you want to change the token it has to be deleted/
 
 ## implementation
 
-The implementation assumes the token-controller runs in the same cluster as the gitea server. Based on the environment variables we help the controller to connect to the gitea server.
+Based on the environment variables we help the controller to connect to the gitea server.
 
-The following environment variables are defined
+A secret is required to connect to the git server with username and password. The default name and namespace are resp. `git-user-secret ` and POD_NAMESPACE where the token controller runs.
+With the following environment variable the defaults can be changed:
+- GIT_SECRET_NAME = sets the name of the secret to connect to the git server
+- GIT_NAMESPACE: sets the namespace where to find the secret to connect to the git server
 
-- GIT_NAMESPACE: sets the namespace where the gitea server runs 
-- GIT_SECRET_NAME = the secret to connect to gitea 
-- GIT_SERVICE_NAME = the service to connect to gitea
+The URL to connect to the git server is provided through an environment variable. This is a mandatory environment variable
+
+- GIT_URL = https://172.18.0.200:3000
 
 example environment variables
 
 ```
-- name: "GIT_NAMESPACE"
-  value: "gitea"
-- name: "GIT_SECRET_NAME"
-  value: "git-user-secret"
-- name: "GIT_SERVICE_NAME"
-  value: "gitea-http"
+- name: "GIT_URL"
+  value: "https://172.18.0.200:3000"
 ```
 
 ## example CRD
@@ -32,7 +31,7 @@ cat <<EOF | kubectl apply -f -
     apiVersion: infra.nephio.org/v1alpha1
     kind: Token
     metadata:
-      name: mgmt
+      name: mgmt-access-token-porch
     spec:
 EOF
 ```
@@ -42,8 +41,9 @@ cat <<EOF | kubectl apply -f -
     apiVersion: infra.nephio.org/v1alpha1
     kind: Token
     metadata:
-      name: mgmt
-      namespace: config-management-system
+      name: mgmt-access-token-configsync
+      annotations:
+        nephio.org/app: configsync
     spec:
 EOF
 ```

controllers/pkg/reconcilers/token/reconciler.go

@@ -20,10 +20,10 @@ import (
 	"context"
 	"fmt"
 	"reflect"
-	"strings"
 
 	"code.gitea.io/sdk/gitea"
 	"github.com/go-logr/logr"
+	commonv1alpha1 "github.com/nephio-project/api/common/v1alpha1"
 	infrav1alpha1 "github.com/nephio-project/api/infra/v1alpha1"
 	"github.com/nephio-project/nephio/controllers/pkg/giteaclient"
 	ctrlconfig "github.com/nephio-project/nephio/controllers/pkg/reconcilers/config"
@@ -33,6 +33,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/utils/pointer"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/log"
@@ -109,8 +110,10 @@ func (r *reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 		// token being deleted
 		// Delete the token from the git server
 		// when successfull remove the finalizer
-		if err := r.deleteToken(ctx, giteaClient, cr); err != nil {
-			return ctrl.Result{Requeue: true}, errors.Wrap(r.Status().Update(ctx, cr), errUpdateStatus)
+		if cr.Spec.Lifecycle.DeletionPolicy == commonv1alpha1.DeletionDelete {
+			if err := r.deleteToken(ctx, giteaClient, cr); err != nil {
+				return ctrl.Result{Requeue: true}, errors.Wrap(r.Status().Update(ctx, cr), errUpdateStatus)
+			}
 		}
 
 		if err := r.finalizer.RemoveFinalizer(ctx, cr); err != nil {
@@ -172,7 +175,6 @@ func (r *reconciler) createToken(ctx context.Context, giteaClient *gitea.Client,
 			return err
 		}
 		r.l.Info("token created", "name", cr.GetName())
-		// owner reference dont work since this is a cross-namespace resource
 		secret := &corev1.Secret{
 			TypeMeta: metav1.TypeMeta{
 				APIVersion: corev1.SchemeGroupVersion.Identifier(),
@@ -182,6 +184,15 @@ func (r *reconciler) createToken(ctx context.Context, giteaClient *gitea.Client,
 				Namespace:   cr.GetNamespace(),
 				Name:        cr.GetName(),
 				Annotations: cr.GetAnnotations(),
+				OwnerReferences: []metav1.OwnerReference{
+					{
+						APIVersion: cr.APIVersion,
+						Kind:       cr.Kind,
+						Name:       cr.Name,
+						UID:        cr.UID,
+						Controller: pointer.Bool(true),
+					},
+				},
 			},
 			Data: map[string][]byte{
 				"username": []byte(u.UserName),
@@ -201,32 +212,12 @@ func (r *reconciler) createToken(ctx context.Context, giteaClient *gitea.Client,
 }
 
 func (r *reconciler) deleteToken(ctx context.Context, giteaClient *gitea.Client, cr *infrav1alpha1.Token) error {
-	secret := &corev1.Secret{
-		TypeMeta: metav1.TypeMeta{
-			APIVersion: corev1.SchemeGroupVersion.Identifier(),
-			Kind:       reflect.TypeOf(corev1.Secret{}).Name(),
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Namespace: cr.GetNamespace(),
-			Name:      cr.GetName(),
-		},
-	}
-	err := r.Delete(ctx, secret)
-	if resource.IgnoreNotFound(err) != nil {
-		r.l.Error(err, "cannot delete access token secret")
+	_, err := giteaClient.DeleteAccessToken(cr.GetTokenName())
+	if err != nil {
+		r.l.Error(err, "cannot delete token")
 		cr.SetConditions(infrav1alpha1.Failed(err.Error()))
 		return err
 	}
-
-	r.l.Info("token deleted", "name", cr.GetTokenName())
-	_, err = giteaClient.DeleteAccessToken(cr.GetTokenName())
-	if err != nil {
-		if !strings.Contains(err.Error(), "couldn't be found") {
-			r.l.Error(err, "cannot delete token")
-			cr.SetConditions(infrav1alpha1.Failed(err.Error()))
-			return err
-		}
-	}
 	r.l.Info("token deleted", "name", cr.GetTokenName())
 	return nil
 }