From 27f0b7a7a127a908e28b66f2e51347844802a189 Mon Sep 17 00:00:00 2001 From: Johannes Aubart Date: Fri, 15 Aug 2025 15:47:38 +0200 Subject: [PATCH] use K8sNameUUID instead of K8sNameHash and let each mcp have its own namespace --- api/go.mod | 6 +-- api/go.sum | 34 ++++++------- go.mod | 4 +- go.sum | 12 ++--- lib/clusteraccess/clusteraccess.go | 48 ++++++++++++++----- lib/clusteraccess/clusteraccess_test.go | 17 ++++--- .../testdata/test-01/access-secrets.yaml | 4 +- lib/go.mod | 4 +- lib/go.sum | 12 ++--- lib/utils/utils.go | 35 +++++++++++++- lib/utils/utils_test.go | 16 +++++++ 11 files changed, 133 insertions(+), 59 deletions(-) diff --git a/api/go.mod b/api/go.mod index 1c50049..3942eca 100644 --- a/api/go.mod +++ b/api/go.mod @@ -3,7 +3,7 @@ module github.com/openmcp-project/openmcp-operator/api go 1.25.0 require ( - github.com/openmcp-project/controller-utils v0.17.0 + github.com/openmcp-project/controller-utils v0.18.0 k8s.io/api v0.33.4 k8s.io/apiextensions-apiserver v0.33.4 k8s.io/apimachinery v0.33.4 @@ -53,13 +53,13 @@ require ( golang.org/x/text v0.28.0 // indirect golang.org/x/time v0.10.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/protobuf v1.36.6 // indirect + google.golang.org/protobuf v1.36.7 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect - k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect + k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect diff --git a/api/go.sum b/api/go.sum index c87c3b6..d2a03fa 100644 --- a/api/go.sum +++ b/api/go.sum @@ -1,3 +1,5 @@ +github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= +github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= @@ -42,8 +44,8 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= -github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= +github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 h1:EEHtgt9IwisQ2AZ4pIsMjahcegHh6rmhqxzIRQIyepY= +github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -69,12 +71,12 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus= -github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8= -github.com/onsi/gomega v1.38.0 h1:c/WX+w8SLAinvuKKQFh77WEucCnPk4j2OTUr7lt7BeY= -github.com/onsi/gomega v1.38.0/go.mod h1:OcXcwId0b9QsE7Y49u+BTrL4IdKOBOKnD6VQNTJEB6o= -github.com/openmcp-project/controller-utils v0.17.0 h1:dZsMX2ur/b1759+aKJmcJRdkOVJ131czE6AtIGKX1dE= -github.com/openmcp-project/controller-utils v0.17.0/go.mod h1:RgatwIEftAvHbhd3FIyXb2Sm0N6/AK8A2aF8zBxK930= +github.com/onsi/ginkgo/v2 v2.25.1 h1:Fwp6crTREKM+oA6Cz4MsO8RhKQzs2/gOIVOUscMAfZY= +github.com/onsi/ginkgo/v2 v2.25.1/go.mod h1:ppTWQ1dh9KM/F1XgpeRqelR+zHVwV81DGRSDnFxK7Sk= +github.com/onsi/gomega v1.38.1 h1:FaLA8GlcpXDwsb7m0h2A9ew2aTk3vnZMlzFgg5tz/pk= +github.com/onsi/gomega v1.38.1/go.mod h1:LfcV8wZLvwcYRwPiJysphKAEsmcFnLMK/9c+PjvlX8g= +github.com/openmcp-project/controller-utils v0.18.0 h1:9UESJdCuGkoXhsvRZ/gWPpJrdK8bHvjx0ZP5fROib3k= +github.com/openmcp-project/controller-utils v0.18.0/go.mod h1:S4Ym/PWOR8hy8A4LN1hfLyIf9XTNGUrnryvGtFMiq/U= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -96,8 +98,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.0 h1:ib4sjIrwZKxE5u/Japgo/7SJV3PvgjGiRNAvTVGqQl8= +github.com/stretchr/testify v1.11.0/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -112,8 +114,8 @@ go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= -go.yaml.in/yaml/v3 v3.0.3 h1:bXOww4E/J3f66rav3pX3m8w6jDE4knZjGOw8b5Y6iNE= -go.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -157,8 +159,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= -google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= +google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -180,8 +182,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4= k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d h1:wAhiDyZ4Tdtt7e46e9M5ZSAJ/MnPGPs+Ki1gHw4w1R0= +k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8= sigs.k8s.io/controller-runtime v0.21.0/go.mod h1:OSg14+F65eWqIu4DceX7k/+QRAbTTvxeQSNSOQpukWM= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= diff --git a/go.mod b/go.mod index de3522f..f1d197c 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( dario.cat/mergo v1.0.2 github.com/onsi/ginkgo/v2 v2.25.1 github.com/onsi/gomega v1.38.1 - github.com/openmcp-project/controller-utils v0.17.0 + github.com/openmcp-project/controller-utils v0.18.0 github.com/openmcp-project/openmcp-operator/api v0.11.0 github.com/spf13/cobra v1.9.1 k8s.io/api v0.33.4 @@ -79,7 +79,7 @@ require ( go.uber.org/zap v1.27.0 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/exp v0.0.0-20250811191247-51f88131bc50 // indirect + golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b // indirect golang.org/x/net v0.43.0 // indirect golang.org/x/oauth2 v0.27.0 // indirect golang.org/x/sync v0.16.0 // indirect diff --git a/go.sum b/go.sum index baf9e00..a29af75 100644 --- a/go.sum +++ b/go.sum @@ -97,8 +97,8 @@ github.com/onsi/ginkgo/v2 v2.25.1 h1:Fwp6crTREKM+oA6Cz4MsO8RhKQzs2/gOIVOUscMAfZY github.com/onsi/ginkgo/v2 v2.25.1/go.mod h1:ppTWQ1dh9KM/F1XgpeRqelR+zHVwV81DGRSDnFxK7Sk= github.com/onsi/gomega v1.38.1 h1:FaLA8GlcpXDwsb7m0h2A9ew2aTk3vnZMlzFgg5tz/pk= github.com/onsi/gomega v1.38.1/go.mod h1:LfcV8wZLvwcYRwPiJysphKAEsmcFnLMK/9c+PjvlX8g= -github.com/openmcp-project/controller-utils v0.17.0 h1:dZsMX2ur/b1759+aKJmcJRdkOVJ131czE6AtIGKX1dE= -github.com/openmcp-project/controller-utils v0.17.0/go.mod h1:RgatwIEftAvHbhd3FIyXb2Sm0N6/AK8A2aF8zBxK930= +github.com/openmcp-project/controller-utils v0.18.0 h1:9UESJdCuGkoXhsvRZ/gWPpJrdK8bHvjx0ZP5fROib3k= +github.com/openmcp-project/controller-utils v0.18.0/go.mod h1:S4Ym/PWOR8hy8A4LN1hfLyIf9XTNGUrnryvGtFMiq/U= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -133,8 +133,8 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.0 h1:ib4sjIrwZKxE5u/Japgo/7SJV3PvgjGiRNAvTVGqQl8= +github.com/stretchr/testify v1.11.0/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -174,8 +174,8 @@ go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/exp v0.0.0-20250811191247-51f88131bc50 h1:3yiSh9fhy5/RhCSntf4Sy0Tnx50DmMpQ4MQdKKk4yg4= -golang.org/x/exp v0.0.0-20250811191247-51f88131bc50/go.mod h1:rT6SFzZ7oxADUDx58pcaKFTcZ+inxAa9fTrYx/uVYwg= +golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b h1:DXr+pvt3nC887026GRP39Ej11UATqWDmWuS99x26cD0= +golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= diff --git a/lib/clusteraccess/clusteraccess.go b/lib/clusteraccess/clusteraccess.go index 89be061..b942472 100644 --- a/lib/clusteraccess/clusteraccess.go +++ b/lib/clusteraccess/clusteraccess.go @@ -3,6 +3,7 @@ package clusteraccess import ( "context" "fmt" + "strings" "time" "github.com/openmcp-project/controller-utils/pkg/logging" @@ -26,7 +27,9 @@ import ( ) const ( - controllerName = "ClusterAccess" + controllerName = "ClusterAccess" + requestSuffixMCP = "--mcp" + requestSuffixWorkload = "--wl" ) // Reconciler is an interface for reconciling access to openMCP clusters. @@ -123,10 +126,14 @@ func (r *reconcilerImpl) WithWorkloadScheme(scheme *runtime.Scheme) Reconciler { } func (r *reconcilerImpl) MCPCluster(ctx context.Context, request reconcile.Request) (*clusters.Cluster, error) { + platformNamespace, err := libutils.StableMCPNamespace(request.Name, request.Namespace) + if err != nil { + return nil, err + } mcpAccessRequest := &clustersv1alpha1.AccessRequest{ ObjectMeta: metav1.ObjectMeta{ - Name: libutils.StableRequestNameMCP(request.Name, r.controllerName), - Namespace: libutils.StableRequestNamespace(request.Namespace), + Name: StableRequestName(r.controllerName, request) + requestSuffixMCP, + Namespace: platformNamespace, }, } @@ -143,10 +150,14 @@ func (r *reconcilerImpl) MCPCluster(ctx context.Context, request reconcile.Reque } func (r *reconcilerImpl) WorkloadCluster(ctx context.Context, request reconcile.Request) (*clusters.Cluster, error) { + platformNamespace, err := libutils.StableMCPNamespace(request.Name, request.Namespace) + if err != nil { + return nil, err + } workloadAccessRequest := &clustersv1alpha1.AccessRequest{ ObjectMeta: metav1.ObjectMeta{ - Name: libutils.StableRequestNameWorkload(request.Name, r.controllerName), - Namespace: libutils.StableRequestNamespace(request.Namespace), + Name: StableRequestName(r.controllerName, request) + requestSuffixWorkload, + Namespace: platformNamespace, }, } @@ -165,9 +176,13 @@ func (r *reconcilerImpl) WorkloadCluster(ctx context.Context, request reconcile. func (r *reconcilerImpl) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { log := logging.FromContextOrPanic(ctx).WithName(controllerName) - requestNamespace := libutils.StableRequestNamespace(request.Namespace) - requestNameMCP := libutils.StableRequestNameMCP(request.Name, r.controllerName) - requestNameWorkload := libutils.StableRequestNameWorkload(request.Name, r.controllerName) + platformNamespace, err := libutils.StableMCPNamespace(request.Name, request.Namespace) + if err != nil { + return reconcile.Result{}, err + } + requestNamespace := platformNamespace + requestNameMCP := StableRequestName(r.controllerName, request) + requestSuffixMCP + requestNameWorkload := StableRequestName(r.controllerName, request) + requestSuffixWorkload metadata := requestMetadata(r.controllerName, request) @@ -258,9 +273,13 @@ func (r *reconcilerImpl) Reconcile(ctx context.Context, request reconcile.Reques } func (r *reconcilerImpl) ReconcileDelete(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { - requestNamespace := libutils.StableRequestNamespace(request.Namespace) - requestNameMCP := libutils.StableRequestNameMCP(request.Name, r.controllerName) - requestNameWorkload := libutils.StableRequestNameWorkload(request.Name, r.controllerName) + platformNamespace, err := libutils.StableMCPNamespace(request.Name, request.Namespace) + if err != nil { + return reconcile.Result{}, err + } + requestNamespace := platformNamespace + requestNameMCP := StableRequestName(r.controllerName, request) + requestSuffixMCP + requestNameWorkload := StableRequestName(r.controllerName, request) + requestSuffixWorkload // Delete the Workload AccessRequest if it exists workloadAccessDeleted, err := deleteAccessRequest(ctx, r.platformClusterClient, requestNameWorkload, requestNamespace) @@ -719,3 +738,10 @@ func (m *accessRequestMutator) Mutate(accessRequest *clustersv1alpha1.AccessRequ return nil } } + +// StableRequestName generates a stable name for a Cluster- or AccessRequest related to an MCP. +// This basically results in '--'. +func StableRequestName(controllerName string, request reconcile.Request) string { + controllerName = strings.ToLower(controllerName) + return fmt.Sprintf("%s--%s", controllerName, request.Name) +} diff --git a/lib/clusteraccess/clusteraccess_test.go b/lib/clusteraccess/clusteraccess_test.go index c381614..6ac6746 100644 --- a/lib/clusteraccess/clusteraccess_test.go +++ b/lib/clusteraccess/clusteraccess_test.go @@ -19,7 +19,6 @@ import ( clustersv1alpha1 "github.com/openmcp-project/openmcp-operator/api/clusters/v1alpha1" "github.com/openmcp-project/openmcp-operator/lib/clusteraccess" - "github.com/openmcp-project/openmcp-operator/lib/utils" "sigs.k8s.io/controller-runtime/pkg/client" @@ -118,7 +117,7 @@ var _ = Describe("ClusterAccessReconciler", func() { It("should create MCP-/Workload ClusterRequests/AccessRequests", func() { var reconcileResult reconcile.Result - expectedRequestNamespace := "ob-test" + expectedRequestNamespace := "mcp--80158a25-6874-80a6-a75d-94f57da600c0" request := reconcile.Request{ NamespacedName: client.ObjectKey{ @@ -129,21 +128,21 @@ var _ = Describe("ClusterAccessReconciler", func() { accessRequestMCP := &clustersv1alpha1.AccessRequest{ ObjectMeta: metav1.ObjectMeta{ - Name: utils.StableRequestNameMCP(request.Name, controllerName), + Name: clusteraccess.StableRequestName(controllerName, request) + "--mcp", Namespace: expectedRequestNamespace, }, } clusterRequestWorkload := &clustersv1alpha1.ClusterRequest{ ObjectMeta: metav1.ObjectMeta{ - Name: utils.StableRequestNameWorkload(request.Name, controllerName), + Name: clusteraccess.StableRequestName(controllerName, request) + "--wl", Namespace: expectedRequestNamespace, }, } accessRequestWorkload := &clustersv1alpha1.AccessRequest{ ObjectMeta: metav1.ObjectMeta{ - Name: utils.StableRequestNameWorkload(request.Name, controllerName), + Name: clusteraccess.StableRequestName(controllerName, request) + "--wl", Namespace: expectedRequestNamespace, }, } @@ -239,7 +238,7 @@ var _ = Describe("ClusterAccessReconciler", func() { It("should delete MCP-/Workload ClusterRequests/AccessRequests", func() { var reconcileResult reconcile.Result - expectedRequestNamespace := "ob-test" + expectedRequestNamespace := "mcp--80158a25-6874-80a6-a75d-94f57da600c0" request := reconcile.Request{ NamespacedName: client.ObjectKey{ @@ -250,21 +249,21 @@ var _ = Describe("ClusterAccessReconciler", func() { accessRequestMCP := &clustersv1alpha1.AccessRequest{ ObjectMeta: metav1.ObjectMeta{ - Name: utils.StableRequestNameMCP(request.Name, controllerName), + Name: clusteraccess.StableRequestName(controllerName, request) + "--mcp", Namespace: expectedRequestNamespace, }, } clusterRequestWorkload := &clustersv1alpha1.ClusterRequest{ ObjectMeta: metav1.ObjectMeta{ - Name: utils.StableRequestNameWorkload(request.Name, controllerName), + Name: clusteraccess.StableRequestName(controllerName, request) + "--wl", Namespace: expectedRequestNamespace, }, } accessRequestWorkload := &clustersv1alpha1.AccessRequest{ ObjectMeta: metav1.ObjectMeta{ - Name: utils.StableRequestNameWorkload(request.Name, controllerName), + Name: clusteraccess.StableRequestName(controllerName, request) + "--wl", Namespace: expectedRequestNamespace, }, } diff --git a/lib/clusteraccess/testdata/test-01/access-secrets.yaml b/lib/clusteraccess/testdata/test-01/access-secrets.yaml index 707835e..44f715e 100644 --- a/lib/clusteraccess/testdata/test-01/access-secrets.yaml +++ b/lib/clusteraccess/testdata/test-01/access-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: mcp-access - namespace: ob-test + namespace: mcp--80158a25-6874-80a6-a75d-94f57da600c0 data: kubeconfig: YXBpVmVyc2lvbjogdjEKa2luZDogQ29uZmlnCnByZWZlcmVuY2VzOiB7fQpjbHVzdGVyczoKLSBjbHVzdGVyOgogICAgc2VydmVyOiBodHRwczovL2FwaS5jbHVzdGVyLWIuZXhhbXBsZS5jb206NjQ0MwogIG5hbWU6IGNsdXN0ZXIKY29udGV4dHM6Ci0gY29udGV4dDoKICAgIGNsdXN0ZXI6IGNsdXN0ZXIKICAgIHVzZXI6IHVzZXIKICBuYW1lOiBjb250ZXh0CmN1cnJlbnQtY29udGV4dDogY29udGV4dAp1c2VyczoKLSBuYW1lOiB1c2VyCiAgdXNlcjoKICAgIHRva2VuOiBhYmM= @@ -11,6 +11,6 @@ apiVersion: v1 kind: Secret metadata: name: workload-access - namespace: ob-test + namespace: mcp--80158a25-6874-80a6-a75d-94f57da600c0 data: kubeconfig: YXBpVmVyc2lvbjogdjEKa2luZDogQ29uZmlnCnByZWZlcmVuY2VzOiB7fQpjbHVzdGVyczoKLSBjbHVzdGVyOgogICAgc2VydmVyOiBodHRwczovL2FwaS5jbHVzdGVyLWIuZXhhbXBsZS5jb206NjQ0MwogIG5hbWU6IGNsdXN0ZXIKY29udGV4dHM6Ci0gY29udGV4dDoKICAgIGNsdXN0ZXI6IGNsdXN0ZXIKICAgIHVzZXI6IHVzZXIKICBuYW1lOiBjb250ZXh0CmN1cnJlbnQtY29udGV4dDogY29udGV4dAp1c2VyczoKLSBuYW1lOiB1c2VyCiAgdXNlcjoKICAgIHRva2VuOiBhYmM= \ No newline at end of file diff --git a/lib/go.mod b/lib/go.mod index b661128..da25722 100644 --- a/lib/go.mod +++ b/lib/go.mod @@ -7,7 +7,7 @@ replace github.com/openmcp-project/openmcp-operator/api => ../api require ( github.com/onsi/ginkgo/v2 v2.25.1 github.com/onsi/gomega v1.38.1 - github.com/openmcp-project/controller-utils v0.17.0 + github.com/openmcp-project/controller-utils v0.18.0 github.com/openmcp-project/openmcp-operator/api v0.11.0 k8s.io/api v0.33.4 k8s.io/apimachinery v0.33.4 @@ -70,7 +70,7 @@ require ( k8s.io/apiextensions-apiserver v0.33.4 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect - k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect + k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect diff --git a/lib/go.sum b/lib/go.sum index a504212..97990a8 100644 --- a/lib/go.sum +++ b/lib/go.sum @@ -75,8 +75,8 @@ github.com/onsi/ginkgo/v2 v2.25.1 h1:Fwp6crTREKM+oA6Cz4MsO8RhKQzs2/gOIVOUscMAfZY github.com/onsi/ginkgo/v2 v2.25.1/go.mod h1:ppTWQ1dh9KM/F1XgpeRqelR+zHVwV81DGRSDnFxK7Sk= github.com/onsi/gomega v1.38.1 h1:FaLA8GlcpXDwsb7m0h2A9ew2aTk3vnZMlzFgg5tz/pk= github.com/onsi/gomega v1.38.1/go.mod h1:LfcV8wZLvwcYRwPiJysphKAEsmcFnLMK/9c+PjvlX8g= -github.com/openmcp-project/controller-utils v0.17.0 h1:dZsMX2ur/b1759+aKJmcJRdkOVJ131czE6AtIGKX1dE= -github.com/openmcp-project/controller-utils v0.17.0/go.mod h1:RgatwIEftAvHbhd3FIyXb2Sm0N6/AK8A2aF8zBxK930= +github.com/openmcp-project/controller-utils v0.18.0 h1:9UESJdCuGkoXhsvRZ/gWPpJrdK8bHvjx0ZP5fROib3k= +github.com/openmcp-project/controller-utils v0.18.0/go.mod h1:S4Ym/PWOR8hy8A4LN1hfLyIf9XTNGUrnryvGtFMiq/U= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -100,8 +100,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.0 h1:ib4sjIrwZKxE5u/Japgo/7SJV3PvgjGiRNAvTVGqQl8= +github.com/stretchr/testify v1.11.0/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -184,8 +184,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4= k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d h1:wAhiDyZ4Tdtt7e46e9M5ZSAJ/MnPGPs+Ki1gHw4w1R0= +k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8= sigs.k8s.io/controller-runtime v0.21.0/go.mod h1:OSg14+F65eWqIu4DceX7k/+QRAbTTvxeQSNSOQpukWM= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= diff --git a/lib/utils/utils.go b/lib/utils/utils.go index 4654c66..1ee10a2 100644 --- a/lib/utils/utils.go +++ b/lib/utils/utils.go @@ -8,13 +8,16 @@ import ( const ( prefixOnboarding = "ob-" - prefixMCP = "mcp-" + oldPrefixMCP = "mcp-" prefixWorkload = "wl-" + prefixMCP = "mcp--" ) // StableRequestNamespace returns a stable namespace for ClusterRequests and AccessRequests, // that can be created/used on the platform cluster. // onboardingNamespace is the namespace of the reconciled resource on the onboarding cluster. +// +// Deprecated: Use StableMCPNamespace instead. func StableRequestNamespace(onboardingNamespace string) string { return fmt.Sprint(prefixOnboarding, onboardingNamespace) } @@ -22,13 +25,17 @@ func StableRequestNamespace(onboardingNamespace string) string { // StableRequestNameMCP returns a stable name for MCP requests that can be used in a request namespace on the platform cluster. // onboardingName is the name of the reconciled resource on the onboarding cluster. // controllerName is the name of the controller that is reconciling the resource. +// +// Deprecated: Since every MCP now has its own namespace on the platform cluster, producing unique names this way is not required anymore for namespace-scoped resources. Use StableMCPIdentifier for cluster-scoped resources. func StableRequestNameMCP(onboardingName, controllerName string) string { - return fmt.Sprint(prefixMCP, controller.K8sNameHash(onboardingName, controllerName)) + return fmt.Sprint(oldPrefixMCP, controller.K8sNameHash(onboardingName, controllerName)) } // StableRequestNameWorkload returns a stable name for Workload requests that can be used in a request namespace on the platform cluster. // onboardingName is the name of the reconciled resource on the onboarding cluster. // controllerName is the name of the controller that is reconciling the resource. +// +// Deprecated: Since each MCP now has its own namespace, the controller can choose the request name relatively freely (just avoid conflicts with other controllers). func StableRequestNameWorkload(onboardingName, controllerName string) string { return fmt.Sprint(prefixWorkload, controller.K8sNameHash(onboardingName, controllerName)) } @@ -36,6 +43,30 @@ func StableRequestNameWorkload(onboardingName, controllerName string) string { // StableRequestNameOnboarding returns a stable name for Onboarding requests that can be used in a request namespace on the platform cluster. // onboardingName is the name of the reconciled resource on the onboarding cluster. // controllerName is the name of the controller that is reconciling the resource. +// +// Deprecated: Since each MCP now has its own namespace, the controller can choose the request name relatively freely (just avoid conflicts with other controllers). func StableRequestNameOnboarding(onboardingName, controllerName string) string { return fmt.Sprint(prefixOnboarding, controller.K8sNameHash(onboardingName, controllerName)) } + +// StableMCPNamespace computes the namespace on the onboarding cluster that belongs to the given MCP. +// onboardingName and onboardingNamespace are name and namespace of the MCP resource on the onboarding cluster. +func StableMCPNamespace(onboardingName, onboardingNamespace string) (string, error) { + res, err := controller.K8sNameUUID(onboardingNamespace, onboardingName) + if err != nil { + return res, fmt.Errorf("error computing MCP namespace on platform cluster: %w", err) + } + return prefixMCP + res, nil +} + +// StableMCPIdentifier computes a string that is stable for the given MCP name and namespace and at the same time unique across all MCPs. +// This can be used to name cluster-scoped resources on the platform cluster. It is recommended to add a prefix or suffix to it. +// For namespaced resources, use the MCP-specific namespace (get the name via StableMCPNamespace). +// onboardingName and onboardingNamespace are name and namespace of the MCP resource on the onboarding cluster. +func StableMCPIdentifier(onboardingName, onboardingNamespace string) (string, error) { + res, err := controller.K8sNameUUID(onboardingNamespace, onboardingName) + if err != nil { + return res, fmt.Errorf("error computing MCP identifier for platform cluster: %w", err) + } + return res, nil +} diff --git a/lib/utils/utils_test.go b/lib/utils/utils_test.go index 7addaa1..7933d21 100644 --- a/lib/utils/utils_test.go +++ b/lib/utils/utils_test.go @@ -53,4 +53,20 @@ var _ = Describe("Utils", func() { Expect(utils.StableRequestNameWorkload(onboardingName, controllerName)).To(Equal(expectedName)) }) }) + + Context("StableMCPNamespace", func() { + It("should compute the MCP namespace on the platform cluster", func() { + expectedNamespace, err := utils.StableMCPNamespace(onboardingName, onboardingNamespace) + Expect(err).NotTo(HaveOccurred()) + Expect(expectedNamespace).To(Equal("mcp--ed00e8ed-8a09-8c62-a9b8-e6fc20255174")) + }) + }) + + Context("StableMCPIdentifier", func() { + It("should compute a stable MCP identifier", func() { + expectedIdentifier, err := utils.StableMCPIdentifier(onboardingName, onboardingNamespace) + Expect(err).NotTo(HaveOccurred()) + Expect(expectedIdentifier).To(Equal("ed00e8ed-8a09-8c62-a9b8-e6fc20255174")) + }) + }) })