openmfp · nexus49 · Feb 12, 2025 · Feb 12, 2025 · Feb 18, 2025 · Feb 18, 2025
@@ -1,5 +1,12 @@
 name: ci
-on: [push]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types:
+      - opened
+      - synchronize
 
 jobs:
   pipe:

@@ -10,6 +10,7 @@ Dockerfile.cross
 .secret
 .env
 .taskenv
+.kcp/*
 
 # Test binary, built with `go test -c`
 *.test
@@ -29,4 +30,5 @@ go.work
 *.swp
 *.swo
 *~
-.DS_Store
+.DS_Store
+kcp.log
@@ -4,3 +4,4 @@ exclude:
     - api/v1alpha1 # skipping generated files and crd type definitions
     - main\.go$ # skip covering main.go
     - ^cmd # skip covering cmd directory
+    - ^pkg/testing/kcpenvtest # skip covering kcpenvtest
@@ -21,6 +21,18 @@ You are welcome to contribute with your pull requests. These steps explain the c
 
 To let tests run locally, run `go test ./...` in the root directory of the repository.
 
+
+### Test your change in a locally running OpenMFP instance
+
+
+```bash
+docker build -t account-operator:latest . && \
+kind load docker-image account-operator:latest --name=openmfp && \
+kubectl patch deployment openmfp-account-operator -n openmfp-system --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/imagePullPolicy", "value": "IfNotPresent"}]' && \
+kubectl patch deployment openmfp-account-operator -n openmfp-system --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/image", "value": "account-operator:latest"}]' && \
+kubectl rollout restart deployment openmfp-account-operator -n openmfp-system && \
+kubectl rollout status deployment openmfp-account-operator -n openmfp-system
+```
 ## Issues
 We use GitHub issues to track bugs. Please ensure your description is
 clear and includes sufficient instructions to reproduce the issue.

@@ -6,18 +6,29 @@ vars:
   CONTROLLER_TOOLS_VERSION: v0.14.0
   ENVTEST_K8S_VERSION: "1.29.0"
   ENVTEST_VERSION: release-0.17
-  CRD_DIRECTORY: config/crd/bases
+  CRD_DIRECTORY: config/crd
+  TEST_SETUP_DIRECTORY: test/setup/01-openmfp-system
   KCP_APIGEN_VERSION: v0.21.0
+  KCP_VERSION: 0.26.1
+  GOMPLATE_VERSION: v4.3.0
+  GOARCH:
+    sh: go env GOARCH
+  GOOS:
+    sh: go env GOOS
 tasks:
   ## Setup
   setup:controller-gen:
     internal: true
     cmds:
       - test -s {{.LOCAL_BIN}}/controller-gen || GOBIN=$(pwd)/{{.LOCAL_BIN}} go install sigs.k8s.io/controller-tools/cmd/controller-gen@{{.CONTROLLER_TOOLS_VERSION}}
-  setup:envtest:
+  setup:kcp:
     internal: true
     cmds:
-      - test -s {{.LOCAL_BIN}}/setup-envtest|| GOBIN=$(pwd)/{{.LOCAL_BIN}} go install sigs.k8s.io/controller-runtime/tools/setup-envtest@{{.ENVTEST_VERSION}}
+      - test -s {{.LOCAL_BIN}}/kcp || GOBIN=$(pwd)/{{.LOCAL_BIN}} ./hack/download-tool.sh https://github.com/kcp-dev/kcp/releases/download/v{{ .KCP_VERSION }}/kcp_{{ .KCP_VERSION }}_{{ .GOOS }}_{{ .GOARCH }}.tar.gz kcp {{.KCP_VERSION}}
+  setup:gomplate:
+    internal: true
+    cmds:
+      - test -s {{.LOCAL_BIN}}/gomplate || curl -o {{.LOCAL_BIN}}/gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/{{ .GOMPLATE_VERSION }}/gomplate_{{ .GOOS }}-{{ .GOARCH }} && chmod +x {{.LOCAL_BIN}}/gomplate && chmod 755 {{.LOCAL_BIN}}/gomplate
   setup:golangci-lint:
     internal: true
     cmds:
@@ -36,7 +47,8 @@ tasks:
     cmds:
       - task: manifests
       - "{{.LOCAL_BIN}}/controller-gen object:headerFile=hack/boilerplate.go.txt paths=./..."
-      - "{{.LOCAL_BIN}}/apigen --input-dir ./config/crd/bases --output-dir ./config/resources"
+      - "{{.LOCAL_BIN}}/apigen --input-dir {{.CRD_DIRECTORY}} --output-dir ./config/resources"
+      - "{{.LOCAL_BIN}}/apigen --input-dir {{.CRD_DIRECTORY}} --output-dir {{ .TEST_SETUP_DIRECTORY }}"
   build:
     cmds:
       - go build ./...
@@ -53,18 +65,14 @@ tasks:
       - task: fmt
       - "{{.LOCAL_BIN}}/golangci-lint run --timeout 15m ./..."
   envtest:
-    env:
-      KUBEBUILDER_ASSETS:
-        sh: $(pwd)/{{.LOCAL_BIN}}/setup-envtest use {{.ENVTEST_K8S_VERSION}} --bin-dir $(pwd)/{{.LOCAL_BIN}} -p path
-      GO111MODULE: on
     cmds:
       - go test ./... {{.ADDITIONAL_COMMAND_ARGS}}
   test:
-    deps: [setup:envtest]
+    deps: [setup:kcp, setup:gomplate]
     cmds:
       - task: envtest
   cover:
-    deps: [setup:envtest]
+    deps: [setup:kcp, setup:gomplate]
     cmds:
       - task: envtest
         vars:
@@ -76,4 +84,8 @@ tasks:
     cmds:
       - task: lint
       - task: test
+  start-kcp:
+    deps: [setup:kcp]
+    cmds:
+      - "{{ .LOCAL_BIN}}/kcp start"
 
@@ -0,0 +1,79 @@
+/*
+Copyright 2024.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// AccountInfoSpec defines the desired state of Account
+type AccountInfoSpec struct {
+	FGA           FGAInfo          `json:"fga"`
+	Account       AccountLocation  `json:"account"`
+	ParentAccount *AccountLocation `json:"parentAccount,omitempty"`
+	Organization  AccountLocation  `json:"organization"`
+	ClusterInfo   ClusterInfo      `json:"clusterInfo"`
+}
+
+type ClusterInfo struct {
+	CA string `json:"ca"`
+}
+
+type AccountLocation struct {
+	Name      string      `json:"name"`
+	ClusterId string      `json:"clusterId"`
+	Path      string      `json:"path"`
+	URL       string      `json:"url"`
+	Type      AccountType `json:"type"`
+}
+
+type FGAInfo struct {
+	Store StoreInfo `json:"store"`
+}
+
+type StoreInfo struct {
+	Id string `json:"id"`
+}
+
+// AccountInfoStatus defines the observed state of AccountInfo
+type AccountInfoStatus struct {
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=accountinfos
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Cluster
+// AccountInfo is the Schema for the accountinfo API
+type AccountInfo struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   AccountInfoSpec   `json:"spec,omitempty"`
+	Status AccountInfoStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// AccountInfoList contains a list of AccountInfos
+type AccountInfoList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []AccountInfo `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&AccountInfo{}, &AccountInfoList{})
+}
@@ -24,21 +24,18 @@ import (
 type AccountType string
 
 const (
-	AccountTypeFolder                   AccountType = "folder"
+	AccountTypeOrg                      AccountType = "org"
 	AccountTypeAccount                  AccountType = "account"
-	NamespaceAccountOwnerLabel                      = "account.core.openmfp.io/owner"
-	NamespaceAccountOwnerNamespaceLabel             = "account.core.openmfp.io/owner-namespace"
+	NamespaceAccountOwnerLabel                      = "account.core.openmfp.org/owner"
+	NamespaceAccountOwnerNamespaceLabel             = "account.core.openmfp.org/owner-namespace"
 )
 
 // AccountSpec defines the desired state of Account
 type AccountSpec struct {
 	// Type specifies the intended type for this Account object.
-	// +kubebuilder:validation:Enum=folder;account
+	// +kubebuilder:validation:Enum=org;account
 	Type AccountType `json:"type"`
 
-	// Namespace is the account should take ownership of
-	Namespace *string `json:"namespace,omitempty"`
-
 	// The display name for this account
 	// +kubebuilder:validation:MaxLength=255
 	DisplayName string `json:"displayName"`
@@ -69,15 +66,15 @@ type Extension struct {
 // AccountStatus defines the observed state of Account
 type AccountStatus struct {
 	Conditions         []metav1.Condition `json:"conditions,omitempty"`
-	Namespace          *string            `json:"namespace,omitempty"`
 	ObservedGeneration int64              `json:"observedGeneration,omitempty" protobuf:"varint,3,opt,name=observedGeneration"`
 	NextReconcileTime  metav1.Time        `json:"nextReconcileTime,omitempty"`
 }
 
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Cluster
 // +kubebuilder:printcolumn:JSONPath=".spec.displayName",name="Display Name",type=string
-// +kubebuilder:printcolumn:JSONPath=".status.namespace",name="Account Namespace",type=string
+// +kubebuilder:printcolumn:JSONPath=".status.namespace",name="Account Workspace",type=string
 // +kubebuilder:printcolumn:JSONPath=".spec.type",name="Type",type=string
 // +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status`
 

@@ -16,7 +16,7 @@ limitations under the License.
 
 // Package v1alpha1 contains API Schema definitions for the core v1alpha1 API group
 // +kubebuilder:object:generate=true
-// +groupName=core.openmfp.io
+// +groupName=core.openmfp.org
 package v1alpha1
 
 import (
@@ -26,7 +26,7 @@ import (
 
 var (
 	// GroupVersion is group version used to register these objects
-	GroupVersion = schema.GroupVersion{Group: "core.openmfp.io", Version: "v1alpha1"}
+	GroupVersion = schema.GroupVersion{Group: "core.openmfp.org", Version: "v1alpha1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
 	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}