Add Account controller (#19)

Signed-off-by: Rokibul Hasan <[email protected]>
kluster-manager · Aug 9, 2024 · 6f45fbd · 6f45fbd
1 parent 9bbc27d
commit 6f45fbd
Show file tree

Hide file tree

Showing 8 changed files with 357 additions and 348 deletions.
diff --git a/pkg/agent/controller/managedclusterrole_controller.go b/pkg/agent/controller/managedclusterrole_controller.go
@@ -53,7 +53,7 @@ func (r *ManagedClusterRoleReconciler) Reconcile(ctx context.Context, req ctrl.R
 
 	managedClusterRole := &authorizationv1alpha1.ManagedClusterRole{}
 	if err := r.HubClient.Get(ctx, req.NamespacedName, managedClusterRole); err != nil {
-		return reconcile.Result{}, err
+		return reconcile.Result{}, client.IgnoreNotFound(err)
 	}
 
 	// create clusterRole in spoke cluster

diff --git a/pkg/agent/controller/managedclusterrolebinding_controller.go b/pkg/agent/controller/managedclusterrolebinding_controller.go
@@ -22,7 +22,6 @@ import (
 
 	authzv1alpah1 "github.com/kluster-manager/cluster-auth/apis/authorization/v1alpha1"
 	"github.com/kluster-manager/cluster-auth/pkg/common"
-	"github.com/kluster-manager/cluster-auth/pkg/utils"
 
 	rbac "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -62,9 +61,9 @@ func (r *ManagedClusterRoleBindingReconciler) Reconcile(ctx context.Context, req
 
 	var managedCRB authzv1alpah1.ManagedClusterRoleBinding
 	if err := r.HubClient.Get(ctx, req.NamespacedName, &managedCRB); err != nil {
-		return reconcile.Result{}, err
+		return reconcile.Result{}, client.IgnoreNotFound(err)
 	}
-	_, hubOwnerID := utils.GetUserIDAndHubOwnerIDFromLabelValues(&managedCRB)
+
 	userName := managedCRB.Subjects[0].Name
 
 	// Check if the managedCRB is marked for deletion
@@ -91,7 +90,7 @@ func (r *ManagedClusterRoleBindingReconciler) Reconcile(ctx context.Context, req
 	// impersonate clusterRole
 	cr := rbac.ClusterRole{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:   fmt.Sprintf("impersonate-%s-%s-%s", userName, hubOwnerID, rand.String(7)),
+			Name:   fmt.Sprintf("ace.%s.impersonate.%s", userName, rand.String(10)),
 			Labels: managedCRB.Labels,
 		},
 		Rules: []rbac.PolicyRule{

diff --git a/pkg/cmds/manager/main.go b/pkg/cmds/manager/main.go
@@ -25,6 +25,7 @@ import (
 	authorizationv1alpha1 "github.com/kluster-manager/cluster-auth/apis/authorization/v1alpha1"
 	"github.com/kluster-manager/cluster-auth/pkg/common"
 	"github.com/kluster-manager/cluster-auth/pkg/manager"
+	"github.com/kluster-manager/cluster-auth/pkg/manager/controller/authentication"
 	"github.com/kluster-manager/cluster-auth/pkg/manager/controller/authorization"
 	permission "github.com/kluster-manager/cluster-auth/pkg/manager/rbac"
 
@@ -145,13 +146,14 @@ func NewCmdManager() *cobra.Command {
 				os.Exit(1)
 			}
 
-			if err = (&authorization.ManagedClusterRoleBindingReconciler{
+			if err = (&authentication.AccountReconciler{
 				Client: mgr.GetClient(),
 				Scheme: mgr.GetScheme(),
 			}).SetupWithManager(mgr); err != nil {
-				setupLog.Error(err, "unable to create controller", "controller", "ManagedClusterRoleBinding")
+				setupLog.Error(err, "unable to create controller", "controller", "Account")
 				os.Exit(1)
 			}
+
 			if err = (&authorization.ManagedClusterSetRoleBindingReconciler{
 				Client: mgr.GetClient(),
 				Scheme: mgr.GetScheme(),

diff --git a/pkg/common/constants.go b/pkg/common/constants.go
@@ -28,4 +28,6 @@ const (
 	UserAuthLabel               = "authentication.k8s.appscode.com/user"
 	HubOwnerLabel               = "authentication.k8s.appscode.com/hub-owner"
 	HubClusterIdLabel           = "cluster.k8s.appscode.com/cluster-id"
+
+	ServiceAccountPrefix = "system:serviceaccount:"
 )