This repository was archived by the owner on Jun 23, 2026. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathauthorization_model_controller.go
More file actions
70 lines (63 loc) · 2.86 KB
/
Copy pathauthorization_model_controller.go
File metadata and controls
70 lines (63 loc) · 2.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
package controller
import (
"context"
"strings"
"time"
openfgav1 "github.com/openfga/api/proto/openfga/v1"
platformeshconfig "github.com/platform-mesh/golang-commons/config"
"github.com/platform-mesh/golang-commons/controller/filter"
"github.com/platform-mesh/golang-commons/logger"
corev1alpha1 "github.com/platform-mesh/security-operator/api/v1alpha1"
iclient "github.com/platform-mesh/security-operator/internal/client"
"github.com/platform-mesh/security-operator/internal/config"
"github.com/platform-mesh/security-operator/internal/metrics"
"github.com/platform-mesh/security-operator/internal/subroutine"
"github.com/platform-mesh/subroutines/lifecycle"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/cluster"
"sigs.k8s.io/controller-runtime/pkg/controller"
"sigs.k8s.io/controller-runtime/pkg/predicate"
mcbuilder "sigs.k8s.io/multicluster-runtime/pkg/builder"
mcmanager "sigs.k8s.io/multicluster-runtime/pkg/manager"
"sigs.k8s.io/multicluster-runtime/pkg/multicluster"
mcreconcile "sigs.k8s.io/multicluster-runtime/pkg/reconcile"
)
type AuthorizationModelReconciler struct {
log *logger.Logger
lifecycle *lifecycle.Lifecycle
}
func NewAuthorizationModelReconciler(log *logger.Logger, fga openfgav1.OpenFGAServiceClient, mcMgr mcmanager.Manager, kcpClientGetter iclient.KCPClientGetter) *AuthorizationModelReconciler {
lc := lifecycle.New(mcMgr, "AuthorizationModelReconciler", func() client.Object {
return &corev1alpha1.AuthorizationModel{}
}, subroutine.NewTupleSubroutine(fga, kcpClientGetter))
return &AuthorizationModelReconciler{
log: log,
lifecycle: lc,
}
}
func (r *AuthorizationModelReconciler) Reconcile(ctx context.Context, req mcreconcile.Request) (ctrl.Result, error) {
start := time.Now()
result, err := r.lifecycle.Reconcile(ctx, req)
labelResult := "success"
if err != nil {
labelResult = "error"
}
metrics.ReconcileTotal.WithLabelValues("authorizationmodel", labelResult).Inc()
metrics.ReconcileDuration.WithLabelValues("authorizationmodel").Observe(time.Since(start).Seconds())
return result, err
}
func (r *AuthorizationModelReconciler) SetupWithManager(mgr mcmanager.Manager, cfg *platformeshconfig.CommonServiceConfig, evp ...predicate.Predicate) error {
opts := controller.TypedOptions[mcreconcile.Request]{
MaxConcurrentReconciles: cfg.MaxConcurrentReconciles,
}
predicates := append([]predicate.Predicate{filter.DebugResourcesBehaviourPredicate(cfg.DebugLabelValue)}, evp...)
return mcbuilder.ControllerManagedBy(mgr).
Named("authorizationmodel").
For(&corev1alpha1.AuthorizationModel{}, mcbuilder.WithClusterFilter(func(clusterName multicluster.ClusterName, _ cluster.Cluster) bool {
return strings.HasPrefix(string(clusterName), config.CoreProviderName)
})).
WithOptions(opts).
WithEventFilter(predicate.And(predicates...)).
Complete(r)
}