diff --git a/pkg/controllers/organization/dex.go b/pkg/controllers/organization/dex.go index 5ef1b75ff..90ffb02d2 100644 --- a/pkg/controllers/organization/dex.go +++ b/pkg/controllers/organization/dex.go @@ -9,8 +9,14 @@ import ( "encoding/json" "fmt" "hash/fnv" + "log/slog" + "os" "strings" + "github.com/dexidp/dex/storage/sql" + + "github.com/cloudoperators/greenhouse/pkg/idproxy" + "github.com/dexidp/dex/connector/oidc" "github.com/dexidp/dex/storage" "github.com/pkg/errors" @@ -90,10 +96,24 @@ func (r *OrganizationReconciler) reconcileDexConnector(ctx context.Context, org r.recorder.Eventf(org, corev1.EventTypeNormal, "UpdatedDexConnector", "Updated dex connector %s/%s", dexConnector.Namespace, dexConnector.GetName()) } + logger := slog.New(slog.NewJSONHandler(os.Stdout, nil)) + sqlDexStorage, err := idproxy.NewPostgresStorage(sql.SSL{Mode: "disable"}, sql.NetworkDB{ + Host: r.PGHost, + Port: r.PGPort, + User: r.PGUser, + Password: r.PGPasswd, + Database: r.PGDB, + }, logger.With("component", "storage")) + if err != nil { + return err + } + + defer sqlDexStorage.Close() + // Create the connectors also in SQL storage var oidcConnector storage.Connector - if oidcConnector, err = r.sqlDexStorage.GetConnector(org.Name); err != nil { - if err = r.sqlDexStorage.CreateConnector(ctx, storage.Connector{ + if oidcConnector, err = sqlDexStorage.GetConnector(org.Name); err != nil { + if err = sqlDexStorage.CreateConnector(ctx, storage.Connector{ ID: org.Name, Type: dexConnectorTypeGreenhouse, Name: cases.Title(language.English).String(org.Name), @@ -104,7 +124,7 @@ func (r *OrganizationReconciler) reconcileDexConnector(ctx context.Context, org log.FromContext(ctx).Info("created dex connector in SQL storage", "name", org.Name) r.recorder.Eventf(org, corev1.EventTypeNormal, "CreatedDexConnectorSQL", "Created dex connector in SQL storage %s", org.Name) } - if err = r.sqlDexStorage.UpdateConnector(oidcConnector.ID, func(c storage.Connector) (storage.Connector, error) { + if err = sqlDexStorage.UpdateConnector(oidcConnector.ID, func(c storage.Connector) (storage.Connector, error) { c.ID = org.Name c.Type = dexConnectorTypeGreenhouse c.Name = cases.Title(language.English).String(org.Name) @@ -146,10 +166,23 @@ func (r *OrganizationReconciler) discoverOIDCRedirectURL(ctx context.Context, or } func (r *OrganizationReconciler) reconcileOAuth2Client(ctx context.Context, org *greenhousesapv1alpha1.Organization) error { + logger := slog.New(slog.NewJSONHandler(os.Stdout, nil)) + sqlDexStorage, err := idproxy.NewPostgresStorage(sql.SSL{Mode: "disable"}, sql.NetworkDB{ + Host: r.PGHost, + Port: r.PGPort, + User: r.PGUser, + Password: r.PGPasswd, + Database: r.PGDB, + }, logger.With("component", "storage")) + if err != nil { + return err + } + + defer sqlDexStorage.Close() + var oAuthClient storage.Client - var err error - if oAuthClient, err = r.sqlDexStorage.GetClient(org.Name); err != nil { - if err = r.sqlDexStorage.CreateClient(ctx, storage.Client{ + if oAuthClient, err = sqlDexStorage.GetClient(org.Name); err != nil { + if err = sqlDexStorage.CreateClient(ctx, storage.Client{ Public: true, ID: org.Name, Name: org.Name, @@ -165,7 +198,7 @@ func (r *OrganizationReconciler) reconcileOAuth2Client(ctx context.Context, org return nil } - if err = r.sqlDexStorage.UpdateClient(oAuthClient.Name, func(authClient storage.Client) (storage.Client, error) { + if err = sqlDexStorage.UpdateClient(oAuthClient.Name, func(authClient storage.Client) (storage.Client, error) { authClient.Public = true authClient.ID = org.Name authClient.Name = org.Name diff --git a/pkg/controllers/organization/organization_controller.go b/pkg/controllers/organization/organization_controller.go index 5c6634e77..41a039f95 100644 --- a/pkg/controllers/organization/organization_controller.go +++ b/pkg/controllers/organization/organization_controller.go @@ -5,11 +5,7 @@ package organization import ( "context" - "log/slog" - "os" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/sql" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" @@ -25,7 +21,6 @@ import ( greenhousesapv1alpha1 "github.com/cloudoperators/greenhouse/pkg/apis/greenhouse/v1alpha1" "github.com/cloudoperators/greenhouse/pkg/clientutil" dexapi "github.com/cloudoperators/greenhouse/pkg/dex/api" - "github.com/cloudoperators/greenhouse/pkg/idproxy" "github.com/cloudoperators/greenhouse/pkg/lifecycle" "github.com/cloudoperators/greenhouse/pkg/scim" ) @@ -53,7 +48,6 @@ type OrganizationReconciler struct { // Database related configuration PGDB, PGHost, PGUser, PGPasswd string PGPort uint16 - sqlDexStorage storage.Storage } //+kubebuilder:rbac:groups=greenhouse.sap,resources=organizations,verbs=get;list;watch;create;update;patch;delete @@ -74,19 +68,6 @@ func (r *OrganizationReconciler) SetupWithManager(name string, mgr ctrl.Manager) r.Client = mgr.GetClient() r.recorder = mgr.GetEventRecorderFor(name) - var err error - logger := slog.New(slog.NewJSONHandler(os.Stdout, nil)) - r.sqlDexStorage, err = idproxy.NewPostgresStorage(sql.SSL{Mode: "disable"}, sql.NetworkDB{ - Host: r.PGHost, - Port: r.PGPort, - User: r.PGUser, - Password: r.PGPasswd, - Database: r.PGDB, - }, logger.With("component", "storage")) - if err != nil { - return err - } - return ctrl.NewControllerManagedBy(mgr). Named(name). For(&greenhousesapv1alpha1.Organization{}).