snapp-incubator · sinamna · Dec 2, 2023 · Nov 27, 2023 · Nov 27, 2023 · Nov 27, 2023
diff --git a/internal/controller/basic_authenticator/basicauthenticator_controller.go b/internal/controller/basic_authenticator/basicauthenticator_controller.go
@@ -23,9 +23,13 @@ import (
 	appv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+	"sigs.k8s.io/controller-runtime/pkg/source"
 )
 
 // BasicAuthenticatorReconciler reconciles a BasicAuthenticator object
@@ -41,6 +45,7 @@ type BasicAuthenticatorReconciler struct {
 //+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete
 
 func (r *BasicAuthenticatorReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	logger := log.FromContext(ctx)
@@ -56,5 +61,29 @@ func (r *BasicAuthenticatorReconciler) SetupWithManager(mgr ctrl.Manager) error
 		Owns(&appv1.Deployment{}).
 		Owns(&corev1.ConfigMap{}).
 		Owns(&corev1.Secret{}).
+		Watches(
+			&source.Kind{Type: &appv1.Deployment{}},
+			handler.EnqueueRequestsFromMapFunc(r.findExternallyManagedDeployments),
+		).
 		Complete(r)
 }
+
+func (r *BasicAuthenticatorReconciler) findExternallyManagedDeployments(deployment client.Object) []reconcile.Request {
+	deploy, ok := deployment.(*appv1.Deployment)
+	if !ok {
+		return nil
+	}
+	if deploy.ObjectMeta.Annotations == nil {
+		return nil
+	}
+	basicAuthName, exists := deploy.ObjectMeta.Annotations[ExternallyManaged]
+	if !exists {
+		return nil
+	}
+
+	return []reconcile.Request{
+		{
+			NamespacedName: types.NamespacedName{Name: basicAuthName, Namespace: deploy.Namespace},
+		},
+	}
+}
diff --git a/internal/controller/basic_authenticator/const.go b/internal/controller/basic_authenticator/const.go
@@ -5,5 +5,6 @@ const (
 	nginxDefaultContainerName   = "nginx"
 	SecretAnnotation            = "authenticator.snappcloud.io/secret.name"
 	ConfigmapAnnotation         = "authenticator.snappcloud.io/configmap.name"
-	basicAuthenticatorFinalizer = "basicauthenticators.authenticator.snappcloud.io/finalizer"
+	basicAuthenticatorFinalizer = "basicauthenticator.snappcloud.io/finalizer"
+	ExternallyManaged           = "basicauthenticator.snappcloud.io/externally.managed"
 )
diff --git a/internal/controller/basic_authenticator/nginx.go b/internal/controller/basic_authenticator/nginx.go
@@ -2,11 +2,10 @@ package basic_authenticator
 
 import (
 	"context"
-	"crypto/sha256"
-	"encoding/hex"
 	"fmt"
 	"github.com/snapp-incubator/simple-authenticator/api/v1alpha1"
-	"github.com/snapp-incubator/simple-authenticator/pkg/hash"
+	"github.com/snapp-incubator/simple-authenticator/internal/config"
+	"github.com/snapp-incubator/simple-authenticator/pkg/random_generator"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -36,37 +35,30 @@ const (
 )
 
 // TODO: come up with better name that "nginx"
-func (r *BasicAuthenticatorReconciler) CreateNginxDeployment(basicAuthenticator *v1alpha1.BasicAuthenticator, configMapName string, credentialName string) *appsv1.Deployment {
-	nginxImageAddress := nginxDefaultImageAddress
-	if r.CustomConfig != nil && r.CustomConfig.WebserverConf.Image != "" {
-		nginxImageAddress = r.CustomConfig.WebserverConf.Image
-	}
-
-	nginxContainerName := nginxDefaultContainerName
-	if r.CustomConfig != nil && r.CustomConfig.WebserverConf.ContainerName != "" {
-		nginxContainerName = r.CustomConfig.WebserverConf.ContainerName
-	}
+func createNginxDeployment(basicAuthenticator *v1alpha1.BasicAuthenticator, configMapName string, credentialName string, customConfig *config.CustomConfig) *appsv1.Deployment {
+	nginxImageAddress := getNginxContainerImage(customConfig)
+	nginxContainerName := getNginxContainerName(customConfig)
 
-	deploymentName := GenerateRandomName(basicAuthenticator.Name, "deployment")
+	deploymentName := random_generator.GenerateRandomName(basicAuthenticator.Name, "deployment")
 	replicas := int32(basicAuthenticator.Spec.Replicas)
 	authenticatorPort := int32(basicAuthenticator.Spec.AuthenticatorPort)
 
-	labels := map[string]string{"app": deploymentName}
+	basicAuthLabels := map[string]string{"app": deploymentName}
 
 	//TODO: mount secret as volume
 	deploy := &appsv1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      deploymentName,
 			Namespace: basicAuthenticator.Namespace,
-			Labels:    labels,
+			Labels:    basicAuthLabels,
 		},
 		Spec: appsv1.DeploymentSpec{
 			Replicas: &replicas,
-			Selector: &metav1.LabelSelector{MatchLabels: labels},
+			Selector: &metav1.LabelSelector{MatchLabels: basicAuthLabels},
 			Template: corev1.PodTemplateSpec{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:   deploymentName,
-					Labels: labels,
+					Labels: basicAuthLabels,
 				},
 				Spec: corev1.PodSpec{
 					Containers: []corev1.Container{
@@ -118,30 +110,30 @@ func (r *BasicAuthenticatorReconciler) CreateNginxDeployment(basicAuthenticator
 	return deploy
 }
 
-func (r *BasicAuthenticatorReconciler) CreateNginxConfigmap(basicAuthenticator *v1alpha1.BasicAuthenticator) *corev1.ConfigMap {
-	configmapName := GenerateRandomName(basicAuthenticator.Name, "configmap")
-	labels := map[string]string{
+func createNginxConfigmap(basicAuthenticator *v1alpha1.BasicAuthenticator) *corev1.ConfigMap {
+	configmapName := random_generator.GenerateRandomName(basicAuthenticator.Name, "configmap")
+	basicAuthLabels := map[string]string{
 		"app": basicAuthenticator.Name,
 	}
-	nginxConf := FillTemplate(template, SecretMountPath, basicAuthenticator)
+	nginxConf := fillTemplate(template, SecretMountPath, basicAuthenticator)
 	data := map[string]string{
 		"nginx.conf": nginxConf,
 	}
 	configMap := &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      configmapName,
 			Namespace: basicAuthenticator.Namespace,
-			Labels:    labels,
+			Labels:    basicAuthLabels,
 		},
 		Data: data,
 	}
 	return configMap
 }
 
-func (r *BasicAuthenticatorReconciler) CreateCredentials(basicAuthenticator *v1alpha1.BasicAuthenticator) *corev1.Secret {
-	username, password := hash.GenerateRandomString(20), hash.GenerateRandomString(20)
+func createCredentials(basicAuthenticator *v1alpha1.BasicAuthenticator) *corev1.Secret {
+	username, password := random_generator.GenerateRandomString(20), random_generator.GenerateRandomString(20)
 	htpasswdString := fmt.Sprintf("%s:%s", username, password)
-	secretName := GenerateRandomName(basicAuthenticator.Name, hash.GenerateRandomString(10))
+	secretName := random_generator.GenerateRandomName(basicAuthenticator.Name, random_generator.GenerateRandomString(10))
 	secret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      secretName,
@@ -154,19 +146,13 @@ func (r *BasicAuthenticatorReconciler) CreateCredentials(basicAuthenticator *v1a
 	return secret
 }
 
-func (r *BasicAuthenticatorReconciler) Injector(ctx context.Context, basicAuthenticator *v1alpha1.BasicAuthenticator, configMapName string, credentialName string) ([]*appsv1.Deployment, error) {
-	nginxImageAddress := nginxDefaultImageAddress
-	if r.CustomConfig != nil && r.CustomConfig.WebserverConf.Image != "" {
-		nginxImageAddress = r.CustomConfig.WebserverConf.Image
-	}
+func injector(ctx context.Context, basicAuthenticator *v1alpha1.BasicAuthenticator, configMapName string, credentialName string, customConfig *config.CustomConfig, k8Client client.Client) ([]*appsv1.Deployment, error) {
+	nginxImageAddress := getNginxContainerImage(customConfig)
+	nginxContainerName := getNginxContainerName(customConfig)
 
-	nginxContainerName := nginxDefaultContainerName
-	if r.CustomConfig != nil && r.CustomConfig.WebserverConf.ContainerName != "" {
-		nginxContainerName = r.CustomConfig.WebserverConf.ContainerName
-	}
 	authenticatorPort := int32(basicAuthenticator.Spec.AuthenticatorPort)
 	var deploymentList appsv1.DeploymentList
-	if err := r.Client.List(
+	if err := k8Client.List(
 		ctx,
 		&deploymentList,
 		client.MatchingLabelsSelector{Selector: labels.SelectorFromSet(basicAuthenticator.Spec.Selector.MatchLabels)},
@@ -227,7 +213,7 @@ func (r *BasicAuthenticatorReconciler) Injector(ctx context.Context, basicAuthen
 	return resultDeployments, nil
 }
 
-func FillTemplate(template string, secretPath string, authenticator *v1alpha1.BasicAuthenticator) string {
+func fillTemplate(template string, secretPath string, authenticator *v1alpha1.BasicAuthenticator) string {
 	var result string
 	var appservice string
 	if authenticator.Spec.Type == "sidecar" {
@@ -241,10 +227,3 @@ func FillTemplate(template string, secretPath string, authenticator *v1alpha1.Ba
 	result = strings.Replace(result, "APP_PORT", fmt.Sprintf("%d", authenticator.Spec.AppPort), 1)
 	return result
 }
-
-func GenerateRandomName(baseName string, salt string) string {
-	tuple := fmt.Sprintf("%s-%s", baseName, salt)
-	sum := sha256.Sum256([]byte(tuple))
-	subByte := sum[:8]
-	return fmt.Sprintf("%s-%s", baseName, hex.EncodeToString(subByte))
-}