Add iampolicy set ability

barpilot · May 3, 2019 · 061b391 · 061b391
1 parent 2c2d167
commit 061b391
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 17 deletions.
diff --git a/pkg/apis/cloudruncontroller/v1alpha1/service_types.go b/pkg/apis/cloudruncontroller/v1alpha1/service_types.go
@@ -15,9 +15,10 @@ type ServiceSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file
 	// Add custom validation using kubebuilder tags: https://book.kubebuilder.io/beyond_basics/generating_crd.html
-	Project  string      `json:"project"`
-	Service  run.Service `json:"service"`
-	Location string      `json:"location"`
+	Project   string        `json:"project"`
+	Service   run.Service   `json:"service"`
+	Location  string        `json:"location"`
+	IamPolicy run.IamPolicy `json:"iamPolicy,omitempty"`
 }
 
 // ServiceStatus defines the observed state of Service

diff --git a/pkg/apis/cloudruncontroller/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/cloudruncontroller/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/apis/cloudruncontroller/v1alpha1/zz_generated.openapi.go b/pkg/apis/cloudruncontroller/v1alpha1/zz_generated.openapi.go
diff --git a/pkg/controller/service/service_controller.go b/pkg/controller/service/service_controller.go
@@ -100,12 +100,18 @@ func (r *ReconcileService) Reconcile(request reconcile.Request) (reconcile.Resul
 		return reconcile.Result{}, err
 	}
 
+	// Be sure namespace is correctly set
+	if instance.Spec.Service.Metadata.Namespace == "" {
+		instance.Spec.Service.Metadata.Namespace = instance.Spec.Project
+	}
+
 	rm, err := run.NewRunManager(instance.Spec.Project)
 	if err != nil {
 		return reconcile.Result{}, err
 	}
 
 	parent := utils.Parent(instance.Spec.Project, instance.Spec.Location)
+	resource := utils.ServiceName(parent, instance.Spec.Service.Metadata.Name)
 
 	if r.finalizer.IsDeletionCandidate(instance) {
 		if value, exists := instance.GetAnnotations()[annotationDeletion]; exists && value == "true" {
@@ -117,12 +123,11 @@ func (r *ReconcileService) Reconcile(request reconcile.Request) (reconcile.Resul
 		r.finalizer.Remove(instance)
 		return reconcile.Result{}, r.client.Update(context.TODO(), instance)
 	}
+	r.finalizer.Add(instance)
 
-	// Be sure namespace is correctly set
-	if instance.Spec.Service.Metadata.Namespace == "" {
-		instance.Spec.Service.Metadata.Namespace = instance.Spec.Project
+	if err := rm.SetIamPolicy(resource, instance.Spec.IamPolicy); err != nil {
+		return reconcile.Result{}, err
 	}
-	r.finalizer.Add(instance)
 
 	if err := rm.CreateOrUpdate(parent, instance.Spec.Service); err != nil {
 		return reconcile.Result{}, err

diff --git a/pkg/run/run.go b/pkg/run/run.go
@@ -103,3 +103,9 @@ func (rm *RunManager) Delete(parent string, service Service) error {
 	_, err := rm.service.Projects.Locations.Services.Delete(name).Do()
 	return err
 }
+
+func (rm *RunManager) SetIamPolicy(resource string, policy IamPolicy) error {
+	p := runApi.Policy(policy)
+	_, err := rm.service.Projects.Locations.Services.SetIamPolicy(resource, &runApi.SetIamPolicyRequest{Policy: &p}).Do()
+	return err
+}
diff --git a/pkg/run/service.go b/pkg/run/service.go
@@ -4,12 +4,6 @@ import (
 	runApi "google.golang.org/api/run/v1alpha1"
 )
 
-// type Service runApi.Service
-
-// type Service struct {
-// 	*runApi.Service
-// }
-
 type Service runApi.Service
 
 func (in *Service) DeepCopy() *Service {
@@ -25,3 +19,19 @@ func (in *Service) DeepCopyInto(out *Service) {
 	*out = *in
 	return
 }
+
+type IamPolicy runApi.Policy
+
+func (in *IamPolicy) DeepCopy() *IamPolicy {
+	if in == nil {
+		return nil
+	}
+	out := new(IamPolicy)
+	in.DeepCopyInto(out)
+	return out
+}
+
+func (in *IamPolicy) DeepCopyInto(out *IamPolicy) {
+	*out = *in
+	return
+}