Allow creating and updating observability tenant

Signed-off-by: David van der Spek <[email protected]>
pluralsh · Apr 4, 2023 · dc7d00c · dc7d00c
1 parent 6fc49b1
commit dc7d00c
Show file tree

Hide file tree

Showing 9 changed files with 1,359 additions and 291 deletions.
diff --git a/api-server/clients/observabilitytenant.go b/api-server/clients/observabilitytenant.go
@@ -7,6 +7,7 @@ import (
 	rts "github.com/ory/keto/proto/ory/keto/relation_tuples/v1alpha2"
 	px "github.com/ory/x/pointerx"
 	"github.com/pluralsh/oauth-playground/api-server/graph/model"
+	observabilityv1alpha1 "github.com/pluralsh/trace-shield-controller/api/observability/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -17,7 +18,94 @@ const (
 	ObservabilityTenantPermissionEdit ObservabilityTenantPermission = "editors"
 )
 
-func (c *ClientWrapper) MutateObservabilityTenant(ctx context.Context, name string, viewers *model.ObservabilityTenantViewersInput, editors *model.ObservabilityTenantEditorsInput) (*model.ObservabilityTenant, error) {
+func (c *ClientWrapper) CreateObservabilityTenant(ctx context.Context, name string, viewers *model.ObservabilityTenantViewersInput, editors *model.ObservabilityTenantEditorsInput, limits *model.ObservabilityTenantLimitsInput) (*model.ObservabilityTenant, error) {
+	log := c.Log.WithName("CreateObservabilityTenant").WithValues("Name", name)
+
+	var mimirLimits *observabilityv1alpha1.MimirLimits
+
+	if limits != nil && limits.Mimir != nil {
+		tmpMimirLimits := observabilityv1alpha1.MimirLimits(*limits.Mimir)
+		mimirLimits = &tmpMimirLimits
+	}
+
+	tenantStruct := &observabilityv1alpha1.Tenant{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Spec: observabilityv1alpha1.TenantSpec{
+			Limits: &observabilityv1alpha1.LimitSpec{
+				Mimir: mimirLimits,
+			},
+		},
+	}
+
+	tenant, err := c.ControllerClient.ObservabilityV1alpha1().Tenants().Create(ctx, tenantStruct, metav1.CreateOptions{})
+	if err != nil {
+		log.Error(err, "Failed to create observability tenant")
+		return nil, err
+	}
+
+	if err := c.MutateObservabilityTenantInKeto(ctx, name, viewers, editors); err != nil {
+		log.Error(err, "Failed to mutate observability tenant in keto")
+		return nil, err
+	}
+
+	return &model.ObservabilityTenant{
+		Name: tenant.Name,
+		Limits: &model.ObservabilityTenantLimits{
+			Mimir: tenant.Spec.Limits.Mimir,
+		},
+	}, nil
+}
+
+func (c *ClientWrapper) UpdateObservabilityTenant(ctx context.Context, name string, viewers *model.ObservabilityTenantViewersInput, editors *model.ObservabilityTenantEditorsInput, limits *model.ObservabilityTenantLimitsInput) (*model.ObservabilityTenant, error) {
+	log := c.Log.WithName("UpdateObservabilityTenant").WithValues("Name", name)
+
+	var mimirLimits *observabilityv1alpha1.MimirLimits
+
+	if limits != nil && limits.Mimir != nil {
+		tmpMimirLimits := observabilityv1alpha1.MimirLimits(*limits.Mimir)
+		mimirLimits = &tmpMimirLimits
+	}
+
+	existingTenant, err := c.ControllerClient.ObservabilityV1alpha1().Tenants().Get(ctx, name, metav1.GetOptions{})
+	if err != nil {
+		log.Error(err, "Failed to get observability tenant")
+		return nil, err
+	}
+
+	tenantStruct := &observabilityv1alpha1.Tenant{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:            name,
+			ResourceVersion: existingTenant.GetResourceVersion(),
+		},
+		Spec: observabilityv1alpha1.TenantSpec{
+			Limits: &observabilityv1alpha1.LimitSpec{
+				Mimir: mimirLimits,
+			},
+		},
+	}
+
+	tenant, err := c.ControllerClient.ObservabilityV1alpha1().Tenants().Update(ctx, tenantStruct, metav1.UpdateOptions{})
+	if err != nil {
+		log.Error(err, "Failed to update observability tenant")
+		return nil, err
+	}
+
+	if err := c.MutateObservabilityTenantInKeto(ctx, name, viewers, editors); err != nil {
+		log.Error(err, "Failed to mutate observability tenant in keto")
+		return nil, err
+	}
+
+	return &model.ObservabilityTenant{
+		Name: tenant.Name,
+		Limits: &model.ObservabilityTenantLimits{
+			Mimir: tenant.Spec.Limits.Mimir,
+		},
+	}, nil
+}
+
+func (c *ClientWrapper) MutateObservabilityTenantInKeto(ctx context.Context, name string, viewers *model.ObservabilityTenantViewersInput, editors *model.ObservabilityTenantEditorsInput) error {
 
 	// TODO: figure out which members to add or remove
 	log := c.Log.WithName("ObservabilityTenant").WithValues("Name", name)
@@ -26,24 +114,24 @@ func (c *ClientWrapper) MutateObservabilityTenant(ctx context.Context, name stri
 	// updating a group would require that we first check if it exists and if a user is allowed to update it
 	// creating a group would require that we first check if it exists and if a user is allowed to create it
 
-	tenantpExists, err := c.ObservabilityTenantExistsInKeto(ctx, name)
-	if err != nil {
-		log.Error(err, "Failed to check if observability tenant already exists in keto")
-		return nil, err
-	}
+	// tenantpExists, err := c.ObservabilityTenantExistsInKeto(ctx, name)
+	// if err != nil {
+	// 	log.Error(err, "Failed to check if observability tenant already exists in keto")
+	// 	return nil, err
+	// }
 
-	if !tenantpExists {
-		err := c.CreateObservabilityTenantInKeto(ctx, name)
-		if err != nil {
-			log.Error(err, "Failed to create observability tenant in keto")
-			return nil, err
-		}
-	}
+	// if !tenantpExists {
+	// 	err := c.CreateObservabilityTenantInKeto(ctx, name)
+	// 	if err != nil {
+	// 		log.Error(err, "Failed to create observability tenant in keto")
+	// 		return nil, err
+	// 	}
+	// }
 
 	viewUsersToAdd, viewUsersToRemove, viewGroupsToAdd, viewGroupsToRemove, viewClientsToAdd, viewClientsToRemove, err := c.OsTenantChangeset(ctx, name, viewers, nil, ObservabilityTenantPermissionView)
 	if err != nil {
 		log.Error(err, "Failed to get observability tenant changeset")
-		return nil, err
+		return err
 	}
 
 	if err := c.AddUsersToTenantInKeto(ctx, name, viewUsersToAdd, ObservabilityTenantPermissionView); err != nil {
@@ -79,7 +167,7 @@ func (c *ClientWrapper) MutateObservabilityTenant(ctx context.Context, name stri
 	editUsersToAdd, editUsersToRemove, editGroupsToAdd, editGroupsToRemove, _, _, err := c.OsTenantChangeset(ctx, name, nil, editors, ObservabilityTenantPermissionEdit)
 	if err != nil {
 		log.Error(err, "Failed to get observability tenant changeset")
-		return nil, err
+		return err
 	}
 
 	if err := c.AddUsersToTenantInKeto(ctx, name, editUsersToAdd, ObservabilityTenantPermissionEdit); err != nil {
@@ -102,12 +190,7 @@ func (c *ClientWrapper) MutateObservabilityTenant(ctx context.Context, name stri
 		// return nil, err // TODO: add some way to wrap errors
 	}
 
-	return &model.ObservabilityTenant{
-		Name: name,
-		Organization: &model.Organization{
-			Name: "main", //TODO: decide whether to hardcode this or not
-		},
-	}, nil
+	return nil
 }
 
 // function that checks if an observability tenant exists in keto

diff --git a/api-server/go.mod b/api-server/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/go-logr/logr v1.2.3
 	github.com/ory/keto/proto v0.11.1-alpha.0
 	github.com/ory/kratos-client-go v0.11.1
-	github.com/pluralsh/trace-shield-controller v0.0.0-20230404161307-a98fd77d4d44
+	github.com/pluralsh/trace-shield-controller v0.0.0-20230404170210-f84361cc9dee
 	github.com/rs/cors v1.8.3
 	github.com/vektah/gqlparser/v2 v2.5.1
 	sigs.k8s.io/controller-runtime v0.14.4

diff --git a/api-server/go.sum b/api-server/go.sum
@@ -1209,8 +1209,8 @@ github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZ
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
 github.com/pluralsh/controller-reconcile-helper v0.0.4 h1:1o+7qYSyoeqKFjx+WgQTxDz4Q2VMpzprJIIKShxqG0E=
 github.com/pluralsh/controller-reconcile-helper v0.0.4/go.mod h1:AfY0gtteD6veBjmB6jiRx/aR4yevEf6K0M13/pGan/s=
-github.com/pluralsh/trace-shield-controller v0.0.0-20230404161307-a98fd77d4d44 h1:bbcN7OGV4vrYcrk4AHiICMmV3VA393NnQv8ronuSF7A=
-github.com/pluralsh/trace-shield-controller v0.0.0-20230404161307-a98fd77d4d44/go.mod h1:Mjf4+X7fVZhc1nK0DhtrYiB588QpvGt+IYE0Ob5pMi0=
+github.com/pluralsh/trace-shield-controller v0.0.0-20230404170210-f84361cc9dee h1:cFN6H82uHFULmm6UAb60ORM0Zy8mfsfn4i3l2aLtYUw=
+github.com/pluralsh/trace-shield-controller v0.0.0-20230404170210-f84361cc9dee/go.mod h1:Mjf4+X7fVZhc1nK0DhtrYiB588QpvGt+IYE0Ob5pMi0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

diff --git a/api-server/graph/custom/float_map.go b/api-server/graph/custom/float_map.go
@@ -17,6 +17,7 @@ func MarshalFloatMap(val map[string]*float64) graphql.Marshaler {
 	})
 }
 
+// TODO: this unmarshaler is not working and is needed for input types
 func UnmarshalFloatMap(v interface{}) (map[string]*float64, error) {
 	if m, ok := v.(map[string]*float64); ok {
 		return m, nil

diff --git a/api-server/graph/custom/forwarding_rule_map.go b/api-server/graph/custom/forwarding_rule_map.go
@@ -20,6 +20,7 @@ func MarshalForwardingRuleMap(val map[string]*observabilityv1alpha1.ForwardingRu
 	})
 }
 
+// TODO: this unmarshaler is not working and is needed for input types
 func UnmarshalForwardingRuleMap(v interface{}) (map[string]*observabilityv1alpha1.ForwardingRule, error) {
 	if m, ok := v.(map[string]*observabilityv1alpha1.ForwardingRule); ok {
 		return m, nil