mirror of
https://github.com/guilhem/headscale-operator.git
synced 2024-11-22 03:23:03 +00:00
202 lines
6.4 KiB
Go
202 lines
6.4 KiB
Go
|
/*
|
||
|
Copyright 2022 Guilhem Lettron.
|
||
|
|
||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
you may not use this file except in compliance with the License.
|
||
|
You may obtain a copy of the License at
|
||
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||
|
|
||
|
Unless required by applicable law or agreed to in writing, software
|
||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
See the License for the specific language governing permissions and
|
||
|
limitations under the License.
|
||
|
*/
|
||
|
|
||
|
package controllers
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
"errors"
|
||
|
"fmt"
|
||
|
"time"
|
||
|
|
||
|
"golang.org/x/exp/slices"
|
||
|
"google.golang.org/protobuf/types/known/timestamppb"
|
||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||
|
"k8s.io/apimachinery/pkg/runtime"
|
||
|
"k8s.io/client-go/tools/record"
|
||
|
ctrl "sigs.k8s.io/controller-runtime"
|
||
|
"sigs.k8s.io/controller-runtime/pkg/client"
|
||
|
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
|
||
|
"sigs.k8s.io/controller-runtime/pkg/log"
|
||
|
|
||
|
headscalev1alpha1 "github.com/guilhem/headscale-operator/api/v1alpha1"
|
||
|
"github.com/guilhem/headscale-operator/pkg/utils"
|
||
|
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
|
||
|
)
|
||
|
|
||
|
// PreAuthKeyReconciler reconciles a PreAuthKey object
|
||
|
type PreAuthKeyReconciler struct {
|
||
|
client.Client
|
||
|
Scheme *runtime.Scheme
|
||
|
recorder record.EventRecorder
|
||
|
}
|
||
|
|
||
|
//+kubebuilder:rbac:groups=headscale.barpilot.io,resources=preauthkeys,verbs=get;list;watch;create;update;patch;delete
|
||
|
//+kubebuilder:rbac:groups=headscale.barpilot.io,resources=preauthkeys/status,verbs=get;update;patch
|
||
|
//+kubebuilder:rbac:groups=headscale.barpilot.io,resources=preauthkeys/finalizers,verbs=update
|
||
|
//+kubebuilder:rbac:groups="",resources=events,verbs=create;patch
|
||
|
|
||
|
// Reconcile is part of the main kubernetes reconciliation loop which aims to
|
||
|
// move the current state of the cluster closer to the desired state.
|
||
|
//
|
||
|
// For more details, check Reconcile and its Result here:
|
||
|
// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.11.2/pkg/reconcile
|
||
|
func (r *PreAuthKeyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
|
||
|
log := log.FromContext(ctx)
|
||
|
|
||
|
log.Info("Begin")
|
||
|
|
||
|
instance := new(headscalev1alpha1.PreAuthKey)
|
||
|
if err := r.Get(ctx, req.NamespacedName, instance); err != nil {
|
||
|
log.Error(err, "unable to fetch PreAuthKey")
|
||
|
// we'll ignore not-found errors, since they can't be fixed by an immediate
|
||
|
// requeue (we'll need to wait for a new notification), and we can get them
|
||
|
// on deleted requests.
|
||
|
return ctrl.Result{}, client.IgnoreNotFound(err)
|
||
|
}
|
||
|
|
||
|
namespace := &headscalev1alpha1.Namespace{
|
||
|
ObjectMeta: metav1.ObjectMeta{
|
||
|
Name: instance.Spec.Namespace,
|
||
|
Namespace: instance.Namespace,
|
||
|
},
|
||
|
}
|
||
|
|
||
|
if err := r.Get(ctx, client.ObjectKeyFromObject(namespace), namespace); err != nil {
|
||
|
log.Error(err, "unable to fetch Namespace")
|
||
|
|
||
|
return ctrl.Result{}, err
|
||
|
}
|
||
|
|
||
|
if !namespace.Status.Created {
|
||
|
return ctrl.Result{}, errors.New("Namespace not created")
|
||
|
}
|
||
|
|
||
|
server := &headscalev1alpha1.Server{
|
||
|
ObjectMeta: metav1.ObjectMeta{
|
||
|
Name: namespace.Spec.Server,
|
||
|
Namespace: instance.Namespace,
|
||
|
},
|
||
|
}
|
||
|
|
||
|
if err := r.Get(ctx, client.ObjectKeyFromObject(server), server); err != nil {
|
||
|
log.Error(err, "unable to fetch Server")
|
||
|
|
||
|
return ctrl.Result{}, err
|
||
|
}
|
||
|
|
||
|
if server.Status.GrpcAddress == "" {
|
||
|
log.Info("Server not ready")
|
||
|
|
||
|
return ctrl.Result{}, errors.New("Server not ready")
|
||
|
}
|
||
|
|
||
|
clientCtx, cancel := context.WithTimeout(ctx, time.Second*10)
|
||
|
defer cancel()
|
||
|
|
||
|
client, err := utils.NewHeadscaleServiceClient(clientCtx, server.Status.GrpcAddress)
|
||
|
if err != nil {
|
||
|
return ctrl.Result{}, err
|
||
|
}
|
||
|
|
||
|
// examine DeletionTimestamp to determine if object is under deletion
|
||
|
if instance.ObjectMeta.DeletionTimestamp.IsZero() {
|
||
|
// The object is not being deleted, so if it does not have our finalizer,
|
||
|
// then lets add the finalizer and update the object. This is equivalent
|
||
|
// registering our finalizer.
|
||
|
if !controllerutil.ContainsFinalizer(instance, Finalizer) {
|
||
|
controllerutil.AddFinalizer(instance, Finalizer)
|
||
|
if err := r.Update(ctx, instance); err != nil {
|
||
|
return ctrl.Result{}, err
|
||
|
}
|
||
|
}
|
||
|
} else {
|
||
|
// The object is being deleted
|
||
|
if controllerutil.ContainsFinalizer(instance, Finalizer) {
|
||
|
|
||
|
if _, err := client.ExpirePreAuthKey(ctx, &v1.ExpirePreAuthKeyRequest{Key: instance.Name, Namespace: namespace.Name}); utils.IgnoreNotFound(err) != nil {
|
||
|
return ctrl.Result{}, err
|
||
|
}
|
||
|
|
||
|
// remove our finalizer from the list and update it.
|
||
|
controllerutil.RemoveFinalizer(instance, Finalizer)
|
||
|
if err := r.Update(ctx, instance); err != nil {
|
||
|
return ctrl.Result{}, err
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// Stop reconciliation as the item is being deleted
|
||
|
return ctrl.Result{}, nil
|
||
|
}
|
||
|
|
||
|
list, err := client.ListPreAuthKeys(ctx, &v1.ListPreAuthKeysRequest{Namespace: namespace.Name})
|
||
|
if err != nil {
|
||
|
return ctrl.Result{}, err
|
||
|
}
|
||
|
|
||
|
preAuthKey := new(v1.PreAuthKey)
|
||
|
|
||
|
if i := slices.IndexFunc(list.PreAuthKeys, func(pak *v1.PreAuthKey) bool { return pak.Namespace == namespace.Name }); i >= 0 {
|
||
|
// PreAuthKey already exist
|
||
|
preAuthKey = list.PreAuthKeys[i]
|
||
|
|
||
|
} else {
|
||
|
createPreAuthKeyRequest := &v1.CreatePreAuthKeyRequest{
|
||
|
Namespace: namespace.Name,
|
||
|
Reusable: instance.Spec.Reusable,
|
||
|
Ephemeral: instance.Spec.Ephemeral,
|
||
|
}
|
||
|
|
||
|
if d := instance.Spec.Duration; d != "" {
|
||
|
duration, err := time.ParseDuration(d)
|
||
|
if err != nil {
|
||
|
return ctrl.Result{}, err
|
||
|
}
|
||
|
createPreAuthKeyRequest.Expiration = timestamppb.New(time.Now().Add(duration))
|
||
|
}
|
||
|
|
||
|
createApiKeyResponse, err := client.CreatePreAuthKey(ctx, createPreAuthKeyRequest)
|
||
|
if err != nil {
|
||
|
return ctrl.Result{}, err
|
||
|
}
|
||
|
r.recorder.Event(instance, "Normal", "Created", fmt.Sprintf("PreAuthKey %s created", preAuthKey.Key))
|
||
|
|
||
|
preAuthKey = createApiKeyResponse.PreAuthKey
|
||
|
}
|
||
|
|
||
|
instance.Status.Used = preAuthKey.GetUsed()
|
||
|
instance.Status.ID = preAuthKey.GetId()
|
||
|
instance.Status.CreatedAt = preAuthKey.GetCreatedAt().AsTime().String()
|
||
|
instance.Status.Expiration = preAuthKey.GetExpiration().AsTime().String()
|
||
|
instance.Status.Key = preAuthKey.GetKey()
|
||
|
|
||
|
if err := r.Status().Update(ctx, instance); err != nil {
|
||
|
return ctrl.Result{}, err
|
||
|
}
|
||
|
|
||
|
// check every 30s
|
||
|
return ctrl.Result{RequeueAfter: time.Second * 30}, nil
|
||
|
}
|
||
|
|
||
|
// SetupWithManager sets up the controller with the Manager.
|
||
|
func (r *PreAuthKeyReconciler) SetupWithManager(mgr ctrl.Manager) error {
|
||
|
r.recorder = mgr.GetEventRecorderFor("preauthkey-controller")
|
||
|
|
||
|
return ctrl.NewControllerManagedBy(mgr).
|
||
|
For(&headscalev1alpha1.PreAuthKey{}).
|
||
|
Complete(r)
|
||
|
}
|