diff --git a/charts/manager/crds/greenhouse.sap_teams.yaml b/charts/manager/crds/greenhouse.sap_teams.yaml
index dc749ae56..2ed83cd96 100644
--- a/charts/manager/crds/greenhouse.sap_teams.yaml
+++ b/charts/manager/crds/greenhouse.sap_teams.yaml
@@ -65,6 +65,29 @@ spec:
status:
description: TeamStatus defines the observed state of Team
properties:
+ members:
+ items:
+ description: User specifies a human person.
+ properties:
+ email:
+ description: Email of the user.
+ type: string
+ firstName:
+ description: FirstName of the user.
+ type: string
+ id:
+ description: ID is the unique identifier of the user.
+ type: string
+ lastName:
+ description: LastName of the user.
+ type: string
+ required:
+ - email
+ - firstName
+ - id
+ - lastName
+ type: object
+ type: array
statusConditions:
description: |-
A StatusConditions contains a list of conditions.
@@ -105,6 +128,7 @@ spec:
x-kubernetes-list-type: map
type: object
required:
+ - members
- statusConditions
type: object
type: object
diff --git a/charts/manager/templates/role.yaml b/charts/manager/templates/role.yaml
new file mode 100644
index 000000000..d0508edcd
--- /dev/null
+++ b/charts/manager/templates/role.yaml
@@ -0,0 +1,157 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ - secrets
+ - serviceaccounts
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - '*'
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - dex.coreos.com
+ resources:
+ - connectors
+ - oauth2clients
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - greenhouse.sap
+ resources:
+ - cluster-kubeconfigs
+ - teamroles
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - greenhouse.sap
+ resources:
+ - clusters
+ - organizations
+ - plugindefinitions
+ - plugins
+ - teammemberships
+ - teamrolebindings
+ - teams
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - greenhouse.sap
+ resources:
+ - clusters/finalizers
+ - organizations/finalizers
+ - plugindefinitions/finalizers
+ - pluginpresets/finalizers
+ - plugins/finalizers
+ - teammemberships/finalizers
+ - teamrolebindings/finalizers
+ - teams/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - greenhouse.sap
+ resources:
+ - clusters/status
+ - organizations/status
+ - plugindefinitions/status
+ - pluginpresets/status
+ - teammemberships/status
+ - teamrolebindings/status
+ - teams/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - greenhouse.sap
+ resources:
+ - pluginpresets
+ verbs:
+ - get
+ - list
+ - update
+ - watch
+- apiGroups:
+ - greenhouse.sap
+ resources:
+ - plugins/status
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - greenhouse.sap
+ resources:
+ - teammemberships=
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - rbac
+ resources:
+ - clusterrolebindings
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterrolebindings
+ - clusterroles
+ - rolebindings
+ - roles
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
diff --git a/charts/manager/templates/webhooks.yaml b/charts/manager/templates/webhooks.yaml
index 9191734e2..ef01c86b1 100644
--- a/charts/manager/templates/webhooks.yaml
+++ b/charts/manager/templates/webhooks.yaml
@@ -4,392 +4,380 @@ kind: MutatingWebhookConfiguration
metadata:
name: greenhouse-mutating-webhook-configuration
webhooks:
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /mutate-greenhouse-sap-v1alpha1-cluster
- failurePolicy: Fail
- name: mcluster.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- resources:
- - clusters
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /mutate-greenhouse-sap-v1alpha1-organization
- failurePolicy: Fail
- name: morganization.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- resources:
- - organizations
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /mutate-greenhouse-sap-v1alpha1-plugin
- failurePolicy: Fail
- name: mplugin.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- resources:
- - plugins
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /mutate-greenhouse-sap-v1alpha1-plugindefinition
- failurePolicy: Fail
- name: mplugindefinition.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- resources:
- - plugindefinitions
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /mutate-greenhouse-sap-v1alpha1-pluginpreset
- failurePolicy: Fail
- name: mpluginpreset.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- resources:
- - pluginpresets
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /mutate-greenhouse-sap-v1alpha1-teamrole
- failurePolicy: Fail
- name: mrole.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- resources:
- - teamroles
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /mutate-greenhouse-sap-v1alpha1-teamrolebinding
- failurePolicy: Fail
- name: mrolebinding.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- resources:
- - teamrolebindings
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /mutate--v1-secret
- failurePolicy: Ignore
- matchPolicy: Exact
- name: msecret.kb.io
- rules:
- - apiGroups:
- - ""
- apiVersions:
- - v1
- operations:
- - CREATE
- - UPDATE
- resources:
- - secrets
- sideEffects: None
- namespaceSelector:
- matchExpressions:
- - key: kubernetes.io/metadata.name
- operator: NotIn
- values:
- - kube-system
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /mutate-greenhouse-sap-v1alpha1-team
- failurePolicy: Fail
- name: mteam.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- resources:
- - teams
- sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /mutate-greenhouse-sap-v1alpha1-cluster
+ failurePolicy: Fail
+ name: mcluster.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusters
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /mutate-greenhouse-sap-v1alpha1-organization
+ failurePolicy: Fail
+ name: morganization.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - organizations
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /mutate-greenhouse-sap-v1alpha1-plugin
+ failurePolicy: Fail
+ name: mplugin.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - plugins
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /mutate-greenhouse-sap-v1alpha1-plugindefinition
+ failurePolicy: Fail
+ name: mplugindefinition.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - plugindefinitions
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /mutate-greenhouse-sap-v1alpha1-pluginpreset
+ failurePolicy: Fail
+ name: mpluginpreset.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - pluginpresets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /mutate-greenhouse-sap-v1alpha1-teamrole
+ failurePolicy: Fail
+ name: mrole.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - teamroles
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /mutate-greenhouse-sap-v1alpha1-teamrolebinding
+ failurePolicy: Fail
+ name: mrolebinding.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - teamrolebindings
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /mutate--v1-secret
+ failurePolicy: Ignore
+ matchPolicy: Exact
+ name: msecret.kb.io
+ rules:
+ - apiGroups:
+ - ""
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - secrets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /mutate-greenhouse-sap-v1alpha1-team
+ failurePolicy: Fail
+ name: mteam.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - teams
+ sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: greenhouse-validating-webhook-configuration
webhooks:
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /validate-greenhouse-sap-v1alpha1-cluster
- failurePolicy: Fail
- name: vcluster.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- - DELETE
- resources:
- - clusters
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /validate-greenhouse-sap-v1alpha1-organization
- failurePolicy: Fail
- name: vorganization.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- - DELETE
- resources:
- - organizations
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /validate-greenhouse-sap-v1alpha1-plugin
- failurePolicy: Fail
- name: vplugin.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- - DELETE
- resources:
- - plugins
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /validate-greenhouse-sap-v1alpha1-plugindefinition
- failurePolicy: Fail
- name: vplugindefinition.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- - DELETE
- resources:
- - plugindefinitions
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /validate-greenhouse-sap-v1alpha1-pluginpreset
- failurePolicy: Fail
- name: vpluginpreset.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- - DELETE
- resources:
- - pluginpresets
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /validate-greenhouse-sap-v1alpha1-teamrole
- failurePolicy: Fail
- name: vrole.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- - DELETE
- resources:
- - teamroles
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /validate-greenhouse-sap-v1alpha1-teamrolebinding
- failurePolicy: Fail
- name: vrolebinding.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- - DELETE
- resources:
- - teamrolebindings
- sideEffects: None
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /validate--v1-secret
- failurePolicy: Ignore
- matchPolicy: Exact
- name: vsecret.kb.io
- rules:
- - apiGroups:
- - ""
- apiVersions:
- - v1
- operations:
- - CREATE
- - UPDATE
- - DELETE
- resources:
- - secrets
- sideEffects: None
- namespaceSelector:
- matchExpressions:
- - key: kubernetes.io/metadata.name
- operator: NotIn
- values:
- - kube-system
- - admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: greenhouse-webhook-service
- namespace: greenhouse
- path: /validate-greenhouse-sap-v1alpha1-team
- failurePolicy: Fail
- name: vteam.kb.io
- rules:
- - apiGroups:
- - greenhouse.sap
- apiVersions:
- - v1alpha1
- operations:
- - CREATE
- - UPDATE
- - DELETE
- resources:
- - teams
- sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /validate-greenhouse-sap-v1alpha1-cluster
+ failurePolicy: Fail
+ name: vcluster.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - clusters
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /validate-greenhouse-sap-v1alpha1-organization
+ failurePolicy: Fail
+ name: vorganization.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - organizations
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /validate-greenhouse-sap-v1alpha1-plugin
+ failurePolicy: Fail
+ name: vplugin.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - plugins
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /validate-greenhouse-sap-v1alpha1-plugindefinition
+ failurePolicy: Fail
+ name: vplugindefinition.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - plugindefinitions
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /validate-greenhouse-sap-v1alpha1-pluginpreset
+ failurePolicy: Fail
+ name: vpluginpreset.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - pluginpresets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /validate-greenhouse-sap-v1alpha1-teamrole
+ failurePolicy: Fail
+ name: vrole.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - teamroles
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /validate-greenhouse-sap-v1alpha1-teamrolebinding
+ failurePolicy: Fail
+ name: vrolebinding.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - teamrolebindings
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /validate--v1-secret
+ failurePolicy: Ignore
+ matchPolicy: Exact
+ name: vsecret.kb.io
+ rules:
+ - apiGroups:
+ - ""
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - secrets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: greenhouse-webhook-service
+ namespace: greenhouse
+ path: /validate-greenhouse-sap-v1alpha1-team
+ failurePolicy: Fail
+ name: vteam.kb.io
+ rules:
+ - apiGroups:
+ - greenhouse.sap
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - teams
+ sideEffects: None
diff --git a/cmd/greenhouse/controllers.go b/cmd/greenhouse/controllers.go
index 9803b9ee7..c714c03e7 100644
--- a/cmd/greenhouse/controllers.go
+++ b/cmd/greenhouse/controllers.go
@@ -23,6 +23,7 @@ var knownControllers = map[string]func(controllerName string, mgr ctrl.Manager)
"organizationController": startOrganizationReconciler,
// Team controllers.
+ "teamController": (&teamcontrollers.TeamReconciler{}).SetupWithManager,
"teamPropagation": (&teamcontrollers.TeamPropagationReconciler{}).SetupWithManager,
// TeamMembership controllers.
diff --git a/docs/reference/api/index.html b/docs/reference/api/index.html
index 4e4288a4a..dfd54a0fd 100644
--- a/docs/reference/api/index.html
+++ b/docs/reference/api/index.html
@@ -3456,6 +3456,18 @@ TeamStatus
|
|
+
+
+members
+
+
+[]User
+
+
+ |
+
+ |
+
@@ -3520,7 +3532,8 @@ User
(Appears on:
-TeamMembershipSpec)
+TeamMembershipSpec,
+TeamStatus)
User specifies a human person.
diff --git a/docs/reference/api/openapi.yaml b/docs/reference/api/openapi.yaml
index 73354b6e8..a7e19bad4 100755
--- a/docs/reference/api/openapi.yaml
+++ b/docs/reference/api/openapi.yaml
@@ -1107,6 +1107,29 @@ components:
status:
description: TeamStatus defines the observed state of Team
properties:
+ members:
+ items:
+ description: User specifies a human person.
+ properties:
+ email:
+ description: Email of the user.
+ type: string
+ firstName:
+ description: FirstName of the user.
+ type: string
+ id:
+ description: ID is the unique identifier of the user.
+ type: string
+ lastName:
+ description: LastName of the user.
+ type: string
+ required:
+ - email
+ - firstName
+ - id
+ - lastName
+ type: object
+ type: array
statusConditions:
description: A StatusConditions contains a list of conditions.\nOnly one condition of a given type may exist in the list.
properties:
@@ -1141,6 +1164,7 @@ components:
x-kubernetes-list-type: map
type: object
required:
+ - members
- statusConditions
type: object
type: object
diff --git a/pkg/apis/greenhouse/v1alpha1/team_types.go b/pkg/apis/greenhouse/v1alpha1/team_types.go
index 89182cbc6..2614d5ece 100644
--- a/pkg/apis/greenhouse/v1alpha1/team_types.go
+++ b/pkg/apis/greenhouse/v1alpha1/team_types.go
@@ -20,6 +20,7 @@ type TeamSpec struct {
// TeamStatus defines the observed state of Team
type TeamStatus struct {
StatusConditions StatusConditions `json:"statusConditions"`
+ Members []User `json:"members"`
}
//+kubebuilder:object:root=true
diff --git a/pkg/apis/greenhouse/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/greenhouse/v1alpha1/zz_generated.deepcopy.go
index 0ff2e9e9b..545302221 100644
--- a/pkg/apis/greenhouse/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/greenhouse/v1alpha1/zz_generated.deepcopy.go
@@ -1482,6 +1482,11 @@ func (in *TeamSpec) DeepCopy() *TeamSpec {
func (in *TeamStatus) DeepCopyInto(out *TeamStatus) {
*out = *in
in.StatusConditions.DeepCopyInto(&out.StatusConditions)
+ if in.Members != nil {
+ in, out := &in.Members, &out.Members
+ *out = make([]User, len(*in))
+ copy(*out, *in)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TeamStatus.
diff --git a/pkg/controllers/team/suite_test.go b/pkg/controllers/team/suite_test.go
new file mode 100644
index 000000000..f8fc53d48
--- /dev/null
+++ b/pkg/controllers/team/suite_test.go
@@ -0,0 +1,33 @@
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package team
+
+import (
+ "testing"
+
+ . "github.com/onsi/ginkgo/v2"
+ . "github.com/onsi/gomega"
+
+ greenhousecluster "github.com/cloudoperators/greenhouse/pkg/controllers/cluster"
+ "github.com/cloudoperators/greenhouse/pkg/test"
+)
+
+//+kubebuilder:rbac:groups=greenhouse.sap,resources=team,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=greenhouse.sap,resources=teammembership,verbs=get,list
+
+func TestTeamController(t *testing.T) {
+ RegisterFailHandler(Fail)
+ RunSpecs(t, "TeamControllerSuite")
+}
+
+var _ = BeforeSuite(func() {
+ test.RegisterController("teamController", (&TeamReconciler{}).SetupWithManager)
+ test.RegisterController("cluster", (&greenhousecluster.RemoteClusterReconciler{}).SetupWithManager)
+
+ test.TestBeforeSuite()
+})
+
+var _ = AfterSuite(func() {
+ test.TestAfterSuite()
+})
diff --git a/pkg/controllers/team/team_controller.go b/pkg/controllers/team/team_controller.go
new file mode 100644
index 000000000..461cbed78
--- /dev/null
+++ b/pkg/controllers/team/team_controller.go
@@ -0,0 +1,85 @@
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package team
+
+import (
+ "context"
+
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/client-go/tools/record"
+ ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+
+ greenhouseapisv1alpha1 "github.com/cloudoperators/greenhouse/pkg/apis/greenhouse/v1alpha1"
+ "github.com/cloudoperators/greenhouse/pkg/clientutil"
+ "github.com/cloudoperators/greenhouse/pkg/lifecycle"
+)
+
+type TeamReconciler struct {
+ client.Client
+ recorder record.EventRecorder
+}
+
+//+kubebuilder:rbac:groups=greenhouse.sap,resources=teams,verbs=get;list;watch;update
+//+kubebuilder:rbac:groups=greenhouse.sap,resources=teams/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=greenhouse.sap,resources=teammemberships=,verbs=get;list
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *TeamReconciler) SetupWithManager(name string, mgr ctrl.Manager) error {
+ r.Client = mgr.GetClient()
+ r.recorder = mgr.GetEventRecorderFor(name)
+ return ctrl.NewControllerManagedBy(mgr).
+ Named(name).
+ For(&greenhouseapisv1alpha1.Team{}).
+ Complete(r)
+}
+
+func (r *TeamReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+ return lifecycle.Reconcile(ctx, r.Client, req.NamespacedName, &greenhouseapisv1alpha1.Team{}, r, r.setStatus())
+}
+
+func (r *TeamReconciler) EnsureDeleted(_ context.Context, _ lifecycle.RuntimeObject) (ctrl.Result, lifecycle.ReconcileResult, error) {
+ return ctrl.Result{}, lifecycle.Success, nil
+}
+
+func (r *TeamReconciler) EnsureCreated(ctx context.Context, object lifecycle.RuntimeObject) (ctrl.Result, lifecycle.ReconcileResult, error) {
+ return ctrl.Result{}, lifecycle.Success, nil
+}
+
+func (r *TeamReconciler) setStatus() lifecycle.Conditioner {
+ return func(ctx context.Context, object lifecycle.RuntimeObject) {
+ team, ok := object.(*greenhouseapisv1alpha1.Team)
+ if !ok {
+ return
+ }
+
+ var members []greenhouseapisv1alpha1.User
+ teamMembershipList := new(greenhouseapisv1alpha1.TeamMembershipList)
+
+ err := r.List(ctx, teamMembershipList)
+ if err != nil {
+ ctrl.Log.Error(err, "Failed to list team memberships")
+ return
+ }
+
+ for _, member := range teamMembershipList.Items {
+ var teamReference *v1.OwnerReference
+ if teamReference = clientutil.GetOwnerReference(&member, "Team"); teamReference == nil {
+ continue
+ }
+ if teamReference.Name != team.Name {
+ continue
+ }
+
+ members = append(members, member.Spec.Members...)
+ }
+
+ team.Status.Members = members
+ team.Status.StatusConditions.SetConditions(greenhouseapisv1alpha1.TrueCondition(
+ greenhouseapisv1alpha1.StatusUpToDateCondition, "", "Members is up to date"))
+ if team.Status.StatusConditions.Conditions == nil {
+ team.Status.StatusConditions.Conditions = []greenhouseapisv1alpha1.Condition{}
+ }
+ }
+}
diff --git a/pkg/controllers/team/team_controller_test.go b/pkg/controllers/team/team_controller_test.go
new file mode 100644
index 000000000..f53b56e43
--- /dev/null
+++ b/pkg/controllers/team/team_controller_test.go
@@ -0,0 +1,112 @@
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package team
+
+import (
+ . "github.com/onsi/ginkgo/v2"
+ . "github.com/onsi/gomega"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+
+ greenhouseapisv1alpha1 "github.com/cloudoperators/greenhouse/pkg/apis/greenhouse/v1alpha1"
+ "github.com/cloudoperators/greenhouse/pkg/test"
+)
+
+const (
+ teamName = "test-team"
+ anotherTeamName = "another-test-team"
+)
+
+var _ = Describe("TeamControllerTest", Ordered, func() {
+ It("Should update status of team with members", func() {
+ err := test.K8sClient.Create(test.Ctx, &greenhouseapisv1alpha1.Team{
+ TypeMeta: metav1.TypeMeta{
+ Kind: "Team",
+ APIVersion: greenhouseapisv1alpha1.GroupVersion.String(),
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: teamName,
+ Namespace: test.TestNamespace,
+ },
+ Spec: greenhouseapisv1alpha1.TeamSpec{
+ Description: "",
+ MappedIDPGroup: "MAP_IDP_GROUP",
+ },
+ })
+ Expect(err).ToNot(HaveOccurred())
+
+ err = test.K8sClient.Create(test.Ctx, &greenhouseapisv1alpha1.TeamMembership{
+ TypeMeta: metav1.TypeMeta{
+ Kind: "TeamMembership",
+ APIVersion: greenhouseapisv1alpha1.GroupVersion.String(),
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "test-membership",
+ Namespace: test.TestNamespace,
+ OwnerReferences: []metav1.OwnerReference{
+ {
+ APIVersion: greenhouseapisv1alpha1.GroupVersion.String(),
+ Kind: "Team",
+ Name: teamName,
+ UID: "uhuihiuh",
+ },
+ },
+ },
+ Spec: greenhouseapisv1alpha1.TeamMembershipSpec{
+ Members: []greenhouseapisv1alpha1.User{
+ {
+ ID: "d2a72c04-42d2-426a-942d-af9609c4cd00",
+ FirstName: "John",
+ LastName: "Doe",
+ Email: "john.doe@example.com",
+ },
+ },
+ },
+ })
+ Expect(err).ToNot(HaveOccurred())
+
+ err = test.K8sClient.Create(test.Ctx, &greenhouseapisv1alpha1.TeamMembership{
+ TypeMeta: metav1.TypeMeta{
+ Kind: "TeamMembership",
+ APIVersion: greenhouseapisv1alpha1.GroupVersion.String(),
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "another-test-membership",
+ Namespace: test.TestNamespace,
+ OwnerReferences: []metav1.OwnerReference{
+ {
+ APIVersion: greenhouseapisv1alpha1.GroupVersion.String(),
+ Kind: "Team",
+ Name: anotherTeamName,
+ UID: "uhuiqweqwe",
+ },
+ },
+ },
+ Spec: greenhouseapisv1alpha1.TeamMembershipSpec{
+ Members: []greenhouseapisv1alpha1.User{
+ {
+ ID: "d2a72c04-42d2-426a-942d-af9609c4cd00",
+ FirstName: "Test",
+ LastName: "User1",
+ Email: "u1@example.com",
+ },
+ {
+ ID: "d2a72c04-42d2-426a-942d-af9609c4cd00",
+ FirstName: "Test",
+ LastName: "User2",
+ Email: "u2@example.com",
+ },
+ },
+ },
+ })
+ Expect(err).ToNot(HaveOccurred())
+
+ Eventually(func(g Gomega) {
+ team := &greenhouseapisv1alpha1.Team{}
+ err := test.K8sClient.Get(test.Ctx, client.ObjectKey{Name: teamName, Namespace: test.TestNamespace}, team)
+ g.Expect(err).ToNot(HaveOccurred())
+ g.Expect(team.Status.Members).To(HaveLen(1))
+ }).Should(Succeed())
+ })
+})
diff --git a/pkg/controllers/teammembership/suite_test.go b/pkg/controllers/teammembership/suite_test.go
index 41b0cd556..016b45ea2 100644
--- a/pkg/controllers/teammembership/suite_test.go
+++ b/pkg/controllers/teammembership/suite_test.go
@@ -10,6 +10,7 @@ import (
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
+ "github.com/cloudoperators/greenhouse/pkg/controllers/team"
"github.com/cloudoperators/greenhouse/pkg/controllers/teammembership"
"github.com/cloudoperators/greenhouse/pkg/scim"
"github.com/cloudoperators/greenhouse/pkg/test"
@@ -30,6 +31,7 @@ var _ = BeforeSuite(func() {
test.RegisterController("teammembershipUpdaterController",
(&teammembership.TeamMembershipUpdaterController{}).SetupWithManager)
+ test.RegisterController("teamController", (&team.TeamReconciler{}).SetupWithManager)
test.TestBeforeSuite()
})
diff --git a/test/e2e/controllers.go b/test/e2e/controllers.go
index d7f9ec8c9..ab441099e 100644
--- a/test/e2e/controllers.go
+++ b/test/e2e/controllers.go
@@ -36,6 +36,7 @@ var knownControllers = map[string]func(controllerName string, mgr ctrl.Manager)
"organizationTeamRoleSeeder": (&organizationcontrollers.TeamRoleSeederReconciler{}).SetupWithManager,
// Team controllers.
+ "teamController": (&teamcontrollers.TeamReconciler{}).SetupWithManager,
"teamPropagation": (&teamcontrollers.TeamPropagationReconciler{}).SetupWithManager,
// TeamMembership controllers.