Merge pull request #14 from mittwald/refact/repository-and-user

user- and repository-types refactoring

examples/README.md

@@ -110,13 +110,12 @@ metadata:
   namespace: harbor-operator
 spec:
   memberRequests:
-  - roleID: 1
-    memberUser:
-     username: "harbor-user"
+  - role: ProjectAdmin # one of "ProjectAdmin", "Developer", "Guest" or "Master"
+    user:
+     name: "harbor-user" # reference to an user
   name: repository-1
   parentInstance:
     name: test-harbor
-  toggleable: false
   metadata:
     enableContentTrust:     false
     autoScan:               false
@@ -248,12 +247,6 @@ spec:
   email: [email protected]
   userSecretRef:
     name: harbor-user
-  # available Role IDs:
-  # projectAdmin
-  # developer
-  # guest
-  # master
-  roleID: projectAdmin
   adminRole: true
 ```
 

examples/repository.yaml

@@ -5,13 +5,12 @@ metadata:
   namespace: harbor-operator
 spec:
   memberRequests:
-  - roleID: 1
-    memberUser:
-     username: "harbor-user"
+  - role: ProjectAdmin # one of "ProjectAdmin", "Developer", "Guest" or "Master"
+    user:
+     name: "harbor-user" # reference to an user
   name: repository-1
   parentInstance:
     name: test-harbor
-  toggleable: false
   metadata:
     enableContentTrust:     false
     autoScan:               false

examples/user.yaml

@@ -11,10 +11,4 @@ spec:
   email: [email protected]
   userSecretRef:
     name: harbor-user
-  # available Role IDs:
-  # projectAdmin
-  # developer
-  # guest
-  # master
-  roleID: projectAdmin
   adminRole: true

pkg/apis/registries/v1alpha1/member_role.go

@@ -0,0 +1,21 @@
+package v1alpha1
+
+
+// ID returns a role ID integer by enumerating the given role
+func (role MemberRole) ID() int {
+	switch role {
+	case MemberRoleProjectAdmin:
+		return 1
+
+	case MemberRoleDeveloper:
+		return 2
+
+	case MemberRoleGuest:
+		return 3
+
+	case MemberRoleMaster:
+		return 4
+	}
+
+	return 0
+}

pkg/apis/registries/v1alpha1/repository_types.go

@@ -6,12 +6,18 @@ import (
 )
 
 type RepositoryStatusPhaseName string
+type MemberRole string
 
 const (
 	RepositoryStatusPhaseUnknown     RepositoryStatusPhaseName = ""
 	RepositoryStatusPhaseCreating    RepositoryStatusPhaseName = "Creating"
 	RepositoryStatusPhaseReady       RepositoryStatusPhaseName = "Ready"
 	RepositoryStatusPhaseTerminating RepositoryStatusPhaseName = "Terminating"
+
+	MemberRoleProjectAdmin MemberRole = "ProjectAdmin"
+	MemberRoleDeveloper    MemberRole = "Developer"
+	MemberRoleGuest        MemberRole = "Guest"
+	MemberRoleMaster       MemberRole = "Master"
 )
 
 type RepositorySpec struct {
@@ -21,53 +27,11 @@ type RepositorySpec struct {
 	// name of the harbor instance the repository is created for
 	ParentInstance corev1.LocalObjectReference `json:"parentInstance"`
 
-	// +optional
-	ProjectID int64 `json:"projectID,omitempty"`
-
-	// The owner ID of the repository creator
-	// +optional
-	OwnerID *int `json:"ownerID,omitempty"`
-
-	// +optional
-	Deleted bool `json:"deleted,omitempty"`
-
-	// Correspond to the UI about whether the repository's publicity is updatable (for UI)
-	Toggleable bool `json:"toggleable"`
-
-	// +optional
-	RoleID int `json:"roleID,omitempty"`
-
-	// +optional
-	CVEWhitelist CVEWhitelist `json:"CVEWhitelist,omitempty"`
-
 	Metadata RepositoryMetadata `json:"metadata"`
 
 	// Ref to the name of a 'User' resource
 	// +optional
-	MemberRequests []RepositoryMemberRequest `json:"memberRequests,omitempty"`
-}
-
-type RepositoryMemberRequest struct {
-	RoleID     int        `json:"roleID"`
-	MemberUser MemberUser `json:"memberUser"`
-}
-
-type MemberUser struct {
-	Username string `json:"username"`
-	// +optional
-	UserID int `json:"userID,omitempty"`
-}
-
-type CVEWhitelistItem struct {
-	// +optional
-	CVEID string `json:"CVEID,omitempty"`
-}
-
-type CVEWhitelist struct {
-	ID        int64 `json:"id"`
-	ProjectID int64 `json:"projectID"`
-	// +optional
-	Items []CVEWhitelistItem `orm:"-" json:"items,omitempty"`
+	MemberRequests []MemberRequest `json:"memberRequests,omitempty"`
 }
 
 type RepositoryMetadata struct {
@@ -86,6 +50,11 @@ type RepositoryMetadata struct {
 	Public bool `json:"public"`
 }
 
+type MemberRequest struct {
+	Role MemberRole                  `json:"role"`
+	User corev1.LocalObjectReference `json:"user"` // reference to an User object
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // Repository is the Schema for the projects API
 // +kubebuilder:subresource:status

pkg/apis/registries/v1alpha1/user_types.go

@@ -15,8 +15,7 @@ const (
 )
 
 type UserSpec struct {
-	RoleID string `json:"roleID"`
-	Name   string `json:"name"`
+	Name string `json:"name"`
 
 	// ParentInstance is a LocalObjectReference to the
 	// name of the harbor instance the user is created for

pkg/controller/internal/harbor_commons.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+
 	h "github.com/mittwald/goharbor-client"
 	registriesv1alpha1 "github.com/mittwald/harbor-operator/pkg/apis/registries/v1alpha1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -67,21 +68,6 @@ func GetReplication(harborClient *h.Client, replication *registriesv1alpha1.Repl
 	return rep, nil
 }
 
-// GetRoleInt enumerates the specified role (string) and returns a role ID (int) used by Harbor
-func GetRoleInt(RoleString string) int {
-	switch RoleString {
-	case "projectAdmin":
-		return 1
-	case "developer":
-		return 2
-	case "guest":
-		return 3
-	case "master":
-		return 4
-	}
-	return 1
-}
-
 // CheckAndGetReplicationTriggerType enumerates the specified trigger type and returns a trigger type used by Harbor
 func CheckAndGetReplicationTriggerType(providedType registriesv1alpha1.TriggerType) (h.TriggerType, error) {
 	switch providedType {

pkg/controller/repository/repository_controller.go

@@ -5,6 +5,8 @@ import (
 	"reflect"
 	"time"
 
+	v1 "k8s.io/api/core/v1"
+
 	"github.com/go-logr/logr"
 	"github.com/jinzhu/copier"
 	h "github.com/mittwald/goharbor-client"
@@ -274,19 +276,20 @@ func (r *ReconcileRepository) reconcileProjectMembers(repository *registriesv1al
 	}
 
 	for _, memberRequestUser := range repository.Spec.MemberRequests {
-		user := registriesv1alpha1.User{
-			Spec: registriesv1alpha1.UserSpec{
-				Name: memberRequestUser.MemberUser.Username,
-			},
+		user, err := r.getUserFromRef(memberRequestUser.User, repository.Namespace)
+		if err != nil {
+			return err
 		}
 
-		harborUser, err := internal.GetUser(&user, harborClient)
+		harborUser, err := internal.GetUser(user, harborClient)
 		if err != nil {
 			return err
 		}
 
+		roleID := memberRequestUser.Role.ID()
+
 		projectMember := h.MemberReq{
-			Role: memberRequestUser.RoleID,
+			Role: roleID,
 			MemberUser: h.User{
 				Username: harborUser.Username,
 				UserID:   harborUser.UserID,
@@ -309,14 +312,14 @@ func (r *ReconcileRepository) reconcileProjectMembers(repository *registriesv1al
 			return err
 		}
 
-		if memberRequestUser.RoleID == role.RoleID {
+		if roleID == role.RoleID {
 			break
 		}
 
 		err = harborClient.Projects().UpdateProjectMember(
 			heldRepository.ProjectID,
 			int64(member.ID),
-			h.RoleRequest{Role: memberRequestUser.RoleID})
+			h.RoleRequest{Role: roleID})
 		if err != nil {
 			return err
 		}
@@ -325,8 +328,14 @@ func (r *ReconcileRepository) reconcileProjectMembers(repository *registriesv1al
 	return nil
 }
 
+func (r *ReconcileRepository) getUserFromRef(userRef v1.LocalObjectReference, namespace string) (*registriesv1alpha1.User, error) {
+	var user registriesv1alpha1.User
+	err := r.client.Get(context.Background(), client.ObjectKey{Name: userRef.Name, Namespace: namespace}, &user)
+	return &user, err
+}
+
 // getMemberUserFromList returns a project member from a list of members, filtered by the username
-func getMemberUserFromList(members []h.Member, user registriesv1alpha1.User) *h.Member {
+func getMemberUserFromList(members []h.Member, user *registriesv1alpha1.User) *h.Member {
 	for i := range members {
 		if members[i].Entityname == user.Spec.Name {
 			return &members[i]