Finish Identity View (#30)

This has identified a number of UX problems, in that we can list identities for an organization, but then we need to get regions per identity (project) to correctly scope regions to translate from ID to name. I suspect that perhaps regions should be defined at the organization level - not the project, identities should have a regionID property much like clusters, then we can handle those in a geenric fashion and promote region scoped metadata to a top level core thing.
unikorn-cloud · Jul 10, 2024 · e228e66 · e228e66
1 parent 8135ebe
commit e228e66
Show file tree

Hide file tree

Showing 4 changed files with 86 additions and 53 deletions.
diff --git a/pkg/handler/handler.go b/pkg/handler/handler.go
@@ -26,6 +26,7 @@ import (
 	"slices"
 	"time"
 
+	coreconstants "github.com/unikorn-cloud/core/pkg/constants"
 	coreapi "github.com/unikorn-cloud/core/pkg/openapi"
 	"github.com/unikorn-cloud/core/pkg/server/conversion"
 	"github.com/unikorn-cloud/core/pkg/server/errors"
@@ -41,6 +42,7 @@ import (
 	"github.com/unikorn-cloud/region/pkg/server/util"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
 
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -277,23 +279,56 @@ func convertIdentity(identity *unikornv1.Identity, in *providers.CloudConfig) *o
 		out.Spec.Tags = &tags
 	}
 
-	switch in.Type {
-	case providers.ProviderTypeOpenStack:
-		out.Spec = openapi.IdentitySpec{
-			Type: openapi.Openstack,
-			Openstack: &openapi.IdentitySpecOpenStack{
-				Cloud:       in.OpenStack.Credentials.Cloud,
-				CloudConfig: base64.URLEncoding.EncodeToString(in.OpenStack.Credentials.CloudConfig),
-				UserId:      in.OpenStack.State.UserID,
-				ProjectId:   in.OpenStack.State.ProjectID,
-			},
+	switch identity.Spec.Provider {
+	case unikornv1.ProviderOpenstack:
+		out.Spec.Type = openapi.Openstack
+
+		out.Spec.Openstack = &openapi.IdentitySpecOpenStack{
+			UserId:    identity.Spec.OpenStack.UserID,
+			ProjectId: identity.Spec.OpenStack.ProjectID,
 		}
+
+		if in != nil {
+			cloudConfig := base64.URLEncoding.EncodeToString(in.OpenStack.Credentials.CloudConfig)
+
+			out.Spec.Openstack.Cloud = &in.OpenStack.Credentials.Cloud
+			out.Spec.Openstack.CloudConfig = &cloudConfig
+		}
+	}
+
+	return out
+}
+
+func convertIdentityList(in unikornv1.IdentityList) openapi.IdentitiesRead {
+	out := make(openapi.IdentitiesRead, len(in.Items))
+
+	for i := range in.Items {
+		out[i] = *convertIdentity(&in.Items[i], nil)
 	}
 
 	return out
 }
 
 func (h *Handler) GetApiV1OrganizationsOrganizationIDIdentities(w http.ResponseWriter, r *http.Request, organizationID openapi.OrganizationIDParameter) {
+	if err := rbac.AllowOrganizationScope(r.Context(), "infrastructure", identityapi.Read, organizationID); err != nil {
+		errors.HandleError(w, r, err)
+		return
+	}
+
+	var resources unikornv1.IdentityList
+
+	options := &client.ListOptions{
+		LabelSelector: labels.SelectorFromSet(map[string]string{
+			coreconstants.OrganizationLabel: organizationID,
+		}),
+	}
+
+	if err := h.client.List(r.Context(), &resources, options); err != nil {
+		errors.HandleError(w, r, errors.OAuth2ServerError("unable to list identities").WithError(err))
+		return
+	}
+
+	util.WriteJSONResponse(w, r, http.StatusOK, convertIdentityList(resources))
 }
 
 func (h *Handler) PostApiV1OrganizationsOrganizationIDProjectsProjectIDRegionsRegionIDIdentities(w http.ResponseWriter, r *http.Request, organizationID openapi.OrganizationIDParameter, projectID openapi.ProjectIDParameter, regionID openapi.RegionIDParameter) {

diff --git a/pkg/openapi/schema.go b/pkg/openapi/schema.go
diff --git a/pkg/openapi/server.spec.yaml b/pkg/openapi/server.spec.yaml
@@ -381,8 +381,6 @@ components:
       description: Everything an OpenStack client needs to function.
       type: object
       required:
-      - cloud
-      - cloudConfig
       - userId
       - projectId
       properties:

diff --git a/pkg/openapi/types.go b/pkg/openapi/types.go