diff --git a/config/crd/bases/toolchain.dev.openshift.com_useraccounts.yaml b/config/crd/bases/toolchain.dev.openshift.com_useraccounts.yaml index ee840db9..8f1ef7249 100644 --- a/config/crd/bases/toolchain.dev.openshift.com_useraccounts.yaml +++ b/config/crd/bases/toolchain.dev.openshift.com_useraccounts.yaml @@ -61,11 +61,6 @@ spec: description: If set to true then the corresponding user should not be able to login "false" is assumed by default type: boolean - originalSub: - description: OriginalSub is an optional property temporarily introduced - for the purpose of migrating the users to a new IdP provider client, - and contains the user's "original-sub" claim - type: string propagatedClaims: description: PropagatedClaims contains a selection of claim values from the SSO Identity Provider which are intended to be "propagated" @@ -93,11 +88,6 @@ spec: - email - sub type: object - userID: - description: UserID is the user ID from RHD Identity Provider token - (“sub” claim) Is to be used to create Identity and UserIdentityMapping - resources - type: string type: object status: description: UserAccountStatus defines the observed state of UserAccount diff --git a/controllers/useraccount/useraccount_controller.go b/controllers/useraccount/useraccount_controller.go index 10bf81f7..eaa3fea6 100644 --- a/controllers/useraccount/useraccount_controller.go +++ b/controllers/useraccount/useraccount_controller.go @@ -390,11 +390,11 @@ func setLabelsAndAnnotations(object metav1.Object, userAcc *toolchainv1alpha1.Us if isUserResource { annotations := object.GetAnnotations() - if _, exists := annotations[toolchainv1alpha1.UserEmailAnnotationKey]; !exists { + if _, exists := annotations[toolchainv1alpha1.EmailUserAnnotationKey]; !exists { if annotations == nil { annotations = map[string]string{} } - annotations[toolchainv1alpha1.UserEmailAnnotationKey] = userAcc.Spec.PropagatedClaims.Email + annotations[toolchainv1alpha1.EmailUserAnnotationKey] = userAcc.Spec.PropagatedClaims.Email object.SetAnnotations(annotations) changed = true } @@ -406,8 +406,8 @@ func setLabelsAndAnnotations(object metav1.Object, userAcc *toolchainv1alpha1.Us if annotations == nil { annotations = map[string]string{} } - annotations[toolchainv1alpha1.SSOUserIDAnnotationKey] = userAcc.Spec.PropagatedClaims.UserID - annotations[toolchainv1alpha1.SSOAccountIDAnnotationKey] = userAcc.Spec.PropagatedClaims.AccountID + annotations[toolchainv1alpha1.UserIDUserAnnotationKey] = userAcc.Spec.PropagatedClaims.UserID + annotations[toolchainv1alpha1.AccountIDUserAnnotationKey] = userAcc.Spec.PropagatedClaims.AccountID object.SetAnnotations(annotations) changed = true @@ -416,8 +416,8 @@ func setLabelsAndAnnotations(object metav1.Object, userAcc *toolchainv1alpha1.Us // Delete the UserID and AccountID annotations if they don't exist in the UserAccount if !set && object.GetAnnotations() != nil { annotations = object.GetAnnotations() - delete(annotations, toolchainv1alpha1.SSOUserIDAnnotationKey) - delete(annotations, toolchainv1alpha1.SSOAccountIDAnnotationKey) + delete(annotations, toolchainv1alpha1.UserIDUserAnnotationKey) + delete(annotations, toolchainv1alpha1.AccountIDUserAnnotationKey) object.SetAnnotations(annotations) changed = true } diff --git a/controllers/useraccount/useraccount_controller_test.go b/controllers/useraccount/useraccount_controller_test.go index 8797ebb6..94bdc664 100644 --- a/controllers/useraccount/useraccount_controller_test.go +++ b/controllers/useraccount/useraccount_controller_test.go @@ -88,7 +88,7 @@ func TestReconcile(t *testing.T) { toolchainv1alpha1.ProviderLabelKey: toolchainv1alpha1.ProviderLabelValue, }, Annotations: map[string]string{ - toolchainv1alpha1.UserEmailAnnotationKey: userAcc.Spec.PropagatedClaims.Email, + toolchainv1alpha1.EmailUserAnnotationKey: userAcc.Spec.PropagatedClaims.Email, }, }, Identities: []string{ @@ -136,8 +136,8 @@ func TestReconcile(t *testing.T) { user.UID = preexistingUser.UID // we have to set UID for the obtained user because the fake client doesn't set it checkMapping(t, user, preexistingIdentity, preexistingIdentityForSsoUserAnnotation) - require.Equal(t, "123456", user.Annotations[toolchainv1alpha1.SSOUserIDAnnotationKey]) - require.Equal(t, "987654", user.Annotations[toolchainv1alpha1.SSOAccountIDAnnotationKey]) + require.Equal(t, "123456", user.Annotations[toolchainv1alpha1.UserIDUserAnnotationKey]) + require.Equal(t, "987654", user.Annotations[toolchainv1alpha1.AccountIDUserAnnotationKey]) // Check the identity is not created yet assertIdentityNotFound(t, r, userAcc, config.Auth().Idp()) @@ -154,8 +154,8 @@ func TestReconcile(t *testing.T) { // Check the created/updated user user := assertUser(t, r, userAcc) - require.NotContains(t, user.Annotations, toolchainv1alpha1.SSOUserIDAnnotationKey) - require.NotContains(t, user.Annotations, toolchainv1alpha1.SSOAccountIDAnnotationKey) + require.NotContains(t, user.Annotations, toolchainv1alpha1.UserIDUserAnnotationKey) + require.NotContains(t, user.Annotations, toolchainv1alpha1.AccountIDUserAnnotationKey) t.Run("reset UserID and reconcile again", func(t *testing.T) { userAcc.Spec.PropagatedClaims.UserID = "123456" @@ -168,8 +168,8 @@ func TestReconcile(t *testing.T) { // Check the created/updated user user := assertUser(t, r, userAcc) - require.Equal(t, "123456", user.Annotations[toolchainv1alpha1.SSOUserIDAnnotationKey]) - require.Equal(t, "987654", user.Annotations[toolchainv1alpha1.SSOAccountIDAnnotationKey]) + require.Equal(t, "123456", user.Annotations[toolchainv1alpha1.UserIDUserAnnotationKey]) + require.Equal(t, "987654", user.Annotations[toolchainv1alpha1.AccountIDUserAnnotationKey]) t.Run("test missing AccountID annotation propagates to User", func(t *testing.T) { // Remove the AccountID annotation from the UserAccount and reconcile again @@ -183,8 +183,8 @@ func TestReconcile(t *testing.T) { // Check the created/updated user user := assertUser(t, r, userAcc) - require.NotContains(t, user.Annotations, toolchainv1alpha1.SSOUserIDAnnotationKey) - require.NotContains(t, user.Annotations, toolchainv1alpha1.SSOAccountIDAnnotationKey) + require.NotContains(t, user.Annotations, toolchainv1alpha1.UserIDUserAnnotationKey) + require.NotContains(t, user.Annotations, toolchainv1alpha1.AccountIDUserAnnotationKey) t.Run("reset AccountID annotation and reconcile again", func(t *testing.T) { userAcc.Spec.PropagatedClaims.AccountID = "987654" @@ -197,8 +197,8 @@ func TestReconcile(t *testing.T) { // Check the created/updated user user := assertUser(t, r, userAcc) - require.Equal(t, "123456", user.Annotations[toolchainv1alpha1.SSOUserIDAnnotationKey]) - require.Equal(t, "987654", user.Annotations[toolchainv1alpha1.SSOAccountIDAnnotationKey]) + require.Equal(t, "123456", user.Annotations[toolchainv1alpha1.UserIDUserAnnotationKey]) + require.Equal(t, "987654", user.Annotations[toolchainv1alpha1.AccountIDUserAnnotationKey]) }) }) }) @@ -1176,7 +1176,7 @@ func TestCreateIdentitiesOKWhenSSOUserIDAnnotationPresent(t *testing.T) { toolchainv1alpha1.ProviderLabelKey: toolchainv1alpha1.ProviderLabelValue, }, Annotations: map[string]string{ - toolchainv1alpha1.UserEmailAnnotationKey: userAcc.Spec.PropagatedClaims.Email, + toolchainv1alpha1.EmailUserAnnotationKey: userAcc.Spec.PropagatedClaims.Email, }, }, Identities: []string{ @@ -1551,7 +1551,7 @@ func assertUser(t *testing.T, r *Reconciler, userAcc *toolchainv1alpha1.UserAcco assert.Equal(t, toolchainv1alpha1.ProviderLabelValue, user.Labels[toolchainv1alpha1.ProviderLabelKey]) assert.NotNil(t, user.Annotations) - assert.Equal(t, userAcc.Spec.PropagatedClaims.Email, user.Annotations[toolchainv1alpha1.UserEmailAnnotationKey]) + assert.Equal(t, userAcc.Spec.PropagatedClaims.Email, user.Annotations[toolchainv1alpha1.EmailUserAnnotationKey]) assert.Empty(t, user.OwnerReferences) // User has no explicit owner reference.// Check the user identity mapping return user diff --git a/go.mod b/go.mod index 2f1891d3..a99699f8 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,8 @@ module github.com/codeready-toolchain/member-operator require ( - github.com/codeready-toolchain/api v0.0.0-20240103194050-d5c7803671c1 - github.com/codeready-toolchain/toolchain-common v0.0.0-20240126111814-12ab087b62d2 + github.com/codeready-toolchain/api v0.0.0-20240207000013-661b63025269 + github.com/codeready-toolchain/toolchain-common v0.0.0-20240207000544-9cd055b3a18c github.com/go-logr/logr v1.2.3 github.com/google/go-cmp v0.5.9 // using latest commit from 'github.com/openshift/api branch release-4.12' diff --git a/go.sum b/go.sum index 6cec1202..eb03bcbb 100644 --- a/go.sum +++ b/go.sum @@ -134,10 +134,10 @@ github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWH github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/codeready-toolchain/api v0.0.0-20240103194050-d5c7803671c1 h1:R+5BmQrz9hBfj6QFL+ojExD6CiZ5EuuVUbeb3pqxdds= -github.com/codeready-toolchain/api v0.0.0-20240103194050-d5c7803671c1/go.mod h1:FO7kgXH1x1LqkF327D5a36u0WIrwjVCbeijPkzgwaZc= -github.com/codeready-toolchain/toolchain-common v0.0.0-20240126111814-12ab087b62d2 h1:wObz6g5TFOzn7AZF6hsd7vI+GQRytxQcVAL6/DnNex8= -github.com/codeready-toolchain/toolchain-common v0.0.0-20240126111814-12ab087b62d2/go.mod h1:1oIpmgqMMIir4IjrVkmBaC3GXsObl0vmOFmnYhpbSAQ= +github.com/codeready-toolchain/api v0.0.0-20240207000013-661b63025269 h1:YS5Q6YsTYq9Fo8qA6NQOTWAcVg86VEwulT1UfNWknIQ= +github.com/codeready-toolchain/api v0.0.0-20240207000013-661b63025269/go.mod h1:FO7kgXH1x1LqkF327D5a36u0WIrwjVCbeijPkzgwaZc= +github.com/codeready-toolchain/toolchain-common v0.0.0-20240207000544-9cd055b3a18c h1:WKjD9qRSLqQsi4XduuXjsaF8qFH4yj157qWdA5wOOtg= +github.com/codeready-toolchain/toolchain-common v0.0.0-20240207000544-9cd055b3a18c/go.mod h1:+COaw79DVTLSb2unqVwcBtYOg6sh7MbMHgXU1/ht2I8= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=