Add Console Client and implement first company existance logic

Author: Francesco Francomano

api/core/v1alpha1/company_types.go

@@ -40,6 +40,7 @@ type CompanySpec struct {
 type CompanyStatus struct {
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
+	CompanyID string `json:"companyID,omitempty"`
 }
 
 // +kubebuilder:object:root=true

deployments/operator/crds/core.mia-platform.eu_companies.yaml

@@ -63,6 +63,12 @@ spec:
             type: object
           status:
             description: CompanyStatus defines the observed state of Company.
+            properties:
+              companyID:
+                description: |-
+                  INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+                  Important: Run "make" to regenerate code after modifying this file
+                type: string
             type: object
         type: object
     served: true

go.mod

@@ -6,6 +6,7 @@ require (
 	github.com/go-logr/logr v1.4.2
 	github.com/onsi/ginkgo/v2 v2.22.0
 	github.com/onsi/gomega v1.36.1
+	k8s.io/api v0.33.0
 	k8s.io/apimachinery v0.33.0
 	k8s.io/client-go v0.33.0
 	sigs.k8s.io/controller-runtime v0.21.0
@@ -82,7 +83,6 @@ require (
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.33.0 // indirect
 	k8s.io/apiextensions-apiserver v0.33.0 // indirect
 	k8s.io/apiserver v0.33.0 // indirect
 	k8s.io/component-base v0.33.0 // indirect

pkg/company-controller/company_controller.go

@@ -20,12 +20,15 @@ import (
 	"context"
 
 	"github.com/go-logr/logr"
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	corev1alpha1 "github.com/mia-platform/console-operator/api/core/v1alpha1"
+	consoleclient "github.com/mia-platform/console-operator/pkg/console-client"
 )
 
 // CompanyReconciler reconciles a Company object
@@ -73,6 +76,52 @@ func (r *CompanyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 		return ctrl.Result{}, nil
 	}
 
+	companyName := company.Spec.Name
+	companyConsoleRef := company.Spec.ConsoleRef
+	var companyConsole corev1alpha1.Console
+	if err := r.Get(ctx, types.NamespacedName{
+		Name:      companyConsoleRef.Name,
+		Namespace: companyConsoleRef.Namespace,
+	}, &companyConsole); err != nil {
+		log.Error(err, "unable to fetch Console for Company", "consoleRef", companyConsoleRef)
+		return ctrl.Result{}, client.IgnoreNotFound(err)
+	}
+
+	var clientIdSecret v1.Secret
+	if err := r.Get(ctx, types.NamespacedName{Name: companyConsole.Spec.ClientID.SecretRef, Namespace: companyConsole.Namespace}, &clientIdSecret); err != nil {
+		log.Error(err, "unable to fetch ClientID Secret for Company")
+		return ctrl.Result{}, err
+	}
+
+	var clientKeySecret v1.Secret
+	if err := r.Get(ctx, types.NamespacedName{Name: companyConsole.Spec.ClientSecret.SecretRef, Namespace: companyConsole.Namespace}, &clientKeySecret); err != nil {
+		log.Error(err, "unable to fetch ClientKey Secret for Company")
+		return ctrl.Result{}, err
+	}
+
+	consoleClientConfig := consoleclient.ClientConfig{
+		BaseURL:      companyConsole.Spec.URL,
+		ClientID:     string(clientIdSecret.Data[companyConsole.Spec.ClientID.KeyRef]),
+		ClientSecret: string(clientKeySecret.Data[companyConsole.Spec.ClientSecret.KeyRef]),
+	}
+
+	consoleClient, err := consoleclient.NewClient(consoleClientConfig, ctx)
+	if err != nil {
+		log.Error(err, "failed to create Console client")
+		return ctrl.Result{}, err
+	}
+
+	exists, err := consoleClient.CompanyExists(ctx, companyName)
+	if err != nil {
+		log.Error(err, "failed to check if company exists in Console")
+		return ctrl.Result{}, err
+	}
+
+	if exists {
+		log.Info("Company already exists", "companyName", companyName)
+		return ctrl.Result{}, nil
+	}
+
 	return ctrl.Result{}, nil
 }
 

pkg/console-client/console_client.go

@@ -0,0 +1,212 @@
+// Copyright 2016-2025 Mia-Platform
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package consoleclient
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+func NewClient(config ClientConfig, ctx context.Context) (*Client, error) {
+	if config.BaseURL == "" {
+		return nil, fmt.Errorf("base URL is required")
+	}
+	if config.ClientID == "" {
+		return nil, fmt.Errorf("client ID is required")
+	}
+	if config.ClientSecret == "" {
+		return nil, fmt.Errorf("client secret is required")
+	}
+
+	if _, err := url.Parse(config.BaseURL); err != nil {
+		return nil, fmt.Errorf("invalid base URL: %w", err)
+	}
+
+	timeout := config.Timeout
+	if timeout == 0 {
+		timeout = 30 * time.Second
+	}
+
+	return &Client{
+		baseURL:      config.BaseURL,
+		clientID:     config.ClientID,
+		clientSecret: config.ClientSecret,
+		httpClient: &http.Client{
+			Timeout: timeout,
+		},
+		ctx: ctx,
+	}, nil
+}
+
+// GetToken obtains a bearer token using client credentials flow
+func (c *Client) GetToken(ctx context.Context) error {
+	// Check if token is still valid
+	if c.token != "" && time.Now().Before(c.tokenExpiry) {
+		return nil
+	}
+
+	// Prepare form data for client credentials grant
+	data := url.Values{}
+	data.Set("grant_type", "client_credentials")
+
+	// Create token request
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.baseURL+"/api/m2m/oauth/token", strings.NewReader(data.Encode()))
+	if err != nil {
+		return fmt.Errorf("failed to create token request: %w", err)
+	}
+
+	// Set basic auth for client credentials
+	req.SetBasicAuth(c.clientID, c.clientSecret)
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Set("Accept", "application/json")
+
+	// Execute token request
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("failed to execute token request: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("token request failed with status %d: %s", resp.StatusCode, resp.Status)
+	}
+
+	// Parse token response
+	var tokenResp TokenResponse
+	if err := json.NewDecoder(resp.Body).Decode(&tokenResp); err != nil {
+		return fmt.Errorf("failed to decode token response: %w", err)
+	}
+
+	// Store token and calculate expiry
+	c.token = tokenResp.AccessToken
+	c.tokenExpiry = time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second)
+
+	return nil
+}
+
+func (c *Client) Get(ctx context.Context, endpoint string) (*http.Response, error) {
+	return c.doRequest(ctx, http.MethodGet, endpoint, nil)
+}
+
+func (c *Client) Post(ctx context.Context, endpoint string, body interface{}) (*http.Response, error) {
+	return c.doRequest(ctx, http.MethodPost, endpoint, body)
+}
+
+func (c *Client) Put(ctx context.Context, endpoint string, body interface{}) (*http.Response, error) {
+	return c.doRequest(ctx, http.MethodPut, endpoint, body)
+}
+
+func (c *Client) Delete(ctx context.Context, endpoint string) (*http.Response, error) {
+	return c.doRequest(ctx, http.MethodDelete, endpoint, nil)
+}
+
+func (c *Client) doRequest(ctx context.Context, method, endpoint string, body interface{}) (*http.Response, error) {
+	// Ensure we have a valid token before making the request
+	if err := c.GetToken(ctx); err != nil {
+		return nil, fmt.Errorf("failed to get token: %w", err)
+	}
+
+	fullURL := c.baseURL + endpoint
+
+	var reqBody io.Reader
+	if body != nil {
+		jsonBody, err := json.Marshal(body)
+		if err != nil {
+			return nil, fmt.Errorf("failed to marshal request body: %w", err)
+		}
+		reqBody = bytes.NewBuffer(jsonBody)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, method, fullURL, reqBody)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create request: %w", err)
+	}
+
+	// Add Bearer token authentication
+	req.Header.Set("Authorization", "Bearer "+c.token)
+
+	// Set content type for requests with body
+	if body != nil {
+		req.Header.Set("Content-Type", "application/json")
+	}
+
+	// Set accept header
+	req.Header.Set("Accept", "application/json")
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to execute request: %w", err)
+	}
+
+	return resp, nil
+}
+
+// GetJSON is a convenience method that performs GET and unmarshals JSON response
+func (c *Client) GetJSON(ctx context.Context, endpoint string, result interface{}) error {
+	resp, err := c.Get(ctx, endpoint)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 400 {
+		return fmt.Errorf("request failed with status %d: %s", resp.StatusCode, resp.Status)
+	}
+
+	return json.NewDecoder(resp.Body).Decode(result)
+}
+
+func (c *Client) CompanyExists(ctx context.Context, companyName string) (bool, error) {
+	var companies []ConsoleCompany
+
+	err := c.GetJSON(ctx, "/api/backend/tenants", &companies)
+	if err != nil {
+		return false, fmt.Errorf("failed to get companies: %w", err)
+	}
+
+	for _, company := range companies {
+		if company.Name == companyName {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+// PostJSON is a convenience method that performs POST and unmarshals JSON response
+func (c *Client) PostJSON(ctx context.Context, endpoint string, body interface{}, result interface{}) error {
+	resp, err := c.Post(ctx, endpoint, body)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 400 {
+		return fmt.Errorf("request failed with status %d: %s", resp.StatusCode, resp.Status)
+	}
+
+	if result != nil {
+		return json.NewDecoder(resp.Body).Decode(result)
+	}
+
+	return nil
+}

pkg/console-client/console_client_models.go

@@ -0,0 +1,52 @@
+// Copyright 2016-2025 Mia-Platform
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package consoleclient
+
+import (
+	"context"
+	"net/http"
+	"time"
+)
+
+type Client struct {
+	baseURL      string
+	clientID     string
+	clientSecret string
+	httpClient   *http.Client
+	ctx          context.Context
+	token        string
+	tokenExpiry  time.Time
+}
+
+type ClientConfig struct {
+	BaseURL      string
+	ClientID     string
+	ClientSecret string
+	Timeout      time.Duration
+}
+
+type TokenResponse struct {
+	AccessToken string `json:"access_token"`
+	TokenType   string `json:"token_type"`
+	ExpiresIn   int    `json:"expires_in"`
+	Scope       string `json:"scope,omitempty"`
+}
+
+type ConsoleCompany struct {
+	ID          string `json:"id"`
+	Name        string `json:"name"`
+	Description string `json:"description,omitempty"`
+	// Add other fields as needed based on your API response
+}

pkg/console-client/console_client_test.go

@@ -0,0 +1,15 @@
+// Copyright 2016-2025 Mia-Platform
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package consoleclient