Skip to content

feat: expose Vault group ID in Group CRD status#327

Merged
raffaelespazzoli merged 6 commits into
redhat-cop:mainfrom
dudo:feat/group-status-id
Jul 5, 2026
Merged

feat: expose Vault group ID in Group CRD status#327
raffaelespazzoli merged 6 commits into
redhat-cop:mainfrom
dudo:feat/group-status-id

Conversation

@dudo

@dudo dudo commented May 28, 2026

Copy link
Copy Markdown
Contributor

Summary

After creating or updating a Vault identity group, read back the group from Vault and persist its UUID in status.id. This enables other tools that compose Group resources (e.g., KRO ResourceGraphDefinitions using CEL expressions) to reference the Vault-assigned group ID — for example, to nest an external group inside an internal group via memberGroupIDs.

Changes

  1. api/v1alpha1/group_types.go — Added ID string field to GroupStatus; implemented EnrichStatus on Group to read the ID from Vault after reconcile.
  2. api/v1alpha1/utils/vaultobject.go — Added VaultStatusEnricher interface (optional, non-breaking).
  3. controllers/vaultresourcecontroller/vaultresourcereconciler.go — After successful reconcile, check if the object implements VaultStatusEnricher and call EnrichStatus before updating status.

Motivation

Without status.id, consumers that need to compose groups have no way to reference the Vault-assigned group ID. This forces workarounds like duplicating policies across multiple groups instead of nesting them.

Closes #326

After creating or updating a Vault identity group, read back the group
from Vault and persist its ID in status.id. This allows other resources
(e.g., KRO ResourceGraphDefinitions) to reference the group ID for
nesting groups via memberGroupIDs.

Introduces a VaultStatusEnricher interface so other CRDs can opt into
similar status enrichment without changing the generic reconciler flow.

Closes redhat-cop#326
@raffaelespazzoli

Copy link
Copy Markdown
Collaborator

if you are still interested in this, can you rebase it?

@dudo

dudo commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

@raffaelespazzoli All set

@raffaelespazzoli

Copy link
Copy Markdown
Collaborator

there seem to be some compilation issues.

@dudo

dudo commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

@raffaelespazzoli missed the existing test file, sorry. Shuffled.

@raffaelespazzoli raffaelespazzoli merged commit 2b8d290 into redhat-cop:main Jul 5, 2026
25 of 26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Expose Vault group ID in Group CRD status

2 participants