Include number of required authorisations in Pub/Sub console creation…

… message (#251) This commit updates to the pub/sub message schema for console creation to include the number of required authorisations. The format of the message ID is also changed to use slashes as separators between the segments of the ID string.
gocardless · Dec 7, 2021 · 641ed66 · 641ed66
1 parent 0e5a049
commit 641ed66
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 31 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-3.4.0
+3.5.0
diff --git a/apis/workloads/v1alpha1/helpers.go b/apis/workloads/v1alpha1/helpers.go
@@ -214,11 +214,7 @@ matchRule:
 // HasAuthorisationRules defines whether a console template has authorisation
 // rules defined on it.
 func (ct *ConsoleTemplate) HasAuthorisationRules() bool {
-	if len(ct.Spec.AuthorisationRules) > 0 || ct.Spec.DefaultAuthorisationRule != nil {
-		return true
-	}
-
-	return false
+	return len(ct.Spec.AuthorisationRules) > 0 || ct.Spec.DefaultAuthorisationRule != nil
 }
 
 // Validate checks the console template object for correctness and returns a

diff --git a/apis/workloads/v1alpha1/lifecycle_recorder.go b/apis/workloads/v1alpha1/lifecycle_recorder.go
@@ -24,7 +24,7 @@ func CommonEventFromConsole(ctx string, eventKind events.EventKind, csl *Console
 
 // +kubebuilder:object:generate=false
 type LifecycleEventRecorder interface {
-	ConsoleRequest(context.Context, *Console) error
+	ConsoleRequest(context.Context, *Console, *ConsoleAuthorisationRule) error
 	ConsoleAuthorise(context.Context, *Console, string) error
 	ConsoleStart(context.Context, *Console, string) error
 	ConsoleAttach(context.Context, *Console, string, string) error
@@ -52,18 +52,24 @@ func NewLifecycleEventRecorder(contextName string, logger logr.Logger, publisher
 	}
 }
 
-func (l *lifecycleEventRecorderImpl) ConsoleRequest(ctx context.Context, csl *Console) error {
+func (l *lifecycleEventRecorderImpl) ConsoleRequest(ctx context.Context, csl *Console, authRule *ConsoleAuthorisationRule) error {
+	authCount := 0
+	if authRule != nil {
+		authCount = authRule.AuthorisationsRequired
+	}
+
 	event := &events.ConsoleRequestEvent{
 		CommonEvent: CommonEventFromConsole(l.contextName, events.EventRequest, csl),
 		Spec: events.ConsoleRequestSpec{
-			Reason:          csl.Spec.Reason,
-			Username:        csl.Spec.User,
-			Context:         l.contextName,
-			Namespace:       csl.Namespace,
-			ConsoleTemplate: csl.Spec.ConsoleTemplateRef.Name,
-			Console:         csl.Name,
-			Timestamp:       csl.CreationTimestamp.Time,
-			Labels:          csl.Labels,
+			Reason:                 csl.Spec.Reason,
+			Username:               csl.Spec.User,
+			Context:                l.contextName,
+			Namespace:              csl.Namespace,
+			ConsoleTemplate:        csl.Spec.ConsoleTemplateRef.Name,
+			Console:                csl.Name,
+			RequiredAuthorisations: authCount,
+			Timestamp:              csl.CreationTimestamp.Time,
+			Labels:                 csl.Labels,
 		},
 	}
 

diff --git a/controllers/workloads/console/controller.go b/controllers/workloads/console/controller.go
@@ -120,14 +120,8 @@ func (r *ConsoleReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manag
 func (r *ConsoleReconciler) Reconcile(logger logr.Logger, ctx context.Context, req ctrl.Request, csl *workloadsv1alpha1.Console) (ctrl.Result, error) {
 	logger = logger.WithValues("console", req.NamespacedName)
 
-	// If we have yet to set the owner reference record this as a
-	// new console request
-	if len(csl.OwnerReferences) == 0 {
-		err := r.LifecycleRecorder.ConsoleRequest(ctx, csl)
-		if err != nil {
-			logging.WithNoRecord(logger).Error(err, "failed to record event", "event", "console.request")
-		}
-	}
+	// If we have yet to set the owner reference then this is a new console request
+	isNewConsole := len(csl.OwnerReferences) == 0
 
 	// Fetch console template
 	tpl, err := r.getConsoleTemplate(ctx, csl, req.NamespacedName)
@@ -192,6 +186,13 @@ func (r *ConsoleReconciler) Reconcile(logger logr.Logger, ctx context.Context, r
 		}
 	}
 
+	if isNewConsole {
+		err := r.LifecycleRecorder.ConsoleRequest(ctx, csl, authRule)
+		if err != nil {
+			logging.WithNoRecord(logger).Error(err, "failed to record event", "event", "console.request")
+		}
+	}
+
 	job, err := r.getJob(ctx, req.NamespacedName)
 	if err != nil {
 		job = nil

diff --git a/pkg/workloads/console/events/events.go b/pkg/workloads/console/events/events.go
@@ -39,12 +39,13 @@ type ConsoleRequestSpec struct {
 	Reason   string `json:"reason"`
 	Username string `json:"username"`
 	// Context is used to denote the cluster name,
-	Context         string            `json:"context"`
-	Namespace       string            `json:"namespace"`
-	ConsoleTemplate string            `json:"console_template"`
-	Console         string            `json:"console"`
-	Timestamp       time.Time         `json:"timestamp"`
-	Labels          map[string]string `json:"labels"`
+	Context                string            `json:"context"`
+	Namespace              string            `json:"namespace"`
+	ConsoleTemplate        string            `json:"console_template"`
+	Console                string            `json:"console"`
+	RequiredAuthorisations int               `json:"required_authorisations"`
+	Timestamp              time.Time         `json:"timestamp"`
+	Labels                 map[string]string `json:"labels"`
 }
 
 type ConsoleRequestEvent struct {
@@ -97,5 +98,5 @@ func NewConsoleEventID(context, namespace, console string, time time.Time) strin
 		// year (2006) month (01) day (02) hour (15) minute (04) second (05)
 		time.Format("20060102150405"),
 		context, namespace, console,
-	}, "-")
+	}, "/")
 }