Automatically provision personal namespace

Extend Workspace manager to support automatic provisioning
of personal namespaces.

The name of the namespace to create will be calculated from the
user name, which is expected to be an email address.

The user that namespace is created for will get konflux-admin
permissions on the namespace.

The implementation is idempotent.

This feature should be turned on using environment variables.

This change also adds an additional test suite. In order to run
it at the same time with the existing test suite (the default of
go test), allow to use different ports for workspace-manager.

In order to use the fakeclient provided by controller-runtime,
its version was updated.

Signed-off-by: gbenhaim <[email protected]>

cmd/main.go

@@ -2,10 +2,13 @@ package main
 
 import (
 	"context"
+	"fmt"
 	"net/http"
+	"os"
 
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/echo/v4/middleware"
+	"github.com/labstack/gommon/log"
 	authorizationv1 "k8s.io/api/authorization/v1"
 	core "k8s.io/api/core/v1"
 	authorizationv1Client "k8s.io/client-go/kubernetes/typed/authorization/v1"
@@ -24,6 +27,8 @@ import (
 	"k8s.io/client-go/kubernetes"
 
 	dummysignup "github.com/konflux-ci/workspace-manager/pkg/handlers/signup/dummy"
+
+	provisioner "github.com/konflux-ci/workspace-manager/pkg/handlers/signup/provisioner"
 )
 
 var (
@@ -151,6 +156,7 @@ func getUserNamespaces(e *echo.Echo, nameReq labels.Requirement) ([]core.Namespa
 		namespaceList,
 		&client.ListOptions{LabelSelector: selector},
 	)
+
 	if err != nil {
 		return nil, err
 	}
@@ -192,18 +198,48 @@ func runAccessCheck(
 	return false, nil
 }
 
+func getClientOrDie(logger echo.Logger) client.Client {
+	cfg, err := config.GetConfig()
+	if err != nil {
+		logger.Fatal(err)
+	}
+
+	cl, err := client.New(cfg, client.Options{Scheme: scheme})
+	if err != nil {
+		logger.Fatal(err)
+	}
+
+	return cl
+}
+
+func getHTTPPort() string {
+	port := "5000"
+	if val, ok := os.LookupEnv("WM_HTTP_PORT"); ok {
+		port = val
+	}
+
+	return fmt.Sprintf(":%s", port)
+}
+
 func main() {
 	e := echo.New()
+	e.Logger.SetLevel(log.INFO)
 
 	e.Pre(middleware.RemoveTrailingSlash())
 
 	e.Use(middleware.RequestID())
 	e.Use(middleware.Logger())
 	e.Use(middleware.Recover())
 
-	e.POST("/api/v1/signup", dummysignup.DummySignupPostHandler)
-
-	e.GET("/api/v1/signup", dummysignup.DummySignupGetHandler)
+	if os.Getenv("WM_NS_PROVISION") == "true" {
+		e.Logger.Info("Automatic namespace provisioning is on")
+		nsp := provisioner.NewNSProvisioner(getClientOrDie(e.Logger))
+		e.POST("/api/v1/signup", nsp.CreateNSHandler)
+		e.GET("/api/v1/signup", nsp.CheckNSExistHandler)
+	} else {
+		e.POST("/api/v1/signup", dummysignup.DummySignupPostHandler)
+		e.GET("/api/v1/signup", dummysignup.DummySignupGetHandler)
+	}
 
 	e.GET("/workspaces", func(c echo.Context) error {
 		nameReq, _ := labels.NewRequirement(
@@ -247,5 +283,5 @@ func main() {
 		return c.NoContent(http.StatusOK)
 	})
 
-	e.Logger.Fatal(e.Start(":5000"))
+	e.Logger.Fatal(e.Start(getHTTPPort()))
 }

cmd/main_test.go

@@ -229,7 +229,7 @@ var _ = BeforeSuite(func() {
 	k8sClient = utils.StartTestEnv(schema, testEnv)
 
 	serverProcess, serverCancelFunc = utils.CreateWorkspaceManagerServer("main.go", nil, "")
-	utils.WaitForWorkspaceManagerServerToServe()
+	utils.WaitForWorkspaceManagerServerToServe("http://localhost:5000/health")
 
 	user1 := "[email protected]"
 	user2 := "[email protected]"

go.mod

@@ -5,34 +5,37 @@ go 1.20
 require (
 	github.com/codeready-toolchain/api v0.0.0-20240322110702-5ab3840476e9
 	github.com/labstack/echo/v4 v4.11.4
-	github.com/onsi/ginkgo/v2 v2.1.4
-	github.com/onsi/gomega v1.19.0
-	k8s.io/api v0.25.0
-	k8s.io/apimachinery v0.25.0
-	k8s.io/client-go v0.25.0
-	sigs.k8s.io/controller-runtime v0.13.0
+	github.com/labstack/gommon v0.4.2
+	github.com/onsi/ginkgo/v2 v2.11.0
+	github.com/onsi/gomega v1.27.10
+	k8s.io/api v0.28.9
+	k8s.io/apimachinery v0.28.9
+	k8s.io/client-go v0.28.9
+	sigs.k8s.io/controller-runtime v0.16.6
 )
 
 require (
-	github.com/PuerkitoBio/purell v1.1.1 // indirect
-	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
-	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.19.5 // indirect
-	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/gnostic v0.5.7-v3refs // indirect
-	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
+	github.com/google/uuid v1.3.0 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/labstack/gommon v0.4.2 // indirect
-	github.com/mailru/easyjson v0.7.6 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -43,23 +46,24 @@ require (
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/net v0.19.0 // indirect
-	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
-	golang.org/x/sys v0.15.0 // indirect
-	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/oauth2 v0.8.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/tools v0.16.1 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.25.0 // indirect
-	k8s.io/klog/v2 v2.70.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
-	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
-	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	k8s.io/apiextensions-apiserver v0.28.9 // indirect
+	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
+	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )