Invitation API and Storage

README.md

@@ -95,6 +95,21 @@ spec:
     port: 9443
   version: v1
 ---
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: v1.user.appuio.io
+spec:
+  insecureSkipTLSVerify: true
+  group: user.appuio.io
+  groupPriorityMinimum: 1000
+  versionPriority: 15
+  service:
+    name: apiserver
+    namespace: default
+    port: 9443
+  version: v1
+---
 apiVersion: v1
 kind: Service
 metadata:

api.go

@@ -15,22 +15,15 @@ import (
 
 	billingv1 "github.com/appuio/control-api/apis/billing/v1"
 	orgv1 "github.com/appuio/control-api/apis/organization/v1"
+	userv1 "github.com/appuio/control-api/apis/user/v1"
 	"github.com/appuio/control-api/apiserver/authwrapper"
 	billingStore "github.com/appuio/control-api/apiserver/billing"
 	"github.com/appuio/control-api/apiserver/billing/odoostorage"
 	orgStore "github.com/appuio/control-api/apiserver/organization"
+	"github.com/appuio/control-api/apiserver/secretstorage"
+	"github.com/appuio/control-api/apiserver/user"
 )
 
-type organizationStatusRegisterer struct {
-	*orgv1.Organization
-}
-
-func (o organizationStatusRegisterer) GetGroupVersionResource() schema.GroupVersionResource {
-	gvr := o.Organization.GetGroupVersionResource()
-	gvr.Resource = fmt.Sprintf("%s/status", gvr.Resource)
-	return gvr
-}
-
 // APICommand creates a new command allowing to start the API server
 func APICommand() *cobra.Command {
 	roles := []string{}
@@ -39,11 +32,14 @@ func APICommand() *cobra.Command {
 
 	ob := &odooStorageBuilder{}
 	ost := orgStore.New(&roles, &usernamePrefix, &allowEmptyBillingEntity)
+	ib := &invitationStorageBuilder{}
 
 	cmd, err := builder.APIServer.
 		WithResourceAndHandler(&orgv1.Organization{}, ost).
 		WithResourceAndHandler(organizationStatusRegisterer{&orgv1.Organization{}}, ost).
 		WithResourceAndHandler(&billingv1.BillingEntity{}, ob.Build).
+		WithResourceAndHandler(&userv1.Invitation{}, ib.Build).
+		WithResourceAndHandler(secretstorage.NewStatusSubResourceRegisterer(&userv1.Invitation{}), ib.Build).
 		WithoutEtcd().
 		ExposeLoopbackAuthorizer().
 		ExposeLoopbackMasterClientConfig().
@@ -61,6 +57,8 @@ func APICommand() *cobra.Command {
 	cmd.Flags().StringVar(&ob.odoo8URL, "billing-entity-odoo8-url", "http://localhost:8069", "URL of the Odoo instance to use for billing entities")
 	cmd.Flags().BoolVar(&ob.odoo8DebugTransport, "billing-entity-odoo8-debug-transport", false, "Enable debug logging for the Odoo transport")
 
+	cmd.Flags().StringVar(&ib.backingNS, "invitation-storage-backing-ns", "default", "Namespace to store invitation secrets in")
+
 	rf := cmd.Run
 	cmd.Run = func(cmd *cobra.Command, args []string) {
 		ctrl.Log.WithName("setup").WithValues(
@@ -96,3 +94,21 @@ func (o *odooStorageBuilder) Build(s *runtime.Scheme, g genericregistry.RESTOpti
 		return nil, fmt.Errorf("unknown billing entity storage: %s", o.billingEntityStorage)
 	}
 }
+
+type invitationStorageBuilder struct {
+	backingNS string
+}
+
+func (i *invitationStorageBuilder) Build(s *runtime.Scheme, g genericregistry.RESTOptionsGetter) (rest.Storage, error) {
+	return user.NewInvitationStorage(i.backingNS)(s, g)
+}
+
+type organizationStatusRegisterer struct {
+	*orgv1.Organization
+}
+
+func (o organizationStatusRegisterer) GetGroupVersionResource() schema.GroupVersionResource {
+	gvr := o.Organization.GetGroupVersionResource()
+	gvr.Resource = fmt.Sprintf("%s/status", gvr.Resource)
+	return gvr
+}

apis/user/v1/groupversion_info.go

@@ -0,0 +1,21 @@
+// Package v1 contains API Schema definitions for the control-api v1 API group
+// +kubebuilder:object:generate=true
+// +kubebuilder:skip
+// +groupName=user.appuio.io
+package v1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "user.appuio.io", Version: "v1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)

apis/user/v1/invitation_types.go

@@ -0,0 +1,137 @@
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/apiserver-runtime/pkg/builder/resource"
+
+	"github.com/appuio/control-api/apiserver/secretstorage/status"
+)
+
+const (
+	// ConditionRedeemed is set when the invitation has been redeemed
+	ConditionRedeemed = "Redeemed"
+	// ConditionEmailSent is set when the invitation email has been sent
+	ConditionEmailSent = "EmailSent"
+)
+
+// +kubebuilder:object:root=true
+
+// Invitation is a representation of an APPUiO Cloud Invitation
+type Invitation struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec holds the desired invitation state
+	Spec InvitationSpec `json:"spec,omitempty"`
+	// Status holds the invitation specific status
+	Status InvitationStatus `json:"status,omitempty"`
+}
+
+// InvitationSpec defines the desired state of the Invitation
+type InvitationSpec struct {
+	// Note is a free-form text field to add a note to the invitation
+	Note string `json:"note,omitempty"`
+	// Email is the email address of the invited user, used to send the invitation
+	Email string `json:"email,omitempty"`
+	// TargetRefs is a list of references to the target resources
+	TargetRefs []TargetRef `json:"targetRefs,omitempty"`
+}
+
+// TargetRef is a reference to a target resource
+type TargetRef struct {
+	// APIGroup is the API group of the target resource
+	APIGroup string `json:"apiGroup,omitempty"`
+	// Kind is the kind of the target resource
+	Kind string `json:"kind,omitempty"`
+	// Name is the name of the target resource
+	Name string `json:"name,omitempty"`
+	// Namespace is the namespace of the target resource
+	Namespace string `json:"namespace,omitempty"`
+}
+
+// InvitationStatus defines the observed state of the Invitation
+type InvitationStatus struct {
+	// Token is the invitation token
+	Token string `json:"token"`
+	// ValidUntil is the time when the invitation expires
+	ValidUntil metav1.Time `json:"validUntil"`
+	// Conditions is a list of conditions for the invitation
+	Conditions []metav1.Condition `json:"conditions"`
+}
+
+// Invitation needs to implement the builder resource interface
+var _ status.ObjectWithStatusSubResource = &Invitation{}
+
+// GetObjectMeta returns the objects meta reference.
+func (o *Invitation) GetObjectMeta() *metav1.ObjectMeta {
+	return &o.ObjectMeta
+}
+
+// GetGroupVersionResource returns the GroupVersionResource for this resource.
+// The resource should be the all lowercase and pluralized kind
+func (o *Invitation) GetGroupVersionResource() schema.GroupVersionResource {
+	return schema.GroupVersionResource{
+		Group:    GroupVersion.Group,
+		Version:  GroupVersion.Version,
+		Resource: "invitations",
+	}
+}
+
+// IsStorageVersion returns true if the object is also the internal version -- i.e. is the type defined for the API group or an alias to this object.
+// If false, the resource is expected to implement MultiVersionObject interface.
+func (o *Invitation) IsStorageVersion() bool {
+	return true
+}
+
+// NamespaceScoped returns true if the object is namespaced
+func (o *Invitation) NamespaceScoped() bool {
+	return false
+}
+
+// New returns a new instance of the resource
+func (o *Invitation) New() runtime.Object {
+	return &Invitation{}
+}
+
+// NewList return a new list instance of the resource
+func (o *Invitation) NewList() runtime.Object {
+	return &InvitationList{}
+}
+
+// SecretStorageGetStatus returns the status of the resource
+func (o *Invitation) SecretStorageGetStatus() status.StatusSubResource {
+	return &o.Status
+}
+
+// CopyTo copies the status to the given parent resource
+func (s *InvitationStatus) SecretStorageCopyTo(parent status.ObjectWithStatusSubResource) {
+	parent.(*Invitation).Status = *s.DeepCopy()
+}
+
+func (s InvitationStatus) SubResourceName() string {
+	return "status"
+}
+
+// +kubebuilder:object:root=true
+
+// InvitationList contains a list of Invitations
+type InvitationList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []Invitation `json:"items"`
+}
+
+// InvitationList needs to implement the builder resource interface
+var _ resource.ObjectList = &InvitationList{}
+
+// GetListMeta returns the list meta reference.
+func (in *InvitationList) GetListMeta() *metav1.ListMeta {
+	return &in.ListMeta
+}
+
+func init() {
+	SchemeBuilder.Register(&Invitation{}, &InvitationList{})
+}

apiserver/authwrapper/storage_test.go

@@ -18,7 +18,7 @@ import (
 
 	"github.com/appuio/control-api/apiserver/authwrapper"
 	"github.com/appuio/control-api/apiserver/authwrapper/mock"
-	"github.com/appuio/control-api/apiserver/authwrapper/testresource"
+	"github.com/appuio/control-api/apiserver/testresource"
 )
 
 var gvr = func() metav1.GroupVersionResource {