diff --git a/cmd/operator.go b/cmd/operator.go index a6e9043a..3377b7c4 100644 --- a/cmd/operator.go +++ b/cmd/operator.go @@ -149,19 +149,6 @@ var operatorCmd = &cobra.Command{ log.Error().Err(err).Msg("Failed to create in cluster client") return err } - providerLister := iclient.NewProviderLister(provider.Provider.Provider) - - if err = controller.NewStoreReconciler(ctx, log, fga, mgr, &operatorCfg, providerLister). - SetupWithManager(mgr, defaultCfg); err != nil { - log.Error().Err(err).Str("controller", "store").Msg("unable to create controller") - return err - } - if err = controller. - NewAuthorizationModelReconciler(log, fga, mgr). - SetupWithManager(mgr, defaultCfg); err != nil { - log.Error().Err(err).Str("controller", "authorizationmodel").Msg("unable to create controller") - return err - } kcpClientGetter := iclient.NewManagerKCPClientGetter(mgr, provider.Provider.Provider) kcpClientGetterWithConfig := iclient.NewConfigSchemeKCPClientGetter(restCfg, scheme) diff --git a/cmd/system.go b/cmd/system.go index db160223..847453a0 100644 --- a/cmd/system.go +++ b/cmd/system.go @@ -69,7 +69,7 @@ var systemCmd = &cobra.Command{ Scheme: scheme, }) if err != nil { - setupLog.Error(err, "unable to create apiexport provider") + setupLog.Error(err, "unable to create system apiexport provider") return err } @@ -80,7 +80,6 @@ var systemCmd = &cobra.Command{ setupLog.Error(err, "unable to create core apiexport provider") return err } - multiProv := multiprovider.New(multiprovider.Options{}) if err := multiProv.AddProvider(config.SystemProviderName, systemProvider); err != nil { return err @@ -131,6 +130,19 @@ var systemCmd = &cobra.Command{ return err } + if err = controller.NewStoreReconciler(ctx, log, fgaClient, mgr, &operatorCfg, providerLister, kcpClientGetter). + SetupWithManager(mgr, defaultCfg); err != nil { + log.Error().Err(err).Str("controller", "store").Msg("unable to create controller") + return err + } + + if err = controller. + NewAuthorizationModelReconciler(log, fgaClient, mgr, kcpClientGetter). + SetupWithManager(mgr, defaultCfg); err != nil { + log.Error().Err(err).Str("controller", "authorizationmodel").Msg("unable to create controller") + return err + } + if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { log.Error().Err(err).Msg("unable to set up health check") return err diff --git a/internal/config/config.go b/internal/config/config.go index 2f28730d..91ba4f1d 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -2,6 +2,7 @@ package config import ( "os" + "strings" "time" "github.com/spf13/pflag" @@ -195,3 +196,12 @@ func (config Config) TerminatorName() string { func MultiProviderName(providerName, clusterName string) multicluster.ClusterName { return multicluster.ClusterName(providerName + providerSeparator + clusterName) } + +// Strip provider prefix from cluster name ("core#1kar1u6c65ykt4ea" -> "1kar1u6c65ykt4ea") +func StripProviderPrefix(clusterName multicluster.ClusterName) string { + prefixedClusterName := clusterName.String() + if _, ClusteName, found := strings.Cut(prefixedClusterName, providerSeparator); found { + return ClusteName + } + return prefixedClusterName +} diff --git a/internal/controller/apiexportpolicy_controller.go b/internal/controller/apiexportpolicy_controller.go index 74564e06..dfc147d2 100644 --- a/internal/controller/apiexportpolicy_controller.go +++ b/internal/controller/apiexportpolicy_controller.go @@ -78,7 +78,7 @@ func (r *APIExportPolicyReconciler) SetupWithManager(mgr mcmanager.Manager, cfg Named("apiexportpolicy"). For(&corev1alpha1.APIExportPolicy{}, mcbuilder.WithClusterFilter(func(clusterName multicluster.ClusterName, _ cluster.Cluster) bool { - return strings.HasPrefix(string(clusterName), config.SystemProviderName) + return strings.HasPrefix(clusterName.String(), config.SystemProviderName) }), ). WithOptions(opts). @@ -102,7 +102,7 @@ func (r *APIExportPolicyReconciler) SetupWithManager(mgr mcmanager.Manager, cfg }) }, mcbuilder.WithClusterFilter(func(clusterName multicluster.ClusterName, _ cluster.Cluster) bool { - return strings.HasPrefix(string(clusterName), config.CoreProviderName) + return strings.HasPrefix(clusterName.String(), config.CoreProviderName) }), ).Complete(r) } diff --git a/internal/controller/authorization_model_controller.go b/internal/controller/authorization_model_controller.go index 973e1107..d35ae234 100644 --- a/internal/controller/authorization_model_controller.go +++ b/internal/controller/authorization_model_controller.go @@ -2,6 +2,7 @@ package controller import ( "context" + "strings" "time" openfgav1 "github.com/openfga/api/proto/openfga/v1" @@ -9,15 +10,19 @@ import ( "github.com/platform-mesh/golang-commons/controller/filter" "github.com/platform-mesh/golang-commons/logger" corev1alpha1 "github.com/platform-mesh/security-operator/api/v1alpha1" + iclient "github.com/platform-mesh/security-operator/internal/client" + "github.com/platform-mesh/security-operator/internal/config" "github.com/platform-mesh/security-operator/internal/metrics" "github.com/platform-mesh/security-operator/internal/subroutine" "github.com/platform-mesh/subroutines/lifecycle" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/cluster" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/predicate" mcbuilder "sigs.k8s.io/multicluster-runtime/pkg/builder" mcmanager "sigs.k8s.io/multicluster-runtime/pkg/manager" + "sigs.k8s.io/multicluster-runtime/pkg/multicluster" mcreconcile "sigs.k8s.io/multicluster-runtime/pkg/reconcile" ) @@ -26,10 +31,10 @@ type AuthorizationModelReconciler struct { lifecycle *lifecycle.Lifecycle } -func NewAuthorizationModelReconciler(log *logger.Logger, fga openfgav1.OpenFGAServiceClient, mcMgr mcmanager.Manager) *AuthorizationModelReconciler { +func NewAuthorizationModelReconciler(log *logger.Logger, fga openfgav1.OpenFGAServiceClient, mcMgr mcmanager.Manager, kcpClientGetter iclient.KCPClientGetter) *AuthorizationModelReconciler { lc := lifecycle.New(mcMgr, "AuthorizationModelReconciler", func() client.Object { return &corev1alpha1.AuthorizationModel{} - }, subroutine.NewTupleSubroutine(fga, mcMgr)) + }, subroutine.NewTupleSubroutine(fga, kcpClientGetter)) return &AuthorizationModelReconciler{ log: log, @@ -56,7 +61,9 @@ func (r *AuthorizationModelReconciler) SetupWithManager(mgr mcmanager.Manager, c predicates := append([]predicate.Predicate{filter.DebugResourcesBehaviourPredicate(cfg.DebugLabelValue)}, evp...) return mcbuilder.ControllerManagedBy(mgr). Named("authorizationmodel"). - For(&corev1alpha1.AuthorizationModel{}). + For(&corev1alpha1.AuthorizationModel{}, mcbuilder.WithClusterFilter(func(clusterName multicluster.ClusterName, _ cluster.Cluster) bool { + return strings.HasPrefix(clusterName.String(), config.CoreProviderName) + })). WithOptions(opts). WithEventFilter(predicate.And(predicates...)). Complete(r) diff --git a/internal/controller/idp_controller.go b/internal/controller/idp_controller.go index ec80cbd2..d5bbeebe 100644 --- a/internal/controller/idp_controller.go +++ b/internal/controller/idp_controller.go @@ -80,7 +80,7 @@ func (r *IdentityProviderConfigurationReconciler) SetupWithManager(mgr mcmanager return mcbuilder.ControllerManagedBy(mgr). Named("identityprovider"). For(&corev1alpha1.IdentityProviderConfiguration{}, mcbuilder.WithClusterFilter(func(clusterName multicluster.ClusterName, _ cluster.Cluster) bool { - return strings.HasPrefix(string(clusterName), config.SystemProviderName) + return strings.HasPrefix(clusterName.String(), config.SystemProviderName) })). WithOptions(opts). WithEventFilter(predicate.And(predicates...)). diff --git a/internal/controller/store_controller.go b/internal/controller/store_controller.go index f6a41c9c..00fbd9c9 100644 --- a/internal/controller/store_controller.go +++ b/internal/controller/store_controller.go @@ -2,6 +2,7 @@ package controller import ( "context" + "strings" "time" openfgav1 "github.com/openfga/api/proto/openfga/v1" @@ -40,7 +41,7 @@ type StoreReconciler struct { lifecycle *lifecycle.Lifecycle } -func NewStoreReconciler(ctx context.Context, log *logger.Logger, fga openfgav1.OpenFGAServiceClient, mcMgr mcmanager.Manager, cfg *config.Config, lister iclient.Lister) *StoreReconciler { +func NewStoreReconciler(ctx context.Context, log *logger.Logger, fga openfgav1.OpenFGAServiceClient, mcMgr mcmanager.Manager, cfg *config.Config, lister iclient.Lister, kcpClientGetter iclient.KCPClientGetter) *StoreReconciler { lc := lifecycle.New(mcMgr, "StoreReconciler", func() client.Object { return &corev1alpha1.Store{} }, @@ -48,7 +49,7 @@ func NewStoreReconciler(ctx context.Context, log *logger.Logger, fga openfgav1.O subroutine.NewAuthorizationModelSubroutine(fga, mcMgr, lister, func(cfg *rest.Config) discovery.DiscoveryInterface { return discovery.NewDiscoveryClientForConfigOrDie(cfg) }, log), - subroutine.NewTupleSubroutine(fga, mcMgr), + subroutine.NewTupleSubroutine(fga, kcpClientGetter), ).WithConditions(conditions.NewManager()) return &StoreReconciler{ @@ -75,7 +76,11 @@ func (r *StoreReconciler) SetupWithManager(mgr mcmanager.Manager, cfg *platforme predicates := append([]predicate.Predicate{filter.DebugResourcesBehaviourPredicate(cfg.DebugLabelValue)}, evp...) b := mcbuilder.ControllerManagedBy(mgr). Named("store"). - For(&corev1alpha1.Store{}). + For(&corev1alpha1.Store{}, + mcbuilder.WithClusterFilter(func(clusterName multicluster.ClusterName, _ cluster.Cluster) bool { + return strings.HasPrefix(clusterName.String(), config.SystemProviderName) + }), + ). WithOptions(controller.TypedOptions[mcreconcile.Request]{MaxConcurrentReconciles: cfg.MaxConcurrentReconciles}). WithEventFilter(predicate.And(predicates...)) @@ -88,6 +93,9 @@ func (r *StoreReconciler) SetupWithManager(mgr mcmanager.Manager, cfg *platforme if !ok { return nil } + // stores are engaged by system provider, to trigger a reconciliation with multi provider + // it's required to use provider's prefix for request + storeClusterName := config.MultiProviderName(config.SystemProviderName, model.Spec.StoreRef.Cluster) return []mcreconcile.Request{ { @@ -96,11 +104,14 @@ func (r *StoreReconciler) SetupWithManager(mgr mcmanager.Manager, cfg *platforme Name: model.Spec.StoreRef.Name, }, }, - ClusterName: multicluster.ClusterName(model.Spec.StoreRef.Cluster), + ClusterName: storeClusterName, }, } }) }, mcbuilder.WithPredicates(predicate.GenerationChangedPredicate{}), + mcbuilder.WithClusterFilter(func(clusterName multicluster.ClusterName, _ cluster.Cluster) bool { + return strings.HasPrefix(clusterName.String(), config.CoreProviderName) + }), ).Complete(r) } diff --git a/internal/subroutine/authorization_model.go b/internal/subroutine/authorization_model.go index fa41f31d..df8b90d8 100644 --- a/internal/subroutine/authorization_model.go +++ b/internal/subroutine/authorization_model.go @@ -13,6 +13,7 @@ import ( "github.com/platform-mesh/golang-commons/logger" securityv1alpha1 "github.com/platform-mesh/security-operator/api/v1alpha1" iclient "github.com/platform-mesh/security-operator/internal/client" + "github.com/platform-mesh/security-operator/internal/config" "github.com/platform-mesh/security-operator/internal/util" "github.com/platform-mesh/subroutines" "google.golang.org/protobuf/encoding/protojson" @@ -108,7 +109,7 @@ func getRelatedAuthorizationModels(ctx context.Context, lister iclient.Lister, s var extendingModules securityv1alpha1.AuthorizationModelList for _, model := range allAuthorizationModels.Items { - if model.Spec.StoreRef.Name != store.Name || model.Spec.StoreRef.Cluster != string(storeClusterKey) { + if model.Spec.StoreRef.Name != store.Name || model.Spec.StoreRef.Cluster != config.StripProviderPrefix(storeClusterKey) { continue } @@ -203,7 +204,6 @@ func (a *authorizationModelSubroutine) Process(ctx context.Context, obj client.O if string(currentRaw) == string(desiredRaw) { return subroutines.OK(), nil } - } res, err := a.fga.WriteAuthorizationModel(ctx, &openfgav1.WriteAuthorizationModelRequest{ diff --git a/internal/subroutine/invite/subroutine.go b/internal/subroutine/invite/subroutine.go index 5cfca1fa..8c678d9d 100644 --- a/internal/subroutine/invite/subroutine.go +++ b/internal/subroutine/invite/subroutine.go @@ -111,7 +111,7 @@ func (s *subroutine) Process(ctx context.Context, obj k8sclient.Object) (subrout return subroutines.OK(), fmt.Errorf("failed to get cluster from context") } - cl, err := s.kcpClientGetter.NewClientForLogicalCluster(ctx, string(clusterName)) + cl, err := s.kcpClientGetter.NewClientForLogicalCluster(ctx, clusterName.String()) if err != nil { return subroutines.OK(), fmt.Errorf("failed to get client for cluster %q: %w", clusterName, err) } diff --git a/internal/subroutine/tuples.go b/internal/subroutine/tuples.go index ad468813..224ef5f1 100644 --- a/internal/subroutine/tuples.go +++ b/internal/subroutine/tuples.go @@ -8,18 +8,18 @@ import ( openfgav1 "github.com/openfga/api/proto/openfga/v1" "github.com/platform-mesh/golang-commons/logger" securityv1alpha1 "github.com/platform-mesh/security-operator/api/v1alpha1" + iclient "github.com/platform-mesh/security-operator/internal/client" + "github.com/platform-mesh/security-operator/internal/config" "github.com/platform-mesh/security-operator/internal/fga" "github.com/platform-mesh/subroutines" "sigs.k8s.io/controller-runtime/pkg/client" - mcmanager "sigs.k8s.io/multicluster-runtime/pkg/manager" - "sigs.k8s.io/multicluster-runtime/pkg/multicluster" "k8s.io/apimachinery/pkg/types" ) type tupleSubroutine struct { - fga openfgav1.OpenFGAServiceClient - mgr mcmanager.Manager + fga openfgav1.OpenFGAServiceClient + kcpClientGetter iclient.KCPClientGetter } // Finalize implements subroutines.Finalizer. @@ -38,13 +38,13 @@ func (t *tupleSubroutine) Finalize(ctx context.Context, obj client.Object) (subr case *securityv1alpha1.AuthorizationModel: managedTuples = o.Status.ManagedTuples - storeCluster, err := t.mgr.GetCluster(ctx, multicluster.ClusterName(o.Spec.StoreRef.Cluster)) + storeClient, err := t.kcpClientGetter.NewClientForLogicalCluster(ctx, string(config.MultiProviderName(config.SystemProviderName, o.Spec.StoreRef.Cluster))) if err != nil { - return subroutines.OK(), fmt.Errorf("unable to get store cluster: %w", err) + return subroutines.OK(), fmt.Errorf("unable to create client to store cluster: %w", err) } var store securityv1alpha1.Store - err = storeCluster.GetClient().Get(ctx, types.NamespacedName{ + err = storeClient.Get(ctx, types.NamespacedName{ Name: o.Spec.StoreRef.Name, }, &store) if err != nil { @@ -98,13 +98,13 @@ func (t *tupleSubroutine) Process(ctx context.Context, obj client.Object) (subro specTuples = o.Spec.Tuples managedTuples = o.Status.ManagedTuples - storeCluster, err := t.mgr.GetCluster(ctx, multicluster.ClusterName(o.Spec.StoreRef.Cluster)) + storeClient, err := t.kcpClientGetter.NewClientForLogicalCluster(ctx, string(config.MultiProviderName(config.SystemProviderName, o.Spec.StoreRef.Cluster))) if err != nil { - return subroutines.OK(), fmt.Errorf("unable to get store cluster: %w", err) + return subroutines.OK(), fmt.Errorf("unable to create client to store cluster: %w", err) } var store securityv1alpha1.Store - err = storeCluster.GetClient().Get(ctx, types.NamespacedName{ + err = storeClient.Get(ctx, types.NamespacedName{ Name: o.Spec.StoreRef.Name, }, &store) if err != nil { @@ -142,10 +142,10 @@ func (t *tupleSubroutine) Process(ctx context.Context, obj client.Object) (subro return subroutines.OK(), nil } -func NewTupleSubroutine(fga openfgav1.OpenFGAServiceClient, mgr mcmanager.Manager) *tupleSubroutine { +func NewTupleSubroutine(fga openfgav1.OpenFGAServiceClient, kcpClientGetter iclient.KCPClientGetter) *tupleSubroutine { return &tupleSubroutine{ - fga: fga, - mgr: mgr, + fga: fga, + kcpClientGetter: kcpClientGetter, } } diff --git a/internal/subroutine/tuples_test.go b/internal/subroutine/tuples_test.go index 441992e9..cb25c4b3 100644 --- a/internal/subroutine/tuples_test.go +++ b/internal/subroutine/tuples_test.go @@ -11,10 +11,11 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/multicluster-runtime/pkg/multicluster" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/rest" ) func TestTupleGetName(t *testing.T) { @@ -165,7 +166,13 @@ func TestTupleProcessWithStore(t *testing.T) { test.mgrMocks(manager) } - subroutine := subroutine.NewTupleSubroutine(fga, manager) + // Mock GetLocalManager for Store tests + localMgr := mocks.NewMockCTRLManager(t) + manager.EXPECT().GetLocalManager().Return(localMgr).Maybe() + localMgr.EXPECT().GetConfig().Return(&rest.Config{}).Maybe() + localMgr.EXPECT().GetScheme().Return(runtime.NewScheme()).Maybe() + + subroutine := subroutine.NewTupleSubroutine(fga, nil) _, err := subroutine.Process(context.Background(), test.store) if test.expectError { @@ -181,12 +188,11 @@ func TestTupleProcessWithStore(t *testing.T) { func TestTupleProcessWithAuthorizationModel(t *testing.T) { tests := []struct { - name string - store *securityv1alpha1.AuthorizationModel - fgaMocks func(*mocks.MockOpenFGAServiceClient) - k8sMocks func(*mocks.MockClient) - mgrMocks func(*mocks.MockManager) - expectError bool + name string + store *securityv1alpha1.AuthorizationModel + fgaMocks func(*mocks.MockOpenFGAServiceClient) + kcpClientGetterMocks func(*mocks.MockKCPClientGetter) + expectError bool }{ { name: "should process and add tuples to the authorization model", @@ -223,14 +229,9 @@ func TestTupleProcessWithAuthorizationModel(t *testing.T) { fgaMocks: func(fga *mocks.MockOpenFGAServiceClient) { fga.EXPECT().Write(mock.Anything, mock.Anything).Return(nil, nil) }, - k8sMocks: func(k8s *mocks.MockClient) { - // Not used for AuthorizationModel - }, - mgrMocks: func(mgr *mocks.MockManager) { - storeCluster := mocks.NewMockCluster(t) + kcpClientGetterMocks: func(kcpClientGetter *mocks.MockKCPClientGetter) { storeClient := mocks.NewMockClient(t) - mgr.EXPECT().GetCluster(mock.Anything, multicluster.ClusterName("store-cluster")).Return(storeCluster, nil) - storeCluster.EXPECT().GetClient().Return(storeClient) + kcpClientGetter.EXPECT().NewClientForLogicalCluster(mock.Anything, "system#store-cluster").Return(storeClient, nil) storeClient.EXPECT().Get(mock.Anything, mock.Anything, mock.Anything).RunAndReturn(func(ctx context.Context, nn types.NamespacedName, o client.Object, opts ...client.GetOption) error { store := o.(*securityv1alpha1.Store) *store = securityv1alpha1.Store{ @@ -288,14 +289,9 @@ func TestTupleProcessWithAuthorizationModel(t *testing.T) { // Apply (batch write) + Delete (batch delete) fga.EXPECT().Write(mock.Anything, mock.Anything).Return(nil, nil).Twice() }, - k8sMocks: func(k8s *mocks.MockClient) { - // Not used for AuthorizationModel - }, - mgrMocks: func(mgr *mocks.MockManager) { - storeCluster := mocks.NewMockCluster(t) + kcpClientGetterMocks: func(kcpClientGetter *mocks.MockKCPClientGetter) { storeClient := mocks.NewMockClient(t) - mgr.EXPECT().GetCluster(mock.Anything, multicluster.ClusterName("store-cluster")).Return(storeCluster, nil) - storeCluster.EXPECT().GetClient().Return(storeClient) + kcpClientGetter.EXPECT().NewClientForLogicalCluster(mock.Anything, "system#store-cluster").Return(storeClient, nil) storeClient.EXPECT().Get(mock.Anything, mock.Anything, mock.Anything).RunAndReturn(func(ctx context.Context, nn types.NamespacedName, o client.Object, opts ...client.GetOption) error { store := o.(*securityv1alpha1.Store) *store = securityv1alpha1.Store{ @@ -316,15 +312,12 @@ func TestTupleProcessWithAuthorizationModel(t *testing.T) { test.fgaMocks(fga) } - manager := mocks.NewMockManager(t) - if test.mgrMocks != nil { - test.mgrMocks(manager) - } - if test.k8sMocks != nil { - test.k8sMocks(mocks.NewMockClient(t)) + kcpClientGetter := mocks.NewMockKCPClientGetter(t) + if test.kcpClientGetterMocks != nil { + test.kcpClientGetterMocks(kcpClientGetter) } - subroutine := subroutine.NewTupleSubroutine(fga, manager) + subroutine := subroutine.NewTupleSubroutine(fga, kcpClientGetter) ctx := context.Background() @@ -342,12 +335,11 @@ func TestTupleProcessWithAuthorizationModel(t *testing.T) { func TestTupleFinalizationWithAuthorizationModel(t *testing.T) { tests := []struct { - name string - store *securityv1alpha1.AuthorizationModel - fgaMocks func(*mocks.MockOpenFGAServiceClient) - k8sMocks func(*mocks.MockClient) - mgrMocks func(*mocks.MockManager) - expectError bool + name string + store *securityv1alpha1.AuthorizationModel + fgaMocks func(*mocks.MockOpenFGAServiceClient) + kcpClientGetterMocks func(*mocks.MockKCPClientGetter) + expectError bool }{ { name: "should finalize the authorization model", @@ -377,14 +369,9 @@ func TestTupleFinalizationWithAuthorizationModel(t *testing.T) { // delete call fga.EXPECT().Write(mock.Anything, mock.Anything).Return(nil, nil) }, - k8sMocks: func(k8s *mocks.MockClient) { - // Not used for AuthorizationModel - }, - mgrMocks: func(mgr *mocks.MockManager) { - storeCluster := mocks.NewMockCluster(t) + kcpClientGetterMocks: func(kcpClientGetter *mocks.MockKCPClientGetter) { storeClient := mocks.NewMockClient(t) - mgr.EXPECT().GetCluster(mock.Anything, multicluster.ClusterName("store-cluster")).Return(storeCluster, nil) - storeCluster.EXPECT().GetClient().Return(storeClient) + kcpClientGetter.EXPECT().NewClientForLogicalCluster(mock.Anything, "system#store-cluster").Return(storeClient, nil) storeClient.EXPECT().Get(mock.Anything, mock.Anything, mock.Anything).RunAndReturn(func(ctx context.Context, nn types.NamespacedName, o client.Object, opts ...client.GetOption) error { store := o.(*securityv1alpha1.Store) *store = securityv1alpha1.Store{ @@ -405,15 +392,12 @@ func TestTupleFinalizationWithAuthorizationModel(t *testing.T) { test.fgaMocks(fga) } - manager := mocks.NewMockManager(t) - if test.mgrMocks != nil { - test.mgrMocks(manager) - } - if test.k8sMocks != nil { - test.k8sMocks(mocks.NewMockClient(t)) + kcpClientGetter := mocks.NewMockKCPClientGetter(t) + if test.kcpClientGetterMocks != nil { + test.kcpClientGetterMocks(kcpClientGetter) } - subroutine := subroutine.NewTupleSubroutine(fga, manager) + subroutine := subroutine.NewTupleSubroutine(fga, kcpClientGetter) ctx := context.Background() @@ -483,12 +467,7 @@ func TestTupleFinalizationWithStore(t *testing.T) { test.fgaMocks(fga) } - manager := mocks.NewMockManager(t) - if test.mgrMocks != nil { - test.mgrMocks(manager) - } - - subroutine := subroutine.NewTupleSubroutine(fga, manager) + subroutine := subroutine.NewTupleSubroutine(fga, nil) _, err := subroutine.Finalize(context.Background(), test.store) if test.expectError {