From 7662e992b81c39e67c672444aa42a758ece22170 Mon Sep 17 00:00:00 2001
From: jiahui <bxy4543@gmail.com>
Date: Wed, 9 Oct 2024 15:14:07 +0800
Subject: [PATCH] operationrequest cr change to the user-system

---
 .../user/api/v1/operationrequest_types.go     |  5 ++-
 .../operationrequest_controller.go            | 44 ++++++++++++-------
 2 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/controllers/user/api/v1/operationrequest_types.go b/controllers/user/api/v1/operationrequest_types.go
index 481345252e1..19893830b6d 100644
--- a/controllers/user/api/v1/operationrequest_types.go
+++ b/controllers/user/api/v1/operationrequest_types.go
@@ -22,7 +22,9 @@ import (
 
 // OperationrequestSpec defines the desired state of Operationrequest
 type OperationrequestSpec struct {
-	User string `json:"user,omitempty"`
+	// Namespace is the workspace that needs to be operated.
+	Namespace string `json:"namespace,omitempty"`
+	User      string `json:"user,omitempty"`
 	// +kubebuilder:validation:Enum=Owner;Manager;Developer
 	Role RoleType `json:"role,omitempty"`
 	// +kubebuilder:validation:Enum=Grant;Update;Deprive
@@ -56,6 +58,7 @@ const (
 )
 
 //+kubebuilder:printcolumn:name="Action",type="string",JSONPath=".spec.action"
+//+kubebuilder:printcolumn:name="Namespace",type="string",JSONPath=".spec.namespace"
 //+kubebuilder:printcolumn:name="User",type="string",JSONPath=".spec.user"
 //+kubebuilder:printcolumn:name="Role",type="string",JSONPath=".spec.role"
 //+kubebuilder:printcolumn:name="Phase",type="string",JSONPath=".status.phase"
diff --git a/controllers/user/controllers/operationrequest_controller.go b/controllers/user/controllers/operationrequest_controller.go
index d9bcab550d8..01ff53de80d 100644
--- a/controllers/user/controllers/operationrequest_controller.go
+++ b/controllers/user/controllers/operationrequest_controller.go
@@ -21,6 +21,10 @@ import (
 	"fmt"
 	"time"
 
+	"sigs.k8s.io/controller-runtime/pkg/builder"
+	"sigs.k8s.io/controller-runtime/pkg/event"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+
 	"github.com/go-logr/logr"
 
 	util "github.com/labring/operator-sdk/controller"
@@ -70,7 +74,7 @@ func (r *OperationReqReconciler) SetupWithManager(mgr ctrl.Manager, opts util.Ra
 	r.retentionTime = retTime
 	r.Logger.V(1).Info("init reconcile operationrequest controller")
 	return ctrl.NewControllerManagedBy(mgr).
-		For(&userv1.Operationrequest{}).
+		For(&userv1.Operationrequest{}, builder.WithPredicates(namespaceOnlyPredicate(config.GetUserSystemNamespace()))).
 		WithOptions(controller.Options{
 			MaxConcurrentReconciles: util.GetConcurrent(opts),
 			RateLimiter:             util.GetRateLimiter(opts),
@@ -78,6 +82,23 @@ func (r *OperationReqReconciler) SetupWithManager(mgr ctrl.Manager, opts util.Ra
 		Complete(r)
 }
 
+func namespaceOnlyPredicate(namespace string) predicate.Predicate {
+	return predicate.Funcs{
+		CreateFunc: func(e event.CreateEvent) bool {
+			return e.Object.GetNamespace() == namespace
+		},
+		DeleteFunc: func(e event.DeleteEvent) bool {
+			return e.Object.GetNamespace() == namespace
+		},
+		UpdateFunc: func(e event.UpdateEvent) bool {
+			return e.ObjectNew.GetNamespace() == namespace
+		},
+		GenericFunc: func(e event.GenericEvent) bool {
+			return e.Object.GetNamespace() == namespace
+		},
+	}
+}
+
 // +kubebuilder:rbac:groups=user.sealos.io,resources=operationrequests,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=user.sealos.io,resources=operationrequests/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=user.sealos.io,resources=operationrequests/finalizers,verbs=update
@@ -136,17 +157,10 @@ func (r *OperationReqReconciler) reconcile(ctx context.Context, request *userv1.
 	)
 
 	user := &userv1.User{}
-	if err := r.Get(ctx, client.ObjectKey{Name: config.GetUserNameByNamespace(request.Namespace)}, user); err != nil {
+	if err := r.Get(ctx, client.ObjectKey{Name: config.GetUserNameByNamespace(request.Spec.Namespace)}, user); err != nil {
 		r.Recorder.Eventf(request, v1.EventTypeWarning, "Failed to get user", "Failed to get user %s", request.Spec.User)
 		return ctrl.Result{}, err
 	}
-	if request.Spec.Role == userv1.OwnerRoleType {
-		if user.Name == user.Annotations[userv1.UserAnnotationOwnerKey] {
-			// 不允许转移个人空间
-			r.Recorder.Eventf(request, v1.EventTypeWarning, "Failed to grant role", "Failed to grant role %s to user %s, cannot transfer personal workspace", request.Spec.Role, request.Spec.User)
-			return ctrl.Result{}, r.updateRequestStatus(ctx, request, userv1.RequestFailed)
-		}
-	}
 	bindUser := &userv1.User{}
 	if err := r.Get(ctx, client.ObjectKey{Name: request.Spec.User}, bindUser); err != nil {
 		r.Recorder.Eventf(request, v1.EventTypeWarning, "Failed to get bind user", "Failed to get bind user %s", request.Spec.User)
@@ -206,7 +220,7 @@ func (r *OperationReqReconciler) reconcile(ctx context.Context, request *userv1.
 		return ctrl.Result{}, err
 	}
 
-	r.Recorder.Eventf(request, v1.EventTypeNormal, "Completed", "Completed operation request %s/%s", request.Namespace, request.Name)
+	r.Recorder.Eventf(request, v1.EventTypeNormal, "Completed", "Completed operation request %s/%s", request.Spec.Namespace, request.Name)
 	return ctrl.Result{RequeueAfter: OperationReqRequeueDuration}, nil
 }
 
@@ -234,9 +248,9 @@ func (r *OperationReqReconciler) isExpired(request *userv1.Operationrequest) boo
 func (r *OperationReqReconciler) deleteRequest(ctx context.Context, request *userv1.Operationrequest) error {
 	r.Logger.V(1).Info("deleting OperationRequest", "request", request)
 	if err := r.Delete(ctx, request); client.IgnoreNotFound(err) != nil {
-		r.Recorder.Eventf(request, v1.EventTypeWarning, "Failed to delete OperationRequest", "Failed to delete OperationRequest %s/%s", request.Namespace, request.Name)
+		r.Recorder.Eventf(request, v1.EventTypeWarning, "Failed to delete OperationRequest", "Failed to delete OperationRequest %s/%s", request.Spec.Namespace, request.Name)
 		r.Logger.Error(err, "Failed to delete OperationRequest", getLog(request)...)
-		return fmt.Errorf("failed to delete OperationRequest %s/%s: %w", request.Namespace, request.Name, err)
+		return fmt.Errorf("failed to delete OperationRequest %s/%s: %w", request.Spec.Namespace, request.Name, err)
 	}
 	r.Logger.V(1).Info("delete OperationRequest success", getLog(request)...)
 	return nil
@@ -245,7 +259,7 @@ func (r *OperationReqReconciler) deleteRequest(ctx context.Context, request *use
 func (r *OperationReqReconciler) updateRequestStatus(ctx context.Context, request *userv1.Operationrequest, phase userv1.RequestPhase) error {
 	request.Status.Phase = phase
 	if err := r.Status().Update(ctx, request); err != nil {
-		r.Recorder.Eventf(request, v1.EventTypeWarning, "Failed to update OperationRequest status", "Failed to update OperationRequest status %s/%s", request.Namespace, request.Name)
+		r.Recorder.Eventf(request, v1.EventTypeWarning, "Failed to update OperationRequest status", "Failed to update OperationRequest status %s/%s", request.Spec.Namespace, request.Name)
 		r.Logger.V(1).Info("update OperationRequest status failed", getLog(request)...)
 		return err
 	}
@@ -257,7 +271,7 @@ func conventRequestToRolebinding(request *userv1.Operationrequest) *rbacv1.RoleB
 	return &rbacv1.RoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      config.GetGroupRoleBindingName(request.Spec.User),
-			Namespace: request.Namespace,
+			Namespace: request.Spec.Namespace,
 			Annotations: map[string]string{
 				userAnnotationOwnerKey: request.Spec.User,
 			},
@@ -283,7 +297,7 @@ func conventRequestToRolebinding(request *userv1.Operationrequest) *rbacv1.RoleB
 func getLog(request *userv1.Operationrequest, kv ...interface{}) []interface{} {
 	return append([]interface{}{
 		"request.name", request.Name,
-		"request.namespace", request.Namespace,
+		"request.Spec.Namespace", request.Spec.Namespace,
 		"request.user", request.Spec.User,
 		"request.role", request.Spec.Role,
 		"request.action", request.Spec.Action,