GoogleCloudPlatform · justinsb · May 22, 2024 · May 22, 2024
diff --git a/go.mod b/go.mod
@@ -11,6 +11,7 @@ require (
 	cloud.google.com/go/monitoring v1.19.0
 	cloud.google.com/go/profiler v0.1.0
 	cloud.google.com/go/resourcemanager v1.9.7
+	cloud.google.com/go/security v1.15.6
 	contrib.go.opencensus.io/exporter/prometheus v0.1.0
 	github.com/GoogleCloudPlatform/declarative-resource-client-library v1.62.0
 	github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp v0.0.0-00010101000000-000000000000

diff --git a/go.sum b/go.sum
diff --git a/pkg/controller/direct/directbase/directbase_controller.go b/pkg/controller/direct/directbase/directbase_controller.go
@@ -24,7 +24,6 @@ import (
 	"github.com/GoogleCloudPlatform/k8s-config-connector/operator/pkg/apis/core/v1beta1"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/operator/pkg/kccstate"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller"
-	kcciamclient "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/iam/iamclient"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/jitter"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/lifecyclehandler"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/metrics"
@@ -62,14 +61,7 @@ func init() {
 }
 
 type directControllerBuilder struct {
-	modelMapper map[schema.GroupVersionKind]func(*controller.Config) Model
-}
-
-func (c *directControllerBuilder) RegisterModel(gvk schema.GroupVersionKind, modelFn func(*controller.Config) Model) {
-	if c.modelMapper == nil {
-		c.modelMapper = map[schema.GroupVersionKind]func(*controller.Config) Model{}
-	}
-	c.modelMapper[gvk] = modelFn
+	registry
 }
 
 func (c *directControllerBuilder) AddController(mgr manager.Manager, config *controller.Config, crd *apiextensions.CustomResourceDefinition, deps Deps) error {
@@ -83,37 +75,20 @@ func (c *directControllerBuilder) AddController(mgr manager.Manager, config *con
 	return add(mgr, reconciler)
 }
 
-func (c *directControllerBuilder) IsDirectByGK(gk schema.GroupKind) bool {
-	for gvk, _ := range c.modelMapper {
-		if gvk.Group == gk.Group && gvk.Kind == gk.Kind {
-			return true
-		}
-	}
-	return false
-}
-
-func (c *directControllerBuilder) gvkByCrd(crd *apiextensions.CustomResourceDefinition) schema.GroupVersionKind {
-	for gvk, _ := range c.modelMapper {
-		if crd.Spec.Group == gvk.Group && crd.Spec.Names.Kind == gvk.Kind {
-			return gvk
-		}
-	}
-	return schema.GroupVersionKind{}
-}
-
 // NewReconciler returns a new reconcile.Reconciler.
 func (c *directControllerBuilder) NewReconciler(mgr manager.Manager, config *controller.Config, immediateReconcileRequests chan event.GenericEvent, resourceWatcherRoutines *semaphore.Weighted,
 	crd *apiextensions.CustomResourceDefinition, jg jitter.Generator) (*DirectReconciler, error) {
-	gvk := c.gvkByCrd(crd)
-	if gvk.Empty() {
-		return nil, fmt.Errorf("CRD %s is not registered on direct controllers", crd.Name)
+	groupKind := groupKindForCRD(crd)
+	controllerName := strings.ToLower(groupKind.Kind) + "-controller"
+
+	model, err := c.BuildModel(groupKind)
+	if err != nil {
+		return nil, fmt.Errorf("building model: %w", err)
 	}
-	controllerName := strings.ToLower(gvk.Kind) + "-controller"
-	modelFn, ok := c.modelMapper[gvk]
-	if !ok {
-		return nil, fmt.Errorf("no direct controller is registered for GroupVersionKind %s", gvk)
+	gvk, found := c.PreferredGVK(groupKind)
+	if !found {
+		return nil, fmt.Errorf("preferred GVK not found for %s", groupKind)
 	}
-	model := modelFn(config)
 
 	if jg == nil {
 		return nil, fmt.Errorf("jitter generator is not initialized")
@@ -285,7 +260,7 @@ func (r *reconcileContext) doReconcile(ctx context.Context, u *unstructured.Unst
 		}
 		if !k8s.HasAbandonAnnotation(u) {
 			if _, err := adapter.Delete(ctx); err != nil {
-				if !errors.Is(err, kcciamclient.ErrNotFound) && !k8s.IsReferenceNotFoundError(err) {
+				if !errors.Is(err, k8s.ErrIAMNotFound) && !k8s.IsReferenceNotFoundError(err) {
 					if unwrappedErr, ok := lifecyclehandler.CausedByUnresolvableDeps(err); ok {
 						logger.Info(unwrappedErr.Error(), "resource", k8s.GetNamespacedName(u))
 						resource, err := toK8sResource(u)

diff --git a/pkg/controller/direct/directbase/registry.go b/pkg/controller/direct/directbase/registry.go
@@ -0,0 +1,89 @@
+package directbase
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller"
+	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+type registry struct {
+	registrations map[schema.GroupKind]*registration
+}
+
+type registration struct {
+	gvk     schema.GroupVersionKind
+	factory ModelFactoryFunc
+	model   Model
+}
+
+type ModelFactoryFunc func(config *controller.Config) Model
+
+func (r *registry) BuildModel(gk schema.GroupKind) (Model, error) {
+	registration := r.registrations[gk]
+	if registration == nil {
+		return nil, fmt.Errorf("no model registered for %s", gk)
+	}
+	return registration.model, nil
+}
+
+func (r *registry) PreferredGVK(gk schema.GroupKind) (schema.GroupVersionKind, bool) {
+	registration := r.registrations[gk]
+	if registration == nil {
+		return schema.GroupVersionKind{}, false
+	}
+	return registration.gvk, true
+}
+
+func (r *registry) Init(ctx context.Context, config *controller.Config) error {
+	for _, registration := range r.registrations {
+		// model, err := registration.factory(ctx, config)
+		// if err != nil {
+		// 	return err
+		// }
+
+		model := registration.factory(config)
+
+		registration.model = model
+	}
+	return nil
+}
+
+func (r *registry) RegisterModel(gvk schema.GroupVersionKind, modelFn func(*controller.Config) Model) {
+	if r.registrations == nil {
+		r.registrations = make(map[schema.GroupKind]*registration)
+	}
+	r.registrations[gvk.GroupKind()] = &registration{
+		gvk:     gvk,
+		factory: modelFn,
+	}
+}
+
+func (r *directControllerBuilder) IsDirectByGK(gk schema.GroupKind) bool {
+	registration := r.registrations[gk]
+	return registration != nil
+}
+
+// IsIAMDirect returns true if this resource uses the direct-reconciliation model for IAM.
+func (r *registry) IsIAMDirect(groupKind schema.GroupKind) bool {
+	registration := r.registrations[groupKind]
+	if registration == nil {
+		return false
+	}
+
+	// TODO: Move to registration somehow?
+	switch groupKind {
+	case schema.GroupKind{Group: "privateca.cnrm.cloud.google.com", Kind: "PrivateCACAPool"}:
+		return true
+	}
+	return false
+}
+
+func groupKindForCRD(crd *apiextensions.CustomResourceDefinition) schema.GroupKind {
+	return schema.GroupKind{
+		Group: crd.Spec.Group,
+		Kind:  crd.Spec.Names.Kind,
+	}
+}