kyma-project · kyma-bot · Aug 9, 2024 · Aug 8, 2024 · Aug 8, 2024 · Aug 8, 2024
@@ -208,7 +208,7 @@ func NewBrokerSuiteTestWithConfig(t *testing.T, cfg *Config, version ...string)
 	provisionManager := process.NewStagedManager(db.Operations(), eventBroker, cfg.OperationTimeout, cfg.Provisioning, logs.WithField("provisioning", "manager"))
 	provisioningQueue := NewProvisioningProcessingQueue(context.Background(), provisionManager, workersAmount, cfg, db, provisionerClient, inputFactory,
 		avsDel, internalEvalAssistant, externalEvalCreator,
-		edpClient, accountProvider, k8sClientProvider, cli, logs)
+		edpClient, accountProvider, k8sClientProvider, cli, defaultOIDCValues(), logs)
 
 	provisioningQueue.SpeedUp(10000)
 	provisionManager.SpeedUp(10000)

@@ -322,7 +322,7 @@ func main() {
 	provisionManager := process.NewStagedManager(db.Operations(), eventBroker, cfg.OperationTimeout, cfg.Provisioning, logs.WithField("provisioning", "manager"))
 	provisionQueue := NewProvisioningProcessingQueue(ctx, provisionManager, cfg.Provisioning.WorkersAmount, &cfg, db, provisionerClient, inputFactory,
 		avsDel, internalEvalAssistant, externalEvalCreator,
-		edpClient, accountProvider, skrK8sClientProvider, cli, logs)
+		edpClient, accountProvider, skrK8sClientProvider, cli, oidcDefaultValues, logs)
 
 	deprovisionManager := process.NewStagedManager(db.Operations(), eventBroker, cfg.OperationTimeout, cfg.Deprovisioning, logs.WithField("deprovisioning", "manager"))
 	deprovisionQueue := NewDeprovisioningProcessingQueue(ctx, cfg.Deprovisioning.WorkersAmount, deprovisionManager, &cfg, db, eventBroker, provisionerClient,

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 
+	"github.com/kyma-project/kyma-environment-broker/internal"
 	"github.com/kyma-project/kyma-environment-broker/internal/provider"
 
 	"github.com/kyma-project/kyma-environment-broker/common/hyperscaler"
@@ -21,7 +22,7 @@ func NewProvisioningProcessingQueue(ctx context.Context, provisionManager *proce
 	db storage.BrokerStorage, provisionerClient provisioner.Client, inputFactory input.CreatorForPlan, avsDel *avs.Delegator,
 	internalEvalAssistant *avs.InternalEvalAssistant, externalEvalCreator *provisioning.ExternalEvalCreator,
 	edpClient provisioning.EDPClient, accountProvider hyperscaler.AccountProvider,
-	k8sClientProvider provisioning.K8sClientProvider, cli client.Client, logs logrus.FieldLogger) *process.Queue {
+	k8sClientProvider provisioning.K8sClientProvider, cli client.Client, defaultOIDC internal.OIDCConfigDTO, logs logrus.FieldLogger) *process.Queue {
 
 	trialRegionsMapping, err := provider.ReadPlatformRegionMappingFromFile(cfg.TrialRegionMappingFilePath)
 	if err != nil {
@@ -43,6 +44,8 @@ func NewProvisioningProcessingQueue(ctx context.Context, provisionManager *proce
 			Once the stage is done it will never be retried.
 	*/
 
+	fatalOnError(err, logs)
+
 	provisioningSteps := []struct {
 		disabled  bool
 		stage     string
@@ -98,7 +101,7 @@ func NewProvisioningProcessingQueue(ctx context.Context, provisionManager *proce
 		// postcondition: operation.KymaResourceName, operation.RuntimeResourceName is set
 		{
 			stage: createRuntimeStageName,
-			step:  provisioning.NewCreateRuntimeResourceStep(db.Operations(), db.Instances(), cli, cfg.Broker.KimConfig, cfg.Provisioner, trialRegionsMapping, cfg.Broker.UseSmallerMachineTypes),
+			step:  provisioning.NewCreateRuntimeResourceStep(db.Operations(), db.Instances(), cli, cfg.Broker.KimConfig, cfg.Provisioner, trialRegionsMapping, cfg.Broker.UseSmallerMachineTypes, defaultOIDC),
 		},
 		{
 			stage:     createRuntimeStageName,

@@ -600,7 +600,7 @@ func NewProvisioningSuite(t *testing.T, multiZoneCluster bool, controlPlaneFailu
 	provisionManager := process.NewStagedManager(db.Operations(), eventBroker, cfg.OperationTimeout, cfg.Provisioning, logs.WithField("provisioning", "manager"))
 	provisioningQueue := NewProvisioningProcessingQueue(ctx, provisionManager, workersAmount, cfg, db, provisionerClient, inputFactory, avsDel,
 		internalEvalAssistant, externalEvalCreator, edpClient, accountProvider,
-		kubeconfig.NewFakeK8sClientProvider(cli), cli, logs)
+		kubeconfig.NewFakeK8sClientProvider(cli), cli, defaultOIDCValues(), logs)
 
 	provisioningQueue.SpeedUp(10000)
 	provisionManager.SpeedUp(10000)

@@ -23,7 +23,7 @@ require (
 	github.com/kyma-incubator/compass/components/director v0.0.0-20240329103248-7710e72be80a
 	github.com/kyma-project/control-plane/components/provisioner v0.0.0-20240529135026-c4ef757de24f
 	github.com/kyma-project/control-plane/components/schema-migrator v0.0.0-20240612080429-83a7c0eb13b8
-	github.com/kyma-project/infrastructure-manager v0.0.0-20240705113756-2ea9b23b6154
+	github.com/kyma-project/infrastructure-manager v0.0.0-20240806115205-c1fb9fb5968a
 	github.com/lib/pq v1.10.9
 	github.com/matryer/is v1.4.1
 	github.com/pivotal-cf/brokerapi/v8 v8.2.3
@@ -38,9 +38,9 @@ require (
 	golang.org/x/time v0.6.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.30.2
+	k8s.io/api v0.30.3
 	k8s.io/apiextensions-apiserver v0.30.1
-	k8s.io/apimachinery v0.30.2
+	k8s.io/apimachinery v0.30.3
 	k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible
 	sigs.k8s.io/controller-runtime v0.18.4
 	sigs.k8s.io/yaml v1.4.0

@@ -202,8 +202,8 @@ github.com/kyma-project/control-plane/components/provisioner v0.0.0-202405291350
 github.com/kyma-project/control-plane/components/provisioner v0.0.0-20240529135026-c4ef757de24f/go.mod h1:X+h9AdPV8nPmhgTg82BpFKEFsSL7OGSGG4D8+G3giPM=
 github.com/kyma-project/control-plane/components/schema-migrator v0.0.0-20240612080429-83a7c0eb13b8 h1:btliPhcS1pF+AlQbmLjkV8GuPnTS1VbZ+m9DkPsxDCA=
 github.com/kyma-project/control-plane/components/schema-migrator v0.0.0-20240612080429-83a7c0eb13b8/go.mod h1:vABrhytVuZpchbdlIVdUDlhB/Q/3GIZld2JmdS2rZ6I=
-github.com/kyma-project/infrastructure-manager v0.0.0-20240705113756-2ea9b23b6154 h1:1nE1nmUlhaQAaPA2/p6tcrx6pFJsCKqQzw46OoqI51o=
-github.com/kyma-project/infrastructure-manager v0.0.0-20240705113756-2ea9b23b6154/go.mod h1:VIXFOtvzBYNj9RKB5K4do6loUxp9i9XNEvhqAQIZ5G8=
+github.com/kyma-project/infrastructure-manager v0.0.0-20240806115205-c1fb9fb5968a h1:9AMvbR/9hSumE5WXQ/HAlyRjlScqQU1sVcRolsknHSw=
+github.com/kyma-project/infrastructure-manager v0.0.0-20240806115205-c1fb9fb5968a/go.mod h1:0uJ/bMp2Qq9fTq2CV4PmWXDgPSwGzKKYswhVv/CW0AE=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
@@ -247,10 +247,10 @@ github.com/onrik/logrus v0.11.0 h1:pu+BCaWL36t0yQaj/2UHK2erf88dwssAKOT51mxPUVs=
 github.com/onrik/logrus v0.11.0/go.mod h1:fO2vlZwIdti6PidD3gV5YKt9Lq5ptpnP293RAe1ITwk=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
-github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
-github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os=
-github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo=
+github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0=
+github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA=
+github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
+github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=

@@ -4,6 +4,8 @@ import (
 	"context"
 	"time"
 
+	"github.com/kyma-project/kyma-environment-broker/internal/process/steps"
+
 	"github.com/kyma-project/kyma-environment-broker/internal"
 	"github.com/kyma-project/kyma-environment-broker/internal/process"
 	"github.com/kyma-project/kyma-environment-broker/internal/storage"
@@ -40,6 +42,10 @@ func (step *DeleteRuntimeResourceStep) Run(operation internal.Operation, logger
 	resourceName := operation.RuntimeResourceName
 	resourceNamespace := operation.KymaResourceNamespace
 
+	// if the resource name stored in the operation is empty, try to get it from the RuntimeID (when it was created by KIM migration process, not by the KEB)
+	if resourceName == "" {
+		resourceName = steps.KymaRuntimeResourceName(operation)
+	}
 	if resourceName == "" {
 		logger.Infof("Runtime resource name is empty, skipping")
 		return operation, 0, nil

@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/kyma-project/kyma-environment-broker/internal/ptr"
+
 	"github.com/kyma-project/kyma-environment-broker/internal/process/steps"
 	"k8s.io/apimachinery/pkg/api/errors"
 
@@ -39,10 +41,11 @@ type CreateRuntimeResourceStep struct {
 	config                     input.Config
 	trialPlatformRegionMapping map[string]string
 	useSmallerMachineTypes     bool
+	oidcDefaultValues          internal.OIDCConfigDTO
 }
 
 func NewCreateRuntimeResourceStep(os storage.Operations, is storage.Instances, k8sClient client.Client, kimConfig kim.Config, cfg input.Config,
-	trialPlatformRegionMapping map[string]string, useSmallerMachines bool) *CreateRuntimeResourceStep {
+	trialPlatformRegionMapping map[string]string, useSmallerMachines bool, oidcDefaultValues internal.OIDCConfigDTO) *CreateRuntimeResourceStep {
 	return &CreateRuntimeResourceStep{
 		operationManager:           process.NewOperationManager(os),
 		instanceStorage:            is,
@@ -51,6 +54,7 @@ func NewCreateRuntimeResourceStep(os storage.Operations, is storage.Instances, k
 		config:                     cfg,
 		trialPlatformRegionMapping: trialPlatformRegionMapping,
 		useSmallerMachineTypes:     useSmallerMachines,
+		oidcDefaultValues:          oidcDefaultValues,
 	}
 }
 
@@ -141,6 +145,7 @@ func (s *CreateRuntimeResourceStep) updateRuntimeResourceObject(runtime *imv1.Ru
 	runtime.Spec.Shoot.EnforceSeedLocation = operation.ProvisioningParameters.Parameters.ShootAndSeedSameRegion
 	runtime.Spec.Security = s.createSecurityConfiguration(operation)
 	runtime.Spec.Shoot.Networking = s.createNetworkingConfiguration(operation)
+	runtime.Spec.Shoot.Kubernetes = s.createKubernetesConfiguration(operation)
 	return nil
 }
 
@@ -341,6 +346,45 @@ func (s *CreateRuntimeResourceStep) getEmptyOrExistingRuntimeResource(name, name
 	return &runtime, nil
 }
 
+func (s *CreateRuntimeResourceStep) createKubernetesConfiguration(operation internal.Operation) imv1.Kubernetes {
+	oidc := gardener.OIDCConfig{
+		ClientID:       &s.oidcDefaultValues.ClientID,
+		GroupsClaim:    &s.oidcDefaultValues.GroupsClaim,
+		IssuerURL:      &s.oidcDefaultValues.IssuerURL,
+		SigningAlgs:    s.oidcDefaultValues.SigningAlgs,
+		UsernameClaim:  &s.oidcDefaultValues.UsernameClaim,
+		UsernamePrefix: &s.oidcDefaultValues.UsernamePrefix,
+	}
+	if operation.ProvisioningParameters.Parameters.OIDC != nil {
+		if operation.ProvisioningParameters.Parameters.OIDC.ClientID != "" {
+			oidc.ClientID = &operation.ProvisioningParameters.Parameters.OIDC.ClientID
+		}
+		if operation.ProvisioningParameters.Parameters.OIDC.GroupsClaim != "" {
+			oidc.GroupsClaim = &operation.ProvisioningParameters.Parameters.OIDC.GroupsClaim
+		}
+		if operation.ProvisioningParameters.Parameters.OIDC.IssuerURL != "" {
+			oidc.IssuerURL = &operation.ProvisioningParameters.Parameters.OIDC.IssuerURL
+		}
+		if len(operation.ProvisioningParameters.Parameters.OIDC.SigningAlgs) > 0 {
+			oidc.SigningAlgs = operation.ProvisioningParameters.Parameters.OIDC.SigningAlgs
+		}
+		if operation.ProvisioningParameters.Parameters.OIDC.UsernameClaim != "" {
+			oidc.UsernameClaim = &operation.ProvisioningParameters.Parameters.OIDC.UsernameClaim
+		}
+		if operation.ProvisioningParameters.Parameters.OIDC.UsernamePrefix != "" {
+			oidc.UsernamePrefix = &operation.ProvisioningParameters.Parameters.OIDC.UsernamePrefix
+		}
+	}
+
+	return imv1.Kubernetes{
+		Version: ptr.String(s.config.KubernetesVersion),
+		KubeAPIServer: imv1.APIServer{
+			OidcConfig:           oidc,
+			AdditionalOidcConfig: nil,
+		},
+	}
+}
+
 func DefaultIfParamNotSet[T interface{}](d T, param *T) T {
 	if param == nil {
 		return d