diff --git a/internal/subroutine/authorization_model_generation.go b/internal/subroutine/authorization_model_generation.go index 287321a8..871d3cad 100644 --- a/internal/subroutine/authorization_model_generation.go +++ b/internal/subroutine/authorization_model_generation.go @@ -29,7 +29,8 @@ import ( ) const ( - apiBindingFinalizer = "core.platform-mesh.io/apibinding-finalizer" + apiBindingFinalizer = "core.platform-mesh.io/apibinding-finalizer" + corePlatformMeshApiExport = "core.platform-mesh.io" ) // toK8sName creates a valid Kubernetes metadata.name from the given parts. @@ -201,10 +202,10 @@ func (a *AuthorizationModelGenerationSubroutine) Finalize(ctx context.Context, o return subroutines.OK(), nil } -// Finalizers implements subroutines.Finalizer. -func (a *AuthorizationModelGenerationSubroutine) Finalizers(obj client.Object) []string { - binding := obj.(*kcpapisv1alpha2.APIBinding) - if strings.Contains(binding.Name, "platform-mesh.io") || strings.Contains(binding.Name, "kcp.io") { +// Finalizers implements lifecycle.Subroutine. +func (a *AuthorizationModelGenerationSubroutine) Finalizers(instance lifecyclecontrollerruntime.RuntimeObject) []string { + binding := instance.(*kcpapisv1alpha2.APIBinding) + if strings.HasSuffix(binding.Spec.Reference.Export.Name, "kcp.io") { return []string{} } return []string{apiBindingFinalizer} @@ -237,7 +238,12 @@ func (a *AuthorizationModelGenerationSubroutine) Process(ctx context.Context, ob return subroutines.OK(), fmt.Errorf("getting AccountInfo: %w", err) } - apiExportCluster, err := a.mgr.GetCluster(ctx, multicluster.ClusterName(binding.Status.APIExportClusterName)) + if binding.Spec.Reference.Export.Name == corePlatformMeshApiExport || strings.HasSuffix(binding.Spec.Reference.Export.Name, "kcp.io") { + // If the APIExport is the core.platform-mesh.io, we can skip the model generation. + return ctrl.Result{}, nil + } + + apiExportCluster, err := a.mgr.GetCluster(ctx, binding.Status.APIExportClusterName) if err != nil { return subroutines.OK(), fmt.Errorf("getting APIExport cluster: %w", err) } diff --git a/internal/subroutine/authorization_model_generation_test.go b/internal/subroutine/authorization_model_generation_test.go index a0d83342..fc5734f8 100644 --- a/internal/subroutine/authorization_model_generation_test.go +++ b/internal/subroutine/authorization_model_generation_test.go @@ -927,39 +927,38 @@ func TestAuthorizationModelGeneration_Finalizers(t *testing.T) { tests := []struct { name string - bindingName string + exportName string expectFinalizer bool }{ { - name: "returns finalizer when name has neither platform-mesh.io nor kcp.io", - bindingName: "my-binding", + name: "returns finalizer when export name is core.platform-mesh.io", + exportName: "core.platform-mesh.io", expectFinalizer: true, }, { - name: "returns no finalizer when name contains platform-mesh.io", - bindingName: "core.platform-mesh.io-awuzd", + name: "returns no finalizer when export name has suffix kcp.io", + exportName: "tenancy.kcp.io", expectFinalizer: false, }, { - name: "returns no finalizer when name contains kcp.io", - bindingName: "tenancy.kcp.io-dr0q1", + name: "returns no finalizer when export name is topology.kcp.io", + exportName: "topology.kcp.io", expectFinalizer: false, }, { - name: "returns no finalizer when name contains topology.kcp.io", - bindingName: "topology.kcp.io-5oxoy", + name: "returns no finalizer when export name is apis.kcp.io", + exportName: "apis.kcp.io", expectFinalizer: false, }, { - name: "returns no finalizer when name contains platform-mesh.io in the middle", - bindingName: "something.platform-mesh.io-suffix", - expectFinalizer: false, + name: "returns finalizer when export name has suffix platform-mesh.io but not kcp.io", + exportName: "something.platform-mesh.io", + expectFinalizer: true, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - binding := newApiBinding("foo", "bar") - binding.Name = tt.bindingName + binding := newApiBinding(tt.exportName, "root:orgs:test") got := sub.Finalizers(binding) if tt.expectFinalizer { assert.Equal(t, []string{"core.platform-mesh.io/apibinding-finalizer"}, got)