From 1fc4a5bc8da954d37691ce2119719f8d683559d5 Mon Sep 17 00:00:00 2001
From: Sina <sina3050@gmail.com>
Date: Mon, 29 Jul 2024 00:44:28 +0330
Subject: [PATCH 1/2] adding ability to have teams with cluster access

---
 config/manager/manager.yaml         |  2 ++
 controllers/namespace_controller.go | 32 ++++++++++++++++++++++-------
 2 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 9b81985..86a9d7a 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -55,5 +55,7 @@ spec:
         envFrom:
         - configMapRef:
              name: public-repos
+        - configMapRef:
+             name: cluster-scoped-teams
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10
diff --git a/controllers/namespace_controller.go b/controllers/namespace_controller.go
index 759069c..5ac97ad 100644
--- a/controllers/namespace_controller.go
+++ b/controllers/namespace_controller.go
@@ -292,6 +292,17 @@ func (r *NamespaceReconciler) createAppProj(team string) (*argov1alpha1.AppProje
 	repo_env := os.Getenv("PUBLIC_REPOS")
 	repo_list := strings.Split(repo_env, ",")
 
+	// Get cluster scoped teams
+	team_env := os.Getenv("TEAMS")
+	team_list := strings.Split(team_env, ",")
+
+	includeAllGroupKind := []metav1.GroupKind{
+		{
+			Group: "*",
+			Kind:  "*",
+		},
+	}
+
 	appProj := &argov1alpha1.AppProject{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      team,
@@ -300,12 +311,6 @@ func (r *NamespaceReconciler) createAppProj(team string) (*argov1alpha1.AppProje
 		Spec: argov1alpha1.AppProjectSpec{
 			SourceRepos:  repo_list,
 			Destinations: destList,
-			ClusterResourceBlacklist: []metav1.GroupKind{
-				{
-					Group: "*",
-					Kind:  "*",
-				},
-			},
 			NamespaceResourceBlacklist: []metav1.GroupKind{
 				{
 					Group: "",
@@ -330,7 +335,11 @@ func (r *NamespaceReconciler) createAppProj(team string) (*argov1alpha1.AppProje
 			},
 		},
 	}
-
+	if isTeamClusterScoped(team, team_list) {
+		appProj.Spec.ClusterResourceWhitelist = includeAllGroupKind
+	} else {
+		appProj.Spec.ClusterResourceBlacklist = includeAllGroupKind
+	}
 	return appProj, nil
 
 }
@@ -371,3 +380,12 @@ func convertLabelToAppProjectNameset(l string) AppProjectNameset {
 	}
 	return result
 }
+
+func isTeamClusterScoped(team string, clusterScopedList []string) bool {
+	for _, tm := range clusterScopedList {
+		if team == tm {
+			return true
+		}
+	}
+	return false
+}

From 81f5044af8151e3883e3d95a804efc70acc23596 Mon Sep 17 00:00:00 2001
From: Sina <sina3050@gmail.com>
Date: Mon, 29 Jul 2024 16:52:08 +0330
Subject: [PATCH 2/2] changed naming

---
 config/manager/manager.yaml         | 2 +-
 controllers/namespace_controller.go | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 86a9d7a..e694db3 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -56,6 +56,6 @@ spec:
         - configMapRef:
              name: public-repos
         - configMapRef:
-             name: cluster-scoped-teams
+             name: cluster-admin-teams
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10
diff --git a/controllers/namespace_controller.go b/controllers/namespace_controller.go
index 5ac97ad..e9be7ef 100644
--- a/controllers/namespace_controller.go
+++ b/controllers/namespace_controller.go
@@ -293,7 +293,7 @@ func (r *NamespaceReconciler) createAppProj(team string) (*argov1alpha1.AppProje
 	repo_list := strings.Split(repo_env, ",")
 
 	// Get cluster scoped teams
-	team_env := os.Getenv("TEAMS")
+	team_env := os.Getenv("CLUSTER_ADMIN_TEAMS")
 	team_list := strings.Split(team_env, ",")
 
 	includeAllGroupKind := []metav1.GroupKind{
@@ -335,7 +335,7 @@ func (r *NamespaceReconciler) createAppProj(team string) (*argov1alpha1.AppProje
 			},
 		},
 	}
-	if isTeamClusterScoped(team, team_list) {
+	if isTeamClusterAdmin(team, team_list) {
 		appProj.Spec.ClusterResourceWhitelist = includeAllGroupKind
 	} else {
 		appProj.Spec.ClusterResourceBlacklist = includeAllGroupKind
@@ -381,8 +381,8 @@ func convertLabelToAppProjectNameset(l string) AppProjectNameset {
 	return result
 }
 
-func isTeamClusterScoped(team string, clusterScopedList []string) bool {
-	for _, tm := range clusterScopedList {
+func isTeamClusterAdmin(team string, clusterAdminList []string) bool {
+	for _, tm := range clusterAdminList {
 		if team == tm {
 			return true
 		}