diff --git a/internal/subroutine/authorization_model_generation.go b/internal/subroutine/authorization_model_generation.go index 989212c9..b6532ebf 100644 --- a/internal/subroutine/authorization_model_generation.go +++ b/internal/subroutine/authorization_model_generation.go @@ -29,7 +29,8 @@ import ( ) const ( - apiBindingFinalizer = "core.platform-mesh.io/apibinding-finalizer" + apiBindingFinalizer = "core.platform-mesh.io/apibinding-finalizer" + corePlatformMeshApiExport = "core.platform-mesh.io" ) func NewAuthorizationModelGenerationSubroutine(mcMgr mcmanager.Manager, allClient client.Client) *AuthorizationModelGenerationSubroutine { @@ -195,7 +196,7 @@ func (a *AuthorizationModelGenerationSubroutine) Finalize(ctx context.Context, i // Finalizers implements lifecycle.Subroutine. func (a *AuthorizationModelGenerationSubroutine) Finalizers(instance lifecyclecontrollerruntime.RuntimeObject) []string { binding := instance.(*kcpapisv1alpha2.APIBinding) - if strings.Contains(binding.Name, "platform-mesh.io") || strings.Contains(binding.Name, "kcp.io") { + if strings.HasSuffix(binding.Spec.Reference.Export.Name, "kcp.io") { return []string{} } return []string{apiBindingFinalizer} @@ -224,7 +225,7 @@ func (a *AuthorizationModelGenerationSubroutine) Process(ctx context.Context, in return ctrl.Result{}, errors.NewOperatorError(err, true, true) } - if binding.Spec.Reference.Export.Name == "core.platform-mesh.io" || strings.HasSuffix(binding.Spec.Reference.Export.Name, "kcp.io") { + if binding.Spec.Reference.Export.Name == corePlatformMeshApiExport || strings.HasSuffix(binding.Spec.Reference.Export.Name, "kcp.io") { // If the APIExport is the core.platform-mesh.io, we can skip the model generation. return ctrl.Result{}, nil } diff --git a/internal/subroutine/authorization_model_generation_test.go b/internal/subroutine/authorization_model_generation_test.go index 09f8f358..62264b34 100644 --- a/internal/subroutine/authorization_model_generation_test.go +++ b/internal/subroutine/authorization_model_generation_test.go @@ -927,39 +927,38 @@ func TestAuthorizationModelGeneration_Finalizers(t *testing.T) { tests := []struct { name string - bindingName string + exportName string expectFinalizer bool }{ { - name: "returns finalizer when name has neither platform-mesh.io nor kcp.io", - bindingName: "my-binding", + name: "returns finalizer when export name is core.platform-mesh.io", + exportName: "core.platform-mesh.io", expectFinalizer: true, }, { - name: "returns no finalizer when name contains platform-mesh.io", - bindingName: "core.platform-mesh.io-awuzd", + name: "returns no finalizer when export name has suffix kcp.io", + exportName: "tenancy.kcp.io", expectFinalizer: false, }, { - name: "returns no finalizer when name contains kcp.io", - bindingName: "tenancy.kcp.io-dr0q1", + name: "returns no finalizer when export name is topology.kcp.io", + exportName: "topology.kcp.io", expectFinalizer: false, }, { - name: "returns no finalizer when name contains topology.kcp.io", - bindingName: "topology.kcp.io-5oxoy", + name: "returns no finalizer when export name is apis.kcp.io", + exportName: "apis.kcp.io", expectFinalizer: false, }, { - name: "returns no finalizer when name contains platform-mesh.io in the middle", - bindingName: "something.platform-mesh.io-suffix", - expectFinalizer: false, + name: "returns finalizer when export name has suffix platform-mesh.io but not kcp.io", + exportName: "something.platform-mesh.io", + expectFinalizer: true, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - binding := newApiBinding("foo", "bar") - binding.Name = tt.bindingName + binding := newApiBinding(tt.exportName, "root:orgs:test") got := sub.Finalizers(binding) if tt.expectFinalizer { assert.Equal(t, []string{"core.platform-mesh.io/apibinding-finalizer"}, got)