From a437b02f9936279911b13bc681c64659c885905a Mon Sep 17 00:00:00 2001
From: David VIEJO <dviejo@kungfusoftware.es>
Date: Sat, 6 Jan 2024 19:39:56 +0100
Subject: [PATCH] Filter peers by org, global peers and global CAs

---
 .../rbac/auth_proxy_client_clusterrole.yaml   |  2 +-
 .../networkconfig/networkconfig_controller.go | 41 +++++++++++--------
 2 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml
index 7d62534c..bd4af137 100644
--- a/config/rbac/auth_proxy_client_clusterrole.yaml
+++ b/config/rbac/auth_proxy_client_clusterrole.yaml
@@ -1,4 +1,4 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: metrics-reader
diff --git a/controllers/networkconfig/networkconfig_controller.go b/controllers/networkconfig/networkconfig_controller.go
index c7860791..7a181a6d 100644
--- a/controllers/networkconfig/networkconfig_controller.go
+++ b/controllers/networkconfig/networkconfig_controller.go
@@ -311,6 +311,19 @@ func (r *FabricNetworkConfigReconciler) Reconcile(ctx context.Context, req ctrl.
 		}
 		certAuths = append(certAuths, ca)
 	}
+	// filter by cas included, if any
+	if len(fabricNetworkConfig.Spec.CertificateAuthorities) > 0 {
+		var cas []*helpers.ClusterCA
+		for _, ca := range certAuths {
+			for _, fabricNetworkConfigCA := range fabricNetworkConfig.Spec.CertificateAuthorities {
+				log.Infof("NAME=%s NAMECA=%s  NS=%s NSCA=%s", ca.Item.Name, fabricNetworkConfigCA.Name, ca.Item.Namespace, fabricNetworkConfigCA.Namespace)
+				if ca.Item.Name == fabricNetworkConfigCA.Name && ca.Item.Namespace == fabricNetworkConfigCA.Namespace {
+					cas = append(cas, ca)
+				}
+			}
+		}
+		certAuths = cas
+	}
 	for _, v := range peerOrgs {
 		if (filterByOrgs && utils.Contains(fabricNetworkConfig.Spec.Organizations, v.MspID)) || !filterByOrgs {
 			var peers []*helpers.ClusterPeer
@@ -412,29 +425,25 @@ func (r *FabricNetworkConfigReconciler) Reconcile(ctx context.Context, req ctrl.
 			// iterate through clusterpeers and remove the ones that are not in the list
 			// peers = peer0-org1 peer1-org1 peer1-ch-org1
 			// org peers
+			var orgPeers []*helpers.ClusterPeer
 			for _, peer := range org.Peers {
-				for idx, p := range peers {
-					if p.Name == peer.Name && p.Namespace == peer.Namespace {
-						// keep
+				for _, p := range peers {
+					if p.Object.Name == peer.Name && p.Object.Namespace == peer.Namespace {
+						orgPeers = append(orgPeers, p)
 					} else {
-						// remove
-						peers = append(peers[:idx], peers[idx+1:]...)
+						// delete from peers
 					}
 				}
-				_, ok := orgMap[mspID]
-				if !ok {
-					continue
-				}
-				for idx, p := range orgMap[mspID].Peers {
-					if p.Name == peer.Name && p.Namespace == peer.Namespace {
-						// keep
-					} else {
-						// remove
-						orgMap[mspID].Peers = append(orgMap[mspID].Peers[:idx], orgMap[mspID].Peers[idx+1:]...)
+			}
+			for _, peer := range org.Peers {
+				for idx, p := range peers {
+					if p.MSPID == mspID && (p.Object.Name != peer.Name || p.Object.Namespace != peer.Namespace) {
+						peers = append(peers[:idx], peers[idx+1:]...)
+						break
 					}
 				}
-
 			}
+			orgMap[mspID].Peers = orgPeers
 		}
 	}