From 83e3114b49e597ed1459068950fd97b923426487 Mon Sep 17 00:00:00 2001
From: Santiago Jimenez Giraldo <santiago@redpanda.com>
Date: Wed, 22 Nov 2023 09:36:01 +0100
Subject: [PATCH] operator: add orgId property to console cdr

Add an extra property to the console config so Dataplane API can be
deployed

Signed-off-by: Santiago Jimenez Giraldo <santiago@redpanda.com>
---
 .../api/vectorized/v1alpha1/console_enterprise_types.go    | 3 +++
 .../config/crd/bases/redpanda.vectorized.io_consoles.yaml  | 7 +++++++
 src/go/k8s/pkg/console/configmap.go                        | 1 +
 3 files changed, 11 insertions(+)

diff --git a/src/go/k8s/api/vectorized/v1alpha1/console_enterprise_types.go b/src/go/k8s/api/vectorized/v1alpha1/console_enterprise_types.go
index 6ea4a0f7a..0a0970034 100644
--- a/src/go/k8s/api/vectorized/v1alpha1/console_enterprise_types.go
+++ b/src/go/k8s/api/vectorized/v1alpha1/console_enterprise_types.go
@@ -45,6 +45,9 @@ type EnterpriseLoginRedpandaCloud struct {
 
 	// AllowedOrigins indicates if response is allowed from given origin
 	AllowedOrigins []string `json:"allowedOrigins,omitempty" yaml:"allowedOrigins,omitempty"`
+
+	// OrgID is the id of the organization, use for validating auth tokens
+	OrgID string `json:"orgId" yaml:"orgId"`
 }
 
 // IsGoogleLoginEnabled returns true if Google SSO provider is enabled
diff --git a/src/go/k8s/config/crd/bases/redpanda.vectorized.io_consoles.yaml b/src/go/k8s/config/crd/bases/redpanda.vectorized.io_consoles.yaml
index e35c78239..badcc0464 100644
--- a/src/go/k8s/config/crd/bases/redpanda.vectorized.io_consoles.yaml
+++ b/src/go/k8s/config/crd/bases/redpanda.vectorized.io_consoles.yaml
@@ -464,6 +464,13 @@ spec:
                     description: EnterpriseLoginRedpandaCloud defines configurable
                       fields for RedpandaCloud SSO provider
                     properties:
+                      orgId:
+                        description: OrgID refers to the Redpanda Cloud
+                          organization id that Console is running in If the
+                          OrgID is set, Console will ensure that incoming
+                          requests will only pass if the provided access token
+                          matches this org id in the custom claims
+                        type: string
                       allowedOrigins:
                         description: AllowedOrigins indicates if response is allowed
                           from given origin
diff --git a/src/go/k8s/pkg/console/configmap.go b/src/go/k8s/pkg/console/configmap.go
index 9655917d2..6f1a465d0 100644
--- a/src/go/k8s/pkg/console/configmap.go
+++ b/src/go/k8s/pkg/console/configmap.go
@@ -304,6 +304,7 @@ func (cm *ConfigMap) genLogin(
 		switch {
 		case provider.RedpandaCloud != nil:
 			enterpriseLogin.RedpandaCloud = &vectorizedv1alpha1.EnterpriseLoginRedpandaCloud{
+        OrgID:          provider.RedpandaCloud.OrgID,
 				Enabled:        provider.RedpandaCloud.Enabled,
 				Domain:         provider.RedpandaCloud.Domain,
 				Audience:       provider.RedpandaCloud.Audience,