openmfp · vertex451 · Jul 24, 2025 · Jul 15, 2025 · Jul 16, 2025 · Jul 17, 2025
@@ -48,7 +48,7 @@ var gatewayCmd = &cobra.Command{
 
 		ctrl.SetLogger(log.Logr())
 
-		gatewayInstance, err := manager.NewGateway(log, appCfg)
+		gatewayInstance, err := manager.NewGateway(ctx, log, appCfg)
 		if err != nil {
 			log.Error().Err(err).Msg("Error creating gateway")
 			return fmt.Errorf("failed to create gateway: %w", err)

@@ -105,13 +105,29 @@ var listenCmd = &cobra.Command{
 		// Create the appropriate reconciler based on configuration
 		var reconcilerInstance reconciler.CustomReconciler
 		if appCfg.EnableKcp {
-			reconcilerInstance, err = kcp.NewKCPReconciler(appCfg, reconcilerOpts, log)
+			kcpReconciler, err := kcp.NewKCPReconciler(appCfg, reconcilerOpts, log)
+			if err != nil {
+				log.Error().Err(err).Msg("unable to create KCP reconciler")
+				os.Exit(1)
+			}
+
+			// Start virtual workspace watching if path is configured
+			if appCfg.Listener.VirtualWorkspacesConfigPath != "" {
+				go func() {
+					if err := kcpReconciler.StartVirtualWorkspaceWatching(ctx, appCfg.Listener.VirtualWorkspacesConfigPath); err != nil {
+						log.Error().Err(err).Msg("failed to start virtual workspace watching")
+						os.Exit(1)
+					}
+				}()
+			}
+
+			reconcilerInstance = kcpReconciler
 		} else {
 			reconcilerInstance, err = clusteraccess.CreateMultiClusterReconciler(appCfg, reconcilerOpts, log)
-		}
-		if err != nil {
-			log.Error().Err(err).Msg("unable to create reconciler")
-			os.Exit(1)
+			if err != nil {
+				log.Error().Err(err).Msg("unable to create cluster access reconciler")
+				os.Exit(1)
+			}
 		}
 
 		// Setup reconciler with its own manager and start everything

@@ -75,6 +75,10 @@ func initConfig() {
 	v.SetDefault("gateway-cors-enabled", false)
 	v.SetDefault("gateway-cors-allowed-origins", "*")
 	v.SetDefault("gateway-cors-allowed-headers", "*")
+	// Gateway URL
+	v.SetDefault("gateway-url-virtual-workspace-prefix", "virtual-workspace")
+	v.SetDefault("gateway-url-default-kcp-workspace", "root")
+	v.SetDefault("gateway-url-graphql-suffix", "graphql")
 }
 
 func Execute() {

@@ -20,7 +20,7 @@ import (
 
 // BuildConfig creates a rest.Config from cluster connection parameters
 // This function unifies the authentication logic used by both listener and gateway
-func BuildConfig(host string, auth *gatewayv1alpha1.AuthConfig, ca *gatewayv1alpha1.CAConfig, k8sClient client.Client) (*rest.Config, error) {
+func BuildConfig(ctx context.Context, host string, auth *gatewayv1alpha1.AuthConfig, ca *gatewayv1alpha1.CAConfig, k8sClient client.Client) (*rest.Config, error) {
 	if host == "" {
 		return nil, errors.New("host is required")
 	}
@@ -34,7 +34,7 @@ func BuildConfig(host string, auth *gatewayv1alpha1.AuthConfig, ca *gatewayv1alp
 
 	// Handle CA configuration first
 	if ca != nil {
-		caData, err := ExtractCAData(ca, k8sClient)
+		caData, err := ExtractCAData(ctx, ca, k8sClient)
 		if err != nil {
 			return nil, errors.Join(errors.New("failed to extract CA data"), err)
 		}
@@ -46,7 +46,7 @@ func BuildConfig(host string, auth *gatewayv1alpha1.AuthConfig, ca *gatewayv1alp
 
 	// Handle Auth configuration
 	if auth != nil {
-		err := ConfigureAuthentication(config, auth, k8sClient)
+		err := ConfigureAuthentication(ctx, config, auth, k8sClient)
 		if err != nil {
 			return nil, errors.Join(errors.New("failed to configure authentication"), err)
 		}
@@ -118,13 +118,11 @@ func BuildConfigFromMetadata(host string, authType, token, kubeconfig, certData,
 }
 
 // ExtractCAData extracts CA certificate data from secret or configmap references
-func ExtractCAData(ca *gatewayv1alpha1.CAConfig, k8sClient client.Client) ([]byte, error) {
+func ExtractCAData(ctx context.Context, ca *gatewayv1alpha1.CAConfig, k8sClient client.Client) ([]byte, error) {
 	if ca == nil {
 		return nil, nil
 	}
 
-	ctx := context.Background()
-
 	if ca.SecretRef != nil {
 		secret := &corev1.Secret{}
 		namespace := ca.SecretRef.Namespace
@@ -175,13 +173,11 @@ func ExtractCAData(ca *gatewayv1alpha1.CAConfig, k8sClient client.Client) ([]byt
 }
 
 // ConfigureAuthentication configures authentication for rest.Config from AuthConfig
-func ConfigureAuthentication(config *rest.Config, auth *gatewayv1alpha1.AuthConfig, k8sClient client.Client) error {
+func ConfigureAuthentication(ctx context.Context, config *rest.Config, auth *gatewayv1alpha1.AuthConfig, k8sClient client.Client) error {
 	if auth == nil {
 		return nil
 	}
 
-	ctx := context.Background()
-
 	if auth.SecretRef != nil {
 		secret := &corev1.Secret{}
 		namespace := auth.SecretRef.Namespace

@@ -1,4 +1,4 @@
-package clusteraccess_test
+package auth
 
 import (
 	"context"
@@ -15,7 +15,6 @@ import (
 
 	gatewayv1alpha1 "github.com/openmfp/kubernetes-graphql-gateway/common/apis/v1alpha1"
 	"github.com/openmfp/kubernetes-graphql-gateway/common/mocks"
-	"github.com/openmfp/kubernetes-graphql-gateway/listener/reconciler/clusteraccess"
 )
 
 func TestConfigureAuthentication(t *testing.T) {
@@ -257,7 +256,7 @@ clusters:
 				},
 			}
 
-			err := clusteraccess.ConfigureAuthentication(config, tt.auth, mockClient)
+			err := ConfigureAuthentication(t.Context(), config, tt.auth, mockClient)
 
 			if tt.wantErr {
 				assert.Error(t, err)
@@ -366,7 +365,7 @@ func TestExtractAuthFromKubeconfig(t *testing.T) {
 				},
 			}
 
-			err := clusteraccess.ExtractAuthFromKubeconfig(config, tt.authInfo)
+			err := ExtractAuthFromKubeconfig(config, tt.authInfo)
 
 			if tt.wantErr {
 				assert.Error(t, err)