From 75cb3e89d7cda5f6446d22d2e98ce31f172f142d Mon Sep 17 00:00:00 2001 From: Thomas Krampl Date: Fri, 5 Jun 2026 09:43:35 +0200 Subject: [PATCH 1/2] Kafka acl: Fallback to onprem when looking up workload This code path is only for Nav --- internal/cmd/api/api.go | 1 + internal/graph/kafka.resolvers.go | 11 +++++++++++ internal/graph/resolver.go | 4 +++- 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/internal/cmd/api/api.go b/internal/cmd/api/api.go index dc98007d5..ccd74cfe0 100644 --- a/internal/cmd/api/api.go +++ b/internal/cmd/api/api.go @@ -180,6 +180,7 @@ func run(ctx context.Context, cfg *Config, log logrus.FieldLogger) error { graphHandler, err := graph.NewHandler(gengql.Config{ Resolvers: graph.NewResolver( + cfg.Tenant, &graph.TopicWrapper{Topic: pubsubTopic}, graph.WithLogger(log), ), diff --git a/internal/graph/kafka.resolvers.go b/internal/graph/kafka.resolvers.go index 5aef94011..d7f3c5c3c 100644 --- a/internal/graph/kafka.resolvers.go +++ b/internal/graph/kafka.resolvers.go @@ -3,8 +3,10 @@ package graph import ( "context" "errors" + "strings" "github.com/nais/api/internal/auth/authz" + "github.com/nais/api/internal/environmentmapper" "github.com/nais/api/internal/graph/gengql" "github.com/nais/api/internal/graph/model" "github.com/nais/api/internal/graph/pagination" @@ -79,6 +81,15 @@ func (r *kafkaTopicAclResolver) Workload(ctx context.Context, obj *kafkatopic.Ka w, err := tryWorkload(ctx, slug.Slug(obj.TeamName), obj.EnvironmentName, obj.WorkloadName) if errors.Is(err, &watcher.ErrorNotFound{}) { + if r.tenantName == "nav" { + // For Nav, workloads might exist in another environment. Topics are always in `-gcp`, but workloads might be in `-fss`. + fssEnv := strings.Replace(environmentmapper.EnvironmentName(obj.EnvironmentName), "-gcp", "-fss", 1) + w, err = tryWorkload(ctx, slug.Slug(obj.TeamName), fssEnv, obj.WorkloadName) + if errors.Is(err, &watcher.ErrorNotFound{}) { + return nil, nil + } + return w, err + } return nil, nil } return w, err diff --git a/internal/graph/resolver.go b/internal/graph/resolver.go index dbf4a4c63..998ac8bb5 100644 --- a/internal/graph/resolver.go +++ b/internal/graph/resolver.go @@ -21,6 +21,7 @@ import ( ) type Resolver struct { + tenantName string pubsubTopic PubsubTopic log logrus.FieldLogger } @@ -33,8 +34,9 @@ func WithLogger(log logrus.FieldLogger) ResolverOption { } } -func NewResolver(topic PubsubTopic, opts ...ResolverOption) *Resolver { +func NewResolver(tenantName string, topic PubsubTopic, opts ...ResolverOption) *Resolver { resolver := &Resolver{ + tenantName: tenantName, pubsubTopic: topic, } From 90e92b6a9ac5eb0358b10ed3565b9b35e926a841 Mon Sep 17 00:00:00 2001 From: Thomas Krampl Date: Fri, 5 Jun 2026 09:56:30 +0200 Subject: [PATCH 2/2] Fix missing argument --- internal/integration/manager.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/integration/manager.go b/internal/integration/manager.go index bf8edc6d4..666021197 100644 --- a/internal/integration/manager.go +++ b/internal/integration/manager.go @@ -297,7 +297,7 @@ func newGQLRunner( return nil, nil, nil, fmt.Errorf("failed to configure graph: %w", err) } - resolver := graph.NewResolver(topic) + resolver := graph.NewResolver(config.TenantName, topic) hlog := logrus.New() srv, err := graph.NewHandler(gengql.Config{