Bankdata · bdumpp · Mar 25, 2026
@@ -119,12 +119,6 @@ func main() {
 		zap.Level(zapcore.Level(-ctrlConfig.LogLevel)),
 	))
 
-	styraToken, err1 := config.TokenFromConfig(ctrlConfig)
-	if err1 != nil {
-		log.Error(err1, "Unable to load styra token")
-		exit(err1)
-	}
-
 	options := config.OptionsFromConfig(ctrlConfig, scheme)
 
 	if ctrlConfig.Sentry != nil {
@@ -183,27 +177,6 @@ func main() {
 		}
 	}
 
-	var styraClient styra.ClientInterface
-	if ctrlConfig.EnableStyraReconciliation {
-		roles := make([]styra.Role, len(ctrlConfig.SystemUserRoles))
-		for i, role := range ctrlConfig.SystemUserRoles {
-			roles[i] = styra.Role(role)
-		}
-
-		styraHostURL := strings.TrimSuffix(ctrlConfig.Styra.Address, "/")
-		styraClient = styra.New(styraHostURL, styraToken)
-
-		if err := configureExporter(
-			styraClient, ctrlConfig.DecisionsExporter, configv2alpha2.ExporterConfigTypeDecisions); err != nil {
-			log.Error(err, fmt.Sprintf("unable to configure %s", configv2alpha2.ExporterConfigTypeDecisions))
-		}
-
-		if err := configureExporter(
-			styraClient, ctrlConfig.ActivityExporter, configv2alpha2.ExporterConfigTypeActivity); err != nil {
-			log.Error(err, fmt.Sprintf("unable to configure %s", configv2alpha2.ExporterConfigTypeActivity))
-		}
-	}
-
 	// System Controller
 	systemReadyMetric := prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
@@ -267,10 +240,6 @@ func main() {
 		r1.S3 = s3Client
 	}
 
-	if ctrlConfig.EnableStyraReconciliation {
-		r1.Styra = styraClient
-	}
-
 	if ctrlConfig.NotificationWebhooks != nil {
 		r1.WebhookClient = webhook.New(
 			ctrlConfig.NotificationWebhooks.SystemDatasourceChanged,
@@ -302,7 +271,6 @@ func main() {
 		Client: mgr.GetClient(),
 		Scheme: mgr.GetScheme(),
 		Config: ctrlConfig,
-		Styra:  styraClient,
 	}
 
 	if ctrlConfig.EnableOPAControlPlaneReconciliation || ctrlConfig.EnableOPAControlPlaneReconciliationTestData {

@@ -70,21 +70,12 @@ func OptionsFromConfig(cfg *v2alpha2.ProjectConfig, scheme *runtime.Scheme) mana
 }
 
 // TokenFromConfig returns the Styra DAS api token directly from "styra.token"
-// in the config or using the "styra.tokenSecretPath" to retrieve it fra a secret
 func TokenFromConfig(cfg *v2alpha2.ProjectConfig) (string, error) {
-	if cfg.Styra.Token != "" {
-		return cfg.Styra.Token, nil
+	if cfg.OPAControlPlaneConfig.Token != "" {
+		return cfg.OPAControlPlaneConfig.Token, nil
 	}
 
-	if cfg.Styra.TokenSecretPath != "" {
-		styraURLBytes, err := os.ReadFile(cfg.Styra.TokenSecretPath)
-		if err != nil {
-			return "", errors.Wrapf(err, "Could not ready Styra token from TokenSecretPath: %s", cfg.Styra.TokenSecretPath)
-		}
-		return string(styraURLBytes), nil
-	}
-
-	return "", errors.New("No token or tokenSecretPath defined in the config")
+	return "", errors.New("No token defined in the config")
 }
 
 func deserialize(data []byte, scheme *runtime.Scheme) (*v2alpha2.ProjectConfig, error) {

@@ -18,6 +18,7 @@ package ocp
 
 import (
 	"context"
+	"fmt"
 	"io"
 	"net/http"
 	"path"
@@ -89,7 +90,14 @@ type PutBundleResponse struct {
 
 // PutBundle calls the PUT /v1/bundles/{name} endpoint in the OCP API.
 func (c *Client) PutBundle(ctx context.Context, bundle *PutBundleRequest) (err error) {
-	res, err := c.request(ctx, http.MethodPut, path.Join(endpointV1Bundles, bundle.Name), bundle, nil)
+	var headers map[string]string
+	if c.token != "" {
+		headers = map[string]string{
+			"Authorization": fmt.Sprintf("Bearer %s", c.token),
+		}
+	}
+
+	res, err := c.request(ctx, http.MethodPut, path.Join(endpointV1Bundles, bundle.Name), bundle, headers)
 	if err != nil {
 		return err
 	}
@@ -115,7 +123,14 @@ func (c *Client) PutBundle(ctx context.Context, bundle *PutBundleRequest) (err e
 
 // DeleteBundle calls the DELETE /v1/bundles/{name} endpoint in the OCP API.
 func (c *Client) DeleteBundle(ctx context.Context, name string) (err error) {
-	res, err := c.request(ctx, http.MethodDelete, path.Join(endpointV1Bundles, name), nil, nil)
+	var headers map[string]string
+	if c.token != "" {
+		headers = map[string]string{
+			"Authorization": fmt.Sprintf("Bearer %s", c.token),
+		}
+	}
+
+	res, err := c.request(ctx, http.MethodDelete, path.Join(endpointV1Bundles, name), nil, headers)
 	if err != nil {
 		return err
 	}

@@ -136,7 +136,14 @@ func ToRequirements(sources []string) []Requirement {
 
 // GetSource calls the GET /v1/sources/{id} endpoint in the OCP API.
 func (c *Client) GetSource(ctx context.Context, path string) (resp *GetSourceResponse, err error) {
-	res, err := c.request(ctx, http.MethodGet, fmt.Sprintf("%s/%s", endpointV1Sources, path), nil, nil)
+	var headers map[string]string
+	if c.token != "" {
+		headers = map[string]string{
+			"Authorization": fmt.Sprintf("Bearer %s", c.token),
+		}
+	}
+
+	res, err := c.request(ctx, http.MethodGet, fmt.Sprintf("%s/%s", endpointV1Sources, path), headers, nil)
 	if err != nil {
 		return nil, errors.Wrap(err, "could not get source from OCP")
 	}
@@ -177,7 +184,14 @@ func (c *Client) PutSource(
 	id string,
 	request *PutSourceRequest,
 ) (resp *PutSourceResponse, err error) {
-	res, err := c.request(ctx, http.MethodPut, fmt.Sprintf("%s/%s", endpointV1Sources, id), request, nil)
+	var headers map[string]string
+	if c.token != "" {
+		headers = map[string]string{
+			"Authorization": fmt.Sprintf("Bearer %s", c.token),
+		}
+	}
+
+	res, err := c.request(ctx, http.MethodPut, fmt.Sprintf("%s/%s", endpointV1Sources, id), request, headers)
 	if err != nil {
 		return nil, errors.Wrap(err, "PutSource: could not call OCP")
 	}
@@ -208,7 +222,14 @@ func (c *Client) PutSource(
 
 // DeleteSource calls the DELETE /v1/sources/{name} endpoint in the OCP API.
 func (c *Client) DeleteSource(ctx context.Context, id string) (err error) {
-	res, err := c.request(ctx, http.MethodDelete, fmt.Sprintf("%s/%s", endpointV1Sources, id), nil, nil)
+	var headers map[string]string
+	if c.token != "" {
+		headers = map[string]string{
+			"Authorization": fmt.Sprintf("Bearer %s", c.token),
+		}
+	}
+
+	res, err := c.request(ctx, http.MethodDelete, fmt.Sprintf("%s/%s", endpointV1Sources, id), nil, headers)
 	if err != nil {
 		return err
 	}