init custom check API and controller

PROJECT

@@ -1,3 +1,7 @@
+# Code generated by tool. DO NOT EDIT.
+# This file is used to track the info used to scaffold your project
+# and allow the plugins properly work.
+# More info: https://book.kubebuilder.io/reference/project-config.html
 domain: undistro.io
 layout:
 - go.kubebuilder.io/v4
@@ -39,4 +43,13 @@ resources:
   kind: ClusterScan
   path: github.com/undistro/zora/api/zora/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: undistro.io
+  group: zora
+  kind: CustomCheck
+  path: github.com/undistro/zora/api/zora/v1alpha1
+  version: v1alpha1
 version: "3"

api/zora/v1alpha1/customcheck_types.go

@@ -0,0 +1,62 @@
+// Copyright 2023 Undistro Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// CustomCheckSpec defines the desired state of CustomCheck
+type CustomCheckSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Foo is an example field of CustomCheck. Edit customcheck_types.go to remove/update
+	Foo string `json:"foo,omitempty"`
+}
+
+// CustomCheckStatus defines the observed state of CustomCheck
+type CustomCheckStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// CustomCheck is the Schema for the customchecks API
+type CustomCheck struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   CustomCheckSpec   `json:"spec,omitempty"`
+	Status CustomCheckStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// CustomCheckList contains a list of CustomCheck
+type CustomCheckList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []CustomCheck `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&CustomCheck{}, &CustomCheckList{})
+}

charts/zora/crds/zora.undistro.io_customchecks.yaml

@@ -0,0 +1,64 @@
+# Copyright 2023 Undistro Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.3
+  creationTimestamp: null
+  name: customchecks.zora.undistro.io
+spec:
+  group: zora.undistro.io
+  names:
+    kind: CustomCheck
+    listKind: CustomCheckList
+    plural: customchecks
+    singular: customcheck
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: CustomCheck is the Schema for the customchecks API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: CustomCheckSpec defines the desired state of CustomCheck
+            properties:
+              foo:
+                description: Foo is an example field of CustomCheck. Edit customcheck_types.go
+                  to remove/update
+                type: string
+            type: object
+          status:
+            description: CustomCheckStatus defines the observed state of CustomCheck
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

cmd/main.go

@@ -148,6 +148,13 @@ func main() {
 		setupLog.Error(err, "unable to create controller", "controller", "ClusterScan")
 		os.Exit(1)
 	}
+	if err = (&zoracontroller.CustomCheckReconciler{
+		Client: mgr.GetClient(),
+		Scheme: mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "CustomCheck")
+		os.Exit(1)
+	}
 	//+kubebuilder:scaffold:builder
 
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {

config/crd/bases/zora.undistro.io_customchecks.yaml

@@ -0,0 +1,50 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.3
+  creationTimestamp: null
+  name: customchecks.zora.undistro.io
+spec:
+  group: zora.undistro.io
+  names:
+    kind: CustomCheck
+    listKind: CustomCheckList
+    plural: customchecks
+    singular: customcheck
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: CustomCheck is the Schema for the customchecks API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: CustomCheckSpec defines the desired state of CustomCheck
+            properties:
+              foo:
+                description: Foo is an example field of CustomCheck. Edit customcheck_types.go
+                  to remove/update
+                type: string
+            type: object
+          status:
+            description: CustomCheckStatus defines the observed state of CustomCheck
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/kustomization.yaml

@@ -6,6 +6,7 @@ resources:
 - bases/zora.undistro.io_plugins.yaml
 - bases/zora.undistro.io_clusterissues.yaml
 - bases/zora.undistro.io_clusterscans.yaml
+- bases/zora.undistro.io_customchecks.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -15,6 +16,7 @@ patchesStrategicMerge:
 #- patches/webhook_in_plugins.yaml
 #- patches/webhook_in_clusterissues.yaml
 #- patches/webhook_in_clusterscans.yaml
+#- patches/webhook_in_customchecks.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
@@ -23,6 +25,7 @@ patchesStrategicMerge:
 #- patches/cainjection_in_plugins.yaml
 #- patches/cainjection_in_clusterissues.yaml
 #- patches/cainjection_in_clusterscans.yaml
+#- patches/cainjection_in_customchecks.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

config/crd/patches/cainjection_in_zora_customchecks.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
+  name: customchecks.zora.undistro.io

config/crd/patches/webhook_in_zora_customchecks.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: customchecks.zora.undistro.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1

config/rbac/role.yaml

@@ -156,6 +156,32 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - zora.undistro.io
+  resources:
+  - customchecks
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - zora.undistro.io
+  resources:
+  - customchecks/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - zora.undistro.io
+  resources:
+  - customchecks/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - zora.undistro.io
   resources: