diff --git a/PROJECT b/PROJECT index 8604c435..83c5c273 100644 --- a/PROJECT +++ b/PROJECT @@ -1,3 +1,7 @@ +# Code generated by tool. DO NOT EDIT. +# This file is used to track the info used to scaffold your project +# and allow the plugins properly work. +# More info: https://book.kubebuilder.io/reference/project-config.html domain: undistro.io layout: - go.kubebuilder.io/v4 @@ -39,4 +43,13 @@ resources: kind: ClusterScan path: github.com/undistro/zora/api/zora/v1alpha1 version: v1alpha1 +- api: + crdVersion: v1 + namespaced: true + controller: true + domain: undistro.io + group: zora + kind: CustomCheck + path: github.com/undistro/zora/api/zora/v1alpha1 + version: v1alpha1 version: "3" diff --git a/api/zora/v1alpha1/customcheck_types.go b/api/zora/v1alpha1/customcheck_types.go new file mode 100644 index 00000000..1fe3f569 --- /dev/null +++ b/api/zora/v1alpha1/customcheck_types.go @@ -0,0 +1,62 @@ +// Copyright 2023 Undistro Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// CustomCheckSpec defines the desired state of CustomCheck +type CustomCheckSpec struct { + // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + // Important: Run "make" to regenerate code after modifying this file + + // Foo is an example field of CustomCheck. Edit customcheck_types.go to remove/update + Foo string `json:"foo,omitempty"` +} + +// CustomCheckStatus defines the observed state of CustomCheck +type CustomCheckStatus struct { + // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + // Important: Run "make" to regenerate code after modifying this file +} + +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status + +// CustomCheck is the Schema for the customchecks API +type CustomCheck struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec CustomCheckSpec `json:"spec,omitempty"` + Status CustomCheckStatus `json:"status,omitempty"` +} + +//+kubebuilder:object:root=true + +// CustomCheckList contains a list of CustomCheck +type CustomCheckList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []CustomCheck `json:"items"` +} + +func init() { + SchemeBuilder.Register(&CustomCheck{}, &CustomCheckList{}) +} diff --git a/api/zora/v1alpha1/zz_generated.deepcopy.go b/api/zora/v1alpha1/zz_generated.deepcopy.go index 3553faed..e974d5ee 100644 --- a/api/zora/v1alpha1/zz_generated.deepcopy.go +++ b/api/zora/v1alpha1/zz_generated.deepcopy.go @@ -383,6 +383,95 @@ func (in *ClusterStatus) DeepCopy() *ClusterStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomCheck) DeepCopyInto(out *CustomCheck) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomCheck. +func (in *CustomCheck) DeepCopy() *CustomCheck { + if in == nil { + return nil + } + out := new(CustomCheck) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CustomCheck) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomCheckList) DeepCopyInto(out *CustomCheckList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CustomCheck, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomCheckList. +func (in *CustomCheckList) DeepCopy() *CustomCheckList { + if in == nil { + return nil + } + out := new(CustomCheckList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CustomCheckList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomCheckSpec) DeepCopyInto(out *CustomCheckSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomCheckSpec. +func (in *CustomCheckSpec) DeepCopy() *CustomCheckSpec { + if in == nil { + return nil + } + out := new(CustomCheckSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomCheckStatus) DeepCopyInto(out *CustomCheckStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomCheckStatus. +func (in *CustomCheckStatus) DeepCopy() *CustomCheckStatus { + if in == nil { + return nil + } + out := new(CustomCheckStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Plugin) DeepCopyInto(out *Plugin) { *out = *in diff --git a/charts/zora/crds/zora.undistro.io_customchecks.yaml b/charts/zora/crds/zora.undistro.io_customchecks.yaml new file mode 100644 index 00000000..c591f986 --- /dev/null +++ b/charts/zora/crds/zora.undistro.io_customchecks.yaml @@ -0,0 +1,64 @@ +# Copyright 2023 Undistro Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: customchecks.zora.undistro.io +spec: + group: zora.undistro.io + names: + kind: CustomCheck + listKind: CustomCheckList + plural: customchecks + singular: customcheck + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CustomCheck is the Schema for the customchecks API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CustomCheckSpec defines the desired state of CustomCheck + properties: + foo: + description: Foo is an example field of CustomCheck. Edit customcheck_types.go + to remove/update + type: string + type: object + status: + description: CustomCheckStatus defines the observed state of CustomCheck + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/cmd/main.go b/cmd/main.go index 2bc569ad..eea0e92c 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -148,6 +148,13 @@ func main() { setupLog.Error(err, "unable to create controller", "controller", "ClusterScan") os.Exit(1) } + if err = (&zoracontroller.CustomCheckReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "CustomCheck") + os.Exit(1) + } //+kubebuilder:scaffold:builder if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { diff --git a/config/crd/bases/zora.undistro.io_customchecks.yaml b/config/crd/bases/zora.undistro.io_customchecks.yaml new file mode 100644 index 00000000..6da1ca50 --- /dev/null +++ b/config/crd/bases/zora.undistro.io_customchecks.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: customchecks.zora.undistro.io +spec: + group: zora.undistro.io + names: + kind: CustomCheck + listKind: CustomCheckList + plural: customchecks + singular: customcheck + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CustomCheck is the Schema for the customchecks API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CustomCheckSpec defines the desired state of CustomCheck + properties: + foo: + description: Foo is an example field of CustomCheck. Edit customcheck_types.go + to remove/update + type: string + type: object + status: + description: CustomCheckStatus defines the observed state of CustomCheck + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 86d8392b..76bd58e9 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -6,6 +6,7 @@ resources: - bases/zora.undistro.io_plugins.yaml - bases/zora.undistro.io_clusterissues.yaml - bases/zora.undistro.io_clusterscans.yaml +- bases/zora.undistro.io_customchecks.yaml #+kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: @@ -15,6 +16,7 @@ patchesStrategicMerge: #- patches/webhook_in_plugins.yaml #- patches/webhook_in_clusterissues.yaml #- patches/webhook_in_clusterscans.yaml +#- patches/webhook_in_customchecks.yaml #+kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. @@ -23,6 +25,7 @@ patchesStrategicMerge: #- patches/cainjection_in_plugins.yaml #- patches/cainjection_in_clusterissues.yaml #- patches/cainjection_in_clusterscans.yaml +#- patches/cainjection_in_customchecks.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. diff --git a/config/crd/patches/cainjection_in_zora_customchecks.yaml b/config/crd/patches/cainjection_in_zora_customchecks.yaml new file mode 100644 index 00000000..3944ae0b --- /dev/null +++ b/config/crd/patches/cainjection_in_zora_customchecks.yaml @@ -0,0 +1,7 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME + name: customchecks.zora.undistro.io diff --git a/config/crd/patches/webhook_in_zora_customchecks.yaml b/config/crd/patches/webhook_in_zora_customchecks.yaml new file mode 100644 index 00000000..5b916b61 --- /dev/null +++ b/config/crd/patches/webhook_in_zora_customchecks.yaml @@ -0,0 +1,16 @@ +# The following patch enables a conversion webhook for the CRD +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: customchecks.zora.undistro.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + namespace: system + name: webhook-service + path: /convert + conversionReviewVersions: + - v1 diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index b2751021..631d788a 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -156,6 +156,32 @@ rules: - get - patch - update +- apiGroups: + - zora.undistro.io + resources: + - customchecks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - zora.undistro.io + resources: + - customchecks/finalizers + verbs: + - update +- apiGroups: + - zora.undistro.io + resources: + - customchecks/status + verbs: + - get + - patch + - update - apiGroups: - zora.undistro.io resources: diff --git a/config/rbac/zora_customcheck_editor_role.yaml b/config/rbac/zora_customcheck_editor_role.yaml new file mode 100644 index 00000000..389ce5b1 --- /dev/null +++ b/config/rbac/zora_customcheck_editor_role.yaml @@ -0,0 +1,31 @@ +# permissions for end users to edit customchecks. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: customcheck-editor-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: zora + app.kubernetes.io/part-of: zora + app.kubernetes.io/managed-by: kustomize + name: customcheck-editor-role +rules: +- apiGroups: + - zora.undistro.io + resources: + - customchecks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - zora.undistro.io + resources: + - customchecks/status + verbs: + - get diff --git a/config/rbac/zora_customcheck_viewer_role.yaml b/config/rbac/zora_customcheck_viewer_role.yaml new file mode 100644 index 00000000..81b73eb2 --- /dev/null +++ b/config/rbac/zora_customcheck_viewer_role.yaml @@ -0,0 +1,27 @@ +# permissions for end users to view customchecks. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: customcheck-viewer-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: zora + app.kubernetes.io/part-of: zora + app.kubernetes.io/managed-by: kustomize + name: customcheck-viewer-role +rules: +- apiGroups: + - zora.undistro.io + resources: + - customchecks + verbs: + - get + - list + - watch +- apiGroups: + - zora.undistro.io + resources: + - customchecks/status + verbs: + - get diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index 7855e77d..83f174b2 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -4,4 +4,5 @@ resources: - zora_v1alpha1_plugin.yaml - zora_v1alpha1_clusterissue.yaml - zora_v1alpha1_clusterscan.yaml +- zora_v1alpha1_customcheck.yaml #+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/zora_v1alpha1_customcheck.yaml b/config/samples/zora_v1alpha1_customcheck.yaml new file mode 100644 index 00000000..1c1ae13a --- /dev/null +++ b/config/samples/zora_v1alpha1_customcheck.yaml @@ -0,0 +1,12 @@ +apiVersion: zora.undistro.io/v1alpha1 +kind: CustomCheck +metadata: + labels: + app.kubernetes.io/name: customcheck + app.kubernetes.io/instance: customcheck-sample + app.kubernetes.io/part-of: zora + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: zora + name: customcheck-sample +spec: + # TODO(user): Add fields here diff --git a/internal/controller/zora/customcheck_controller.go b/internal/controller/zora/customcheck_controller.go new file mode 100644 index 00000000..eef38fdf --- /dev/null +++ b/internal/controller/zora/customcheck_controller.go @@ -0,0 +1,60 @@ +// Copyright 2023 Undistro Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package zora + +import ( + "context" + + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/log" + + zorav1alpha1 "github.com/undistro/zora/api/zora/v1alpha1" +) + +// CustomCheckReconciler reconciles a CustomCheck object +type CustomCheckReconciler struct { + client.Client + Scheme *runtime.Scheme +} + +//+kubebuilder:rbac:groups=zora.undistro.io,resources=customchecks,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=zora.undistro.io,resources=customchecks/status,verbs=get;update;patch +//+kubebuilder:rbac:groups=zora.undistro.io,resources=customchecks/finalizers,verbs=update + +// Reconcile is part of the main kubernetes reconciliation loop which aims to +// move the current state of the cluster closer to the desired state. +// TODO(user): Modify the Reconcile function to compare the state specified by +// the CustomCheck object against the actual cluster state, and then +// perform operations to make the cluster state reflect the state specified by +// the user. +// +// For more details, check Reconcile and its Result here: +// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.14.4/pkg/reconcile +func (r *CustomCheckReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + _ = log.FromContext(ctx) + + // TODO(user): your logic here + + return ctrl.Result{}, nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *CustomCheckReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&zorav1alpha1.CustomCheck{}). + Complete(r) +}