diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 00000000..30912a82 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,24 @@ +{ + "name": "Kubebuilder DevContainer", + "image": "docker.io/golang:1.24", + "features": { + "ghcr.io/devcontainers/features/docker-in-docker:2": {}, + "ghcr.io/devcontainers/features/git:1": {} + }, + + "runArgs": ["--network=host"], + + "customizations": { + "vscode": { + "settings": { + "terminal.integrated.shell.linux": "/bin/bash" + }, + "extensions": [ + "ms-kubernetes-tools.vscode-kubernetes-tools", + "ms-azuretools.vscode-docker" + ] + } + }, + + "onCreateCommand": "bash .devcontainer/post-install.sh" +} diff --git a/.devcontainer/post-install.sh b/.devcontainer/post-install.sh new file mode 100644 index 00000000..9f94d547 --- /dev/null +++ b/.devcontainer/post-install.sh @@ -0,0 +1,23 @@ +#!/bin/bash +set -x + +curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-amd64 +chmod +x ./kind +mv ./kind /usr/local/bin/kind + +curl -L -o kubebuilder https://go.kubebuilder.io/dl/latest/linux/amd64 +chmod +x kubebuilder +mv kubebuilder /usr/local/bin/ + +KUBECTL_VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt) +curl -LO "https://dl.k8s.io/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl" +chmod +x kubectl +mv kubectl /usr/local/bin/kubectl + +docker network create -d=bridge --subnet=172.19.0.0/24 kind + +kind version +kubebuilder version +docker --version +go version +kubectl version --client \ No newline at end of file diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 9e2cb5f9..3630a9f2 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -13,5 +13,5 @@ jobs: RUN_UNIT_TESTS: true RUN_INTEGRATION_TESTS: true RUN_HELMCHART_TEST: true - GO_VERSION: ~1.22 - OPERATOR_SDK_VERSION: v1.31.0 + GO_VERSION: ~1.24 + OPERATOR_SDK_VERSION: v1.41.0 diff --git a/Dockerfile b/Dockerfile index a1d8d96b..21b156dc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.22 AS builder +FROM golang:1.24 AS builder WORKDIR /workspace # Copy the Go Modules manifests @@ -10,12 +10,12 @@ COPY go.sum go.sum RUN go mod download # Copy the go source -COPY main.go main.go +COPY cmd/main.go cmd/main.go COPY api/ api/ -COPY controllers/ controllers/ +COPY internal/controller/ internal/controller/ # Build -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go +RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details diff --git a/Makefile b/Makefile index c15e2cca..780da821 100644 --- a/Makefile +++ b/Makefile @@ -11,13 +11,15 @@ VAULT_VERSION ?= 1.19.0 VAULT_CHART_VERSION ?= 0.30.0 # Set the Operator SDK version to use. By default, what is installed on the system is used. # This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit. -OPERATOR_SDK_VERSION ?= v1.31.0 -# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION ?= 1.29.0 +OPERATOR_SDK_VERSION ?= v1.41.0 + +CONTROLLER_TOOLS_VERSION ?= v0.18.0 +GOLANGCI_LINT_VERSION ?= v2.1.0 +GO ?= go -CONTROLLER_TOOLS_VERSION ?= v0.14.0 -ENVTEST_VERSION ?= release-0.17 -GOLANGCI_LINT_VERSION ?= v1.59.1 +ENVTEST_VERSION := $(shell go list -m -f "{{ .Version }}" sigs.k8s.io/controller-runtime | awk -F'[v.]' '{printf "release-%d.%d", $$2, $$3}') +# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. +ENVTEST_K8S_VERSION := $(shell go list -m -f "{{ .Version }}" k8s.io/api | awk -F'[v.]' '{printf "1.%d", $$3}') # VERSION defines the project version for the bundle. # Update this value when you upgrade the version of your project. @@ -69,6 +71,7 @@ BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) # Image URL to use all building/pushing image targets IMG ?= controller:latest +PLATFORMS ?= linux/amd64,linux/arm64 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion) CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false" @@ -124,15 +127,17 @@ vet: ## Run go vet against code. go vet ./... .PHONY: test -test: manifests generate fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out +test: manifests generate fmt vet setup-envtest ## Run tests. + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" \ + go test ./... -coverprofile cover.out # note: envtest requires docker, podman will not work .PHONY: integration -integration: kind-setup deploy-vault deploy-ingress vault manifests generate fmt vet envtest ## Run tests. - export VAULT_TOKEN=$$($(KUBECTL) get secret vault-init -n vault -o jsonpath='{.data.root_token}' | base64 -d) ;\ - export VAULT_ADDR="http://localhost:8200" ;\ - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out --tags=integration +integration: kind-setup deploy-vault deploy-ingress vault manifests generate fmt vet setup-envtest ## Run tests. + VAULT_TOKEN="$$($(KUBECTL) get secret vault-init -n vault -o jsonpath='{.data.root_token}' | base64 -d)" \ + VAULT_ADDR="http://localhost:8200" \ + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" \ + go test ./... -coverprofile cover.out --tags=integration .PHONY: deploy-ingress deploy-ingress: kubectl helm @@ -178,11 +183,11 @@ ldap-setup: kind-setup vault .PHONY: build build: manifests generate fmt vet ## Build manager binary. - go build -o bin/manager main.go + go build -o bin/manager ./cmd/main.go .PHONY: run run: manifests generate fmt vet ## Run a controller from your host. - go run ./main.go + go run ./cmd/main.go .PHONY: docker-build docker-build: test ## Build docker image with the manager. @@ -192,6 +197,13 @@ docker-build: test ## Build docker image with the manager. docker-push: ## Push docker image with the manager. docker push ${IMG} +.PHONY: docker-buildx +docker-buildx: ## Build and push docker image for the manager for cross-platform support + - docker buildx create --name project-v3-builder + docker buildx use project-v3-builder + - docker buildx build --push --platform=$(PLATFORMS) --tag $(IMG) -f Dockerfile . + - docker buildx rm project-v3-builder + .PHONY: build-installer build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment. mkdir -p dist @@ -235,8 +247,9 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen ENVTEST ?= $(LOCALBIN)/setup-envtest GOLANGCI_LINT = $(LOCALBIN)/golangci-lint -## Tool Versions -# above +$(ENVTEST): $(LOCALBIN) + @mkdir -p $(LOCALBIN) + GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@$(ENVTEST_VERSION) .PHONY: kustomize kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. @@ -248,29 +261,24 @@ controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessar $(CONTROLLER_GEN): $(LOCALBIN) $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION)) -.PHONY: envtest -envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. -$(ENVTEST): $(LOCALBIN) - $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) - .PHONY: golangci-lint golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. $(GOLANGCI_LINT): $(LOCALBIN) - $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,$(GOLANGCI_LINT_VERSION)) + $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/v2/cmd/golangci-lint,$(GOLANGCI_LINT_VERSION)) # go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist -# $1 - target path with name of binary +# $1 - target path with name of binary (ideally with version) # $2 - package url which can be installed # $3 - specific version of package define go-install-tool @[ -f "$(1)-$(3)" ] || { \ -set -e; \ -package=$(2)@$(3) ;\ -echo "Downloading $${package}" ;\ -rm -f $(1) || true ;\ -GOBIN=$(LOCALBIN) go install $${package} ;\ -mv $(1) $(1)-$(3) ;\ -} ;\ + set -e; \ + package=$(2)@$(3); \ + echo "Downloading $${package}"; \ + rm -f $(1) || true; \ + GOBIN=$(LOCALBIN) $(GO) install $${package}; \ + mv $(1) $(1)-$(3); \ +}; \ ln -sf $(1)-$(3) $(1) endef @@ -315,8 +323,7 @@ ifeq (,$(shell which opm 2>/dev/null)) set -e ;\ mkdir -p $(dir $(OPM)) ;\ OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \ - curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$${OS}-$${ARCH}-opm ;\ - chmod +x $(OPM) ;\ + curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.55.0/$${OS}-$${ARCH}-opm ;\ } else OPM = $(shell which opm) @@ -468,3 +475,8 @@ endif .PHONY: clean clean: rm -rf $(LOCALBIN) ./bundle ./bundle-* ./charts + +.PHONY: setup-envtest +setup-envtest: $(ENVTEST) + @$(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path || { \ + echo "Error setting up envtest"; exit 1; } \ No newline at end of file diff --git a/PROJECT b/PROJECT index 38b4e4a8..d9af3c71 100644 --- a/PROJECT +++ b/PROJECT @@ -4,7 +4,7 @@ # More info: https://book.kubebuilder.io/reference/project-config.html domain: redhat.io layout: -- go.kubebuilder.io/v3 +- go.kubebuilder.io/v4 plugins: manifests.sdk.operatorframework.io/v2: {} scorecard.sdk.operatorframework.io/v2: {} diff --git a/api/v1alpha1/authenginemount_webhook.go b/api/v1alpha1/authenginemount_webhook.go index 1fa66ffe..93c72e36 100644 --- a/api/v1alpha1/authenginemount_webhook.go +++ b/api/v1alpha1/authenginemount_webhook.go @@ -17,13 +17,13 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "reflect" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -40,37 +40,51 @@ func (r *AuthEngineMount) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-authenginemount,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=authenginemounts,verbs=create,versions=v1alpha1,name=mauthenginemount.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Defaulter = &AuthEngineMount{} +var _ admission.CustomDefaulter = &AuthEngineMount{} // Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *AuthEngineMount) Default() { - authenginemountlog.Info("default", "name", r.Name) +func (r *AuthEngineMount) Default(_ context.Context, obj runtime.Object) error { + cr, ok := obj.(*AuthEngineMount) + if !ok { + return nil + } + authenginemountlog.Info("default", "name", cr.Name) + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-authenginemount,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=authenginemounts,verbs=update,versions=v1alpha1,name=vauthenginemount.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Validator = &AuthEngineMount{} +var _ admission.CustomValidator = &AuthEngineMount{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *AuthEngineMount) ValidateCreate() (admission.Warnings, error) { - authenginemountlog.Info("validate create", "name", r.Name) +func (r *AuthEngineMount) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr, ok := obj.(*AuthEngineMount) + if !ok { + return nil, nil + } + authenginemountlog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *AuthEngineMount) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - authenginemountlog.Info("validate update", "name", r.Name) +func (r *AuthEngineMount) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + newCR, ok := newObj.(*AuthEngineMount) + if !ok { + return nil, nil + } + oldCR, _ := oldObj.(*AuthEngineMount) + authenginemountlog.Info("validate update", "name", newCR.Name) // the path cannot be updated - if r.Spec.Path != old.(*AuthEngineMount).Spec.Path { + if newCR.Spec.Path != oldCR.Spec.Path { return nil, errors.New("spec.path cannot be updated") } // only mount config can be modified - oldMount := old.(*AuthEngineMount).Spec.AuthMount - newMount := r.Spec.AuthMount + oldMount := oldCR.Spec.AuthMount + newMount := newCR.Spec.AuthMount oldMount.Config = AuthMountConfig{} newMount.Config = AuthMountConfig{} if !reflect.DeepEqual(oldMount, newMount) { @@ -80,8 +94,12 @@ func (r *AuthEngineMount) ValidateUpdate(old runtime.Object) (admission.Warnings } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *AuthEngineMount) ValidateDelete() (admission.Warnings, error) { - authenginemountlog.Info("validate delete", "name", r.Name) +func (r *AuthEngineMount) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr, ok := obj.(*AuthEngineMount) + if !ok { + return nil, nil + } + authenginemountlog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/azureauthengineconfig_webhook.go b/api/v1alpha1/azureauthengineconfig_webhook.go index 7a09d40f..9b992511 100644 --- a/api/v1alpha1/azureauthengineconfig_webhook.go +++ b/api/v1alpha1/azureauthengineconfig_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,38 +37,56 @@ func (r *AzureAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-azureauthengineconfig,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=azureauthengineconfigs,verbs=create,versions=v1alpha1,name=mazureauthengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &AzureAuthEngineConfig{} +var _ admission.CustomDefaulter = &AzureAuthEngineConfig{} // Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *AzureAuthEngineConfig) Default() { - azureauthengineconfiglog.Info("default", "name", r.Name) +func (r *AzureAuthEngineConfig) Default(_ context.Context, obj runtime.Object) error { + cr, ok := obj.(*AzureAuthEngineConfig) + if !ok { + return nil + } + azureauthengineconfiglog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-azureauthengineconfig,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=azureauthengineconfigs,verbs=update,versions=v1alpha1,name=vazureauthengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &AzureAuthEngineConfig{} +var _ admission.CustomValidator = &AzureAuthEngineConfig{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *AzureAuthEngineConfig) ValidateCreate() (admission.Warnings, error) { - azureauthengineconfiglog.Info("validate create", "name", r.Name) +func (r *AzureAuthEngineConfig) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr, ok := obj.(*AzureAuthEngineConfig) + if !ok { + return nil, nil + } + azureauthengineconfiglog.Info("validate create", "name", cr.Name) return nil, nil } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *AzureAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - jwtoidcauthengineconfiglog.Info("validate update", "name", r.Name) +func (r *AzureAuthEngineConfig) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + newCR, ok := newObj.(*AzureAuthEngineConfig) + if !ok { + return nil, nil + } + oldCR, _ := oldObj.(*AzureAuthEngineConfig) + jwtoidcauthengineconfiglog.Info("validate update", "name", newCR.Name) // the path cannot be updated - if r.Spec.Path != old.(*AzureAuthEngineConfig).Spec.Path { + if newCR.Spec.Path != oldCR.Spec.Path { return nil, errors.New("spec.path cannot be updated") } return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *AzureAuthEngineConfig) ValidateDelete() (admission.Warnings, error) { - azureauthengineconfiglog.Info("validate delete", "name", r.Name) +func (r *AzureAuthEngineConfig) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr, ok := obj.(*AzureAuthEngineConfig) + if !ok { + return nil, nil + } + azureauthengineconfiglog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/azureauthenginerole_webhook.go b/api/v1alpha1/azureauthenginerole_webhook.go index a754d632..07c5438c 100644 --- a/api/v1alpha1/azureauthenginerole_webhook.go +++ b/api/v1alpha1/azureauthenginerole_webhook.go @@ -17,10 +17,11 @@ limitations under the License. package v1alpha1 import ( + "context" + "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,34 +38,52 @@ func (r *AzureAuthEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-azureauthenginerole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=azureauthengineroles,verbs=create,versions=v1alpha1,name=mazureauthenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &AzureAuthEngineRole{} +var _ admission.CustomDefaulter = &AzureAuthEngineRole{} // Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *AzureAuthEngineRole) Default() { - azureauthenginerolelog.Info("default", "name", r.Name) +func (r *AzureAuthEngineRole) Default(_ context.Context, obj runtime.Object) error { + cr, ok := obj.(*AzureAuthEngineRole) + if !ok { + return nil + } + azureauthenginerolelog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-azureauthenginerole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=azureauthengineroles,verbs=update,versions=v1alpha1,name=vazureauthenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &AzureAuthEngineRole{} +var _ admission.CustomValidator = &AzureAuthEngineRole{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *AzureAuthEngineRole) ValidateCreate() (admission.Warnings, error) { - azureauthenginerolelog.Info("validate create", "name", r.Name) +func (r *AzureAuthEngineRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr, ok := obj.(*AzureAuthEngineRole) + if !ok { + return nil, nil + } + azureauthenginerolelog.Info("validate create", "name", cr.Name) return nil, nil } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *AzureAuthEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - azureauthenginerolelog.Info("validate update", "name", r.Name) +func (r *AzureAuthEngineRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + newCR, ok := newObj.(*AzureAuthEngineRole) + if !ok { + return nil, nil + } + _ = oldObj // currently unused; keep signature for interface compliance + azureauthenginerolelog.Info("validate update", "name", newCR.Name) return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *AzureAuthEngineRole) ValidateDelete() (admission.Warnings, error) { - azureauthenginerolelog.Info("validate delete", "name", r.Name) +func (r *AzureAuthEngineRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr, ok := obj.(*AzureAuthEngineRole) + if !ok { + return nil, nil + } + azureauthenginerolelog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/azuresecretengineconfig_webhook.go b/api/v1alpha1/azuresecretengineconfig_webhook.go index 697cc4fb..8f007d2f 100644 --- a/api/v1alpha1/azuresecretengineconfig_webhook.go +++ b/api/v1alpha1/azuresecretengineconfig_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,39 +37,57 @@ func (r *AzureSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) erro //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-azuresecretengineconfig,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=azuresecretengineconfigs,verbs=create,versions=v1alpha1,name=mazuresecretengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &AzureSecretEngineConfig{} +var _ admission.CustomDefaulter = &AzureSecretEngineConfig{} // Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *AzureSecretEngineConfig) Default() { - azuresecretengineconfiglog.Info("default", "name", r.Name) +func (r *AzureSecretEngineConfig) Default(_ context.Context, obj runtime.Object) error { + cr, ok := obj.(*AzureSecretEngineConfig) + if !ok { + return nil + } + azuresecretengineconfiglog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-azuresecretengineconfig,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=azuresecretengineconfigs,verbs=create;update,versions=v1alpha1,name=vazuresecretengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &AzureSecretEngineConfig{} +var _ admission.CustomValidator = &AzureSecretEngineConfig{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *AzureSecretEngineConfig) ValidateCreate() (admission.Warnings, error) { - azuresecretengineconfiglog.Info("validate create", "name", r.Name) +func (r *AzureSecretEngineConfig) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr, ok := obj.(*AzureSecretEngineConfig) + if !ok { + return nil, nil + } + azuresecretengineconfiglog.Info("validate create", "name", cr.Name) return nil, nil } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *AzureSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - azuresecretengineconfiglog.Info("validate update", "name", r.Name) +func (r *AzureSecretEngineConfig) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + newCR, ok := newObj.(*AzureSecretEngineConfig) + if !ok { + return nil, nil + } + oldCR, _ := oldObj.(*AzureSecretEngineConfig) + azuresecretengineconfiglog.Info("validate update", "name", newCR.Name) // the path cannot be updated - if r.Spec.Path != old.(*AzureSecretEngineConfig).Spec.Path { + if newCR.Spec.Path != oldCR.Spec.Path { return nil, errors.New("spec.path cannot be updated") } - return nil, r.isValid() + return nil, newCR.isValid() } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *AzureSecretEngineConfig) ValidateDelete() (admission.Warnings, error) { - azuresecretengineconfiglog.Info("validate delete", "name", r.Name) +func (r *AzureSecretEngineConfig) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr, ok := obj.(*AzureSecretEngineConfig) + if !ok { + return nil, nil + } + azuresecretengineconfiglog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/azuresecretenginerole_webhook.go b/api/v1alpha1/azuresecretenginerole_webhook.go index 46499f87..b43d23be 100644 --- a/api/v1alpha1/azuresecretenginerole_webhook.go +++ b/api/v1alpha1/azuresecretenginerole_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,37 +37,42 @@ func (r *AzureSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-azuresecretenginerole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=azuresecretengineroles,verbs=create,versions=v1alpha1,name=mazuresecretenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &AzureSecretEngineRole{} +var _ admission.CustomDefaulter = &AzureSecretEngineRole{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *AzureSecretEngineRole) Default() { - azuresecretenginerolelog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *AzureSecretEngineRole) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*AzureSecretEngineRole) + azuresecretenginerolelog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-azuresecretenginerole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=azuresecretengineroles,verbs=update,versions=v1alpha1,name=vazuresecretenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &AzureSecretEngineRole{} - -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *AzureSecretEngineRole) ValidateCreate() (admission.Warnings, error) { - azuresecretenginerolelog.Info("validate create", "name", r.Name) +var _ admission.CustomValidator = &AzureSecretEngineRole{} +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *AzureSecretEngineRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*AzureSecretEngineRole) + azuresecretenginerolelog.Info("validate create", "name", cr.Name) return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *AzureSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - azuresecretenginerolelog.Info("validate update", "name", r.Name) - if r.Spec.Path != old.(*AzureSecretEngineRole).Spec.Path { +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *AzureSecretEngineRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + oldCR := oldObj.(*AzureSecretEngineRole) + newCR := newObj.(*AzureSecretEngineRole) + + azuresecretenginerolelog.Info("validate update", "name", newCR.Name) + if newCR.Spec.Path != oldCR.Spec.Path { return nil, errors.New("spec.path cannot be updated") } return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *AzureSecretEngineRole) ValidateDelete() (admission.Warnings, error) { - azuresecretenginerolelog.Info("validate delete", "name", r.Name) - +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *AzureSecretEngineRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*AzureSecretEngineRole) + azuresecretenginerolelog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/certauthengineconfig_webhook.go b/api/v1alpha1/certauthengineconfig_webhook.go index c7efd979..ca7a56db 100644 --- a/api/v1alpha1/certauthengineconfig_webhook.go +++ b/api/v1alpha1/certauthengineconfig_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,42 +37,49 @@ func (r *CertAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-certauthengineconfig,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=certauthengineconfigs,verbs=create;update,versions=v1alpha1,name=mcertauthengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &CertAuthEngineConfig{} +var _ admission.CustomDefaulter = &CertAuthEngineConfig{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *CertAuthEngineConfig) Default() { - certauthengineconfiglog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *CertAuthEngineConfig) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*CertAuthEngineConfig) + certauthengineconfiglog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-certauthengineconfig,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=certauthengineconfigs,verbs=create;update,versions=v1alpha1,name=vcertauthengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &CertAuthEngineConfig{} +var _ admission.CustomValidator = &CertAuthEngineConfig{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *CertAuthEngineConfig) ValidateCreate() (admission.Warnings, error) { - certauthengineconfiglog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *CertAuthEngineConfig) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*CertAuthEngineConfig) + certauthengineconfiglog.Info("validate create", "name", cr.Name) return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *CertAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - certauthengineconfiglog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *CertAuthEngineConfig) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*CertAuthEngineConfig) + new := newObj.(*CertAuthEngineConfig) - if r.Spec.Path != old.(*CertAuthEngineConfig).Spec.Path { + certauthengineconfiglog.Info("validate update", "name", new.Name) + + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } - if r.Spec.Name != old.(*CertAuthEngineConfig).Spec.Name { + if new.Spec.Name != old.Spec.Name { return nil, errors.New("spec.name cannot be updated") } return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *CertAuthEngineConfig) ValidateDelete() (admission.Warnings, error) { - certauthengineconfiglog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *CertAuthEngineConfig) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*CertAuthEngineConfig) + certauthengineconfiglog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/certauthenginerole_webhook.go b/api/v1alpha1/certauthenginerole_webhook.go index c1b51e16..f0e674b5 100644 --- a/api/v1alpha1/certauthenginerole_webhook.go +++ b/api/v1alpha1/certauthenginerole_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,42 +37,48 @@ func (r *CertAuthEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-certauthenginerole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=certauthengineroles,verbs=create;update,versions=v1alpha1,name=mcertauthenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &CertAuthEngineRole{} +var _ admission.CustomDefaulter = &CertAuthEngineRole{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *CertAuthEngineRole) Default() { - certauthenginerolelog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *CertAuthEngineRole) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*CertAuthEngineRole) + certauthenginerolelog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-certauthenginerole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=certauthengineroles,verbs=create;update,versions=v1alpha1,name=vcertauthenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &CertAuthEngineRole{} - -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *CertAuthEngineRole) ValidateCreate() (admission.Warnings, error) { - certauthenginerolelog.Info("validate create", "name", r.Name) +var _ admission.CustomValidator = &CertAuthEngineRole{} +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *CertAuthEngineRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*CertAuthEngineRole) + certauthenginerolelog.Info("validate create", "name", cr.Name) return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *CertAuthEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - certauthenginerolelog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *CertAuthEngineRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*CertAuthEngineRole) + new := newObj.(*CertAuthEngineRole) + + certauthenginerolelog.Info("validate update", "name", new.Name) - if r.Spec.Path != old.(*CertAuthEngineRole).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } - if r.Spec.Name != old.(*CertAuthEngineRole).Spec.Name { + if new.Spec.Name != old.Spec.Name { return nil, errors.New("spec.name cannot be updated") } return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *CertAuthEngineRole) ValidateDelete() (admission.Warnings, error) { - certauthenginerolelog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *CertAuthEngineRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*CertAuthEngineRole) + certauthenginerolelog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/databasesecretengineconfig_webhook.go b/api/v1alpha1/databasesecretengineconfig_webhook.go index c15c4971..7487d618 100644 --- a/api/v1alpha1/databasesecretengineconfig_webhook.go +++ b/api/v1alpha1/databasesecretengineconfig_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,11 +37,13 @@ func (r *DatabaseSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) e //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-databasesecretengineconfig,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=databasesecretengineconfigs,verbs=create,versions=v1alpha1,name=mdatabasesecretengineconfig.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Defaulter = &DatabaseSecretEngineConfig{} +var _ admission.CustomDefaulter = &DatabaseSecretEngineConfig{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *DatabaseSecretEngineConfig) Default() { - authenginemountlog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *DatabaseSecretEngineConfig) Default(_ context.Context, obj runtime.Object) error { + o := obj.(*DatabaseSecretEngineConfig) + authenginemountlog.Info("default", "name", o.Name) + return nil } // EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! @@ -49,40 +51,45 @@ func (r *DatabaseSecretEngineConfig) Default() { // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-databasesecretengineconfig,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=databasesecretengineconfigs,verbs=create;update,versions=v1alpha1,name=vdatabasesecretengineconfig.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Validator = &DatabaseSecretEngineConfig{} +var _ admission.CustomValidator = &DatabaseSecretEngineConfig{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *DatabaseSecretEngineConfig) ValidateCreate() (admission.Warnings, error) { - databasesecretengineconfiglog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *DatabaseSecretEngineConfig) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + o := obj.(*DatabaseSecretEngineConfig) + databasesecretengineconfiglog.Info("validate create", "name", o.Name) // TODO(user): fill in your validation logic upon object creation. - return nil, r.isValid() + return nil, o.isValid() } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *DatabaseSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - databasesecretengineconfiglog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *DatabaseSecretEngineConfig) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*DatabaseSecretEngineConfig) + new := newObj.(*DatabaseSecretEngineConfig) + + databasesecretengineconfiglog.Info("validate update", "name", new.Name) // the path cannot be updated - if r.Spec.Path != old.(*DatabaseSecretEngineConfig).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } //connection_url, username and verify_connection cannot be changed because they cannot be compare with the actual. - // if r.Spec.ConnectionURL != old.(*DatabaseSecretEngineConfig).Spec.ConnectionURL { - // return errors.New("spec.connectionURL cannot be updated") + // if new.Spec.ConnectionURL != old.Spec.ConnectionURL { + // return nil, errors.New("spec.connectionURL cannot be updated") // } - // if r.Spec.Username != old.(*DatabaseSecretEngineConfig).Spec.Username { - // return errors.New("spec.username cannot be updated") + // if new.Spec.Username != old.Spec.Username { + // return nil, errors.New("spec.username cannot be updated") // } - // if r.Spec.VerifyConnection != old.(*DatabaseSecretEngineConfig).Spec.VerifyConnection { - // return errors.New("spec.verifyConnection cannot be updated") + // if new.Spec.VerifyConnection != old.Spec.VerifyConnection { + // return nil, errors.New("spec.verifyConnection cannot be updated") // } - return nil, r.isValid() + return nil, new.isValid() } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *DatabaseSecretEngineConfig) ValidateDelete() (admission.Warnings, error) { - databasesecretengineconfiglog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *DatabaseSecretEngineConfig) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + o := obj.(*DatabaseSecretEngineConfig) + databasesecretengineconfiglog.Info("validate delete", "name", o.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/databasesecretenginerole_webhook.go b/api/v1alpha1/databasesecretenginerole_webhook.go index 81a5c2fe..3cf38919 100644 --- a/api/v1alpha1/databasesecretenginerole_webhook.go +++ b/api/v1alpha1/databasesecretenginerole_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -39,40 +39,47 @@ func (r *DatabaseSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) err //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-databasesecretenginerole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=databasesecretengineroles,verbs=create,versions=v1alpha1,name=mdatabasesecretenginerole.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Defaulter = &DatabaseSecretEngineRole{} +var _ admission.CustomDefaulter = &DatabaseSecretEngineRole{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *DatabaseSecretEngineRole) Default() { - authenginemountlog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *DatabaseSecretEngineRole) Default(_ context.Context, obj runtime.Object) error { + o := obj.(*DatabaseSecretEngineRole) + authenginemountlog.Info("default", "name", o.Name) + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-databasesecretenginerole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=databasesecretengineroles,verbs=update,versions=v1alpha1,name=vdatabasesecretenginerole.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Validator = &DatabaseSecretEngineRole{} +var _ admission.CustomValidator = &DatabaseSecretEngineRole{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *DatabaseSecretEngineRole) ValidateCreate() (admission.Warnings, error) { - databasesecretenginerolelog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *DatabaseSecretEngineRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + o := obj.(*DatabaseSecretEngineRole) + databasesecretenginerolelog.Info("validate create", "name", o.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *DatabaseSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - databasesecretenginerolelog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *DatabaseSecretEngineRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*DatabaseSecretEngineRole) + new := newObj.(*DatabaseSecretEngineRole) + + databasesecretenginerolelog.Info("validate update", "name", new.Name) // the path cannot be updated - if r.Spec.Path != old.(*DatabaseSecretEngineRole).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *DatabaseSecretEngineRole) ValidateDelete() (admission.Warnings, error) { - databasesecretenginerolelog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *DatabaseSecretEngineRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + o := obj.(*DatabaseSecretEngineRole) + databasesecretenginerolelog.Info("validate delete", "name", o.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/databasesecretenginestaticrole_webhook.go b/api/v1alpha1/databasesecretenginestaticrole_webhook.go index 8d68c16b..d6d079ac 100644 --- a/api/v1alpha1/databasesecretenginestaticrole_webhook.go +++ b/api/v1alpha1/databasesecretenginestaticrole_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -39,41 +39,48 @@ func (r *DatabaseSecretEngineStaticRole) SetupWebhookWithManager(mgr ctrl.Manage //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-databasesecretenginestaticrole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=databasesecretenginestaticroles,verbs=create,versions=v1alpha1,name=mdatabasesecretenginestaticrole.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &DatabaseSecretEngineStaticRole{} +var _ admission.CustomDefaulter = &DatabaseSecretEngineStaticRole{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *DatabaseSecretEngineStaticRole) Default() { - databasesecretenginestaticrolelog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *DatabaseSecretEngineStaticRole) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*DatabaseSecretEngineStaticRole) + databasesecretenginestaticrolelog.Info("default", "name", cr.Name) // TODO(user): fill in your defaulting logic. + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-databasesecretenginestaticrole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=databasesecretenginestaticroles,verbs=create;update,versions=v1alpha1,name=vdatabasesecretenginestaticrole.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &DatabaseSecretEngineStaticRole{} +var _ admission.CustomValidator = &DatabaseSecretEngineStaticRole{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *DatabaseSecretEngineStaticRole) ValidateCreate() (admission.Warnings, error) { - databasesecretenginestaticrolelog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *DatabaseSecretEngineStaticRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*DatabaseSecretEngineStaticRole) + databasesecretenginestaticrolelog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. - return nil, r.isValid() + return nil, cr.isValid() } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *DatabaseSecretEngineStaticRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - databasesecretenginestaticrolelog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *DatabaseSecretEngineStaticRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*DatabaseSecretEngineStaticRole) + new := newObj.(*DatabaseSecretEngineStaticRole) + + databasesecretenginestaticrolelog.Info("validate update", "name", new.Name) // the path cannot be updated - if r.Spec.Path != old.(*DatabaseSecretEngineStaticRole).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } // TODO(user): fill in your validation logic upon object update. - return nil, r.isValid() + return nil, new.isValid() } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *DatabaseSecretEngineStaticRole) ValidateDelete() (admission.Warnings, error) { - databasesecretenginestaticrolelog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *DatabaseSecretEngineStaticRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*DatabaseSecretEngineStaticRole) + databasesecretenginestaticrolelog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/gcpauthengineconfig_webhook.go b/api/v1alpha1/gcpauthengineconfig_webhook.go index 1178565f..32784dd3 100644 --- a/api/v1alpha1/gcpauthengineconfig_webhook.go +++ b/api/v1alpha1/gcpauthengineconfig_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,39 +37,46 @@ func (r *GCPAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-gcpauthengineconfig,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=gcpauthengineconfigs,verbs=create,versions=v1alpha1,name=mgcpauthengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &GCPAuthEngineConfig{} +var _ admission.CustomDefaulter = &GCPAuthEngineConfig{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *GCPAuthEngineConfig) Default() { - gcpauthengineconfiglog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *GCPAuthEngineConfig) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*GCPAuthEngineConfig) + gcpauthengineconfiglog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-gcpauthengineconfig,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=gcpauthengineconfigs,verbs=update,versions=v1alpha1,name=vgcpauthengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &GCPAuthEngineConfig{} +var _ admission.CustomValidator = &GCPAuthEngineConfig{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *GCPAuthEngineConfig) ValidateCreate() (admission.Warnings, error) { - gcpauthengineconfiglog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *GCPAuthEngineConfig) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*GCPAuthEngineConfig) + gcpauthengineconfiglog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *GCPAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - gcpauthengineconfiglog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *GCPAuthEngineConfig) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*GCPAuthEngineConfig) + new := newObj.(*GCPAuthEngineConfig) + + gcpauthengineconfiglog.Info("validate update", "name", new.Name) // the path cannot be updated - if r.Spec.Path != old.(*GCPAuthEngineConfig).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *GCPAuthEngineConfig) ValidateDelete() (admission.Warnings, error) { - gcpauthengineconfiglog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *GCPAuthEngineConfig) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*GCPAuthEngineConfig) + gcpauthengineconfiglog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/gcpauthenginerole_webhook.go b/api/v1alpha1/gcpauthenginerole_webhook.go index 131df2e6..b8bc4701 100644 --- a/api/v1alpha1/gcpauthenginerole_webhook.go +++ b/api/v1alpha1/gcpauthenginerole_webhook.go @@ -17,10 +17,11 @@ limitations under the License. package v1alpha1 import ( + "context" + "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -35,34 +36,41 @@ func (r *GCPAuthEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-gcpauthenginerole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=gcpauthengineroles,verbs=create,versions=v1alpha1,name=mgcpauthenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &GCPAuthEngineRole{} +var _ admission.CustomDefaulter = &GCPAuthEngineRole{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *GCPAuthEngineRole) Default() { - gcpauthenginerolelog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *GCPAuthEngineRole) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*GCPAuthEngineRole) + gcpauthenginerolelog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-gcpauthenginerole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=gcpauthengineroles,verbs=update,versions=v1alpha1,name=vgcpauthenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &GCPAuthEngineRole{} +var _ admission.CustomValidator = &GCPAuthEngineRole{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *GCPAuthEngineRole) ValidateCreate() (admission.Warnings, error) { - gcpauthenginerolelog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *GCPAuthEngineRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*GCPAuthEngineRole) + gcpauthenginerolelog.Info("validate create", "name", cr.Name) return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *GCPAuthEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - gcpauthenginerolelog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *GCPAuthEngineRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + _ = oldObj.(*GCPAuthEngineRole) + new := newObj.(*GCPAuthEngineRole) + + gcpauthenginerolelog.Info("validate update", "name", new.Name) return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *GCPAuthEngineRole) ValidateDelete() (admission.Warnings, error) { - gcpauthenginerolelog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *GCPAuthEngineRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*GCPAuthEngineRole) + gcpauthenginerolelog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/githubsecretengineconfig_webhook.go b/api/v1alpha1/githubsecretengineconfig_webhook.go index b7bbaff6..d5ff4695 100644 --- a/api/v1alpha1/githubsecretengineconfig_webhook.go +++ b/api/v1alpha1/githubsecretengineconfig_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -39,42 +39,49 @@ func (r *GitHubSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) err //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-githubsecretengineconfig,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=githubsecretengineconfigs,verbs=create,versions=v1alpha1,name=mgithubsecretengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &GitHubSecretEngineConfig{} +var _ admission.CustomDefaulter = &GitHubSecretEngineConfig{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *GitHubSecretEngineConfig) Default() { - githubsecretengineconfiglog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *GitHubSecretEngineConfig) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*GitHubSecretEngineConfig) + githubsecretengineconfiglog.Info("default", "name", cr.Name) // TODO(user): fill in your defaulting logic. + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-githubsecretengineconfig,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=githubsecretengineconfigs,verbs=create;update,versions=v1alpha1,name=vgithubsecretengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &GitHubSecretEngineConfig{} +var _ admission.CustomValidator = &GitHubSecretEngineConfig{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *GitHubSecretEngineConfig) ValidateCreate() (admission.Warnings, error) { - githubsecretengineconfiglog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *GitHubSecretEngineConfig) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*GitHubSecretEngineConfig) + githubsecretengineconfiglog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. - return nil, r.isValid() + return nil, cr.isValid() } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *GitHubSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - githubsecretengineconfiglog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *GitHubSecretEngineConfig) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*GitHubSecretEngineConfig) + new := newObj.(*GitHubSecretEngineConfig) + + githubsecretengineconfiglog.Info("validate update", "name", new.Name) // the path cannot be updated - if r.Spec.Path != old.(*GitHubSecretEngineConfig).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } - return nil, r.isValid() + return nil, new.isValid() } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *GitHubSecretEngineConfig) ValidateDelete() (admission.Warnings, error) { - githubsecretengineconfiglog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *GitHubSecretEngineConfig) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*GitHubSecretEngineConfig) + githubsecretengineconfiglog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/githubsecretenginerole_webhook.go b/api/v1alpha1/githubsecretenginerole_webhook.go index f2c497eb..00918e61 100644 --- a/api/v1alpha1/githubsecretenginerole_webhook.go +++ b/api/v1alpha1/githubsecretenginerole_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -39,41 +39,47 @@ func (r *GitHubSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-githubsecretenginerole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=githubsecretengineroles,verbs=create,versions=v1alpha1,name=mgithubsecretenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &GitHubSecretEngineRole{} - -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *GitHubSecretEngineRole) Default() { - githubsecretenginerolelog.Info("default", "name", r.Name) +var _ admission.CustomDefaulter = &GitHubSecretEngineRole{} +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *GitHubSecretEngineRole) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*GitHubSecretEngineRole) + githubsecretenginerolelog.Info("default", "name", cr.Name) + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-githubsecretenginerole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=githubsecretengineroles,verbs=update,versions=v1alpha1,name=vgithubsecretenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &GitHubSecretEngineRole{} +var _ admission.CustomValidator = &GitHubSecretEngineRole{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *GitHubSecretEngineRole) ValidateCreate() (admission.Warnings, error) { - githubsecretenginerolelog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *GitHubSecretEngineRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*GitHubSecretEngineRole) + githubsecretenginerolelog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *GitHubSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - githubsecretenginerolelog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *GitHubSecretEngineRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*GitHubSecretEngineRole) + new := newObj.(*GitHubSecretEngineRole) + + githubsecretenginerolelog.Info("validate update", "name", new.Name) // the path cannot be updated - if r.Spec.Path != old.(*GitHubSecretEngineRole).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *GitHubSecretEngineRole) ValidateDelete() (admission.Warnings, error) { - githubsecretenginerolelog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *GitHubSecretEngineRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*GitHubSecretEngineRole) + githubsecretenginerolelog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/group_webhook.go b/api/v1alpha1/group_webhook.go index d8b354ac..19883e54 100644 --- a/api/v1alpha1/group_webhook.go +++ b/api/v1alpha1/group_webhook.go @@ -17,10 +17,11 @@ limitations under the License. package v1alpha1 import ( + "context" + "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,39 +38,46 @@ func (r *Group) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-group,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=groups,verbs=create;update,versions=v1alpha1,name=mgroup.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &Group{} +var _ admission.CustomDefaulter = &Group{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *Group) Default() { - grouplog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *Group) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*Group) + grouplog.Info("default", "name", cr.Name) // TODO(user): fill in your defaulting logic. + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-group,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=groups,verbs=create;update,versions=v1alpha1,name=vgroup.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &Group{} +var _ admission.CustomValidator = &Group{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *Group) ValidateCreate() (admission.Warnings, error) { - grouplog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *Group) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*Group) + grouplog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *Group) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - grouplog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *Group) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + _ = oldObj.(*Group) + new := newObj.(*Group) + + grouplog.Info("validate update", "name", new.Name) // TODO(user): fill in your validation logic upon object update. return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *Group) ValidateDelete() (admission.Warnings, error) { - grouplog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *Group) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*Group) + grouplog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/groupalias_webhook.go b/api/v1alpha1/groupalias_webhook.go index 1a978e67..03a718cc 100644 --- a/api/v1alpha1/groupalias_webhook.go +++ b/api/v1alpha1/groupalias_webhook.go @@ -17,10 +17,11 @@ limitations under the License. package v1alpha1 import ( + "context" + "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,39 +38,46 @@ func (r *GroupAlias) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-groupalias,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=groupaliases,verbs=create;update,versions=v1alpha1,name=mgroupalias.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &GroupAlias{} +var _ admission.CustomDefaulter = &GroupAlias{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *GroupAlias) Default() { - groupaliaslog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *GroupAlias) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*GroupAlias) + groupaliaslog.Info("default", "name", cr.Name) // TODO(user): fill in your defaulting logic. + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-groupalias,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=groupaliases,verbs=create;update,versions=v1alpha1,name=vgroupalias.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &GroupAlias{} +var _ admission.CustomValidator = &GroupAlias{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *GroupAlias) ValidateCreate() (admission.Warnings, error) { - groupaliaslog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *GroupAlias) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*GroupAlias) + groupaliaslog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *GroupAlias) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - groupaliaslog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *GroupAlias) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + _ = oldObj.(*GroupAlias) + new := newObj.(*GroupAlias) + + groupaliaslog.Info("validate update", "name", new.Name) // TODO(user): fill in your validation logic upon object update. return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *GroupAlias) ValidateDelete() (admission.Warnings, error) { - groupaliaslog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *GroupAlias) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*GroupAlias) + groupaliaslog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/jwtoidcauthengineconfig_webhook.go b/api/v1alpha1/jwtoidcauthengineconfig_webhook.go index 9ac5962c..58135727 100644 --- a/api/v1alpha1/jwtoidcauthengineconfig_webhook.go +++ b/api/v1alpha1/jwtoidcauthengineconfig_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,38 +37,45 @@ func (r *JWTOIDCAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) erro //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-jwtoidcauthengineconfig,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=jwtoidcauthengineconfigs,verbs=create,versions=v1alpha1,name=mjwtoidcauthengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &JWTOIDCAuthEngineConfig{} +var _ admission.CustomDefaulter = &JWTOIDCAuthEngineConfig{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *JWTOIDCAuthEngineConfig) Default() { - jwtoidcauthengineconfiglog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *JWTOIDCAuthEngineConfig) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*JWTOIDCAuthEngineConfig) + jwtoidcauthengineconfiglog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-jwtoidcauthengineconfig,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=jwtoidcauthengineconfigs,verbs=update,versions=v1alpha1,name=vjwtoidcauthengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &JWTOIDCAuthEngineConfig{} +var _ admission.CustomValidator = &JWTOIDCAuthEngineConfig{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *JWTOIDCAuthEngineConfig) ValidateCreate() (admission.Warnings, error) { - jwtoidcauthengineconfiglog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *JWTOIDCAuthEngineConfig) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*JWTOIDCAuthEngineConfig) + jwtoidcauthengineconfiglog.Info("validate create", "name", cr.Name) return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *JWTOIDCAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - jwtoidcauthengineconfiglog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *JWTOIDCAuthEngineConfig) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*JWTOIDCAuthEngineConfig) + new := newObj.(*JWTOIDCAuthEngineConfig) + + jwtoidcauthengineconfiglog.Info("validate update", "name", new.Name) // the path cannot be updated - if r.Spec.Path != old.(*JWTOIDCAuthEngineConfig).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *JWTOIDCAuthEngineConfig) ValidateDelete() (admission.Warnings, error) { - jwtoidcauthengineconfiglog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *JWTOIDCAuthEngineConfig) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*JWTOIDCAuthEngineConfig) + jwtoidcauthengineconfiglog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/jwtoidcauthenginerole_webhook.go b/api/v1alpha1/jwtoidcauthenginerole_webhook.go index b2dbc99f..0b941eb8 100644 --- a/api/v1alpha1/jwtoidcauthenginerole_webhook.go +++ b/api/v1alpha1/jwtoidcauthenginerole_webhook.go @@ -17,10 +17,11 @@ limitations under the License. package v1alpha1 import ( + "context" + "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -35,34 +36,38 @@ func (r *JWTOIDCAuthEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-jwtoidcauthenginerole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=jwtoidcauthengineroles,verbs=create,versions=v1alpha1,name=mjwtoidcauthenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &JWTOIDCAuthEngineRole{} +var _ admission.CustomDefaulter = &JWTOIDCAuthEngineRole{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *JWTOIDCAuthEngineRole) Default() { - jwtoidcauthenginerolelog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *JWTOIDCAuthEngineRole) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*JWTOIDCAuthEngineRole) + jwtoidcauthenginerolelog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-jwtoidcauthenginerole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=jwtoidcauthengineroles,verbs=update,versions=v1alpha1,name=vjwtoidcauthenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &JWTOIDCAuthEngineRole{} - -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *JWTOIDCAuthEngineRole) ValidateCreate() (admission.Warnings, error) { - jwtoidcauthenginerolelog.Info("validate create", "name", r.Name) +var _ admission.CustomValidator = &JWTOIDCAuthEngineRole{} +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *JWTOIDCAuthEngineRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*JWTOIDCAuthEngineRole) + jwtoidcauthenginerolelog.Info("validate create", "name", cr.Name) return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *JWTOIDCAuthEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - jwtoidcauthenginerolelog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *JWTOIDCAuthEngineRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + _ = oldObj.(*JWTOIDCAuthEngineRole) + new := newObj.(*JWTOIDCAuthEngineRole) + jwtoidcauthenginerolelog.Info("validate update", "name", new.Name) return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *JWTOIDCAuthEngineRole) ValidateDelete() (admission.Warnings, error) { - jwtoidcauthenginerolelog.Info("validate delete", "name", r.Name) - +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *JWTOIDCAuthEngineRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*JWTOIDCAuthEngineRole) + jwtoidcauthenginerolelog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/kubernetesauthengineconfig_webhook.go b/api/v1alpha1/kubernetesauthengineconfig_webhook.go index d2c2efbc..76c9eaff 100644 --- a/api/v1alpha1/kubernetesauthengineconfig_webhook.go +++ b/api/v1alpha1/kubernetesauthengineconfig_webhook.go @@ -17,13 +17,13 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "os" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -40,48 +40,55 @@ func (r *KubernetesAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) e //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-kubernetesauthengineconfig,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=kubernetesauthengineconfigs,verbs=create,versions=v1alpha1,name=mkubernetesauthengineconfig.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Defaulter = &KubernetesAuthEngineConfig{} +var _ admission.CustomDefaulter = &KubernetesAuthEngineConfig{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *KubernetesAuthEngineConfig) Default() { - kubernetesauthengineconfiglog.Info("default", "name", r.Name) - if r.Spec.UseOperatorPodCA && r.Spec.KubernetesCACert == "" { +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *KubernetesAuthEngineConfig) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*KubernetesAuthEngineConfig) + kubernetesauthengineconfiglog.Info("default", "name", cr.Name) + if cr.Spec.UseOperatorPodCA && cr.Spec.KubernetesCACert == "" { b, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt") if err != nil { kubernetesauthengineconfiglog.Error(err, "unable to read file /var/run/secrets/kubernetes.io/serviceaccount/ca.crt") - return + return nil } - r.Spec.KubernetesCACert = string(b) + cr.Spec.KubernetesCACert = string(b) } + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-kubernetesauthengineconfig,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=kubernetesauthengineconfigs,verbs=update,versions=v1alpha1,name=vkubernetesauthengineconfig.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Validator = &KubernetesAuthEngineConfig{} +var _ admission.CustomValidator = &KubernetesAuthEngineConfig{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *KubernetesAuthEngineConfig) ValidateCreate() (admission.Warnings, error) { - kubernetesauthengineconfiglog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *KubernetesAuthEngineConfig) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*KubernetesAuthEngineConfig) + kubernetesauthengineconfiglog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *KubernetesAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - kubernetesauthengineconfiglog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *KubernetesAuthEngineConfig) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*KubernetesAuthEngineConfig) + new := newObj.(*KubernetesAuthEngineConfig) + + kubernetesauthengineconfiglog.Info("validate update", "name", new.Name) // the path cannot be updated - if r.Spec.Path != old.(*KubernetesAuthEngineConfig).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *KubernetesAuthEngineConfig) ValidateDelete() (admission.Warnings, error) { - kubernetesauthengineconfiglog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *KubernetesAuthEngineConfig) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*KubernetesAuthEngineConfig) + kubernetesauthengineconfiglog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/kubernetesauthenginerole_webhook.go b/api/v1alpha1/kubernetesauthenginerole_webhook.go index f145de59..0346abdb 100644 --- a/api/v1alpha1/kubernetesauthenginerole_webhook.go +++ b/api/v1alpha1/kubernetesauthenginerole_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -39,40 +39,47 @@ func (r *KubernetesAuthEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) err //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-kubernetesauthenginerole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=kubernetesauthengineroles,verbs=create,versions=v1alpha1,name=mkubernetesauthenginerole.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Defaulter = &KubernetesAuthEngineRole{} +var _ admission.CustomDefaulter = &KubernetesAuthEngineRole{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *KubernetesAuthEngineRole) Default() { - authenginemountlog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *KubernetesAuthEngineRole) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*KubernetesAuthEngineRole) + authenginemountlog.Info("default", "name", cr.Name) + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-kubernetesauthenginerole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=kubernetesauthengineroles,verbs=create;update,versions=v1alpha1,name=vkubernetesauthenginerole.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Validator = &KubernetesAuthEngineRole{} +var _ admission.CustomValidator = &KubernetesAuthEngineRole{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *KubernetesAuthEngineRole) ValidateCreate() (admission.Warnings, error) { - kubernetesauthenginerolelog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *KubernetesAuthEngineRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*KubernetesAuthEngineRole) + kubernetesauthenginerolelog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. - return nil, r.isValid() + return nil, cr.isValid() } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *KubernetesAuthEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - kubernetesauthenginerolelog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *KubernetesAuthEngineRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*KubernetesAuthEngineRole) + new := newObj.(*KubernetesAuthEngineRole) + + kubernetesauthenginerolelog.Info("validate update", "name", new.Name) // the path cannot be updated - if r.Spec.Path != old.(*KubernetesAuthEngineRole).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } - return nil, r.isValid() + return nil, new.isValid() } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *KubernetesAuthEngineRole) ValidateDelete() (admission.Warnings, error) { - kubernetesauthenginerolelog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *KubernetesAuthEngineRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*KubernetesAuthEngineRole) + kubernetesauthenginerolelog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/kubernetessecretengineconfig_webhook.go b/api/v1alpha1/kubernetessecretengineconfig_webhook.go index 6637c6dd..4b852caa 100644 --- a/api/v1alpha1/kubernetessecretengineconfig_webhook.go +++ b/api/v1alpha1/kubernetessecretengineconfig_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -39,43 +39,50 @@ func (r *KubernetesSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-kubernetessecretengineconfig,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=kubernetessecretengineconfigs,verbs=create,versions=v1alpha1,name=mkubernetessecretengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &KubernetesSecretEngineConfig{} +var _ admission.CustomDefaulter = &KubernetesSecretEngineConfig{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *KubernetesSecretEngineConfig) Default() { - kubernetessecretengineconfiglog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *KubernetesSecretEngineConfig) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*KubernetesSecretEngineConfig) + kubernetessecretengineconfiglog.Info("default", "name", cr.Name) // TODO(user): fill in your defaulting logic. + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-kubernetessecretengineconfig,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=kubernetessecretengineconfigs,verbs=update,versions=v1alpha1,name=vkubernetessecretengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &KubernetesSecretEngineConfig{} +var _ admission.CustomValidator = &KubernetesSecretEngineConfig{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *KubernetesSecretEngineConfig) ValidateCreate() (admission.Warnings, error) { - kubernetessecretengineconfiglog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *KubernetesSecretEngineConfig) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*KubernetesSecretEngineConfig) + kubernetessecretengineconfiglog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. - return nil, r.isValid() + return nil, cr.isValid() } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *KubernetesSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - kubernetessecretengineconfiglog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *KubernetesSecretEngineConfig) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*KubernetesSecretEngineConfig) + new := newObj.(*KubernetesSecretEngineConfig) + + kubernetessecretengineconfiglog.Info("validate update", "name", new.Name) // the path cannot be updated - if r.Spec.Path != old.(*KubernetesSecretEngineConfig).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } // TODO(user): fill in your validation logic upon object update. - return nil, r.isValid() + return nil, new.isValid() } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *KubernetesSecretEngineConfig) ValidateDelete() (admission.Warnings, error) { - kubernetessecretengineconfiglog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *KubernetesSecretEngineConfig) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*KubernetesSecretEngineConfig) + kubernetessecretengineconfiglog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/kubernetessecretenginerole_webhook.go b/api/v1alpha1/kubernetessecretenginerole_webhook.go index 6b405596..4c216388 100644 --- a/api/v1alpha1/kubernetessecretenginerole_webhook.go +++ b/api/v1alpha1/kubernetessecretenginerole_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -39,42 +39,47 @@ func (r *KubernetesSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) e //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-kubernetessecretenginerole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=kubernetessecretengineroles,verbs=create,versions=v1alpha1,name=mkubernetessecretenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &KubernetesSecretEngineRole{} +var _ admission.CustomDefaulter = &KubernetesSecretEngineRole{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *KubernetesSecretEngineRole) Default() { - kubernetessecretenginerolelog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *KubernetesSecretEngineRole) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*KubernetesSecretEngineRole) + kubernetessecretenginerolelog.Info("default", "name", cr.Name) // TODO(user): fill in your defaulting logic. + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-kubernetessecretenginerole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=kubernetessecretengineroles,verbs=update,versions=v1alpha1,name=vkubernetessecretenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &KubernetesSecretEngineRole{} - -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *KubernetesSecretEngineRole) ValidateCreate() (admission.Warnings, error) { - kubernetessecretenginerolelog.Info("validate create", "name", r.Name) - // the path cannot be updated +var _ admission.CustomValidator = &KubernetesSecretEngineRole{} +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *KubernetesSecretEngineRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*KubernetesSecretEngineRole) + kubernetessecretenginerolelog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *KubernetesSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - kubernetessecretenginerolelog.Info("validate update", "name", r.Name) - if r.Spec.Path != old.(*KubernetesSecretEngineRole).Spec.Path { +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *KubernetesSecretEngineRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*KubernetesSecretEngineRole) + new := newObj.(*KubernetesSecretEngineRole) + + kubernetessecretenginerolelog.Info("validate update", "name", new.Name) + // the path cannot be updated + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } // TODO(user): fill in your validation logic upon object update. return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *KubernetesSecretEngineRole) ValidateDelete() (admission.Warnings, error) { - kubernetessecretenginerolelog.Info("validate delete", "name", r.Name) - +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *KubernetesSecretEngineRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*KubernetesSecretEngineRole) + kubernetessecretenginerolelog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil } diff --git a/api/v1alpha1/ldapauthengineconfig_webhook.go b/api/v1alpha1/ldapauthengineconfig_webhook.go index 0caeb4c7..98c4ac85 100644 --- a/api/v1alpha1/ldapauthengineconfig_webhook.go +++ b/api/v1alpha1/ldapauthengineconfig_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,38 +37,43 @@ func (r *LDAPAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-ldapauthengineconfig,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=ldapauthengineconfigs,verbs=create,versions=v1alpha1,name=mldapauthengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &LDAPAuthEngineConfig{} +var _ admission.CustomDefaulter = &LDAPAuthEngineConfig{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *LDAPAuthEngineConfig) Default() { - ldapauthengineconfiglog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *LDAPAuthEngineConfig) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*LDAPAuthEngineConfig) + ldapauthengineconfiglog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-ldapauthengineconfig,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=ldapauthengineconfigs,verbs=update,versions=v1alpha1,name=vldapauthengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &LDAPAuthEngineConfig{} - -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *LDAPAuthEngineConfig) ValidateCreate() (admission.Warnings, error) { - ldapauthengineconfiglog.Info("validate create", "name", r.Name) +var _ admission.CustomValidator = &LDAPAuthEngineConfig{} +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *LDAPAuthEngineConfig) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*LDAPAuthEngineConfig) + ldapauthengineconfiglog.Info("validate create", "name", cr.Name) return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *LDAPAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - ldapauthengineconfiglog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *LDAPAuthEngineConfig) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*LDAPAuthEngineConfig) + new := newObj.(*LDAPAuthEngineConfig) + + ldapauthengineconfiglog.Info("validate update", "name", new.Name) // the path cannot be updated - if r.Spec.Path != old.(*LDAPAuthEngineConfig).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *LDAPAuthEngineConfig) ValidateDelete() (admission.Warnings, error) { - ldapauthengineconfiglog.Info("validate delete", "name", r.Name) - +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *LDAPAuthEngineConfig) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*LDAPAuthEngineConfig) + ldapauthengineconfiglog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/ldapauthenginegroup_webhook.go b/api/v1alpha1/ldapauthenginegroup_webhook.go index e679439d..7e6a2839 100644 --- a/api/v1alpha1/ldapauthenginegroup_webhook.go +++ b/api/v1alpha1/ldapauthenginegroup_webhook.go @@ -17,10 +17,11 @@ limitations under the License. package v1alpha1 import ( + "context" + "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -35,34 +36,38 @@ func (r *LDAPAuthEngineGroup) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-ldapauthenginegroup,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=ldapauthenginegroups,verbs=create,versions=v1alpha1,name=mldapauthenginegroup.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &LDAPAuthEngineGroup{} +var _ admission.CustomDefaulter = &LDAPAuthEngineGroup{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *LDAPAuthEngineGroup) Default() { - ldapauthenginegrouplog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *LDAPAuthEngineGroup) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*LDAPAuthEngineGroup) + ldapauthenginegrouplog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-ldapauthenginegroup,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=ldapauthenginegroups,verbs=update,versions=v1alpha1,name=vldapauthenginegroup.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &LDAPAuthEngineGroup{} - -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *LDAPAuthEngineGroup) ValidateCreate() (admission.Warnings, error) { - ldapauthenginegrouplog.Info("validate create", "name", r.Name) +var _ admission.CustomValidator = &LDAPAuthEngineGroup{} +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *LDAPAuthEngineGroup) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*LDAPAuthEngineGroup) + ldapauthenginegrouplog.Info("validate create", "name", cr.Name) return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *LDAPAuthEngineGroup) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - ldapauthenginegrouplog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *LDAPAuthEngineGroup) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + _ = oldObj.(*LDAPAuthEngineGroup) + new := newObj.(*LDAPAuthEngineGroup) + ldapauthenginegrouplog.Info("validate update", "name", new.Name) return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *LDAPAuthEngineGroup) ValidateDelete() (admission.Warnings, error) { - ldapauthenginegrouplog.Info("validate delete", "name", r.Name) - +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *LDAPAuthEngineGroup) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*LDAPAuthEngineGroup) + ldapauthenginegrouplog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/passwordpolicy_webhook.go b/api/v1alpha1/passwordpolicy_webhook.go index 297e5218..14712d7f 100644 --- a/api/v1alpha1/passwordpolicy_webhook.go +++ b/api/v1alpha1/passwordpolicy_webhook.go @@ -17,10 +17,11 @@ limitations under the License. package v1alpha1 import ( + "context" + "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,37 +38,44 @@ func (r *PasswordPolicy) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-passwordpolicy,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=passwordpolicies,verbs=create,versions=v1alpha1,name=mpasswordpolicy.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Defaulter = &PasswordPolicy{} +var _ admission.CustomDefaulter = &PasswordPolicy{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *PasswordPolicy) Default() { - passwordpolicylog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *PasswordPolicy) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*PasswordPolicy) + passwordpolicylog.Info("default", "name", cr.Name) + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-passwordpolicy,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=passwordpolicies,verbs=create;update,versions=v1alpha1,name=vpasswordpolicy.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Validator = &PasswordPolicy{} +var _ admission.CustomValidator = &PasswordPolicy{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *PasswordPolicy) ValidateCreate() (admission.Warnings, error) { - passwordpolicylog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *PasswordPolicy) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*PasswordPolicy) + passwordpolicylog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *PasswordPolicy) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - passwordpolicylog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *PasswordPolicy) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + _ = oldObj.(*PasswordPolicy) + new := newObj.(*PasswordPolicy) + + passwordpolicylog.Info("validate update", "name", new.Name) // TODO(user): fill in your validation logic upon object update. return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *PasswordPolicy) ValidateDelete() (admission.Warnings, error) { - passwordpolicylog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *PasswordPolicy) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*PasswordPolicy) + passwordpolicylog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/pkisecretengineconfig_webhook.go b/api/v1alpha1/pkisecretengineconfig_webhook.go index 81a8652f..8d1d0b54 100644 --- a/api/v1alpha1/pkisecretengineconfig_webhook.go +++ b/api/v1alpha1/pkisecretengineconfig_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -39,49 +39,56 @@ func (r *PKISecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-pkisecretengineconfig,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=pkisecretengineconfigs,verbs=create,versions=v1alpha1,name=mpkisecretengineconfig.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Defaulter = &PKISecretEngineConfig{} +var _ admission.CustomDefaulter = &PKISecretEngineConfig{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *PKISecretEngineConfig) Default() { - pkisecretengineconfiglog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *PKISecretEngineConfig) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*PKISecretEngineConfig) + pkisecretengineconfiglog.Info("default", "name", cr.Name) + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-pkisecretengineconfig,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=pkisecretengineconfigs,verbs=update,versions=v1alpha1,name=vpkisecretengineconfig.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Validator = &PKISecretEngineConfig{} +var _ admission.CustomValidator = &PKISecretEngineConfig{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *PKISecretEngineConfig) ValidateCreate() (admission.Warnings, error) { - pkisecretengineconfiglog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *PKISecretEngineConfig) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*PKISecretEngineConfig) + pkisecretengineconfiglog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *PKISecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - pkisecretengineconfiglog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *PKISecretEngineConfig) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*PKISecretEngineConfig) + new := newObj.(*PKISecretEngineConfig) + + pkisecretengineconfiglog.Info("validate update", "name", new.Name) // the path cannot be updated - if r.Spec.Path != old.(*PKISecretEngineConfig).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } - if r.Spec.Type != old.(*PKISecretEngineConfig).Spec.Type { + if new.Spec.Type != old.Spec.Type { return nil, errors.New("spec.type cannot be updated") } - if r.Spec.PrivateKeyType != old.(*PKISecretEngineConfig).Spec.PrivateKeyType { + if new.Spec.PrivateKeyType != old.Spec.PrivateKeyType { return nil, errors.New("spec.privateKeyType cannot be updated") } return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *PKISecretEngineConfig) ValidateDelete() (admission.Warnings, error) { - pkisecretengineconfiglog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *PKISecretEngineConfig) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*PKISecretEngineConfig) + pkisecretengineconfiglog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/pkisecretenginerole_webhook.go b/api/v1alpha1/pkisecretenginerole_webhook.go index 4928ba9d..fa23a425 100644 --- a/api/v1alpha1/pkisecretenginerole_webhook.go +++ b/api/v1alpha1/pkisecretenginerole_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -39,42 +39,48 @@ func (r *PKISecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-pkisecretenginerole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=pkisecretengineroles,verbs=create,versions=v1alpha1,name=mpkisecretenginerole.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Defaulter = &PKISecretEngineRole{} +var _ admission.CustomDefaulter = &PKISecretEngineRole{} -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *PKISecretEngineRole) Default() { - pkisecretenginerolelog.Info("default", "name", r.Name) +// Default implements admission.CustomDefaulter so a webhook will be registered for the type +func (r *PKISecretEngineRole) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*PKISecretEngineRole) + pkisecretenginerolelog.Info("default", "name", cr.Name) + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-pkisecretenginerole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=pkisecretengineroles,verbs=update,versions=v1alpha1,name=vpkisecretenginerole.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Validator = &PKISecretEngineRole{} +var _ admission.CustomValidator = &PKISecretEngineRole{} -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *PKISecretEngineRole) ValidateCreate() (admission.Warnings, error) { - pkisecretenginerolelog.Info("validate create", "name", r.Name) +// ValidateCreate implements admission.CustomValidator so a webhook will be registered for the type +func (r *PKISecretEngineRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*PKISecretEngineRole) + pkisecretenginerolelog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *PKISecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - pkisecretenginerolelog.Info("validate update", "name", r.Name) +// ValidateUpdate implements admission.CustomValidator so a webhook will be registered for the type +func (r *PKISecretEngineRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + old := oldObj.(*PKISecretEngineRole) + new := newObj.(*PKISecretEngineRole) - pkisecretenginerolelog.Info("validate update", "name", r.Name) + pkisecretenginerolelog.Info("validate update", "name", new.Name) + pkisecretenginerolelog.Info("validate update", "name", new.Name) // the path cannot be updated - if r.Spec.Path != old.(*PKISecretEngineRole).Spec.Path { + if new.Spec.Path != old.Spec.Path { return nil, errors.New("spec.path cannot be updated") } return nil, nil } -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *PKISecretEngineRole) ValidateDelete() (admission.Warnings, error) { - pkisecretenginerolelog.Info("validate delete", "name", r.Name) +// ValidateDelete implements admission.CustomValidator so a webhook will be registered for the type +func (r *PKISecretEngineRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*PKISecretEngineRole) + pkisecretenginerolelog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/policy_webhook.go b/api/v1alpha1/policy_webhook.go index b6ee03e8..07fdf01d 100644 --- a/api/v1alpha1/policy_webhook.go +++ b/api/v1alpha1/policy_webhook.go @@ -17,10 +17,11 @@ limitations under the License. package v1alpha1 import ( + "context" + "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,37 +38,43 @@ func (r *Policy) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-policy,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=policies,verbs=create,versions=v1alpha1,name=mpolicy.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Defaulter = &Policy{} +var _ admission.CustomDefaulter = &Policy{} // Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *Policy) Default() { - policylog.Info("default", "name", r.Name) +func (r *Policy) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*Policy) + policylog.Info("default", "name", cr.Name) + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-policy,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=policies,verbs=create;update,versions=v1alpha1,name=vpolicy.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Validator = &Policy{} +var _ admission.CustomValidator = &Policy{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *Policy) ValidateCreate() (admission.Warnings, error) { - policylog.Info("validate create", "name", r.Name) +func (r *Policy) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*Policy) + policylog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *Policy) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - policylog.Info("validate update", "name", r.Name) +func (r *Policy) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + _ = oldObj.(*Policy) + cr := newObj.(*Policy) + policylog.Info("validate update", "name", cr.Name) // TODO(user): fill in your validation logic upon object update. return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *Policy) ValidateDelete() (admission.Warnings, error) { - policylog.Info("validate delete", "name", r.Name) +func (r *Policy) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*Policy) + policylog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/quaysecretengineconfig_webhook.go b/api/v1alpha1/quaysecretengineconfig_webhook.go index a9214205..6f7ccb9a 100644 --- a/api/v1alpha1/quaysecretengineconfig_webhook.go +++ b/api/v1alpha1/quaysecretengineconfig_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -39,39 +39,44 @@ func (r *QuaySecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-quaysecretengineconfig,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=quaysecretengineconfigs,verbs=create,versions=v1alpha1,name=mquaysecretengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &QuaySecretEngineConfig{} +var _ admission.CustomDefaulter = &QuaySecretEngineConfig{} // Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *QuaySecretEngineConfig) Default() { - quaysecretengineconfiglog.Info("default", "name", r.Name) +func (r *QuaySecretEngineConfig) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*QuaySecretEngineConfig) + quaysecretengineconfiglog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-quaysecretengineconfig,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=quaysecretengineconfigs,verbs=create;update,versions=v1alpha1,name=vquaysecretengineconfig.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &QuaySecretEngineConfig{} +var _ admission.CustomValidator = &QuaySecretEngineConfig{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *QuaySecretEngineConfig) ValidateCreate() (admission.Warnings, error) { - quaysecretengineconfiglog.Info("validate create", "name", r.Name) +func (r *QuaySecretEngineConfig) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*QuaySecretEngineConfig) + quaysecretengineconfiglog.Info("validate create", "name", cr.Name) - return nil, r.isValid() + return nil, cr.isValid() } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *QuaySecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - quaysecretengineconfiglog.Info("validate update", "name", r.Name) +func (r *QuaySecretEngineConfig) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + oldCfg := oldObj.(*QuaySecretEngineConfig) + cr := newObj.(*QuaySecretEngineConfig) + quaysecretengineconfiglog.Info("validate update", "name", cr.Name) // the path cannot be updated - if r.Spec.Path != old.(*QuaySecretEngineConfig).Spec.Path { + if cr.Spec.Path != oldCfg.Spec.Path { return nil, errors.New("spec.path cannot be updated") } - return nil, r.isValid() - + return nil, cr.isValid() } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *QuaySecretEngineConfig) ValidateDelete() (admission.Warnings, error) { - quaysecretengineconfiglog.Info("validate delete", "name", r.Name) +func (r *QuaySecretEngineConfig) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*QuaySecretEngineConfig) + quaysecretengineconfiglog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/quaysecretenginerole_webhook.go b/api/v1alpha1/quaysecretenginerole_webhook.go index a0fad333..03dcc9d5 100644 --- a/api/v1alpha1/quaysecretenginerole_webhook.go +++ b/api/v1alpha1/quaysecretenginerole_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,30 +37,35 @@ func (r *QuaySecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-quaysecretenginerole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=quaysecretengineroles,verbs=create,versions=v1alpha1,name=mquaysecretenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &QuaySecretEngineRole{} +var _ admission.CustomDefaulter = &QuaySecretEngineRole{} // Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *QuaySecretEngineRole) Default() { - quaysecretenginerolelog.Info("default", "name", r.Name) +func (r *QuaySecretEngineRole) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*QuaySecretEngineRole) + quaysecretenginerolelog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-quaysecretenginerole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=quaysecretengineroles,verbs=create;update,versions=v1alpha1,name=vquaysecretenginerole.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &QuaySecretEngineRole{} +var _ admission.CustomValidator = &QuaySecretEngineRole{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *QuaySecretEngineRole) ValidateCreate() (admission.Warnings, error) { - quaysecretenginerolelog.Info("validate create", "name", r.Name) +func (r *QuaySecretEngineRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*QuaySecretEngineRole) + quaysecretenginerolelog.Info("validate create", "name", cr.Name) return nil, nil } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *QuaySecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - quaysecretenginerolelog.Info("validate update", "name", r.Name) +func (r *QuaySecretEngineRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + oldRole := oldObj.(*QuaySecretEngineRole) + cr := newObj.(*QuaySecretEngineRole) + quaysecretenginerolelog.Info("validate update", "name", cr.Name) // the path cannot be updated - if r.Spec.Path != old.(*QuaySecretEngineRole).Spec.Path { + if cr.Spec.Path != oldRole.Spec.Path { return nil, errors.New("spec.path cannot be updated") } @@ -68,8 +73,9 @@ func (r *QuaySecretEngineRole) ValidateUpdate(old runtime.Object) (admission.War } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *QuaySecretEngineRole) ValidateDelete() (admission.Warnings, error) { - quaysecretenginerolelog.Info("validate delete", "name", r.Name) +func (r *QuaySecretEngineRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*QuaySecretEngineRole) + quaysecretenginerolelog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/quaysecretenginestaticrole_webhook.go b/api/v1alpha1/quaysecretenginestaticrole_webhook.go index ad7281eb..322b58af 100644 --- a/api/v1alpha1/quaysecretenginestaticrole_webhook.go +++ b/api/v1alpha1/quaysecretenginestaticrole_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,30 +37,35 @@ func (r *QuaySecretEngineStaticRole) SetupWebhookWithManager(mgr ctrl.Manager) e //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-quaysecretenginestaticrole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=quaysecretenginestaticroles,verbs=create,versions=v1alpha1,name=mquaysecretenginestaticrole.kb.io,admissionReviewVersions=v1 -var _ webhook.Defaulter = &QuaySecretEngineStaticRole{} +var _ admission.CustomDefaulter = &QuaySecretEngineStaticRole{} // Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *QuaySecretEngineStaticRole) Default() { - quaysecretenginestaticrolelog.Info("default", "name", r.Name) +func (r *QuaySecretEngineStaticRole) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*QuaySecretEngineStaticRole) + quaysecretenginestaticrolelog.Info("default", "name", cr.Name) + return nil } //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-quaysecretenginestaticrole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=quaysecretenginestaticroles,verbs=create;update,versions=v1alpha1,name=vquaysecretenginestaticrole.kb.io,admissionReviewVersions=v1 -var _ webhook.Validator = &QuaySecretEngineStaticRole{} +var _ admission.CustomValidator = &QuaySecretEngineStaticRole{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *QuaySecretEngineStaticRole) ValidateCreate() (admission.Warnings, error) { - quaysecretenginestaticrolelog.Info("validate create", "name", r.Name) +func (r *QuaySecretEngineStaticRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*QuaySecretEngineStaticRole) + quaysecretenginestaticrolelog.Info("validate create", "name", cr.Name) return nil, nil } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *QuaySecretEngineStaticRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - quaysecretenginestaticrolelog.Info("validate update", "name", r.Name) +func (r *QuaySecretEngineStaticRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + oldRole := oldObj.(*QuaySecretEngineStaticRole) + cr := newObj.(*QuaySecretEngineStaticRole) + quaysecretenginestaticrolelog.Info("validate update", "name", cr.Name) // the path cannot be updated - if r.Spec.Path != old.(*QuaySecretEngineStaticRole).Spec.Path { + if cr.Spec.Path != oldRole.Spec.Path { return nil, errors.New("spec.path cannot be updated") } @@ -68,8 +73,9 @@ func (r *QuaySecretEngineStaticRole) ValidateUpdate(old runtime.Object) (admissi } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *QuaySecretEngineStaticRole) ValidateDelete() (admission.Warnings, error) { - quaysecretenginestaticrolelog.Info("validate delete", "name", r.Name) +func (r *QuaySecretEngineStaticRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*QuaySecretEngineStaticRole) + quaysecretenginestaticrolelog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/rabbitmqsecretenginerole_webhook.go b/api/v1alpha1/rabbitmqsecretenginerole_webhook.go index f241d88c..0e151ba0 100644 --- a/api/v1alpha1/rabbitmqsecretenginerole_webhook.go +++ b/api/v1alpha1/rabbitmqsecretenginerole_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,40 +37,46 @@ func (r *RabbitMQSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) err //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-rabbitmqsecretenginerole,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=rabbitmqsecretengineroles,verbs=create,versions=v1alpha1,name=mrabbitmqsecretenginerole.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Defaulter = &RabbitMQSecretEngineRole{} +var _ admission.CustomDefaulter = &RabbitMQSecretEngineRole{} // Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *RabbitMQSecretEngineRole) Default() { - rabbitmqsecretenginerolelog.Info("default", "name", r.Name) +func (r *RabbitMQSecretEngineRole) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*RabbitMQSecretEngineRole) + rabbitmqsecretenginerolelog.Info("default", "name", cr.Name) + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-rabbitmqsecretenginerole,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=rabbitmqsecretengineroles,verbs=update,versions=v1alpha1,name=vrabbitmqsecretenginerole.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Validator = &RabbitMQSecretEngineRole{} +var _ admission.CustomValidator = &RabbitMQSecretEngineRole{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *RabbitMQSecretEngineRole) ValidateCreate() (admission.Warnings, error) { - rabbitmqsecretenginerolelog.Info("validate create", "name", r.Name) +func (r *RabbitMQSecretEngineRole) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*RabbitMQSecretEngineRole) + rabbitmqsecretenginerolelog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *RabbitMQSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - rabbitmqsecretenginerolelog.Info("validate update", "name", r.Name) +func (r *RabbitMQSecretEngineRole) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + oldRole := oldObj.(*RabbitMQSecretEngineRole) + cr := newObj.(*RabbitMQSecretEngineRole) + rabbitmqsecretenginerolelog.Info("validate update", "name", cr.Name) // the path cannot be updated - if r.Spec.Path != old.(*RabbitMQSecretEngineRole).Spec.Path { + if cr.Spec.Path != oldRole.Spec.Path { return nil, errors.New("spec.path cannot be updated") } return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *RabbitMQSecretEngineRole) ValidateDelete() (admission.Warnings, error) { - rabbitmqsecretenginerolelog.Info("validate delete", "name", r.Name) +func (r *RabbitMQSecretEngineRole) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*RabbitMQSecretEngineRole) + rabbitmqsecretenginerolelog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/randomsecret_webhook.go b/api/v1alpha1/randomsecret_webhook.go index f50698f2..1f7e9807 100644 --- a/api/v1alpha1/randomsecret_webhook.go +++ b/api/v1alpha1/randomsecret_webhook.go @@ -17,12 +17,12 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -39,47 +39,53 @@ func (r *RandomSecret) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-randomsecret,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=randomsecrets,verbs=create,versions=v1alpha1,name=mrandomsecret.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Defaulter = &RandomSecret{} +var _ admission.CustomDefaulter = &RandomSecret{} // Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *RandomSecret) Default() { - authenginemountlog.Info("default", "name", r.Name) +func (r *RandomSecret) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*RandomSecret) + authenginemountlog.Info("default", "name", cr.Name) + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-randomsecret,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=randomsecrets,verbs=create;update,versions=v1alpha1,name=vrandomsecret.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Validator = &RandomSecret{} +var _ admission.CustomValidator = &RandomSecret{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *RandomSecret) ValidateCreate() (admission.Warnings, error) { - randomsecretlog.Info("validate create", "name", r.Name) +func (r *RandomSecret) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*RandomSecret) + randomsecretlog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. - return nil, r.isValid() + return nil, cr.isValid() } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *RandomSecret) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - randomsecretlog.Info("validate update", "name", r.Name) +func (r *RandomSecret) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + oldRS := oldObj.(*RandomSecret) + cr := newObj.(*RandomSecret) + randomsecretlog.Info("validate update", "name", cr.Name) // the path cannot be updated - if r.Spec.Path != old.(*RandomSecret).Spec.Path { + if cr.Spec.Path != oldRS.Spec.Path { return nil, errors.New("spec.path cannot be updated") } // the secret key cannot be updated - if r.Spec.SecretKey != old.(*RandomSecret).Spec.SecretKey { + if cr.Spec.SecretKey != oldRS.Spec.SecretKey { return nil, errors.New("spec.secretKey cannot be updated") } // TODO(user): fill in your validation logic upon object update. - return nil, r.isValid() + return nil, cr.isValid() } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *RandomSecret) ValidateDelete() (admission.Warnings, error) { - randomsecretlog.Info("validate delete", "name", r.Name) +func (r *RandomSecret) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*RandomSecret) + randomsecretlog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/secretenginemount_webhook.go b/api/v1alpha1/secretenginemount_webhook.go index 56194b76..3d50232e 100644 --- a/api/v1alpha1/secretenginemount_webhook.go +++ b/api/v1alpha1/secretenginemount_webhook.go @@ -17,13 +17,13 @@ limitations under the License. package v1alpha1 import ( + "context" "errors" "reflect" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -40,37 +40,42 @@ func (r *SecretEngineMount) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-secretenginemount,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=secretenginemounts,verbs=create,versions=v1alpha1,name=msecretenginemount.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Defaulter = &SecretEngineMount{} +var _ admission.CustomDefaulter = &SecretEngineMount{} // Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *SecretEngineMount) Default() { - authenginemountlog.Info("default", "name", r.Name) +func (r *SecretEngineMount) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*SecretEngineMount) + authenginemountlog.Info("default", "name", cr.Name) + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-secretenginemount,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=secretenginemounts,verbs=update,versions=v1alpha1,name=vsecretenginemount.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Validator = &SecretEngineMount{} +var _ admission.CustomValidator = &SecretEngineMount{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *SecretEngineMount) ValidateCreate() (admission.Warnings, error) { - secretenginemountlog.Info("validate create", "name", r.Name) +func (r *SecretEngineMount) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*SecretEngineMount) + secretenginemountlog.Info("validate create", "name", cr.Name) // TODO(user): fill in your validation logic upon object creation. return nil, nil } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *SecretEngineMount) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - secretenginemountlog.Info("validate update", "name", r.Name) +func (r *SecretEngineMount) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + oldSEM := oldObj.(*SecretEngineMount) + cr := newObj.(*SecretEngineMount) + secretenginemountlog.Info("validate update", "name", cr.Name) // the path cannot be updated - if r.Spec.Path != old.(*SecretEngineMount).Spec.Path { + if cr.Spec.Path != oldSEM.Spec.Path { return nil, errors.New("spec.path cannot be updated") } // only mount config can be modified - oldMount := old.(*SecretEngineMount).Spec.Mount - newMount := r.Spec.Mount + oldMount := oldSEM.Spec.Mount + newMount := cr.Spec.Mount oldMount.Config = MountConfig{} newMount.Config = MountConfig{} if !reflect.DeepEqual(oldMount, newMount) { @@ -80,8 +85,9 @@ func (r *SecretEngineMount) ValidateUpdate(old runtime.Object) (admission.Warnin } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *SecretEngineMount) ValidateDelete() (admission.Warnings, error) { - secretenginemountlog.Info("validate delete", "name", r.Name) +func (r *SecretEngineMount) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*SecretEngineMount) + secretenginemountlog.Info("validate delete", "name", cr.Name) // TODO(user): fill in your validation logic upon object deletion. return nil, nil diff --git a/api/v1alpha1/vaultsecret_webhook.go b/api/v1alpha1/vaultsecret_webhook.go index 134f1dee..4ac921a5 100644 --- a/api/v1alpha1/vaultsecret_webhook.go +++ b/api/v1alpha1/vaultsecret_webhook.go @@ -17,10 +17,11 @@ limitations under the License. package v1alpha1 import ( + "context" + "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -37,32 +38,38 @@ func (r *VaultSecret) SetupWebhookWithManager(mgr ctrl.Manager) error { //+kubebuilder:webhook:path=/mutate-redhatcop-redhat-io-v1alpha1-vaultsecret,mutating=true,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=vaultsecrets,verbs=create;update,versions=v1alpha1,name=mvaultsecret.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Defaulter = &VaultSecret{} +var _ admission.CustomDefaulter = &VaultSecret{} // Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *VaultSecret) Default() { +func (r *VaultSecret) Default(_ context.Context, obj runtime.Object) error { + cr := obj.(*VaultSecret) // vaultsecretlog.Info("default", "name", r.Name) + _ = cr + return nil } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. //+kubebuilder:webhook:path=/validate-redhatcop-redhat-io-v1alpha1-vaultsecret,mutating=false,failurePolicy=fail,sideEffects=None,groups=redhatcop.redhat.io,resources=vaultsecrets,verbs=create;update,versions=v1alpha1,name=vvaultsecret.kb.io,admissionReviewVersions={v1,v1beta1} -var _ webhook.Validator = &VaultSecret{} +var _ admission.CustomValidator = &VaultSecret{} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *VaultSecret) ValidateCreate() (admission.Warnings, error) { - vaultsecretlog.Info("validate create", "name", r.Name) - return nil, r.isValid() +func (r *VaultSecret) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*VaultSecret) + vaultsecretlog.Info("validate create", "name", cr.Name) + return nil, cr.isValid() } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *VaultSecret) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - vaultsecretlog.Info("validate update", "name", r.Name) - return nil, r.isValid() +func (r *VaultSecret) ValidateUpdate(_ context.Context, _oldObj, newObj runtime.Object) (admission.Warnings, error) { + cr := newObj.(*VaultSecret) + vaultsecretlog.Info("validate update", "name", cr.Name) + return nil, cr.isValid() } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *VaultSecret) ValidateDelete() (admission.Warnings, error) { - vaultsecretlog.Info("validate delete", "name", r.Name) +func (r *VaultSecret) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + cr := obj.(*VaultSecret) + vaultsecretlog.Info("validate delete", "name", cr.Name) return nil, nil } diff --git a/api/v1alpha1/webhook_suite_test.go b/api/v1alpha1/webhook_suite_test.go index c6667b9c..394a16fb 100644 --- a/api/v1alpha1/webhook_suite_test.go +++ b/api/v1alpha1/webhook_suite_test.go @@ -21,8 +21,8 @@ import ( "crypto/tls" "fmt" "net" + "os" "path/filepath" - "runtime" "testing" "time" @@ -65,17 +65,9 @@ var _ = BeforeSuite(func() { By("bootstrapping test environment") testEnv = &envtest.Environment{ + BinaryAssetsDirectory: getFirstFoundEnvTestBinaryDir(), CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, ErrorIfCRDPathMissing: false, - - // The BinaryAssetsDirectory is only required if you want to run the tests directly - // without call the makefile target test. If not informed it will look for the - // default path defined in controller-runtime which is /usr/local/kubebuilder/. - // Note that you must have the required binaries setup under the bin directory to perform - // the tests directly. When we run make test it will be setup and used automatically. - BinaryAssetsDirectory: filepath.Join("..", "..", "bin", "k8s", - fmt.Sprintf("1.31.0-%s-%s", runtime.GOOS, runtime.GOARCH)), - WebhookInstallOptions: envtest.WebhookInstallOptions{ Paths: []string{filepath.Join("..", "..", "config", "webhook")}, }, @@ -246,3 +238,18 @@ var _ = AfterSuite(func() { err := testEnv.Stop() Expect(err).NotTo(HaveOccurred()) }) + +func getFirstFoundEnvTestBinaryDir() string { + basePath := filepath.Join("..", "..", "..", "bin", "k8s") + entries, err := os.ReadDir(basePath) + if err != nil { + logf.Log.Error(err, "Failed to read directory", "path", basePath) + return "" + } + for _, entry := range entries { + if entry.IsDir() { + return filepath.Join(basePath, entry.Name()) + } + } + return "" +} diff --git a/ci.Dockerfile.dockerignore b/ci.Dockerfile.dockerignore index e0041331..a0cd49a9 100644 --- a/ci.Dockerfile.dockerignore +++ b/ci.Dockerfile.dockerignore @@ -1,7 +1,7 @@ api/ bundle/ config/ -controllers/ +internal/controllers/ examples/ hack/ test/ diff --git a/main.go b/cmd/main.go similarity index 57% rename from main.go rename to cmd/main.go index 2962594a..6a6e239a 100644 --- a/main.go +++ b/cmd/main.go @@ -20,9 +20,13 @@ import ( "crypto/tls" "flag" "os" + "path/filepath" "strconv" "time" + controller "github.com/redhat-cop/vault-config-operator/internal/controller" + "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) // to ensure that exec-entrypoint and run can make use of them. _ "k8s.io/client-go/plugin/pkg/client/auth" @@ -31,18 +35,16 @@ import ( utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" ctrl "sigs.k8s.io/controller-runtime" + + "sigs.k8s.io/controller-runtime/pkg/cache" + "sigs.k8s.io/controller-runtime/pkg/certwatcher" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" + "sigs.k8s.io/controller-runtime/pkg/metrics/filters" metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" - - //"github.com/redhat-cop/operator-utils/pkg/util" - "sigs.k8s.io/controller-runtime/pkg/webhook" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" - "sigs.k8s.io/controller-runtime/pkg/cache" //+kubebuilder:scaffold:imports ) @@ -53,70 +55,119 @@ var ( func init() { utilruntime.Must(clientgoscheme.AddToScheme(scheme)) - utilruntime.Must(redhatcopv1alpha1.AddToScheme(scheme)) //+kubebuilder:scaffold:scheme } func main() { - var metricsAddr string - var enableLeaderElection bool - var probeAddr string - var enableHTTP2 bool - var secureMetrics bool - var tlsOpts []func(*tls.Config) - flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") - flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + var ( + metricsAddr string + enableLeaderElection bool + probeAddr string + enableHTTP2 bool + secureMetrics bool + tlsOpts []func(*tls.Config) + + metricsCertPath string + metricsCertName string + metricsCertKey string + webhookCertPath string + webhookCertName string + webhookCertKey string + ) + + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", + "The address the metrics endpoint binds to. Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.") + flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", + "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, - "Enable leader election for controller manager. "+ - "Enabling this will ensure there is only one active controller manager.") - opts := zap.Options{ - Development: true, - } + "Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.") + flag.BoolVar(&secureMetrics, "metrics-secure", true, + "If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.") + + flag.StringVar(&webhookCertPath, "webhook-cert-path", "", "The directory that contains the webhook certificate.") + flag.StringVar(&webhookCertName, "webhook-cert-name", "tls.crt", "The name of the webhook certificate file.") + flag.StringVar(&webhookCertKey, "webhook-cert-key", "tls.key", "The name of the webhook key file.") + flag.StringVar(&metricsCertPath, "metrics-cert-path", "", "The directory that contains the metrics server certificate.") + flag.StringVar(&metricsCertName, "metrics-cert-name", "tls.crt", "The name of the metrics server certificate file.") + flag.StringVar(&metricsCertKey, "metrics-cert-key", "tls.key", "The name of the metrics server key file.") + + opts := zap.Options{Development: true} opts.BindFlags(flag.CommandLine) flag.Parse() ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) - // if the enable-http2 flag is false (the default), http/2 should be disabled - // due to its vulnerabilities. More specifically, disabling http/2 will - // prevent from being vulnerable to the HTTP/2 Stream Cancellation and - // Rapid Reset CVEs. For more information see: - // - https://github.com/advisories/GHSA-qppj-fm5r-hxr3 - // - https://github.com/advisories/GHSA-4374-p667-p6c8 + + // Disable HTTP/2 unless explicitly enabled. disableHTTP2 := func(c *tls.Config) { setupLog.Info("disabling http/2") c.NextProtos = []string{"http/1.1"} } - if !enableHTTP2 { tlsOpts = append(tlsOpts, disableHTTP2) } + var metricsCertWatcher, webhookCertWatcher *certwatcher.CertWatcher + webhookTLSOpts := tlsOpts + + if len(webhookCertPath) > 0 { + setupLog.Info("Initializing webhook certificate watcher using provided certificates", + "webhook-cert-path", webhookCertPath, "webhook-cert-name", webhookCertName, "webhook-cert-key", webhookCertKey) + var err error + webhookCertWatcher, err = certwatcher.New( + filepath.Join(webhookCertPath, webhookCertName), + filepath.Join(webhookCertPath, webhookCertKey), + ) + if err != nil { + setupLog.Error(err, "Failed to initialize webhook certificate watcher") + os.Exit(1) + } + + webhookTLSOpts = append(webhookTLSOpts, func(config *tls.Config) { + config.GetCertificate = webhookCertWatcher.GetCertificate + }) + } + webhookServer := webhook.NewServer(webhook.Options{ - TLSOpts: tlsOpts, + TLSOpts: webhookTLSOpts, // use webhook-specific TLS opts (may include certwatcher) }) - // Metrics endpoint is enabled in 'config/default/kustomization.yaml'. The Metrics options configure the server. - // More info: - // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.0/pkg/metrics/server - // - https://book.kubebuilder.io/reference/metrics.html + // Metrics server options (no kube-rbac-proxy). metricsServerOptions := metricsserver.Options{ BindAddress: metricsAddr, SecureServing: secureMetrics, - // TODO(user): TLSOpts is used to allow configuring the TLS config used for the server. If certificates are - // not provided, self-signed certificates will be generated by default. This option is not recommended for - // production environments as self-signed certificates do not offer the same level of trust and security - // as certificates issued by a trusted Certificate Authority (CA). The primary risk is potentially allowing - // unauthorized access to sensitive metrics data. Consider replacing with CertDir, CertName, and KeyName - // to provide certificates, ensuring the server communicates using trusted and secure certificates. - TLSOpts: tlsOpts, + TLSOpts: tlsOpts, // may be extended below if metrics certs provided } - var syncPeriod = 36000 * time.Second //Defaults to every 10Hrs - if syncPeriodSeconds, ok := os.LookupEnv("SYNC_PERIOD_SECONDS"); ok && syncPeriodSeconds != "" { - if syncPeriodSecondsInt, err := strconv.ParseInt(syncPeriodSeconds, 10, 64); err == nil { - syncPeriod = time.Duration(syncPeriodSecondsInt) * time.Second - } else if err != nil { - setupLog.Error(err, "unable to start manager") + if secureMetrics { + // Protect /metrics with authn/authz. RBAC rules are in config/rbac/*metrics* files. + metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization + } + if len(metricsCertPath) > 0 { + setupLog.Info("Initializing metrics certificate watcher using provided certificates", + "metrics-cert-path", metricsCertPath, "metrics-cert-name", metricsCertName, "metrics-cert-key", metricsCertKey) + + var err error + metricsCertWatcher, err = certwatcher.New( + filepath.Join(metricsCertPath, metricsCertName), + filepath.Join(metricsCertPath, metricsCertKey), + ) + if err != nil { + setupLog.Error(err, "Failed to initialize metrics certificate watcher") + os.Exit(1) + } + + metricsServerOptions.TLSOpts = append(metricsServerOptions.TLSOpts, func(config *tls.Config) { + config.GetCertificate = metricsCertWatcher.GetCertificate + }) + } + + // Optional resync period from env + var syncPeriod = 36000 * time.Second // Defaults to every 10 hours + if v, ok := os.LookupEnv("SYNC_PERIOD_SECONDS"); ok && v != "" { + if n, err := strconv.ParseInt(v, 10, 64); err == nil { + syncPeriod = time.Duration(n) * time.Second + } else { + setupLog.Error(err, "invalid SYNC_PERIOD_SECONDS") os.Exit(1) } } @@ -140,170 +191,170 @@ func main() { // Set the sync period for use in predicates vaultresourcecontroller.SetSyncPeriod(syncPeriod) - if err = (&controllers.KubernetesAuthEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "KubernetesAuthEngineRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.KubernetesAuthEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "KubernetesAuthEngineRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "KubernetesAuthEngineRole") os.Exit(1) } - if err = (&controllers.PolicyReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "Policy")}).SetupWithManager(mgr); err != nil { + if err = (&controller.PolicyReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "Policy")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "Policy") os.Exit(1) } - if err = (&controllers.DatabaseSecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "DatabaseSecretEngineConfig")}).SetupWithManager(mgr); err != nil { + if err = (&controller.DatabaseSecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "DatabaseSecretEngineConfig")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "DatabaseSecretEngineConfig") os.Exit(1) } - if err = (&controllers.DatabaseSecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "DatabaseSecretEngineRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.DatabaseSecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "DatabaseSecretEngineRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "DatabaseSecretEngineRole") os.Exit(1) } - if err = (&controllers.SecretEngineMountReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "SecretEngineMount")}).SetupWithManager(mgr); err != nil { + if err = (&controller.SecretEngineMountReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "SecretEngineMount")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "SecretEngineMount") os.Exit(1) } - if err = (&controllers.RandomSecretReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "RandomSecret")}).SetupWithManager(mgr); err != nil { + if err = (&controller.RandomSecretReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "RandomSecret")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "RandomSecret") os.Exit(1) } setupLog.Info("starting AuthEngineMountReconciler") - if err = (&controllers.AuthEngineMountReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "AuthEngineMount")}).SetupWithManager(mgr); err != nil { + if err = (&controller.AuthEngineMountReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "AuthEngineMount")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "AuthEngineMount") os.Exit(1) } setupLog.Info("started AuthEngineMountReconciler") - if err = (&controllers.KubernetesAuthEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "KubernetesAuthEngineConfig")}).SetupWithManager(mgr); err != nil { + if err = (&controller.KubernetesAuthEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "KubernetesAuthEngineConfig")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "KubernetesAuthEngineConfig") os.Exit(1) } - if err = (&controllers.LDAPAuthEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "LDAPAuthEngineConfig")}).SetupWithManager(mgr); err != nil { + if err = (&controller.LDAPAuthEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "LDAPAuthEngineConfig")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "LDAPAuthEngineConfig") os.Exit(1) } - if err = (&controllers.LDAPAuthEngineGroupReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "LDAPAuthEngineGroup")}).SetupWithManager(mgr); err != nil { + if err = (&controller.LDAPAuthEngineGroupReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "LDAPAuthEngineGroup")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "LDAPAuthEngineGroup") os.Exit(1) } - if err = (&controllers.JWTOIDCAuthEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "JWTOIDCAuthEngineConfig")}).SetupWithManager(mgr); err != nil { + if err = (&controller.JWTOIDCAuthEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "JWTOIDCAuthEngineConfig")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "JWTOIDCAuthEngineConfig") os.Exit(1) } - if err = (&controllers.JWTOIDCAuthEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "JWTOIDCAuthEngineRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.JWTOIDCAuthEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "JWTOIDCAuthEngineRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "JWTOIDCAuthEngineRole") os.Exit(1) } - if err = (&controllers.AzureAuthEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "AzureAuthEngineConfig")}).SetupWithManager(mgr); err != nil { + if err = (&controller.AzureAuthEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "AzureAuthEngineConfig")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "AzureAuthEngineConfig") os.Exit(1) } - if err = (&controllers.AzureAuthEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "AzureAuthEngineRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.AzureAuthEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "AzureAuthEngineRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "AzureAuthEngineRole") os.Exit(1) } - if err = (&controllers.GCPAuthEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "GCPAuthEngineConfig")}).SetupWithManager(mgr); err != nil { + if err = (&controller.GCPAuthEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "GCPAuthEngineConfig")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "GCPAuthEngineConfig") os.Exit(1) } - if err = (&controllers.GCPAuthEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "GCPAuthEngineRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.GCPAuthEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "GCPAuthEngineRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "GCPAuthEngineRole") os.Exit(1) } - if err = (&controllers.CertAuthEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "CertAuthEngineConfig")}).SetupWithManager(mgr); err != nil { + if err = (&controller.CertAuthEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "CertAuthEngineConfig")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "CertAuthEngineConfig") os.Exit(1) } - if err = (&controllers.CertAuthEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "CertAuthEngineRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.CertAuthEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "CertAuthEngineRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "CertAuthEngineRole") os.Exit(1) } - if err = (&controllers.VaultSecretReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "VaultSecret")}).SetupWithManager(mgr); err != nil { + if err = (&controller.VaultSecretReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "VaultSecret")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "VaultSecret") os.Exit(1) } - if err = (&controllers.PasswordPolicyReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "PasswordPolicy")}).SetupWithManager(mgr); err != nil { + if err = (&controller.PasswordPolicyReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "PasswordPolicy")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "PasswordPolicy") os.Exit(1) } - if err = (&controllers.RabbitMQSecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "RabbitMQSecretEngineConfig")}).SetupWithManager(mgr); err != nil { + if err = (&controller.RabbitMQSecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "RabbitMQSecretEngineConfig")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "RabbitMQSecretEngineConfig") os.Exit(1) } - if err = (&controllers.RabbitMQSecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "RabbitMQSecretEngineRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.RabbitMQSecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "RabbitMQSecretEngineRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "RabbitMQSecretEngineRole") os.Exit(1) } - if err = (&controllers.PKISecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "PKISecretEngineConfig")}).SetupWithManager(mgr); err != nil { + if err = (&controller.PKISecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "PKISecretEngineConfig")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "PKISecretEngineConfig") os.Exit(1) } - if err = (&controllers.PKISecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "PKISecretEngineRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.PKISecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "PKISecretEngineRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "PKISecretEngineRole") os.Exit(1) } - if err = (&controllers.GitHubSecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "GitHubSecretEngineConfig")}).SetupWithManager(mgr); err != nil { + if err = (&controller.GitHubSecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "GitHubSecretEngineConfig")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "GitHubSecretEngineConfig") os.Exit(1) } - if err = (&controllers.GitHubSecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "GitHubSecretEngineRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.GitHubSecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "GitHubSecretEngineRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "GitHubSecretEngineRole") os.Exit(1) } - if err = (&controllers.AzureSecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "AzureSecretEngineRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.AzureSecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "AzureSecretEngineRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "AzureSecretEngineRole") os.Exit(1) } - if err = (&controllers.AzureSecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "AzureSecretEngineConfig")}).SetupWithManager(mgr); err != nil { + if err = (&controller.AzureSecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "AzureSecretEngineConfig")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "AzureSecretEngineConfig") os.Exit(1) } - if err = (&controllers.QuaySecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "QuaySecretEngineConfig")}).SetupWithManager(mgr); err != nil { + if err = (&controller.QuaySecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "QuaySecretEngineConfig")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "QuaySecretEngineConfig") os.Exit(1) } - if err = (&controllers.QuaySecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "QuaySecretEngineRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.QuaySecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "QuaySecretEngineRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "QuaySecretEngineRole") os.Exit(1) } - if err = (&controllers.QuaySecretEngineStaticRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "QuaySecretEngineStaticRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.QuaySecretEngineStaticRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "QuaySecretEngineStaticRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "QuaySecretEngineStaticRole") os.Exit(1) } - if err = (&controllers.KubernetesSecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "KubernetesSecretEngineConfig")}).SetupWithManager(mgr); err != nil { + if err = (&controller.KubernetesSecretEngineConfigReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "KubernetesSecretEngineConfig")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "KubernetesSecretEngineConfig") os.Exit(1) } - if err = (&controllers.KubernetesSecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "KubernetesSecretEngineRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.KubernetesSecretEngineRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "KubernetesSecretEngineRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "KubernetesSecretEngineRole") os.Exit(1) } - if err = (&controllers.DatabaseSecretEngineStaticRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "DatabaseSecretEngineStaticRole")}).SetupWithManager(mgr); err != nil { + if err = (&controller.DatabaseSecretEngineStaticRoleReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "DatabaseSecretEngineStaticRole")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "DatabaseSecretEngineStaticRole") os.Exit(1) } - if err = (&controllers.GroupReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "Group")}).SetupWithManager(mgr); err != nil { + if err = (&controller.GroupReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "Group")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "Group") os.Exit(1) } - if err = (&controllers.GroupAliasReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "GroupAlias")}).SetupWithManager(mgr); err != nil { + if err = (&controller.GroupAliasReconciler{ReconcilerBase: vaultresourcecontroller.NewFromManager(mgr, "GroupAlias")}).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "GroupAlias") os.Exit(1) } @@ -469,6 +520,22 @@ func main() { } } + if metricsCertWatcher != nil { + setupLog.Info("Adding metrics certificate watcher to manager") + if err := mgr.Add(metricsCertWatcher); err != nil { + setupLog.Error(err, "Unable to add metrics certificate watcher to manager") + os.Exit(1) + } + } + + if webhookCertWatcher != nil { + setupLog.Info("Adding webhook certificate watcher to manager") + if err := mgr.Add(webhookCertWatcher); err != nil { + setupLog.Error(err, "Unable to add webhook certificate watcher to manager") + os.Exit(1) + } + } + //+kubebuilder:scaffold:builder if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { diff --git a/config/certmanager/certificate-metrics.yaml b/config/certmanager/certificate-metrics.yaml new file mode 100644 index 00000000..53b544be --- /dev/null +++ b/config/certmanager/certificate-metrics.yaml @@ -0,0 +1,20 @@ +# The following manifests contain a self-signed issuer CR and a metrics certificate CR. +# More document can be found at https://docs.cert-manager.io +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: metrics-certs # this name should match the one appeared in kustomizeconfig.yaml + namespace: system +spec: + dnsNames: + # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize + # replacements in the config/default/kustomization.yaml file. + - SERVICE_NAME.SERVICE_NAMESPACE.svc + - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: metrics-server-cert \ No newline at end of file diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate-webhook.yaml similarity index 100% rename from config/certmanager/certificate.yaml rename to config/certmanager/certificate-webhook.yaml diff --git a/config/certmanager/issuer.yaml b/config/certmanager/issuer.yaml new file mode 100644 index 00000000..14ca114a --- /dev/null +++ b/config/certmanager/issuer.yaml @@ -0,0 +1,13 @@ +# The following manifest contains a self-signed issuer CR. +# More information can be found at https://docs.cert-manager.io +# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/name: memcached-operator + app.kubernetes.io/managed-by: kustomize + name: selfsigned-issuer + namespace: system +spec: + selfSigned: {} \ No newline at end of file diff --git a/config/certmanager/kustomization.yaml b/config/certmanager/kustomization.yaml index bebea5a5..10baa65e 100644 --- a/config/certmanager/kustomization.yaml +++ b/config/certmanager/kustomization.yaml @@ -1,5 +1,7 @@ resources: -- certificate.yaml + - certificate-metrics.yaml + - certificate-webhook.yaml + - issuer.yaml configurations: - kustomizeconfig.yaml diff --git a/config/crd/bases/redhatcop.redhat.io_authenginemounts.yaml b/config/crd/bases/redhatcop.redhat.io_authenginemounts.yaml index fec382c6..c6bd1d98 100644 --- a/config/crd/bases/redhatcop.redhat.io_authenginemounts.yaml +++ b/config/crd/bases/redhatcop.redhat.io_authenginemounts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: authenginemounts.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -64,13 +64,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object config: description: Config Specifies configuration options for this auth @@ -176,10 +183,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -191,6 +201,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object description: description: Description Specifies a human-friendly description of @@ -223,6 +235,10 @@ spec: description: Type Specifies the name of the authentication method type, such as "github" or "token". type: string + required: + - authentication + - path + - type type: object status: description: AuthEngineMountStatus defines the observed state of AuthEngineMount @@ -231,16 +247,8 @@ spec: type: string conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -281,12 +289,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_azureauthengineconfigs.yaml b/config/crd/bases/redhatcop.redhat.io_azureauthengineconfigs.yaml index aa613e4b..3ef978a3 100644 --- a/config/crd/bases/redhatcop.redhat.io_azureauthengineconfigs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_azureauthengineconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: azureauthengineconfigs.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -63,13 +63,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object azureCredentials: description: AzureCredentials consists in ClientID and ClientSecret, @@ -88,10 +95,13 @@ spec: password: Specifies the password to use when connecting with the username. This value will not be returned by Vault when performing a read upon the configuration. This is typically used in the connection_url field via the templating directive "{{"password"}}"". properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -103,10 +113,13 @@ spec: If username is provided as spec.username, it takes precedence over the username retrieved from the referenced secret properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -126,6 +139,8 @@ spec: path: description: Path is the path to the secret type: string + required: + - path type: object type: object clientID: @@ -173,10 +188,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -188,6 +206,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object environment: default: AzurePublicCloud @@ -234,6 +254,8 @@ spec: variable. type: string required: + - "" + - path - resource - tenantID type: object @@ -243,16 +265,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -293,12 +307,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_azureauthengineroles.yaml b/config/crd/bases/redhatcop.redhat.io_azureauthengineroles.yaml index c4f76659..8f19a6a1 100644 --- a/config/crd/bases/redhatcop.redhat.io_azureauthengineroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_azureauthengineroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: azureauthengineroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -65,13 +65,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object boundGroupIDs: description: |- @@ -159,10 +166,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -174,6 +184,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object name: description: Name of the role. @@ -258,23 +270,17 @@ spec: For machine based authentication cases, you should use batch type tokens. type: string required: + - authentication - name + - path type: object status: description: AzureAuthEngineRoleStatus defines the observed state of AzureAuthEngineRole properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -315,12 +321,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_azuresecretengineconfigs.yaml b/config/crd/bases/redhatcop.redhat.io_azuresecretengineconfigs.yaml index 2b534a46..a7c9356f 100644 --- a/config/crd/bases/redhatcop.redhat.io_azuresecretengineconfigs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_azuresecretengineconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: azuresecretengineconfigs.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -66,13 +66,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object azureCredentials: description: AzureCredentials consists in ClientID and ClientSecret, @@ -91,10 +98,13 @@ spec: password: Specifies the password to use when connecting with the username. This value will not be returned by Vault when performing a read upon the configuration. This is typically used in the connection_url field via the templating directive "{{"password"}}"". properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -106,10 +116,13 @@ spec: If username is provided as spec.username, it takes precedence over the username retrieved from the referenced secret properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -129,6 +142,8 @@ spec: path: description: Path is the path to the secret type: string + required: + - path type: object type: object clientID: @@ -176,10 +191,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -191,6 +209,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object environment: default: AzurePublicCloud @@ -228,6 +248,9 @@ spec: variable. type: string required: + - "" + - authentication + - path - subscriptionID - tenantID type: object @@ -237,16 +260,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -287,12 +302,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_azuresecretengineroles.yaml b/config/crd/bases/redhatcop.redhat.io_azuresecretengineroles.yaml index 4ca9711c..9a7587e0 100644 --- a/config/crd/bases/redhatcop.redhat.io_azuresecretengineroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_azuresecretengineroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: azuresecretengineroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -77,13 +77,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object azureGroups: default: "" @@ -135,10 +142,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -150,6 +160,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object maxTTL: default: "" @@ -192,6 +204,9 @@ spec: description: A comma-separated string of Azure tags to attach to an application. type: string + required: + - authentication + - path type: object status: description: AzureSecretEngineRoleStatus defines the observed state of @@ -199,16 +214,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -249,12 +256,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_certauthengineconfigs.yaml b/config/crd/bases/redhatcop.redhat.io_certauthengineconfigs.yaml index 1263e634..e001678f 100644 --- a/config/crd/bases/redhatcop.redhat.io_certauthengineconfigs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_certauthengineconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: certauthengineconfigs.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -65,13 +65,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -111,10 +118,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -126,6 +136,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object disableBinding: default: false @@ -159,6 +171,10 @@ spec: default: 200 description: The size of the role cache. Use -1 to disable role caching. type: integer + required: + - "" + - authentication + - path type: object status: description: CertAuthEngineConfigStatus defines the observed state of @@ -166,16 +182,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -216,12 +224,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_certauthengineroles.yaml b/config/crd/bases/redhatcop.redhat.io_certauthengineroles.yaml index 6f0b1f12..11d99eb0 100644 --- a/config/crd/bases/redhatcop.redhat.io_certauthengineroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_certauthengineroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: certauthengineroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -113,13 +113,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object certificate: description: The PEM-format CA certificate. @@ -162,10 +169,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -177,6 +187,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object displayName: description: |- @@ -295,22 +307,19 @@ spec: For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time. For machine based authentication cases, you should use batch type tokens. type: string + required: + - "" + - authentication + - certificate + - path type: object status: description: CertAuthEngineRoleStatus defines the observed state of CertAuthEngineRole properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -351,12 +360,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_databasesecretengineconfigs.yaml b/config/crd/bases/redhatcop.redhat.io_databasesecretengineconfigs.yaml index c270b163..a005f425 100644 --- a/config/crd/bases/redhatcop.redhat.io_databasesecretengineconfigs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_databasesecretengineconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: databasesecretengineconfigs.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -76,13 +76,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -122,10 +129,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -137,6 +147,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object connectionURL: description: ConnectionURL Specifies the connection string used to @@ -216,10 +228,13 @@ spec: password: Specifies the password to use when connecting with the username. This value will not be returned by Vault when performing a read upon the configuration. This is typically used in the connection_url field via the templating directive "{{"password"}}"". properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -231,10 +246,13 @@ spec: If username is provided as spec.username, it takes precedence over the username retrieved from the referenced secret properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -254,6 +272,8 @@ spec: path: description: Path is the path to the secret type: string + required: + - path type: object type: object rootPasswordRotation: @@ -285,6 +305,13 @@ spec: description: VerifyConnection Specifies if the connection is verified during initial configuration. Defaults to true. type: boolean + required: + - "" + - authentication + - connectionURL + - path + - pluginName + - rootCredentials type: object status: description: DatabaseSecretEngineConfigStatus defines the observed state @@ -292,16 +319,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -342,12 +361,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_databasesecretengineroles.yaml b/config/crd/bases/redhatcop.redhat.io_databasesecretengineroles.yaml index 737a2b00..30ced670 100644 --- a/config/crd/bases/redhatcop.redhat.io_databasesecretengineroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_databasesecretengineroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: databasesecretengineroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -66,13 +66,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -112,10 +119,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -127,6 +137,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object creationStatements: description: |- @@ -191,6 +203,10 @@ spec: type: string type: array x-kubernetes-list-type: set + required: + - authentication + - dBName + - path type: object status: description: DatabaseSecretEngineRoleStatus defines the observed state @@ -198,16 +214,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -248,12 +256,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_databasesecretenginestaticroles.yaml b/config/crd/bases/redhatcop.redhat.io_databasesecretenginestaticroles.yaml index 784bcd31..e320908a 100644 --- a/config/crd/bases/redhatcop.redhat.io_databasesecretenginestaticroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_databasesecretenginestaticroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: databasesecretenginestaticroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -66,13 +66,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -112,10 +119,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -127,6 +137,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object credentialType: description: 'CredentialType Specifies the type of credential that @@ -198,6 +210,13 @@ spec: description: Username Specifies the database username that this Vault role corresponds to. type: string + required: + - authentication + - credentialType + - dBName + - path + - rotationPeriod + - username type: object status: description: DatabaseSecretEngineStaticRoleStatus defines the observed @@ -205,16 +224,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -255,12 +266,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_gcpauthengineconfigs.yaml b/config/crd/bases/redhatcop.redhat.io_gcpauthengineconfigs.yaml index 8b327666..f9693b46 100644 --- a/config/crd/bases/redhatcop.redhat.io_gcpauthengineconfigs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_gcpauthengineconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: gcpauthengineconfigs.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -72,10 +72,13 @@ spec: password: Specifies the password to use when connecting with the username. This value will not be returned by Vault when performing a read upon the configuration. This is typically used in the connection_url field via the templating directive "{{"password"}}"". properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -87,10 +90,13 @@ spec: If username is provided as spec.username, it takes precedence over the username retrieved from the referenced secret properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -110,6 +116,8 @@ spec: path: description: Path is the path to the secret type: string + required: + - path type: object type: object IAMalias: @@ -152,13 +160,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -198,10 +213,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -213,6 +231,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object customEndpoint: default: {} @@ -241,22 +261,17 @@ spec: Applications use service accounts to make authorized API calls by authenticating as either the service account itself, or as Google Workspace or Cloud Identity users through domain-wide delegation. When an application authenticates as a service account, it has access to all resources that the service account has permission to access. type: string + required: + - "" + - path type: object status: description: GCPAuthEngineConfigStatus defines the observed state of GCPAuthEngineConfig properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -297,12 +312,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_gcpauthengineroles.yaml b/config/crd/bases/redhatcop.redhat.io_gcpauthengineroles.yaml index 539acb1a..174549c7 100644 --- a/config/crd/bases/redhatcop.redhat.io_gcpauthengineroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_gcpauthengineroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: gcpauthengineroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -76,13 +76,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object boundInstanceGroups: description: |- @@ -174,10 +181,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -189,6 +199,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object maxJWTExp: default: "" @@ -283,7 +295,9 @@ spec: information. type: string required: + - authentication - name + - path - type type: object status: @@ -291,16 +305,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -341,12 +347,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_githubsecretengineconfigs.yaml b/config/crd/bases/redhatcop.redhat.io_githubsecretengineconfigs.yaml index c7f1ad2e..d38ce72a 100644 --- a/config/crd/bases/redhatcop.redhat.io_githubsecretengineconfigs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_githubsecretengineconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: githubsecretengineconfigs.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -70,13 +70,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -116,10 +123,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -131,6 +141,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object gitHubAPIBaseURL: default: https://api.github.com @@ -153,10 +165,13 @@ spec: The secret must be of ssh type (https://kubernetes.io/docs/concepts/configuration/secret/#ssh-authentication-secrets). properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -167,8 +182,15 @@ spec: path: description: Path is the path to the secret type: string + required: + - path type: object type: object + required: + - applicationID + - authentication + - path + - sSHKeyReference type: object status: description: GitHubSecretEngineConfigStatus defines the observed state @@ -176,16 +198,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -226,12 +240,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_githubsecretengineroles.yaml b/config/crd/bases/redhatcop.redhat.io_githubsecretengineroles.yaml index 7783e6e6..578c0ad9 100644 --- a/config/crd/bases/redhatcop.redhat.io_githubsecretengineroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_githubsecretengineroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: githubsecretengineroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -65,13 +65,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -111,10 +118,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -126,6 +136,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object installationID: description: ' InstallationID the ID of the app installation. Note @@ -172,6 +184,9 @@ spec: items: type: string type: array + required: + - authentication + - path type: object status: description: GitHubSecretEngineRoleStatus defines the observed state of @@ -181,16 +196,8 @@ spec: description: 'Important: Run "make" to regenerate code after modifying this file' items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -231,12 +238,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_groupaliases.yaml b/config/crd/bases/redhatcop.redhat.io_groupaliases.yaml index 9b09957e..ed639acf 100644 --- a/config/crd/bases/redhatcop.redhat.io_groupaliases.yaml +++ b/config/crd/bases/redhatcop.redhat.io_groupaliases.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: groupaliases.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -66,13 +66,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -112,10 +119,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -127,6 +137,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object groupName: type: string @@ -135,22 +147,16 @@ spec: it takes precedence over {metatada.name} pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' type: string + required: + - authentication type: object status: description: GroupAliasStatus defines the observed state of GroupAlias properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -191,12 +197,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_groups.yaml b/config/crd/bases/redhatcop.redhat.io_groups.yaml index b19b657d..6421522d 100644 --- a/config/crd/bases/redhatcop.redhat.io_groups.yaml +++ b/config/crd/bases/redhatcop.redhat.io_groups.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: groups.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -64,13 +64,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -110,10 +117,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -125,6 +135,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object memberEntityIDs: description: |- @@ -169,22 +181,16 @@ spec: - internal - external type: string + required: + - authentication type: object status: description: GroupStatus defines the observed state of Group properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -225,12 +231,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_jwtoidcauthengineconfigs.yaml b/config/crd/bases/redhatcop.redhat.io_jwtoidcauthengineconfigs.yaml index df83bde8..fd9cf093 100644 --- a/config/crd/bases/redhatcop.redhat.io_jwtoidcauthengineconfigs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_jwtoidcauthengineconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: jwtoidcauthengineconfigs.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -91,10 +91,13 @@ spec: password: Specifies the password to use when connecting with the username. This value will not be returned by Vault when performing a read upon the configuration. This is typically used in the connection_url field via the templating directive "{{"password"}}"". properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -106,10 +109,13 @@ spec: If username is provided as spec.username, it takes precedence over the username retrieved from the referenced secret properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -129,6 +135,8 @@ spec: path: description: Path is the path to the secret type: string + required: + - path type: object type: object OIDCDiscoveryCAPEM: @@ -181,13 +189,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object boundIssuer: default: "" @@ -231,10 +246,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -246,6 +264,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object defaultRole: default: "" @@ -272,6 +292,8 @@ spec: Configuration options for provider-specific handling. Providers with specific handling include: Azure, Google. The options are described in each provider's section in OIDC Provider Setup x-kubernetes-preserve-unknown-fields: true + required: + - path type: object status: description: JWTOIDCAuthEngineConfigStatus defines the observed state @@ -279,16 +301,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -329,12 +343,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_jwtoidcauthengineroles.yaml b/config/crd/bases/redhatcop.redhat.io_jwtoidcauthengineroles.yaml index 806e5249..96e18dc2 100644 --- a/config/crd/bases/redhatcop.redhat.io_jwtoidcauthengineroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_jwtoidcauthengineroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: jwtoidcauthengineroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -82,13 +82,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object boundAudiences: description: |- @@ -171,10 +178,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -186,6 +196,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object expirationLeeway: default: 0 @@ -308,7 +320,10 @@ spec: Not recommended in production since sensitive information may be present in OIDC responses type: boolean required: + - allowedRedirectURIs + - authentication - name + - path - userClaim type: object status: @@ -317,16 +332,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -367,12 +374,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_kubernetesauthengineconfigs.yaml b/config/crd/bases/redhatcop.redhat.io_kubernetesauthengineconfigs.yaml index cc5728b5..1d68ed26 100644 --- a/config/crd/bases/redhatcop.redhat.io_kubernetesauthengineconfigs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_kubernetesauthengineconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: kubernetesauthengineconfigs.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -74,13 +74,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -120,10 +127,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -135,6 +145,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object disableISSValidation: default: false @@ -181,10 +193,13 @@ spec: to access the Kubernetes TokenReview API. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -206,6 +221,10 @@ spec: In this case if this field is set to true the operator pod's CA is injected. This is the original behavior before the introduction of this field If tis field is set to false, the os ca bundle of where vault is running will be used. type: boolean + required: + - authentication + - kubernetesHost + - path type: object status: description: KubernetesAuthEngineConfigStatus defines the observed state @@ -213,16 +232,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -263,12 +274,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_kubernetesauthengineroles.yaml b/config/crd/bases/redhatcop.redhat.io_kubernetesauthengineroles.yaml index 4e64fc22..3bf28087 100644 --- a/config/crd/bases/redhatcop.redhat.io_kubernetesauthengineroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_kubernetesauthengineroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: kubernetesauthengineroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -88,13 +88,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -134,10 +141,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -149,6 +159,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object name: description: The name of the obejct created in Vault. If this is specified @@ -205,11 +217,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -297,7 +311,10 @@ spec: - default-batch type: string required: + - authentication + - path - policies + - targetNamespaces - targetServiceAccounts type: object status: @@ -306,16 +323,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -356,12 +365,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_kubernetessecretengineconfigs.yaml b/config/crd/bases/redhatcop.redhat.io_kubernetessecretengineconfigs.yaml index d8eb9bb1..6effa693 100644 --- a/config/crd/bases/redhatcop.redhat.io_kubernetessecretengineconfigs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_kubernetessecretengineconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: kubernetessecretengineconfigs.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -66,13 +66,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -112,10 +119,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -127,6 +137,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object disableLocalCAJWT: default: false @@ -152,10 +164,13 @@ spec: password: Specifies the password to use when connecting with the username. This value will not be returned by Vault when performing a read upon the configuration. This is typically used in the connection_url field via the templating directive "{{"password"}}"". properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -167,10 +182,13 @@ spec: If username is provided as spec.username, it takes precedence over the username retrieved from the referenced secret properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -190,6 +208,8 @@ spec: path: description: Path is the path to the secret type: string + required: + - path type: object type: object kubernetesCACert: @@ -206,6 +226,11 @@ spec: The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path. pattern: ^(?:/?[\w;:@&=\$-\.\+]*)+/? type: string + required: + - authentication + - jwtReference + - kubernetesHost + - path type: object status: description: KubernetesSecretEngineConfigStatus defines the observed state @@ -213,16 +238,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -263,12 +280,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_kubernetessecretengineroles.yaml b/config/crd/bases/redhatcop.redhat.io_kubernetessecretengineroles.yaml index fcf365ac..ca31a3f1 100644 --- a/config/crd/bases/redhatcop.redhat.io_kubernetessecretengineroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_kubernetessecretengineroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: kubernetessecretengineroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -80,13 +80,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -126,10 +133,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -141,6 +151,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object defaultAudiences: description: |- @@ -259,11 +271,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -284,6 +298,10 @@ spec: type: array x-kubernetes-list-type: set type: object + required: + - authentication + - path + - targetNamespaces type: object status: description: KubernetesSecretEngineRoleStatus defines the observed state @@ -294,16 +312,8 @@ spec: INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -344,12 +354,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_ldapauthengineconfigs.yaml b/config/crd/bases/redhatcop.redhat.io_ldapauthengineconfigs.yaml index 287c625a..654cdb62 100644 --- a/config/crd/bases/redhatcop.redhat.io_ldapauthengineconfigs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_ldapauthengineconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: ldapauthengineconfigs.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -85,13 +85,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object bindCredentials: description: |- @@ -111,10 +118,13 @@ spec: password: Specifies the password to use when connecting with the username. This value will not be returned by Vault when performing a read upon the configuration. This is typically used in the connection_url field via the templating directive "{{"password"}}"". properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -126,10 +136,13 @@ spec: If username is provided as spec.username, it takes precedence over the username retrieved from the referenced secret properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -149,6 +162,8 @@ spec: path: description: Path is the path to the secret type: string + required: + - path type: object type: object bindDN: @@ -217,10 +232,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -232,6 +250,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object denyNullBind: default: true @@ -308,10 +328,13 @@ spec: "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -401,7 +424,9 @@ spec: to use the username passed by the user as the alias name. type: boolean required: + - bindCredentials - caseSensitiveNames + - path - url type: object status: @@ -410,16 +435,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -460,12 +477,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_ldapauthenginegroups.yaml b/config/crd/bases/redhatcop.redhat.io_ldapauthenginegroups.yaml index 836ba1a0..e8225f50 100644 --- a/config/crd/bases/redhatcop.redhat.io_ldapauthenginegroups.yaml +++ b/config/crd/bases/redhatcop.redhat.io_ldapauthenginegroups.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: ldapauthenginegroups.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -65,13 +65,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -111,10 +118,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -126,6 +136,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object name: description: The name of the LDAP group @@ -141,22 +153,18 @@ spec: default: "" description: Comma-separated list of policies associated to the group type: string + required: + - authentication + - name + - path type: object status: description: LDAPAuthEngineGroupStatus defines the observed state of LDAPAuthEngineGroup properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -197,12 +205,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_passwordpolicies.yaml b/config/crd/bases/redhatcop.redhat.io_passwordpolicies.yaml index 21d08021..c78794be 100644 --- a/config/crd/bases/redhatcop.redhat.io_passwordpolicies.yaml +++ b/config/crd/bases/redhatcop.redhat.io_passwordpolicies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: passwordpolicies.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -64,13 +64,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -110,10 +117,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -125,6 +135,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object name: description: The name of the obejct created in Vault. If this is specified @@ -135,22 +147,17 @@ spec: description: PasswordPolicy is a Vault password policy (https://www.vaultproject.io/docs/concepts/password-policies) expressed in HCL language. type: string + required: + - authentication + - passwordPolicy type: object status: description: PolicyStatus defines the observed state of Policy properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -191,12 +198,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_pkisecretengineconfigs.yaml b/config/crd/bases/redhatcop.redhat.io_pkisecretengineconfigs.yaml index f026fe1f..34d24c72 100644 --- a/config/crd/bases/redhatcop.redhat.io_pkisecretengineconfigs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_pkisecretengineconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: pkisecretengineconfigs.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -98,13 +98,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object certificateKey: default: tls.crt @@ -152,10 +159,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -167,6 +177,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object country: description: Specifies the C (Country) values in the subject field @@ -185,10 +197,13 @@ spec: CA certificate corresponding to a private key generated. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -210,10 +225,13 @@ spec: intermediate CA. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -334,6 +352,12 @@ spec: - root - intermediate type: string + required: + - authentication + - commonName + - path + - privateKeyType + - type type: object status: description: PKISecretEngineConfigStatus defines the observed state of @@ -344,16 +368,8 @@ spec: INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -394,12 +410,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_pkisecretengineroles.yaml b/config/crd/bases/redhatcop.redhat.io_pkisecretengineroles.yaml index d82e8a66..4313f3aa 100644 --- a/config/crd/bases/redhatcop.redhat.io_pkisecretengineroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_pkisecretengineroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: pkisecretengineroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -133,13 +133,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object basicConstraintsValidForNonCa: description: Mark Basic Constraints valid when issuing non-CA certificates. @@ -189,10 +196,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -204,6 +214,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object country: description: Specifies the C (Country) values in the subject field @@ -394,6 +406,9 @@ spec: JSON data. This does not include the common name in the CSR; use use_csr_common_name for that. type: boolean + required: + - authentication + - path type: object status: description: PKISecretEngineRoleStatus defines the observed state of PKISecretEngineRole @@ -403,16 +418,8 @@ spec: INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -453,12 +460,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_policies.yaml b/config/crd/bases/redhatcop.redhat.io_policies.yaml index 2ccebb4d..08494c39 100644 --- a/config/crd/bases/redhatcop.redhat.io_policies.yaml +++ b/config/crd/bases/redhatcop.redhat.io_policies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: policies.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -64,13 +64,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -110,10 +117,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -125,6 +135,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object name: description: The name of the obejct created in Vault. If this is specified @@ -143,22 +155,17 @@ spec: enum: - acl type: string + required: + - authentication + - policy type: object status: description: PolicyStatus defines the observed state of Policy properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -199,12 +206,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_quaysecretengineconfigs.yaml b/config/crd/bases/redhatcop.redhat.io_quaysecretengineconfigs.yaml index 789797ff..6d51239d 100644 --- a/config/crd/bases/redhatcop.redhat.io_quaysecretengineconfigs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_quaysecretengineconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: quaysecretengineconfigs.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -65,13 +65,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object caCertificate: description: CACertertificate PEM encoded CA cert for use by the TLS @@ -115,10 +122,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -130,6 +140,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object disableSslVerification: default: false @@ -160,10 +172,13 @@ spec: password: Specifies the password to use when connecting with the username. This value will not be returned by Vault when performing a read upon the configuration. This is typically used in the connection_url field via the templating directive "{{"password"}}"". properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -175,10 +190,13 @@ spec: If username is provided as spec.username, it takes precedence over the username retrieved from the referenced secret properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -198,11 +216,18 @@ spec: path: description: Path is the path to the secret type: string + required: + - path type: object type: object url: description: url Specifies the location of the Quay instance type: string + required: + - authentication + - path + - rootCredentials + - url type: object status: description: QuaySecretEngineConfigStatus defines the observed state of @@ -210,16 +235,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -260,12 +277,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_quaysecretengineroles.yaml b/config/crd/bases/redhatcop.redhat.io_quaysecretengineroles.yaml index 8969e228..c79a5424 100644 --- a/config/crd/bases/redhatcop.redhat.io_quaysecretengineroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_quaysecretengineroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: quaysecretengineroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -68,13 +68,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -114,10 +121,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -129,6 +139,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object createRepositories: default: false @@ -185,6 +197,10 @@ spec: type: string description: Teams Permissions granted to the Robot Account to Teams. type: object + required: + - authentication + - namespaceName + - path type: object status: description: QuaySecretEngineRoleStatus defines the observed state of @@ -192,16 +208,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -242,12 +250,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_quaysecretenginestaticroles.yaml b/config/crd/bases/redhatcop.redhat.io_quaysecretenginestaticroles.yaml index 067752ae..ec33f1f9 100644 --- a/config/crd/bases/redhatcop.redhat.io_quaysecretenginestaticroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_quaysecretenginestaticroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: quaysecretenginestaticroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -66,13 +66,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -112,10 +119,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -127,6 +137,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object createRepositories: default: false @@ -180,6 +192,10 @@ spec: type: string description: Teams Permissions granted to the Robot Account to Teams. type: object + required: + - authentication + - namespaceName + - path type: object status: description: QuaySecretEngineStaticRoleStatus defines the observed state @@ -187,16 +203,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -237,12 +245,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_rabbitmqsecretengineconfigs.yaml b/config/crd/bases/redhatcop.redhat.io_rabbitmqsecretengineconfigs.yaml index e3277811..4bb9cd06 100644 --- a/config/crd/bases/redhatcop.redhat.io_rabbitmqsecretengineconfigs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_rabbitmqsecretengineconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: rabbitmqsecretengineconfigs.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -66,13 +66,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -112,10 +119,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -127,6 +137,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object connectionURI: description: ConnectionURL Specifies the connection string used to @@ -168,10 +180,13 @@ spec: password: Specifies the password to use when connecting with the username. This value will not be returned by Vault when performing a read upon the configuration. This is typically used in the connection_url field via the templating directive "{{"password"}}"". properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -183,10 +198,13 @@ spec: If username is provided as spec.username, it takes precedence over the username retrieved from the referenced secret properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -206,6 +224,8 @@ spec: path: description: Path is the path to the secret type: string + required: + - path type: object type: object username: @@ -221,6 +241,12 @@ spec: description: VerifyConnection Specifies if the connection is verified during initial configuration. Defaults to true. type: boolean + required: + - "" + - authentication + - connectionURI + - path + - rootCredentials type: object status: description: RabbitMQSecretEngineConfigStatus defines the observed state @@ -228,16 +254,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -278,12 +296,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_rabbitmqsecretengineroles.yaml b/config/crd/bases/redhatcop.redhat.io_rabbitmqsecretengineroles.yaml index 9ff23652..1fd31991 100644 --- a/config/crd/bases/redhatcop.redhat.io_rabbitmqsecretengineroles.yaml +++ b/config/crd/bases/redhatcop.redhat.io_rabbitmqsecretengineroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: rabbitmqsecretengineroles.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -66,13 +66,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -112,10 +119,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -127,6 +137,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object name: description: The name of the obejct created in Vault. If this is specified @@ -169,12 +181,18 @@ spec: topicName: description: Name of an existing topic. type: string + required: + - permissions + - topicName type: object type: array x-kubernetes-list-type: atomic vhostName: description: Name of an existing vhost. type: string + required: + - topics + - vhostName type: object type: array x-kubernetes-list-type: atomic @@ -195,10 +213,14 @@ spec: vhostName: description: Name of an existing vhost. type: string + required: + - permissions + - vhostName type: object type: array x-kubernetes-list-type: atomic required: + - "" - authentication - path type: object @@ -208,16 +230,8 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -258,12 +272,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_randomsecrets.yaml b/config/crd/bases/redhatcop.redhat.io_randomsecrets.yaml index 26529d76..1d13f5b2 100644 --- a/config/crd/bases/redhatcop.redhat.io_randomsecrets.yaml +++ b/config/crd/bases/redhatcop.redhat.io_randomsecrets.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: randomsecrets.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -64,13 +64,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to connect @@ -110,10 +117,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -125,6 +135,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object isKVSecretsEngineV2: default: false @@ -180,22 +192,20 @@ spec: description: SecretKey is the key to be used for this secret when stored in Vault kv type: string + required: + - authentication + - isKVSecretsEngineV2 + - path + - secretFormat + - secretKey type: object status: description: RandomSecretStatus defines the observed state of RandomSecret properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -236,12 +246,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_secretenginemounts.yaml b/config/crd/bases/redhatcop.redhat.io_secretenginemounts.yaml index 6fdaf644..68324234 100644 --- a/config/crd/bases/redhatcop.redhat.io_secretenginemounts.yaml +++ b/config/crd/bases/redhatcop.redhat.io_secretenginemounts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: secretenginemounts.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -64,13 +64,20 @@ spec: kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object config: description: Specifies configuration options for this mount; if set @@ -169,10 +176,13 @@ spec: key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -184,6 +194,8 @@ spec: timeOut: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object description: description: Description Specifies the human-friendly description @@ -228,6 +240,10 @@ spec: type: description: Type Specifies the type of the backend, such as "aws". type: string + required: + - authentication + - path + - type type: object status: description: SecretEngineMountStatus defines the observed state of SecretEngineMount @@ -236,16 +252,8 @@ spec: type: string conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -286,12 +294,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/redhatcop.redhat.io_vaultsecrets.yaml b/config/crd/bases/redhatcop.redhat.io_vaultsecrets.yaml index cb27009f..c4917d3f 100644 --- a/config/crd/bases/redhatcop.redhat.io_vaultsecrets.yaml +++ b/config/crd/bases/redhatcop.redhat.io_vaultsecrets.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: vaultsecrets.redhatcop.redhat.io spec: group: redhatcop.redhat.io @@ -68,6 +68,10 @@ spec: type: description: Type is the K8s Secret type to output to. type: string + required: + - name + - stringData + - type type: object refreshPeriod: description: |- @@ -111,13 +115,20 @@ spec: for the kube auth authentication properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic + required: + - path + - role + - serviceAccount type: object connection: description: Connection represents the information needed to @@ -160,10 +171,13 @@ spec: -> "tls.crt", key -> "tls.key"' properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -176,6 +190,8 @@ spec: description: Timeout Timeout variable. The default value is 60s. type: string + required: + - address type: object name: description: Name is an arbitrary, but unique, name for this @@ -202,24 +218,24 @@ spec: - GET - POST type: string + required: + - authentication + - name + - path type: object type: array + required: + - output + - refreshThreshold + - vaultSecretDefinitions type: object status: description: VaultSecretStatus defines the observed state of VaultSecret properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -260,12 +276,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -311,6 +322,8 @@ spec: description: Renewable informs if the lease is renewable for the dynamic secret type: boolean + required: + - name type: object type: array type: object diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 62760820..19f21cd6 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -1,48 +1,49 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + # This kustomization.yaml is not intended to be run by itself, # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: -- bases/redhatcop.redhat.io_kubernetesauthengineroles.yaml -- bases/redhatcop.redhat.io_policies.yaml -- bases/redhatcop.redhat.io_secretenginemounts.yaml -- bases/redhatcop.redhat.io_databasesecretengineconfigs.yaml -- bases/redhatcop.redhat.io_databasesecretengineroles.yaml -- bases/redhatcop.redhat.io_randomsecrets.yaml -- bases/redhatcop.redhat.io_authenginemounts.yaml -- bases/redhatcop.redhat.io_kubernetesauthengineconfigs.yaml -- bases/redhatcop.redhat.io_vaultsecrets.yaml -- bases/redhatcop.redhat.io_passwordpolicies.yaml -- bases/redhatcop.redhat.io_githubsecretengineconfigs.yaml -- bases/redhatcop.redhat.io_githubsecretengineroles.yaml -- bases/redhatcop.redhat.io_rabbitmqsecretengineconfigs.yaml -- bases/redhatcop.redhat.io_rabbitmqsecretengineroles.yaml -- bases/redhatcop.redhat.io_pkisecretengineconfigs.yaml -- bases/redhatcop.redhat.io_pkisecretengineroles.yaml -- bases/redhatcop.redhat.io_quaysecretengineconfigs.yaml -- bases/redhatcop.redhat.io_quaysecretengineroles.yaml -- bases/redhatcop.redhat.io_quaysecretenginestaticroles.yaml -- bases/redhatcop.redhat.io_ldapauthengineconfigs.yaml -- bases/redhatcop.redhat.io_ldapauthenginegroups.yaml -- bases/redhatcop.redhat.io_kubernetessecretengineconfigs.yaml -- bases/redhatcop.redhat.io_kubernetessecretengineroles.yaml -- bases/redhatcop.redhat.io_jwtoidcauthengineconfigs.yaml -- bases/redhatcop.redhat.io_jwtoidcauthengineroles.yaml -- bases/redhatcop.redhat.io_databasesecretenginestaticroles.yaml -- bases/redhatcop.redhat.io_groups.yaml -- bases/redhatcop.redhat.io_groupaliases.yaml -- bases/redhatcop.redhat.io_azureauthengineconfigs.yaml -- bases/redhatcop.redhat.io_azureauthengineroles.yaml -- bases/redhatcop.redhat.io_azuresecretengineconfigs.yaml -- bases/redhatcop.redhat.io_azuresecretengineroles.yaml -- bases/redhatcop.redhat.io_gcpauthengineconfigs.yaml -- bases/redhatcop.redhat.io_gcpauthengineroles.yaml -- bases/redhatcop.redhat.io_certauthengineconfigs.yaml -- bases/redhatcop.redhat.io_certauthengineroles.yaml + - bases/redhatcop.redhat.io_kubernetesauthengineroles.yaml + - bases/redhatcop.redhat.io_policies.yaml + - bases/redhatcop.redhat.io_secretenginemounts.yaml + - bases/redhatcop.redhat.io_databasesecretengineconfigs.yaml + - bases/redhatcop.redhat.io_databasesecretengineroles.yaml + - bases/redhatcop.redhat.io_randomsecrets.yaml + - bases/redhatcop.redhat.io_authenginemounts.yaml + - bases/redhatcop.redhat.io_kubernetesauthengineconfigs.yaml + - bases/redhatcop.redhat.io_vaultsecrets.yaml + - bases/redhatcop.redhat.io_passwordpolicies.yaml + - bases/redhatcop.redhat.io_githubsecretengineconfigs.yaml + - bases/redhatcop.redhat.io_githubsecretengineroles.yaml + - bases/redhatcop.redhat.io_rabbitmqsecretengineconfigs.yaml + - bases/redhatcop.redhat.io_rabbitmqsecretengineroles.yaml + - bases/redhatcop.redhat.io_pkisecretengineconfigs.yaml + - bases/redhatcop.redhat.io_pkisecretengineroles.yaml + - bases/redhatcop.redhat.io_quaysecretengineconfigs.yaml + - bases/redhatcop.redhat.io_quaysecretengineroles.yaml + - bases/redhatcop.redhat.io_quaysecretenginestaticroles.yaml + - bases/redhatcop.redhat.io_ldapauthengineconfigs.yaml + - bases/redhatcop.redhat.io_ldapauthenginegroups.yaml + - bases/redhatcop.redhat.io_kubernetessecretengineconfigs.yaml + - bases/redhatcop.redhat.io_kubernetessecretengineroles.yaml + - bases/redhatcop.redhat.io_jwtoidcauthengineconfigs.yaml + - bases/redhatcop.redhat.io_jwtoidcauthengineroles.yaml + - bases/redhatcop.redhat.io_databasesecretenginestaticroles.yaml + - bases/redhatcop.redhat.io_groups.yaml + - bases/redhatcop.redhat.io_groupaliases.yaml + - bases/redhatcop.redhat.io_azureauthengineconfigs.yaml + - bases/redhatcop.redhat.io_azureauthengineroles.yaml + - bases/redhatcop.redhat.io_azuresecretengineconfigs.yaml + - bases/redhatcop.redhat.io_azuresecretengineroles.yaml + - bases/redhatcop.redhat.io_gcpauthengineconfigs.yaml + - bases/redhatcop.redhat.io_gcpauthengineroles.yaml + - bases/redhatcop.redhat.io_certauthengineconfigs.yaml + - bases/redhatcop.redhat.io_certauthengineroles.yaml #+kubebuilder:scaffold:crdkustomizeresource -patchesStrategicMerge: [] -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. -# patches here are for enabling the conversion webhook for each CRD +# [WEBHOOK] To enable webhook, uncomment specific entries for CRDs created with --conversion. #- patches/webhook_in_kubernetesauthengineroles.yaml #- patches/webhook_in_policies.yaml #- patches/webhook_in_secretenginemounts.yaml @@ -81,47 +82,6 @@ patchesStrategicMerge: [] #- patches/webhook_in_certauthengineroles.yaml #+kubebuilder:scaffold:crdkustomizewebhookpatch -# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. -# patches here are for enabling the CA injection for each CRD -#- patches/cainjection_in_kubernetesauthengineroles.yaml -#- patches/cainjection_in_policies.yaml -#- patches/cainjection_in_secretenginemounts.yaml -#- patches/cainjection_in_databasesecretengineconfigs.yaml -#- patches/cainjection_in_databasesecretengineroles.yaml -#- patches/cainjection_in_randomsecrets.yaml -#- patches/cainjection_in_authenginemounts.yaml -#- patches/cainjection_in_kubernetesauthengineconfigs.yaml -#- patches/cainjection_in_vaultsecrets.yaml -#- patches/cainjection_in_passwordpolicies.yaml -#- patches/cainjection_in_githubsecretengineconfigs.yaml -#- patches/cainjection_in_githubsecretengineroles.yaml -#- patches/cainjection_in_rabbitmqsecretengineconfigs.yaml -#- patches/cainjection_in_rabbitmqsecretengineroles.yaml -#- patches/cainjection_in_pkisecretengineconfigs.yaml -#- patches/cainjection_in_pkisecretengineroles.yaml -#- patches/cainjection_in_quaysecretengineconfigs.yaml -#- patches/cainjection_in_quaysecretengineroles.yaml -#- patches/cainjection_in_quaysecretenginestaticroles.yaml -#- patches/cainjection_in_ldapauthengineconfigs.yaml -#- patches/cainjection_in_ldapauthenginegroups.yaml -#- patches/cainjection_in_kubernetessecretengineconfigs.yaml -#- patches/cainjection_in_kubernetessecretengineroles.yaml -#- patches/cainjection_in_jwtoidcauthengineconfigs.yaml -#- patches/cainjection_in_jwtoidcauthengineroles.yaml -#- patches/cainjection_in_databasesecretenginestaticroles.yaml -#- patches/cainjection_in_groups.yaml -#- patches/cainjection_in_groupaliases.yaml -#- patches/cainjection_in_azureauthengineconfigs.yaml -#- patches/cainjection_in_azureauthengineroles.yaml -#- patches/cainjection_in_azuresecretengineconfigs.yaml -#- patches/cainjection_in_azuresecretengineroles.yaml -#- patches/cainjection_in_gcpauthengineconfigs.yaml -#- patches/cainjection_in_gcpauthengineroles.yaml -#- patches/cainjection_in_certauthengineconfigs.yaml -#- patches/cainjection_in_certauthengineroles.yaml -#+kubebuilder:scaffold:crdkustomizecainjectionpatch - # the following config is for teaching kustomize how to do kustomization for CRDs. configurations: -- kustomizeconfig.yaml - + - kustomizeconfig.yaml diff --git a/config/default/cert_metrics_manager_patch.yaml b/config/default/cert_metrics_manager_patch.yaml new file mode 100644 index 00000000..676e78d4 --- /dev/null +++ b/config/default/cert_metrics_manager_patch.yaml @@ -0,0 +1,30 @@ +# This patch adds the args, volumes, and ports to allow the manager to use the metrics-server certs. + +# Add the volumeMount for the metrics-server certs +- op: add + path: /spec/template/spec/containers/0/volumeMounts/- + value: + mountPath: /tmp/k8s-metrics-server/metrics-certs + name: metrics-certs + readOnly: true + +# Add the --metrics-cert-path argument for the metrics server +- op: add + path: /spec/template/spec/containers/0/args/- + value: --metrics-cert-path=/tmp/k8s-metrics-server/metrics-certs + +# Add the metrics-server certs volume configuration +- op: add + path: /spec/template/spec/volumes/- + value: + name: metrics-certs + secret: + secretName: metrics-server-cert + optional: false + items: + - key: ca.crt + path: ca.crt + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key \ No newline at end of file diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 6dc2617e..93d18d53 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,91 +1,253 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + # Adds namespace to all resources. namespace: vault-config-operator -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. +# Prefix for all resource names. namePrefix: vault-config-operator- -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue +resources: + - ../crd + - ../rbac + - ../manager + # [WEBHOOK] Enable if you have webhooks scaffolded. + - ../webhook + # [CERTMANAGER] Enable if you scaffolded cert-manager (requires WEBHOOK). + # - ../certmanager + # [PROMETHEUS] Enable if you have the prometheus bits. + - ../prometheus + +patches: + # Protect /metrics behind auth. + - path: manager_auth_proxy_patch.yaml + # [WEBHOOK] Enable if you use webhooks. + - path: manager_webhook_patch.yaml + # [CERTMANAGER] Enable if you use cert-manager. + # - path: webhookcainjection_patch.yaml + # Uncomment the patches line if you enable Metrics and CertManager + + # [METRICS-WITH-CERTS] To enable metrics protected with certManager, uncomment the following line. + # This patch will protect the metrics with certManager self-signed certs. + # - path: cert_metrics_manager_patch.yaml + # target: + # kind: Deployment -bases: -- ../crd -- ../rbac -- ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -# - ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -- ../prometheus + # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in + # crd/kustomization.yaml +# - path: manager_webhook_patch.yaml +# target: +# kind: Deployment -patchesStrategicMerge: -# Protect the /metrics endpoint by putting it behind auth. -# If you want your controller-manager to expose the /metrics -# endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml +# Kustomize v5 replacement transformer (vars are deprecated). +replacements: + # --- Metrics service name -> Deployment env[0].value --- + - source: + group: "" # core + version: v1 + kind: Service + name: controller-manager-metrics-service + fieldPath: metadata.name + targets: + - select: + group: apps + version: v1 + kind: Deployment + name: controller-manager + fieldPaths: + - spec.template.spec.containers.0.env.0.value + options: + create: true -# Mount the controller config file for loading manager configurations -# through a ComponentConfig type -#- manager_config_patch.yaml + # --- Metrics service namespace -> Deployment env[1].value --- + - source: + group: "" # core + version: v1 + kind: Service + name: controller-manager-metrics-service + fieldPath: metadata.namespace + targets: + - select: + group: apps + version: v1 + kind: Deployment + name: controller-manager + fieldPaths: + - spec.template.spec.containers.0.env.1.value + options: + create: true -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -- manager_webhook_patch.yaml + # --- Prometheus Role name -> RoleBinding roleRef.name --- + - source: + group: rbac.authorization.k8s.io + version: v1 + kind: Role + name: prometheus-k8s + fieldPath: metadata.name + targets: + - select: + group: rbac.authorization.k8s.io + version: v1 + kind: RoleBinding + name: prometheus-k8s-rolebinding + fieldPaths: + - roleRef.name -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -# - webhookcainjection_patch.yaml + # - source: # Uncomment the following block to enable certificates for metrics + # kind: Service + # version: v1 + # name: controller-manager-metrics-service + # fieldPath: metadata.name + # targets: + # - select: + # kind: Certificate + # group: cert-manager.io + # version: v1 + # name: metrics-certs + # fieldPaths: + # - spec.dnsNames.0 + # - spec.dnsNames.1 + # options: + # delimiter: '.' + # index: 0 + # create: true + # - select: # Uncomment the following to set the Service name for TLS config in Prometheus ServiceMonitor + # kind: ServiceMonitor + # group: monitoring.coreos.com + # version: v1 + # name: controller-manager-metrics-monitor + # fieldPaths: + # - spec.endpoints.0.tlsConfig.serverName + # options: + # delimiter: '.' + # index: 0 + # create: true + # + # - source: + # kind: Service + # version: v1 + # name: controller-manager-metrics-service + # fieldPath: metadata.namespace + # targets: + # - select: + # kind: Certificate + # group: cert-manager.io + # version: v1 + # name: metrics-certs + # fieldPaths: + # - spec.dnsNames.0 + # - spec.dnsNames.1 + # options: + # delimiter: '.' + # index: 1 + # create: true + # - select: # Uncomment the following to set the Service namespace for TLS in Prometheus ServiceMonitor + # kind: ServiceMonitor + # group: monitoring.coreos.com + # version: v1 + # name: controller-manager-metrics-monitor + # fieldPaths: + # - spec.endpoints.0.tlsConfig.serverName + # options: + # delimiter: '.' + # index: 1 + # create: true + # + # - source: # Uncomment the following block if you have any webhook + # kind: Service + # version: v1 + # name: webhook-service + # fieldPath: .metadata.name # Name of the service + # targets: + # - select: + # kind: Certificate + # group: cert-manager.io + # version: v1 + # name: serving-cert + # fieldPaths: + # - .spec.dnsNames.0 + # - .spec.dnsNames.1 + # options: + # delimiter: '.' + # index: 0 + # create: true + # - source: + # kind: Service + # version: v1 + # name: webhook-service + # fieldPath: .metadata.namespace # Namespace of the service + # targets: + # - select: + # kind: Certificate + # group: cert-manager.io + # version: v1 + # name: serving-cert + # fieldPaths: + # - .spec.dnsNames.0 + # - .spec.dnsNames.1 + # options: + # delimiter: '.' + # index: 1 + # create: true + # + # - source: + # group: "" # core + # version: v1 + # kind: Service + # name: webhook-service + # fieldPath: metadata.namespace + # targets: + # - select: + # group: admissionregistration.k8s.io + # version: v1 + # kind: MutatingWebhookConfiguration + # name: mutating-webhook-configuration + # fieldPaths: + # - webhooks.0.clientConfig.service.namespace + # - select: + # group: admissionregistration.k8s.io + # version: v1 + # kind: ValidatingWebhookConfiguration + # name: validating-webhook-configuration + # fieldPaths: + # - webhooks.0.clientConfig.service.namespace + # + # - source: + # group: "" # core + # version: v1 + # kind: Service + # name: webhook-service + # fieldPath: metadata.name + # targets: + # - select: + # group: admissionregistration.k8s.io + # version: v1 + # kind: MutatingWebhookConfiguration + # name: mutating-webhook-configuration + # fieldPaths: + # - webhooks.0.clientConfig.service.name + # - select: + # group: admissionregistration.k8s.io + # version: v1 + # kind: ValidatingWebhookConfiguration + # name: validating-webhook-configuration + # fieldPaths: + # - webhooks.0.clientConfig.service.name -# the following config is for teaching kustomize how to do var substitution -vars: -- name: METRICS_SERVICE_NAME - objref: - kind: Service - version: v1 - name: controller-manager-metrics-service -- name: METRICS_SERVICE_NAMESPACE - objref: - kind: Service - version: v1 - name: controller-manager-metrics-service - fieldref: - fieldpath: metadata.namespace -- name: ROLE_NAME - objref: - kind: Role - apiVersion: rbac.authorization.k8s.io/v1 - name: prometheus-k8s -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -# - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -# - name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# - name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -# - name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service + # +kubebuilder:scaffold:crdkustomizecainjectionns + # - source: # example (keep commented) + # group: "" # core + # version: v1 + # kind: Service + # name: webhook-service + # fieldPath: metadata.namespace + # targets: + # - select: + # group: apiextensions.k8s.io + # version: v1 + # kind: CustomResourceDefinition + # name: . # e.g., vaultsecrets.redhatcop.redhat.io + # fieldPaths: + # - spec.conversion.webhook.clientConfig.service.namespace + # options: + # create: true diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index ddebfc0b..a57070f4 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -15,7 +15,7 @@ spec: capabilities: drop: - "ALL" - image: quay.io/redhat-cop/kube-rbac-proxy:v0.11.0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.16.0 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/config/local-development/tilt/kustomization.yaml b/config/local-development/tilt/kustomization.yaml index 094fda69..3c62fbbe 100644 --- a/config/local-development/tilt/kustomization.yaml +++ b/config/local-development/tilt/kustomization.yaml @@ -1,3 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + # Adds namespace to all resources. namespace: vault-config-operator @@ -6,30 +9,26 @@ namespace: vault-config-operator # someName: someValue resources: -- ../../default -- ./service-account.yaml - -patchesStrategicMerge: -- ./remove-namespace.yaml -- ./replace-image.yaml - + - ../../default + - ./service-account.yaml -patchesJson6902: -- target: - group: admissionregistration.k8s.io - version: v1 - kind: MutatingWebhookConfiguration - name: vault-config-operator-mutating-webhook-configuration - path: ./ca-injection.yaml -- target: - group: admissionregistration.k8s.io - version: v1 - kind: ValidatingWebhookConfiguration - name: vault-config-operator-validating-webhook-configuration - path: ./ca-injection.yaml -- target: - group: "" - version: v1 - kind: Service - name: vault-config-operator-webhook-service - path: ./secret-injection.yaml +patches: + - path: ./remove-namespace.yaml + - target: + group: admissionregistration.k8s.io + version: v1 + kind: MutatingWebhookConfiguration + name: vault-config-operator-mutating-webhook-configuration + path: ./ca-injection.yaml + - target: + group: admissionregistration.k8s.io + version: v1 + kind: ValidatingWebhookConfiguration + name: vault-config-operator-validating-webhook-configuration + path: ./ca-injection.yaml + - target: + group: "" + version: v1 + kind: Service + name: vault-config-operator-webhook-service + path: ./secret-injection.yaml diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index f95634de..ae8e955d 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,3 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + resources: - manager.yaml @@ -8,9 +11,7 @@ configMapGenerator: - files: - controller_manager_config.yaml name: manager-config -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization images: - name: controller - newName: quay.io/raffaelespazzoli/vault-config-operator + newName: controller newTag: latest diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 859901bd..5ab11f68 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -26,37 +26,42 @@ spec: securityContext: runAsNonRoot: true containers: - - command: - - /manager - args: - - --leader-elect - image: controller:latest - name: manager - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 200m - memory: 250Mi - requests: - cpu: 100m - memory: 250Mi + - command: + - /manager + args: + - --leader-elect + image: controller:latest + name: manager + env: + - name: METRICS_SERVICE_NAME + value: "" + - name: METRICS_SERVICE_NAMESPACE + value: "" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 250Mi + requests: + cpu: 100m + memory: 250Mi serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/config/network-policy/allow-metrics-traffic.yaml b/config/network-policy/allow-metrics-traffic.yaml new file mode 100644 index 00000000..d2202eed --- /dev/null +++ b/config/network-policy/allow-metrics-traffic.yaml @@ -0,0 +1,26 @@ +# This NetworkPolicy allows ingress traffic + # with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those + # namespaces are able to gathering data from the metrics endpoint. +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/name: + app.kubernetes.io/managed-by: kustomize + name: allow-metrics-traffic + namespace: system +spec: + podSelector: + matchLabels: + control-plane: controller-manager + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label metrics: enabled + - from: + - namespaceSelector: + matchLabels: + metrics: enabled # Only from namespaces with this label + ports: + - port: 8443 + protocol: TCP \ No newline at end of file diff --git a/config/network-policy/allow-webhook-traffic.yaml b/config/network-policy/allow-webhook-traffic.yaml new file mode 100644 index 00000000..93062644 --- /dev/null +++ b/config/network-policy/allow-webhook-traffic.yaml @@ -0,0 +1,26 @@ +# This NetworkPolicy allows ingress traffic to your webhook server running + # as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks + # will only work when applied in namespaces labeled with 'webhook: enabled' +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/name: vault-config-operator + app.kubernetes.io/managed-by: kustomize + name: allow-webhook-traffic + namespace: system +spec: + podSelector: + matchLabels: + control-plane: controller-manager + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label webhook: enabled + - from: + - namespaceSelector: + matchLabels: + webhook: enabled # Only from namespaces with this label + ports: + - port: 443 + protocol: TCP \ No newline at end of file diff --git a/config/network-policy/kustomization.yaml b/config/network-policy/kustomization.yaml new file mode 100644 index 00000000..253ccc91 --- /dev/null +++ b/config/network-policy/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - allow-webhook-traffic.yaml + - allow-metrics-traffic.yaml \ No newline at end of file diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml index 140ef90d..c300af0a 100644 --- a/config/prometheus/kustomization.yaml +++ b/config/prometheus/kustomization.yaml @@ -1,7 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + resources: - monitor.yaml - role.yaml - rolebinding.yaml configurations: - - kustomizeconfig.yaml +- kustomizeconfig.yaml + + # [PROMETHEUS-WITH-CERTS] The following patch configures the ServiceMonitor in ../prometheus + # to securely reference certificates created and managed by cert-manager. + # Additionally, ensure that you uncomment the [METRICS WITH CERTMANAGER] patch under config/default/kustomization.yaml + # to mount the "metrics-server-cert" secret in the Manager Deployment. + #patches: + # - path: monitor_tls_patch.yaml + # target: + # kind: ServiceMonitor \ No newline at end of file diff --git a/config/prometheus/monitor-tls-patch.yaml b/config/prometheus/monitor-tls-patch.yaml new file mode 100644 index 00000000..558da2fa --- /dev/null +++ b/config/prometheus/monitor-tls-patch.yaml @@ -0,0 +1,19 @@ +# Patch for Prometheus ServiceMonitor to enable secure TLS configuration +# using certificates managed by cert-manager +- op: replace + path: /spec/endpoints/0/tlsConfig + value: + # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize + serverName: SERVICE_NAME.SERVICE_NAMESPACE.svc + insecureSkipVerify: false + ca: + secret: + name: metrics-server-cert + key: ca.crt + cert: + secret: + name: metrics-server-cert + key: tls.crt + keySecret: + name: metrics-server-cert + key: tls.key \ No newline at end of file diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index be5aa70e..b48b07a7 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -1,17 +1,20 @@ -resources: +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + # All RBAC will be applied under this service account in # the deployment namespace. You may comment out this resource # if your manager will use a service account that exists at # runtime. Be sure to update RoleBinding and ClusterRoleBinding # subjects if changing service account names. # - service_account.yaml +# Comment the following 4 lines if you want to disable +# the auth proxy (https://github.com/brancz/kube-rbac-proxy) +# which protects your /metrics endpoint. +resources: - role.yaml - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. - auth_proxy_service.yaml - auth_proxy_role.yaml - auth_proxy_role_binding.yaml diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index e661bf1c..745111aa 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -47,918 +47,40 @@ rules: - redhatcop.redhat.io resources: - authenginemounts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - authenginemounts/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - authenginemounts/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - azureauthengineconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - azureauthengineconfigs/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - azureauthengineconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - azureauthengineroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - azureauthengineroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - azureauthengineroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - azuresecretengineconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - azuresecretengineconfigs/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - azuresecretengineconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - azuresecretengineroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - azuresecretengineroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - azuresecretengineroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - certauthengineconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - certauthengineconfigs/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - certauthengineconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - certauthengineroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - certauthengineroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - certauthengineroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - databasesecretengineconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - databasesecretengineconfigs - - randomsecrets - verbs: - - get - - list - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - databasesecretengineconfigs/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - databasesecretengineconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - databasesecretengineroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - databasesecretengineroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - databasesecretengineroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - databasesecretenginestaticroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - databasesecretenginestaticroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - databasesecretenginestaticroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - gcpauthengineconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - gcpauthengineconfigs/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - gcpauthengineconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - gcpauthengineroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - gcpauthengineroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - gcpauthengineroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - githubsecretengineconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - githubsecretengineconfigs/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - githubsecretengineconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - githubsecretengineroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - githubsecretengineroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - githubsecretengineroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - groupaliases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - groupaliases/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - groupaliases/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - groups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - groups/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - groups/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - jwtoidcauthengineconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - jwtoidcauthengineconfigs/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - jwtoidcauthengineconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - jwtoidcauthengineroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - jwtoidcauthengineroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - jwtoidcauthengineroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - kubernetesauthengineconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - kubernetesauthengineconfigs/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - kubernetesauthengineconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - kubernetesauthengineroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - kubernetesauthengineroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - kubernetesauthengineroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - kubernetessecretengineconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - kubernetessecretengineconfigs/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - kubernetessecretengineconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - kubernetessecretengineroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - kubernetessecretengineroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - kubernetessecretengineroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - ldapauthengineconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - ldapauthengineconfigs/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - ldapauthengineconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - ldapauthenginegroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - ldapauthenginegroups/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - ldapauthenginegroups/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - passwordpolicies - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - passwordpolicies/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - passwordpolicies/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - pkisecretengineconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - pkisecretengineconfigs/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - pkisecretengineconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - pkisecretengineroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - pkisecretengineroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - pkisecretengineroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - policies - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - policies/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - policies/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: + - gcpauthengineconfigs + - gcpauthengineroles + - githubsecretengineconfigs + - githubsecretengineroles + - groupaliases + - groups + - jwtoidcauthengineconfigs + - jwtoidcauthengineroles + - kubernetesauthengineconfigs + - kubernetesauthengineroles + - kubernetessecretengineconfigs + - kubernetessecretengineroles + - ldapauthengineconfigs + - ldapauthenginegroups + - passwordpolicies + - pkisecretengineconfigs + - pkisecretengineroles + - policies - quaysecretengineconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - quaysecretengineconfigs/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - quaysecretengineconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - quaysecretengineroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - quaysecretengineroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - quaysecretengineroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - quaysecretenginestaticroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - quaysecretenginestaticroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - quaysecretenginestaticroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - rabbitmqsecretengineconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - rabbitmqsecretengineconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - rabbitmqsecretengineroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - rabbitmqsecretengineroles/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - rabbitmqsecretengineroles/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - randomsecrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - randomsecrets/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - randomsecrets/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - secretenginemounts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - redhatcop.redhat.io - resources: - - secretenginemounts/finalizers - verbs: - - update -- apiGroups: - - redhatcop.redhat.io - resources: - - secretenginemounts/status - verbs: - - get - - patch - - update -- apiGroups: - - redhatcop.redhat.io - resources: - vaultsecrets verbs: - create @@ -971,12 +93,81 @@ rules: - apiGroups: - redhatcop.redhat.io resources: + - authenginemounts/finalizers + - azureauthengineconfigs/finalizers + - azureauthengineroles/finalizers + - azuresecretengineconfigs/finalizers + - azuresecretengineroles/finalizers + - certauthengineconfigs/finalizers + - certauthengineroles/finalizers + - databasesecretengineconfigs/finalizers + - databasesecretengineroles/finalizers + - databasesecretenginestaticroles/finalizers + - gcpauthengineconfigs/finalizers + - gcpauthengineroles/finalizers + - githubsecretengineconfigs/finalizers + - githubsecretengineroles/finalizers + - groupaliases/finalizers + - groups/finalizers + - jwtoidcauthengineconfigs/finalizers + - jwtoidcauthengineroles/finalizers + - kubernetesauthengineconfigs/finalizers + - kubernetesauthengineroles/finalizers + - kubernetessecretengineconfigs/finalizers + - kubernetessecretengineroles/finalizers + - ldapauthengineconfigs/finalizers + - ldapauthenginegroups/finalizers + - passwordpolicies/finalizers + - pkisecretengineconfigs/finalizers + - pkisecretengineroles/finalizers + - policies/finalizers + - quaysecretengineconfigs/finalizers + - quaysecretengineroles/finalizers + - quaysecretenginestaticroles/finalizers + - rabbitmqsecretengineroles/finalizers + - randomsecrets/finalizers + - secretenginemounts/finalizers - vaultsecrets/finalizers verbs: - update - apiGroups: - redhatcop.redhat.io resources: + - authenginemounts/status + - azureauthengineconfigs/status + - azureauthengineroles/status + - azuresecretengineconfigs/status + - azuresecretengineroles/status + - certauthengineconfigs/status + - certauthengineroles/status + - databasesecretengineconfigs/status + - databasesecretengineroles/status + - databasesecretenginestaticroles/status + - gcpauthengineconfigs/status + - gcpauthengineroles/status + - githubsecretengineconfigs/status + - githubsecretengineroles/status + - groupaliases/status + - groups/status + - jwtoidcauthengineconfigs/status + - jwtoidcauthengineroles/status + - kubernetesauthengineconfigs/status + - kubernetesauthengineroles/status + - kubernetessecretengineconfigs/status + - kubernetessecretengineroles/status + - ldapauthengineconfigs/status + - ldapauthenginegroups/status + - passwordpolicies/status + - pkisecretengineconfigs/status + - pkisecretengineroles/status + - policies/status + - quaysecretengineconfigs/status + - quaysecretengineroles/status + - quaysecretenginestaticroles/status + - rabbitmqsecretengineconfigs/status + - rabbitmqsecretengineroles/status + - randomsecrets/status + - secretenginemounts/status - vaultsecrets/status verbs: - get diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index a470c88b..c88c9a31 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -1,3 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + ## Append samples you want in your CSV to this file as resources ## resources: - redhatcop_v1alpha1_kubernetesauthenginerole.yaml @@ -36,5 +39,3 @@ resources: - redhatcop_v1alpha1_gcpauthenginerole.yaml - redhatcop_v1alpha1_certauthengineconfig.yaml - redhatcop_v1alpha1_certauthenginerole.yaml -#+kubebuilder:scaffold:manifestskustomizesamples - diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml index 9cf26134..003c870a 100644 --- a/config/webhook/kustomization.yaml +++ b/config/webhook/kustomization.yaml @@ -1,3 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + resources: - manifests.yaml - service.yaml diff --git a/go.mod b/go.mod index 66ddaf2f..85872ce6 100644 --- a/go.mod +++ b/go.mod @@ -1,54 +1,61 @@ module github.com/redhat-cop/vault-config-operator -go 1.22.0 +go 1.24.0 require ( github.com/BurntSushi/toml v1.4.0 github.com/Masterminds/sprig/v3 v3.2.3 - github.com/go-logr/logr v1.4.2 + github.com/go-logr/logr v1.4.3 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/hcl/v2 v2.21.0 github.com/hashicorp/vault/api v1.14.0 - github.com/onsi/ginkgo/v2 v2.19.0 - github.com/onsi/gomega v1.33.1 - github.com/pkg/errors v0.9.1 + github.com/onsi/ginkgo/v2 v2.27.2 + github.com/onsi/gomega v1.38.2 github.com/scylladb/go-set v1.0.2 - k8s.io/api v0.29.2 - k8s.io/apiextensions-apiserver v0.29.2 - k8s.io/apimachinery v0.29.2 - k8s.io/client-go v0.29.2 - sigs.k8s.io/controller-runtime v0.17.3 + github.com/stretchr/testify v1.11.1 + k8s.io/api v0.33.0 + k8s.io/apiextensions-apiserver v0.33.0 + k8s.io/apimachinery v0.33.0 + k8s.io/client-go v0.33.0 + sigs.k8s.io/controller-runtime v0.21.0 sigs.k8s.io/yaml v1.4.0 ) require ( + cel.dev/expr v0.19.1 // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.2.0 // indirect + github.com/Masterminds/semver/v3 v3.4.0 // indirect github.com/agext/levenshtein v1.2.1 // indirect + github.com/antlr4-go/antlr/v4 v4.13.0 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/beorn7/perks v1.0.1 // indirect + github.com/blang/semver/v4 v4.0.0 // indirect github.com/cenkalti/backoff/v3 v3.0.0 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.8.0 // indirect + github.com/evanphx/json-patch/v5 v5.9.11 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-jose/go-jose/v4 v4.0.1 // indirect + github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect - github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/go-cmp v0.6.0 // indirect - github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect - github.com/google/uuid v1.3.0 // indirect + github.com/google/btree v1.1.3 // indirect + github.com/google/cel-go v0.23.2 // indirect + github.com/google/gnostic-models v0.6.9 // indirect + github.com/google/go-cmp v0.7.0 // indirect + github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.6 // indirect @@ -59,10 +66,10 @@ require ( github.com/hashicorp/hcl v1.0.0 // indirect github.com/huandu/xstrings v1.3.3 // indirect github.com/imdario/mergo v0.3.12 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/mitchellh/copystructure v1.0.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-wordwrap v1.0.0 // indirect @@ -71,41 +78,59 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/client_golang v1.18.0 // indirect - github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.45.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/prometheus/client_golang v1.22.0 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.62.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/shopspring/decimal v1.2.0 // indirect github.com/spf13/cast v1.3.1 // indirect + github.com/spf13/cobra v1.8.1 // indirect github.com/spf13/pflag v1.0.5 // indirect + github.com/stoewer/go-strcase v1.3.0 // indirect github.com/stretchr/objx v0.5.2 // indirect - github.com/stretchr/testify v1.11.1 // indirect + github.com/x448/float16 v0.8.4 // indirect github.com/zclconf/go-cty v1.13.0 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect + go.opentelemetry.io/otel v1.33.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 // indirect + go.opentelemetry.io/otel/metric v1.33.0 // indirect + go.opentelemetry.io/otel/sdk v1.33.0 // indirect + go.opentelemetry.io/otel/trace v1.33.0 // indirect + go.opentelemetry.io/proto/otlp v1.4.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.23.0 // indirect - golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect - golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/oauth2 v0.12.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect - golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.21.0 // indirect + go.uber.org/zap v1.27.0 // indirect + go.yaml.in/yaml/v3 v3.0.4 // indirect + golang.org/x/crypto v0.41.0 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect + golang.org/x/mod v0.27.0 // indirect + golang.org/x/net v0.43.0 // indirect + golang.org/x/oauth2 v0.27.0 // indirect + golang.org/x/sync v0.16.0 // indirect + golang.org/x/sys v0.35.0 // indirect + golang.org/x/term v0.34.0 // indirect + golang.org/x/text v0.28.0 // indirect + golang.org/x/time v0.9.0 // indirect + golang.org/x/tools v0.36.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/grpc v1.68.1 // indirect + google.golang.org/protobuf v1.36.7 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/component-base v0.29.2 // indirect - k8s.io/klog/v2 v2.110.1 // indirect - k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect - k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + k8s.io/apiserver v0.33.0 // indirect + k8s.io/component-base v0.33.0 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/randfill v1.0.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect ) diff --git a/go.sum b/go.sum index 76647fb5..8e4eaba2 100644 --- a/go.sum +++ b/go.sum @@ -1,13 +1,18 @@ +cel.dev/expr v0.19.1 h1:NciYrtDRIR0lNCnH1LFJegdjspNx9fI59O7TWcua/W4= +cel.dev/expr v0.19.1/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= +github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8= github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= +github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= +github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= @@ -16,66 +21,89 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c= github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= -github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= +github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fatih/set v0.2.1 h1:nn2CaJyknWE/6txyUDGwysr3G5QC6xWB/PtVjPBbeaA= github.com/fatih/set v0.2.1/go.mod h1:+RKtMCH+favT2+3YecHGxcc0b4KyVWA1QWWJUs4E0CI= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/gkampitakis/ciinfo v0.3.2 h1:JcuOPk8ZU7nZQjdUhctuhQofk7BGHuIy0c9Ez8BNhXs= +github.com/gkampitakis/ciinfo v0.3.2/go.mod h1:1NIwaOcFChN4fa/B0hEBdAb6npDlFL8Bwx4dfRLRqAo= +github.com/gkampitakis/go-diff v1.3.2 h1:Qyn0J9XJSDTgnsgHRdz9Zp24RaJeKMUHg2+PDZZdC4M= +github.com/gkampitakis/go-diff v1.3.2/go.mod h1:LLgOrpqleQe26cte8s36HTWcTmMEur6OPYerdAAS9tk= +github.com/gkampitakis/go-snaps v0.5.15 h1:amyJrvM1D33cPHwVrjo9jQxX8g/7E2wYdZ+01KS3zGE= +github.com/gkampitakis/go-snaps v0.5.15/go.mod h1:HNpx/9GoKisdhw9AFOBT1N7DBs9DiHo/hGheFGBZ+mc= github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= -github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= +github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw= +github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/cel-go v0.23.2 h1:UdEe3CvQh3Nv+E/j9r1Y//WO0K0cSyD7/y0bzyLIMI4= +github.com/google/cel-go v0.23.2/go.mod h1:52Pb6QsDbC5kvgxvZhiL9QX1oZEkcUF/ZqaPx1J5Wwo= +github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= +github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= +github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -108,12 +136,18 @@ github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/joshdk/go-junit v1.0.0 h1:S86cUKIdwBHWwA6xCmFlf3RTLfVXYQfvanM5Uh+K6GE= +github.com/joshdk/go-junit v1.0.0/go.mod h1:TiiV0PqkaNfFXjEiyjWM3XXrhVyCa1K4Zfga6W52ung= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= +github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -121,16 +155,20 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= +github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= +github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE= +github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= @@ -150,25 +188,27 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= -github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= -github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns= +github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= +github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= +github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= -github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= -github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= -github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= +github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io= +github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= @@ -178,8 +218,12 @@ github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXY github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= +github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -192,10 +236,18 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= +github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY= +github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= +github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= +github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= +github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY= +github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= @@ -203,44 +255,63 @@ github.com/zclconf/go-cty v1.13.0 h1:It5dfKTTZHe9aeppbNOda3mN7Ag7sg6QkBNm6TkyFa0 github.com/zclconf/go-cty v1.13.0/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= +go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= +go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 h1:5pojmb1U1AogINhN3SurB+zm/nIcusopeBNp42f45QM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0/go.mod h1:57gTHJSE5S1tqg+EKsLPlTWhpHMsWlVmer+LA926XiA= +go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= +go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= +go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM= +go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM= +go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= +go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= +go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg= +go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= -golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= -golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= +golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= +golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ= +golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= -golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= +golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= +golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M= +golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= +golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -250,75 +321,84 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= +golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4= +golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= +golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg= +golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0= +google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw= +google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= +google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= -k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= -k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= -k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= -k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= -k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= -k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.17.3 h1:65QmN7r3FWgTxDMz9fvGnO1kbf2nu+acg9p2R9oYYYk= -sigs.k8s.io/controller-runtime v0.17.3/go.mod h1:N0jpP5Lo7lMTF9aL56Z/B2oWBJjey6StQM0jRbKQXtY= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +k8s.io/api v0.33.0 h1:yTgZVn1XEe6opVpP1FylmNrIFWuDqe2H0V8CT5gxfIU= +k8s.io/api v0.33.0/go.mod h1:CTO61ECK/KU7haa3qq8sarQ0biLq2ju405IZAd9zsiM= +k8s.io/apiextensions-apiserver v0.33.0 h1:d2qpYL7Mngbsc1taA4IjJPRJ9ilnsXIrndH+r9IimOs= +k8s.io/apiextensions-apiserver v0.33.0/go.mod h1:VeJ8u9dEEN+tbETo+lFkwaaZPg6uFKLGj5vyNEwwSzc= +k8s.io/apimachinery v0.33.0 h1:1a6kHrJxb2hs4t8EE5wuR/WxKDwGN1FKH3JvDtA0CIQ= +k8s.io/apimachinery v0.33.0/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM= +k8s.io/apiserver v0.33.0 h1:QqcM6c+qEEjkOODHppFXRiw/cE2zP85704YrQ9YaBbc= +k8s.io/apiserver v0.33.0/go.mod h1:EixYOit0YTxt8zrO2kBU7ixAtxFce9gKGq367nFmqI8= +k8s.io/client-go v0.33.0 h1:UASR0sAYVUzs2kYuKn/ZakZlcs2bEHaizrrHUZg0G98= +k8s.io/client-go v0.33.0/go.mod h1:kGkd+l/gNGg8GYWAPr0xF1rRKvVWvzh9vmZAMXtaKOg= +k8s.io/component-base v0.33.0 h1:Ot4PyJI+0JAD9covDhwLp9UNkUja209OzsJ4FzScBNk= +k8s.io/component-base v0.33.0/go.mod h1:aXYZLbw3kihdkOPMDhWbjGCO6sg+luw554KP51t8qCU= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4= +k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 h1:jpcvIRr3GLoUoEKRkHKSmGjxb6lWwrBlJsXc+eUYQHM= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= +sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8= +sigs.k8s.io/controller-runtime v0.21.0/go.mod h1:OSg14+F65eWqIu4DceX7k/+QRAbTTvxeQSNSOQpukWM= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= +sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc= +sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/controllers/authenginemount_controller.go b/internal/controller/authenginemount_controller.go similarity index 87% rename from controllers/authenginemount_controller.go rename to internal/controller/authenginemount_controller.go index 3cd28c62..7e01fdfa 100644 --- a/controllers/authenginemount_controller.go +++ b/internal/controller/authenginemount_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // AuthEngineMountReconciler reconciles a AuthEngineMount object type AuthEngineMountReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=authenginemounts,verbs=get;list;watch;create;update;patch;delete @@ -72,15 +73,16 @@ func (r *AuthEngineMountReconciler) Reconcile(ctx context.Context, req ctrl.Requ ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultEngineResource := vaultresourcecontroller.NewVaultEngineResource(&r.ReconcilerBase, instance) + vaultEngineResource := vaultresourcecontroller2.NewVaultEngineResource(&r.ReconcilerBase, instance) return vaultEngineResource.Reconcile(ctx1, instance) } // SetupWithManager sets up the controller with the Manager. func (r *AuthEngineMountReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.AuthEngineMount{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.AuthEngineMount{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-authenginemount"). Complete(r) } diff --git a/controllers/azureauthengineconfig_controller.go b/internal/controller/azureauthengineconfig_controller.go similarity index 94% rename from controllers/azureauthengineconfig_controller.go rename to internal/controller/azureauthengineconfig_controller.go index faeb8d80..b09f0247 100644 --- a/controllers/azureauthengineconfig_controller.go +++ b/internal/controller/azureauthengineconfig_controller.go @@ -20,6 +20,8 @@ import ( "bytes" "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,12 +36,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // AzureAuthEngineConfigReconciler reconciles a AzureAuthEngineConfig object type AzureAuthEngineConfigReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=azureauthengineconfigs,verbs=get;list;watch;create;update;patch;delete @@ -68,9 +69,9 @@ func (r *AzureAuthEngineConfigReconciler) Reconcile(ctx context.Context, req ctr ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -137,7 +138,7 @@ func (r *AzureAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) err } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.AzureAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.AzureAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -182,6 +183,7 @@ func (r *AzureAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) err } return res }), builder.WithPredicates(isUpdatedRandomSecret)). + Named("vaultconfigoperator-azureauthengineconfig"). Complete(r) } diff --git a/controllers/azureauthenginerole_controller.go b/internal/controller/azureauthenginerole_controller.go similarity index 85% rename from controllers/azureauthenginerole_controller.go rename to internal/controller/azureauthenginerole_controller.go index 0d2c31a4..9ee97a10 100644 --- a/controllers/azureauthenginerole_controller.go +++ b/internal/controller/azureauthenginerole_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // AzureAuthEngineRoleReconciler reconciles a AzureAuthEngineRole object type AzureAuthEngineRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=azureauthengineroles,verbs=get;list;watch;create;update;patch;delete @@ -60,9 +61,9 @@ func (r *AzureAuthEngineRoleReconciler) Reconcile(ctx context.Context, req ctrl. ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -70,6 +71,7 @@ func (r *AzureAuthEngineRoleReconciler) Reconcile(ctx context.Context, req ctrl. // SetupWithManager sets up the controller with the Manager. func (r *AzureAuthEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.AzureAuthEngineRole{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.AzureAuthEngineRole{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-azureauthenginerole"). Complete(r) } diff --git a/controllers/azuresecretengineconfig_controller.go b/internal/controller/azuresecretengineconfig_controller.go similarity index 94% rename from controllers/azuresecretengineconfig_controller.go rename to internal/controller/azuresecretengineconfig_controller.go index 68b0d4e9..6d5e48e0 100644 --- a/controllers/azuresecretengineconfig_controller.go +++ b/internal/controller/azuresecretengineconfig_controller.go @@ -20,6 +20,8 @@ import ( "bytes" "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,12 +36,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // AzureSecretEngineConfigReconciler reconciles a AzureSecretEngineConfig object type AzureSecretEngineConfigReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=azuresecretengineconfigs,verbs=get;list;watch;create;update;patch;delete @@ -74,9 +75,9 @@ func (r *AzureSecretEngineConfigReconciler) Reconcile(ctx context.Context, req c ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -143,7 +144,7 @@ func (r *AzureSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) e } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.AzureSecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.AzureSecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -188,6 +189,7 @@ func (r *AzureSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) e } return res }), builder.WithPredicates(isUpdatedRandomSecret)). + Named("vaultconfigoperator-azuresecretengineconfig"). Complete(r) } diff --git a/controllers/azuresecretenginerole_controller.go b/internal/controller/azuresecretenginerole_controller.go similarity index 85% rename from controllers/azuresecretenginerole_controller.go rename to internal/controller/azuresecretenginerole_controller.go index cdd593ce..2ac00a8a 100644 --- a/controllers/azuresecretenginerole_controller.go +++ b/internal/controller/azuresecretenginerole_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // AzureSecretEngineRoleReconciler reconciles a AzureSecretEngineRole object type AzureSecretEngineRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=azuresecretengineroles,verbs=get;list;watch;create;update;patch;delete @@ -59,9 +60,9 @@ func (r *AzureSecretEngineRoleReconciler) Reconcile(ctx context.Context, req ctr ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -69,6 +70,7 @@ func (r *AzureSecretEngineRoleReconciler) Reconcile(ctx context.Context, req ctr // SetupWithManager sets up the controller with the Manager. func (r *AzureSecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.AzureSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.AzureSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-azuresecretenginerole"). Complete(r) } diff --git a/controllers/certauthengineconfig_controller.go b/internal/controller/certauthengineconfig_controller.go similarity index 87% rename from controllers/certauthengineconfig_controller.go rename to internal/controller/certauthengineconfig_controller.go index 31a3c23c..5b8b5ae8 100644 --- a/controllers/certauthengineconfig_controller.go +++ b/internal/controller/certauthengineconfig_controller.go @@ -19,18 +19,19 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // CertAuthEngineConfigReconciler reconciles a CertAuthEngineConfig object type CertAuthEngineConfigReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=certauthengineconfigs,verbs=get;list;watch;create;update;patch;delete @@ -62,9 +63,9 @@ func (r *CertAuthEngineConfigReconciler) Reconcile(ctx context.Context, req ctrl ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -73,5 +74,6 @@ func (r *CertAuthEngineConfigReconciler) Reconcile(ctx context.Context, req ctrl func (r *CertAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&redhatcopv1alpha1.CertAuthEngineConfig{}). + Named("vaultconfigoperator-certauthengineconfig"). Complete(r) } diff --git a/controllers/certauthenginerole_controller.go b/internal/controller/certauthenginerole_controller.go similarity index 87% rename from controllers/certauthenginerole_controller.go rename to internal/controller/certauthenginerole_controller.go index 75b8be9c..6d7a9f8f 100644 --- a/controllers/certauthenginerole_controller.go +++ b/internal/controller/certauthenginerole_controller.go @@ -19,18 +19,19 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // CertAuthEngineRoleReconciler reconciles a CertAuthEngineRole object type CertAuthEngineRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=certauthengineroles,verbs=get;list;watch;create;update;patch;delete @@ -62,9 +63,9 @@ func (r *CertAuthEngineRoleReconciler) Reconcile(ctx context.Context, req ctrl.R ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -73,5 +74,6 @@ func (r *CertAuthEngineRoleReconciler) Reconcile(ctx context.Context, req ctrl.R func (r *CertAuthEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&redhatcopv1alpha1.CertAuthEngineRole{}). + Named("vaultconfigoperator-certauthenginerole"). Complete(r) } diff --git a/controllers/commons.go b/internal/controller/commons.go similarity index 92% rename from controllers/commons.go rename to internal/controller/commons.go index 8f04bcfe..1849b5e8 100644 --- a/controllers/commons.go +++ b/internal/controller/commons.go @@ -2,10 +2,10 @@ package controllers import ( "context" + "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" //"github.com/redhat-cop/operator-utils/pkg/util" vaultutils "github.com/redhat-cop/vault-config-operator/api/v1alpha1/utils" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/log" ) diff --git a/controllers/controllertestutils/decoder.go b/internal/controller/controllertestutils/decoder.go similarity index 100% rename from controllers/controllertestutils/decoder.go rename to internal/controller/controllertestutils/decoder.go diff --git a/controllers/databasesecretengineconfig_controller.go b/internal/controller/databasesecretengineconfig_controller.go similarity index 94% rename from controllers/databasesecretengineconfig_controller.go rename to internal/controller/databasesecretengineconfig_controller.go index da142a0b..fb00c19d 100644 --- a/controllers/databasesecretengineconfig_controller.go +++ b/internal/controller/databasesecretengineconfig_controller.go @@ -21,8 +21,9 @@ import ( "context" "time" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -39,7 +40,7 @@ import ( // DatabaseSecretEngineConfigReconciler reconciles a DatabaseSecretEngineConfig object type DatabaseSecretEngineConfigReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=databasesecretengineconfigs,verbs=get;list;watch;create;update;patch;delete @@ -79,10 +80,10 @@ func (r *DatabaseSecretEngineConfigReconciler) Reconcile(ctx context.Context, re ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) _, err = vaultResource.Reconcile(ctx1, instance) @@ -103,7 +104,7 @@ func (r *DatabaseSecretEngineConfigReconciler) Reconcile(ctx context.Context, re log.V(1).Info("first password rotation") err = r.rotateRootPassword(ctx1, instance) if err != nil { - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } if instance.Spec.RootPasswordRotation.RotationPeriod.Duration != time.Duration(0) { return reconcile.Result{RequeueAfter: instance.Spec.RootPasswordRotation.RotationPeriod.Duration}, nil @@ -118,7 +119,7 @@ func (r *DatabaseSecretEngineConfigReconciler) Reconcile(ctx context.Context, re log.V(1).Info("time to rotate") err = r.rotateRootPassword(ctx1, instance) if err != nil { - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } return reconcile.Result{RequeueAfter: instance.Spec.RootPasswordRotation.RotationPeriod.Duration}, nil } else { @@ -210,7 +211,7 @@ func (r *DatabaseSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.DatabaseSecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.DatabaseSecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -255,6 +256,7 @@ func (r *DatabaseSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager } return res }), builder.WithPredicates(isUpdatedRandomSecret)). + Named("vaultconfigoperator-databasesecretengineconfig"). Complete(r) } diff --git a/controllers/databasesecretenginerole_controller.go b/internal/controller/databasesecretenginerole_controller.go similarity index 87% rename from controllers/databasesecretenginerole_controller.go rename to internal/controller/databasesecretenginerole_controller.go index b2e89e19..1a3bfd6f 100644 --- a/controllers/databasesecretenginerole_controller.go +++ b/internal/controller/databasesecretenginerole_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // DatabaseSecretEngineRoleReconciler reconciles a DatabaseSecretEngineRole object type DatabaseSecretEngineRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=databasesecretengineroles,verbs=get;list;watch;create;update;patch;delete @@ -70,9 +71,9 @@ func (r *DatabaseSecretEngineRoleReconciler) Reconcile(ctx context.Context, req ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -80,6 +81,7 @@ func (r *DatabaseSecretEngineRoleReconciler) Reconcile(ctx context.Context, req // SetupWithManager sets up the controller with the Manager. func (r *DatabaseSecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.DatabaseSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.DatabaseSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-databasesecretenginerole"). Complete(r) } diff --git a/controllers/databasesecretenginestaticrole_controller.go b/internal/controller/databasesecretenginestaticrole_controller.go similarity index 85% rename from controllers/databasesecretenginestaticrole_controller.go rename to internal/controller/databasesecretenginestaticrole_controller.go index 9ce19279..881e4104 100644 --- a/controllers/databasesecretenginestaticrole_controller.go +++ b/internal/controller/databasesecretenginestaticrole_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // DatabaseSecretEngineStaticRoleReconciler reconciles a DatabaseSecretEngineStaticRole object type DatabaseSecretEngineStaticRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=databasesecretenginestaticroles,verbs=get;list;watch;create;update;patch;delete @@ -61,9 +62,9 @@ func (r *DatabaseSecretEngineStaticRoleReconciler) Reconcile(ctx context.Context ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -71,6 +72,7 @@ func (r *DatabaseSecretEngineStaticRoleReconciler) Reconcile(ctx context.Context // SetupWithManager sets up the controller with the Manager. func (r *DatabaseSecretEngineStaticRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.DatabaseSecretEngineStaticRole{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.DatabaseSecretEngineStaticRole{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-databasesecretenginestaticrole"). Complete(r) } diff --git a/controllers/databasesecretenginestaticrole_controller_test.go b/internal/controller/databasesecretenginestaticrole_controller_test.go similarity index 99% rename from controllers/databasesecretenginestaticrole_controller_test.go rename to internal/controller/databasesecretenginestaticrole_controller_test.go index 37fef17b..3ce250b4 100644 --- a/controllers/databasesecretenginestaticrole_controller_test.go +++ b/internal/controller/databasesecretenginestaticrole_controller_test.go @@ -6,12 +6,12 @@ package controllers import ( "encoding/json" "fmt" + "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" "time" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" diff --git a/controllers/gcpauthengineconfig_controller.go b/internal/controller/gcpauthengineconfig_controller.go similarity index 94% rename from controllers/gcpauthengineconfig_controller.go rename to internal/controller/gcpauthengineconfig_controller.go index 984de92f..8b3ec48c 100644 --- a/controllers/gcpauthengineconfig_controller.go +++ b/internal/controller/gcpauthengineconfig_controller.go @@ -20,6 +20,8 @@ import ( "bytes" "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,12 +36,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // GCPAuthEngineConfigReconciler reconciles a GCPAuthEngineConfig object type GCPAuthEngineConfigReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=gcpauthengineconfigs,verbs=get;list;watch;create;update;patch;delete @@ -69,9 +70,9 @@ func (r *GCPAuthEngineConfigReconciler) Reconcile(ctx context.Context, req ctrl. ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -138,7 +139,7 @@ func (r *GCPAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) error } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.GCPAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.GCPAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -183,6 +184,7 @@ func (r *GCPAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) error } return res }), builder.WithPredicates(isUpdatedRandomSecret)). + Named("vaultconfigoperator-gcpauthengineconfig"). Complete(r) } diff --git a/controllers/gcpauthenginerole_controller.go b/internal/controller/gcpauthenginerole_controller.go similarity index 87% rename from controllers/gcpauthenginerole_controller.go rename to internal/controller/gcpauthenginerole_controller.go index 2f7f62a0..c24664ff 100644 --- a/controllers/gcpauthenginerole_controller.go +++ b/internal/controller/gcpauthenginerole_controller.go @@ -19,18 +19,19 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // GCPAuthEngineRoleReconciler reconciles a GCPAuthEngineRole object type GCPAuthEngineRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=gcpauthengineroles,verbs=get;list;watch;create;update;patch;delete @@ -60,9 +61,9 @@ func (r *GCPAuthEngineRoleReconciler) Reconcile(ctx context.Context, req ctrl.Re ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -71,5 +72,6 @@ func (r *GCPAuthEngineRoleReconciler) Reconcile(ctx context.Context, req ctrl.Re func (r *GCPAuthEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&redhatcopv1alpha1.GCPAuthEngineRole{}). + Named("vaultconfigoperator-gcpauthenginerole"). Complete(r) } diff --git a/controllers/githubsecretengineconfig_controller.go b/internal/controller/githubsecretengineconfig_controller.go similarity index 92% rename from controllers/githubsecretengineconfig_controller.go rename to internal/controller/githubsecretengineconfig_controller.go index 1d44484d..4ec40cfd 100644 --- a/controllers/githubsecretengineconfig_controller.go +++ b/internal/controller/githubsecretengineconfig_controller.go @@ -20,6 +20,8 @@ import ( "bytes" "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,12 +36,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // GitHubSecretEngineConfigReconciler reconciles a GitHubSecretEngineConfig object type GitHubSecretEngineConfigReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=githubsecretengineconfigs,verbs=get;list;watch;create;update;patch;delete @@ -78,9 +79,9 @@ func (r *GitHubSecretEngineConfigReconciler) Reconcile(ctx context.Context, req ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -118,7 +119,7 @@ func (r *GitHubSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.GitHubSecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.GitHubSecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -141,6 +142,7 @@ func (r *GitHubSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) } return res }), builder.WithPredicates(isSSHSecret)). + Named("vaultconfigoperator-githubsecretengineconfig"). Complete(r) } diff --git a/controllers/githubsecretenginerole_controller.go b/internal/controller/githubsecretenginerole_controller.go similarity index 87% rename from controllers/githubsecretenginerole_controller.go rename to internal/controller/githubsecretenginerole_controller.go index c13c4e18..c8f937bb 100644 --- a/controllers/githubsecretenginerole_controller.go +++ b/internal/controller/githubsecretenginerole_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // GitHubSecretEngineRoleReconciler reconciles a GitHubSecretEngineRole object type GitHubSecretEngineRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=githubsecretengineroles,verbs=get;list;watch;create;update;patch;delete @@ -70,9 +71,9 @@ func (r *GitHubSecretEngineRoleReconciler) Reconcile(ctx context.Context, req ct ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -80,6 +81,7 @@ func (r *GitHubSecretEngineRoleReconciler) Reconcile(ctx context.Context, req ct // SetupWithManager sets up the controller with the Manager. func (r *GitHubSecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.GitHubSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.GitHubSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-githubsecretenginerole"). Complete(r) } diff --git a/controllers/group_controller.go b/internal/controller/group_controller.go similarity index 87% rename from controllers/group_controller.go rename to internal/controller/group_controller.go index b8b4214b..b082e865 100644 --- a/controllers/group_controller.go +++ b/internal/controller/group_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // GroupReconciler reconciles a Group object type GroupReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=groups,verbs=get;list;watch;create;update;patch;delete @@ -67,9 +68,9 @@ func (r *GroupReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -77,6 +78,7 @@ func (r *GroupReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl // SetupWithManager sets up the controller with the Manager. func (r *GroupReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.Group{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.Group{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-group"). Complete(r) } diff --git a/controllers/groupalias_controller.go b/internal/controller/groupalias_controller.go similarity index 86% rename from controllers/groupalias_controller.go rename to internal/controller/groupalias_controller.go index 79b12921..667a542a 100644 --- a/controllers/groupalias_controller.go +++ b/internal/controller/groupalias_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // GroupAliasReconciler reconciles a GroupAlias object type GroupAliasReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=groupaliases,verbs=get;list;watch;create;update;patch;delete @@ -67,9 +68,9 @@ func (r *GroupAliasReconciler) Reconcile(ctx context.Context, req ctrl.Request) ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -77,6 +78,7 @@ func (r *GroupAliasReconciler) Reconcile(ctx context.Context, req ctrl.Request) // SetupWithManager sets up the controller with the Manager. func (r *GroupAliasReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.GroupAlias{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.GroupAlias{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-groupalias"). Complete(r) } diff --git a/controllers/jwtoidcauthengineconfig_controller.go b/internal/controller/jwtoidcauthengineconfig_controller.go similarity index 94% rename from controllers/jwtoidcauthengineconfig_controller.go rename to internal/controller/jwtoidcauthengineconfig_controller.go index 928e95b9..1108ff66 100644 --- a/controllers/jwtoidcauthengineconfig_controller.go +++ b/internal/controller/jwtoidcauthengineconfig_controller.go @@ -20,6 +20,8 @@ import ( "bytes" "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,12 +36,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // JWTOIDCAuthEngineConfigReconciler reconciles a JWTOIDCAuthEngineConfig object type JWTOIDCAuthEngineConfigReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=jwtoidcauthengineconfigs,verbs=get;list;watch;create;update;patch;delete @@ -73,9 +74,9 @@ func (r *JWTOIDCAuthEngineConfigReconciler) Reconcile(ctx context.Context, req c ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -142,7 +143,7 @@ func (r *JWTOIDCAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) e } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.JWTOIDCAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.JWTOIDCAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -187,6 +188,7 @@ func (r *JWTOIDCAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) e } return res }), builder.WithPredicates(isUpdatedRandomSecret)). + Named("vaultconfigoperator-jwtoidcauthengineconfig"). Complete(r) } diff --git a/controllers/jwtoidcauthenginerole_controller.go b/internal/controller/jwtoidcauthenginerole_controller.go similarity index 86% rename from controllers/jwtoidcauthenginerole_controller.go rename to internal/controller/jwtoidcauthenginerole_controller.go index f6e1002a..c3b238fa 100644 --- a/controllers/jwtoidcauthenginerole_controller.go +++ b/internal/controller/jwtoidcauthenginerole_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // JWTOIDCAuthEngineRoleReconciler reconciles a JWTOIDCAuthEngineRole object type JWTOIDCAuthEngineRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=jwtoidcauthengineroles,verbs=get;list;watch;create;update;patch;delete @@ -65,9 +66,9 @@ func (r *JWTOIDCAuthEngineRoleReconciler) Reconcile(ctx context.Context, req ctr ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -75,6 +76,7 @@ func (r *JWTOIDCAuthEngineRoleReconciler) Reconcile(ctx context.Context, req ctr // SetupWithManager sets up the controller with the Manager. func (r *JWTOIDCAuthEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.JWTOIDCAuthEngineRole{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.JWTOIDCAuthEngineRole{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-jwtoidcauthenginerole"). Complete(r) } diff --git a/controllers/kubernetesauthengineconfig_controller.go b/internal/controller/kubernetesauthengineconfig_controller.go similarity index 87% rename from controllers/kubernetesauthengineconfig_controller.go rename to internal/controller/kubernetesauthengineconfig_controller.go index 8f474a42..3dcef62e 100644 --- a/controllers/kubernetesauthengineconfig_controller.go +++ b/internal/controller/kubernetesauthengineconfig_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // KubernetesAuthEngineConfigReconciler reconciles a KubernetesAuthEngineConfig object type KubernetesAuthEngineConfigReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=kubernetesauthengineconfigs,verbs=get;list;watch;create;update;patch;delete @@ -73,9 +74,9 @@ func (r *KubernetesAuthEngineConfigReconciler) Reconcile(ctx context.Context, re ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -84,6 +85,7 @@ func (r *KubernetesAuthEngineConfigReconciler) Reconcile(ctx context.Context, re func (r *KubernetesAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.KubernetesAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.KubernetesAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-kubernetesauthengineconfig"). Complete(r) } diff --git a/controllers/kubernetesauthenginerole_controller.go b/internal/controller/kubernetesauthenginerole_controller.go similarity index 92% rename from controllers/kubernetesauthenginerole_controller.go rename to internal/controller/kubernetesauthenginerole_controller.go index efa46241..e000b125 100644 --- a/controllers/kubernetesauthenginerole_controller.go +++ b/internal/controller/kubernetesauthenginerole_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -32,12 +34,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // KubernetesAuthEngineRoleReconciler reconciles a KubernetesAuthEngineRole object type KubernetesAuthEngineRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=kubernetesauthengineroles,verbs=get;list;watch;create;update;patch;delete @@ -76,9 +77,9 @@ func (r *KubernetesAuthEngineRoleReconciler) Reconcile(ctx context.Context, req ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -86,7 +87,7 @@ func (r *KubernetesAuthEngineRoleReconciler) Reconcile(ctx context.Context, req // SetupWithManager sets up the controller with the Manager. func (r *KubernetesAuthEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.KubernetesAuthEngineRole{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.KubernetesAuthEngineRole{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). Watches(&corev1.Namespace{ TypeMeta: metav1.TypeMeta{ Kind: "Namespace", @@ -109,6 +110,7 @@ func (r *KubernetesAuthEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) } return res })). + Named("vaultconfigoperator-kubernetesauthenginerole"). Complete(r) } diff --git a/controllers/kubernetessecretengineconfig_controller.go b/internal/controller/kubernetessecretengineconfig_controller.go similarity index 92% rename from controllers/kubernetessecretengineconfig_controller.go rename to internal/controller/kubernetessecretengineconfig_controller.go index 7f882944..0dc68e90 100644 --- a/controllers/kubernetessecretengineconfig_controller.go +++ b/internal/controller/kubernetessecretengineconfig_controller.go @@ -20,6 +20,8 @@ import ( "bytes" "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" @@ -33,13 +35,12 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" corev1 "k8s.io/api/core/v1" ) // KubernetesSecretEngineConfigReconciler reconciles a KubernetesSecretEngineConfig object type KubernetesSecretEngineConfigReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=kubernetessecretengineconfigs,verbs=get;list;watch;create;update;patch;delete @@ -72,9 +73,9 @@ func (r *KubernetesSecretEngineConfigReconciler) Reconcile(ctx context.Context, ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -112,7 +113,7 @@ func (r *KubernetesSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manag } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.KubernetesSecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.KubernetesSecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -135,6 +136,7 @@ func (r *KubernetesSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manag } return res }), builder.WithPredicates(isSATokenSecret)). + Named("vaultconfigoperator-kubernetessecretengineconfig"). Complete(r) } diff --git a/controllers/kubernetessecretenginerole_controller.go b/internal/controller/kubernetessecretenginerole_controller.go similarity index 86% rename from controllers/kubernetessecretenginerole_controller.go rename to internal/controller/kubernetessecretenginerole_controller.go index 21ff5911..8dfd31df 100644 --- a/controllers/kubernetessecretenginerole_controller.go +++ b/internal/controller/kubernetessecretenginerole_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // KubernetesSecretEngineRoleReconciler reconciles a KubernetesSecretEngineRole object type KubernetesSecretEngineRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=kubernetessecretengineroles,verbs=get;list;watch;create;update;patch;delete @@ -64,9 +65,9 @@ func (r *KubernetesSecretEngineRoleReconciler) Reconcile(ctx context.Context, re ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -74,6 +75,7 @@ func (r *KubernetesSecretEngineRoleReconciler) Reconcile(ctx context.Context, re // SetupWithManager sets up the controller with the Manager. func (r *KubernetesSecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.KubernetesSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.KubernetesSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-kubernetessecretenginerole"). Complete(r) } diff --git a/controllers/ldapauthengineconfig_controller.go b/internal/controller/ldapauthengineconfig_controller.go similarity index 95% rename from controllers/ldapauthengineconfig_controller.go rename to internal/controller/ldapauthengineconfig_controller.go index 8502628d..5bded318 100644 --- a/controllers/ldapauthengineconfig_controller.go +++ b/internal/controller/ldapauthengineconfig_controller.go @@ -20,6 +20,8 @@ import ( "bytes" "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,12 +36,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // LDAPAuthEngineConfigReconciler reconciles a LDAPAuthEngineConfig object type LDAPAuthEngineConfigReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=ldapauthengineconfigs,verbs=get;list;watch;create;update;patch;delete @@ -73,9 +74,9 @@ func (r *LDAPAuthEngineConfigReconciler) Reconcile(ctx context.Context, req ctrl ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -172,7 +173,7 @@ func (r *LDAPAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) erro } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.LDAPAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.LDAPAuthEngineConfig{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -239,6 +240,7 @@ func (r *LDAPAuthEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) erro } return res }), builder.WithPredicates(isUpdatedRandomSecret)). + Named("vaultconfigoperator-ldapauthengineconfig"). Complete(r) } diff --git a/controllers/ldapauthenginegroup_controller.go b/internal/controller/ldapauthenginegroup_controller.go similarity index 86% rename from controllers/ldapauthenginegroup_controller.go rename to internal/controller/ldapauthenginegroup_controller.go index 687473a5..3e5d6629 100644 --- a/controllers/ldapauthenginegroup_controller.go +++ b/internal/controller/ldapauthenginegroup_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // LDAPAuthEngineGroupReconciler reconciles a LDAPAuthEngineGroup object type LDAPAuthEngineGroupReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=ldapauthenginegroups,verbs=get;list;watch;create;update;patch;delete @@ -65,9 +66,9 @@ func (r *LDAPAuthEngineGroupReconciler) Reconcile(ctx context.Context, req ctrl. ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -75,6 +76,7 @@ func (r *LDAPAuthEngineGroupReconciler) Reconcile(ctx context.Context, req ctrl. // SetupWithManager sets up the controller with the Manager. func (r *LDAPAuthEngineGroupReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.LDAPAuthEngineGroup{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.LDAPAuthEngineGroup{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-ldapauthenginegroup"). Complete(r) } diff --git a/controllers/passwordpolicy_controller.go b/internal/controller/passwordpolicy_controller.go similarity index 87% rename from controllers/passwordpolicy_controller.go rename to internal/controller/passwordpolicy_controller.go index 952b62a2..c3f3c78d 100644 --- a/controllers/passwordpolicy_controller.go +++ b/internal/controller/passwordpolicy_controller.go @@ -19,18 +19,19 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // PasswordPolicyReconciler reconciles a PasswordPolicy object type PasswordPolicyReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=passwordpolicies,verbs=get;list;watch;create;update;patch;delete @@ -67,9 +68,9 @@ func (r *PasswordPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -77,6 +78,7 @@ func (r *PasswordPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque // SetupWithManager sets up the controller with the Manager. func (r *PasswordPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.PasswordPolicy{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.PasswordPolicy{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-passwordpolicy"). Complete(r) } diff --git a/controllers/pkisecretengine_controller_test.go b/internal/controller/pkisecretengine_controller_test.go similarity index 98% rename from controllers/pkisecretengine_controller_test.go rename to internal/controller/pkisecretengine_controller_test.go index 28ada71c..a65a482a 100644 --- a/controllers/pkisecretengine_controller_test.go +++ b/internal/controller/pkisecretengine_controller_test.go @@ -6,12 +6,12 @@ package controllers import ( "encoding/json" "fmt" + "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" "time" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" diff --git a/controllers/pkisecretengineconfig_controller.go b/internal/controller/pkisecretengineconfig_controller.go similarity index 86% rename from controllers/pkisecretengineconfig_controller.go rename to internal/controller/pkisecretengineconfig_controller.go index d2b3af54..4e357d17 100644 --- a/controllers/pkisecretengineconfig_controller.go +++ b/internal/controller/pkisecretengineconfig_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // PKISecretEngineConfigReconciler reconciles a PKISecretEngineConfig object type PKISecretEngineConfigReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=pkisecretengineconfigs,verbs=get;list;watch;create;update;patch;delete @@ -65,9 +66,9 @@ func (r *PKISecretEngineConfigReconciler) Reconcile(ctx context.Context, req ctr ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultPKIEngineResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultPKIEngineResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -75,6 +76,7 @@ func (r *PKISecretEngineConfigReconciler) Reconcile(ctx context.Context, req ctr // SetupWithManager sets up the controller with the Manager. func (r *PKISecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.PKISecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.PKISecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-pkisecretengineconfig"). Complete(r) } diff --git a/controllers/pkisecretenginerole_controller.go b/internal/controller/pkisecretenginerole_controller.go similarity index 86% rename from controllers/pkisecretenginerole_controller.go rename to internal/controller/pkisecretenginerole_controller.go index c5d90d32..e6dd00b9 100644 --- a/controllers/pkisecretenginerole_controller.go +++ b/internal/controller/pkisecretenginerole_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // PKISecretEngineRoleReconciler reconciles a PKISecretEngineRole object type PKISecretEngineRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=pkisecretengineroles,verbs=get;list;watch;create;update;patch;delete @@ -65,9 +66,9 @@ func (r *PKISecretEngineRoleReconciler) Reconcile(ctx context.Context, req ctrl. ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -75,6 +76,7 @@ func (r *PKISecretEngineRoleReconciler) Reconcile(ctx context.Context, req ctrl. // SetupWithManager sets up the controller with the Manager. func (r *PKISecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.PKISecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.PKISecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-pkisecretenginerole"). Complete(r) } diff --git a/controllers/policy_controller.go b/internal/controller/policy_controller.go similarity index 87% rename from controllers/policy_controller.go rename to internal/controller/policy_controller.go index 4a2adc55..5d1aee0c 100644 --- a/controllers/policy_controller.go +++ b/internal/controller/policy_controller.go @@ -19,8 +19,9 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -29,7 +30,7 @@ import ( // PolicyReconciler reconciles a Policy object type PolicyReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=policies,verbs=get;list;watch;create;update;patch;delete @@ -67,9 +68,9 @@ func (r *PolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -77,6 +78,7 @@ func (r *PolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr // SetupWithManager sets up the controller with the Manager. func (r *PolicyReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.Policy{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.Policy{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-policy"). Complete(r) } diff --git a/controllers/quaysecretengineconfig_controller.go b/internal/controller/quaysecretengineconfig_controller.go similarity index 94% rename from controllers/quaysecretengineconfig_controller.go rename to internal/controller/quaysecretengineconfig_controller.go index 3f7715ed..a5da46e3 100644 --- a/controllers/quaysecretengineconfig_controller.go +++ b/internal/controller/quaysecretengineconfig_controller.go @@ -20,6 +20,8 @@ import ( "bytes" "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,12 +36,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // QuaySecretEngineConfigReconciler reconciles a QuaySecretEngineConfig object type QuaySecretEngineConfigReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=quaysecretengineconfigs,verbs=get;list;watch;create;update;patch;delete @@ -69,9 +70,9 @@ func (r *QuaySecretEngineConfigReconciler) Reconcile(ctx context.Context, req ct ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -140,7 +141,7 @@ func (r *QuaySecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) er } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.QuaySecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.QuaySecretEngineConfig{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). Watches(&corev1.Secret{ TypeMeta: metav1.TypeMeta{ Kind: "Secret", @@ -185,6 +186,7 @@ func (r *QuaySecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager) er } return res }), builder.WithPredicates(isUpdatedRandomSecret)). + Named("vaultconfigoperator-quaysecretengineconfig"). Complete(r) } diff --git a/controllers/quaysecretenginerole_controller.go b/internal/controller/quaysecretenginerole_controller.go similarity index 85% rename from controllers/quaysecretenginerole_controller.go rename to internal/controller/quaysecretenginerole_controller.go index 44465cac..0a21aad8 100644 --- a/controllers/quaysecretenginerole_controller.go +++ b/internal/controller/quaysecretenginerole_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // QuaySecretEngineRoleReconciler reconciles a QuaySecretEngineRole object type QuaySecretEngineRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=quaysecretengineroles,verbs=get;list;watch;create;update;patch;delete @@ -61,9 +62,9 @@ func (r *QuaySecretEngineRoleReconciler) Reconcile(ctx context.Context, req ctrl ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) @@ -72,6 +73,7 @@ func (r *QuaySecretEngineRoleReconciler) Reconcile(ctx context.Context, req ctrl // SetupWithManager sets up the controller with the Manager. func (r *QuaySecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.QuaySecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.QuaySecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-quaysecretenginerole"). Complete(r) } diff --git a/controllers/quaysecretenginestaticrole_controller.go b/internal/controller/quaysecretenginestaticrole_controller.go similarity index 85% rename from controllers/quaysecretenginestaticrole_controller.go rename to internal/controller/quaysecretenginestaticrole_controller.go index 7f248cf7..9016a4a7 100644 --- a/controllers/quaysecretenginestaticrole_controller.go +++ b/internal/controller/quaysecretenginestaticrole_controller.go @@ -19,6 +19,8 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -26,12 +28,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" ) // QuaySecretEngineStaticRoleReconciler reconciles a QuaySecretEngineStaticRole object type QuaySecretEngineStaticRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=quaysecretenginestaticroles,verbs=get;list;watch;create;update;patch;delete @@ -61,9 +62,9 @@ func (r *QuaySecretEngineStaticRoleReconciler) Reconcile(ctx context.Context, re ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -71,6 +72,7 @@ func (r *QuaySecretEngineStaticRoleReconciler) Reconcile(ctx context.Context, re // SetupWithManager sets up the controller with the Manager. func (r *QuaySecretEngineStaticRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.QuaySecretEngineStaticRole{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.QuaySecretEngineStaticRole{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-quaysecretenginestaticrole"). Complete(r) } diff --git a/controllers/rabbitmqsecretengineconfig_controller.go b/internal/controller/rabbitmqsecretengineconfig_controller.go similarity index 97% rename from controllers/rabbitmqsecretengineconfig_controller.go rename to internal/controller/rabbitmqsecretengineconfig_controller.go index 0e6ef007..4cb9420a 100644 --- a/controllers/rabbitmqsecretengineconfig_controller.go +++ b/internal/controller/rabbitmqsecretengineconfig_controller.go @@ -19,9 +19,10 @@ package controllers import ( "context" + "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" vaultutils "github.com/redhat-cop/vault-config-operator/api/v1alpha1/utils" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -127,5 +128,6 @@ func (r *RabbitMQSecretEngineConfigReconciler) SetupWithManager(mgr ctrl.Manager return ctrl.NewControllerManagedBy(mgr). For(&redhatcopv1alpha1.RabbitMQSecretEngineConfig{}, builder.WithPredicates(filter, vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-rabbitmqsecretengineconfig"). Complete(r) } diff --git a/controllers/rabbitmqsecretenginerole_controller.go b/internal/controller/rabbitmqsecretenginerole_controller.go similarity index 87% rename from controllers/rabbitmqsecretenginerole_controller.go rename to internal/controller/rabbitmqsecretenginerole_controller.go index cc911537..496f046a 100644 --- a/controllers/rabbitmqsecretenginerole_controller.go +++ b/internal/controller/rabbitmqsecretenginerole_controller.go @@ -19,8 +19,9 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -30,7 +31,7 @@ import ( // RabbitMQSecretEngineRoleReconciler reconciles a RabbitMQSecretEngineRole object type RabbitMQSecretEngineRoleReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=rabbitmqsecretengineroles,verbs=get;list;watch;create;update;patch;delete @@ -69,9 +70,9 @@ func (r *RabbitMQSecretEngineRoleReconciler) Reconcile(ctx context.Context, req ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultResource := vaultresourcecontroller.NewVaultResource(&r.ReconcilerBase, instance) + vaultResource := vaultresourcecontroller2.NewVaultResource(&r.ReconcilerBase, instance) return vaultResource.Reconcile(ctx1, instance) } @@ -79,6 +80,7 @@ func (r *RabbitMQSecretEngineRoleReconciler) Reconcile(ctx context.Context, req // SetupWithManager sets up the controller with the Manager. func (r *RabbitMQSecretEngineRoleReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.RabbitMQSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.RabbitMQSecretEngineRole{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). + Named("vaultconfigoperator-rabbitmqsecretenginerole"). Complete(r) } diff --git a/controllers/randomsecret_controller.go b/internal/controller/randomsecret_controller.go similarity index 98% rename from controllers/randomsecret_controller.go rename to internal/controller/randomsecret_controller.go index f08dad89..3f0e39ac 100644 --- a/controllers/randomsecret_controller.go +++ b/internal/controller/randomsecret_controller.go @@ -18,12 +18,12 @@ package controllers import ( "context" + "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" "reflect" "time" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" vaultutils "github.com/redhat-cop/vault-config-operator/api/v1alpha1/utils" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ctrl "sigs.k8s.io/controller-runtime" diff --git a/controllers/randomsecret_controller_test.go b/internal/controller/randomsecret_controller_test.go similarity index 99% rename from controllers/randomsecret_controller_test.go rename to internal/controller/randomsecret_controller_test.go index 23c6910c..31aa019b 100644 --- a/controllers/randomsecret_controller_test.go +++ b/internal/controller/randomsecret_controller_test.go @@ -7,6 +7,7 @@ import ( "context" "encoding/json" "fmt" + "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" "reflect" "regexp" "time" @@ -14,8 +15,6 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" diff --git a/controllers/secretenginemount_controller.go b/internal/controller/secretenginemount_controller.go similarity index 88% rename from controllers/secretenginemount_controller.go rename to internal/controller/secretenginemount_controller.go index 73280cf0..82444b3a 100644 --- a/controllers/secretenginemount_controller.go +++ b/internal/controller/secretenginemount_controller.go @@ -18,9 +18,9 @@ package controllers import ( "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" apierrors "k8s.io/apimachinery/pkg/api/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -30,7 +30,7 @@ import ( // SecretEngineMountReconciler reconciles a SecretEngineMount object type SecretEngineMountReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=secretenginemounts,verbs=get;list;watch;create;update;patch;delete @@ -68,9 +68,9 @@ func (r *SecretEngineMountReconciler) Reconcile(ctx context.Context, req ctrl.Re ctx1, err := prepareContext(ctx, r.ReconcilerBase, instance) if err != nil { r.Log.Error(err, "unable to prepare context", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } - vaultEngineResource := vaultresourcecontroller.NewVaultEngineResource(&r.ReconcilerBase, instance) + vaultEngineResource := vaultresourcecontroller2.NewVaultEngineResource(&r.ReconcilerBase, instance) return vaultEngineResource.Reconcile(ctx1, instance) } @@ -78,6 +78,6 @@ func (r *SecretEngineMountReconciler) Reconcile(ctx context.Context, req ctrl.Re // SetupWithManager sets up the controller with the Manager. func (r *SecretEngineMountReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.SecretEngineMount{}, builder.WithPredicates(vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.SecretEngineMount{}, builder.WithPredicates(vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). Complete(r) } diff --git a/controllers/suite_integration_test.go b/internal/controller/suite_integration_test.go similarity index 93% rename from controllers/suite_integration_test.go rename to internal/controller/suite_integration_test.go index f3400092..72f71bea 100644 --- a/controllers/suite_integration_test.go +++ b/internal/controller/suite_integration_test.go @@ -25,15 +25,17 @@ import ( "path/filepath" "testing" + "github.com/redhat-cop/vault-config-operator/internal/controller/controllertestutils" + "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + "net/http" vault "github.com/hashicorp/vault/api" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - controllertestutils "github.com/redhat-cop/vault-config-operator/controllers/controllertestutils" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes/scheme" @@ -98,6 +100,7 @@ var _ = BeforeSuite(func() { By("bootstrapping test environment") testIntegrationEnv = &envtest.Environment{ + BinaryAssetsDirectory: getFirstFoundEnvTestBinaryDir(), CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, ErrorIfCRDPathMissing: true, } @@ -237,3 +240,18 @@ var _ = AfterSuite(func() { err := testIntegrationEnv.Stop() Expect(err).NotTo(HaveOccurred()) }) + +func getFirstFoundEnvTestBinaryDir() string { + basePath := filepath.Join("..", "..", "..", "bin", "k8s") + entries, err := os.ReadDir(basePath) + if err != nil { + logf.Log.Error(err, "Failed to read directory", "path", basePath) + return "" + } + for _, entry := range entries { + if entry.IsDir() { + return filepath.Join(basePath, entry.Name()) + } + } + return "" +} diff --git a/controllers/suite_test.go b/internal/controller/suite_test.go similarity index 81% rename from controllers/suite_test.go rename to internal/controller/suite_test.go index b52c96fd..a0aca829 100644 --- a/controllers/suite_test.go +++ b/internal/controller/suite_test.go @@ -20,11 +20,13 @@ limitations under the License. package controllers import ( + "os" "path/filepath" "testing" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/rest" "sigs.k8s.io/controller-runtime/pkg/client" @@ -54,7 +56,8 @@ var _ = BeforeSuite(func() { By("bootstrapping test environment") testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, + BinaryAssetsDirectory: getFirstFoundEnvTestBinaryDir(), + CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, ErrorIfCRDPathMissing: true, } @@ -84,3 +87,18 @@ var _ = AfterSuite(func() { err := testEnv.Stop() Expect(err).NotTo(HaveOccurred()) }) + +func getFirstFoundEnvTestBinaryDir() string { + basePath := filepath.Join("..", "..", "..", "bin", "k8s") + entries, err := os.ReadDir(basePath) + if err != nil { + logf.Log.Error(err, "Failed to read directory", "path", basePath) + return "" + } + for _, entry := range entries { + if entry.IsDir() { + return filepath.Join(basePath, entry.Name()) + } + } + return "" +} diff --git a/controllers/vaultresourcecontroller/advanced-funcmap.go b/internal/controller/vaultresourcecontroller/advanced-funcmap.go similarity index 97% rename from controllers/vaultresourcecontroller/advanced-funcmap.go rename to internal/controller/vaultresourcecontroller/advanced-funcmap.go index 80aa35e8..904746ec 100644 --- a/controllers/vaultresourcecontroller/advanced-funcmap.go +++ b/internal/controller/vaultresourcecontroller/advanced-funcmap.go @@ -21,14 +21,13 @@ import ( "bytes" "context" "encoding/json" + "fmt" "strings" "text/template" "github.com/BurntSushi/toml" "github.com/Masterminds/sprig/v3" "github.com/go-logr/logr" - "github.com/pkg/errors" - apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" @@ -70,10 +69,10 @@ func AdvancedTemplateFuncMap(config *rest.Config, logger logr.Logger) template.F // Add the `required` function here so we can use lintMode f["required"] = func(warn string, val interface{}) (interface{}, error) { if val == nil { - return val, errors.Errorf(warn) - } else if _, ok := val.(string); ok { - if val == "" { - return val, errors.Errorf(warn) + return val, fmt.Errorf("%s", warn) + } else if s, ok := val.(string); ok { + if s == "" { + return val, fmt.Errorf("%s", warn) } } return val, nil diff --git a/controllers/vaultresourcecontroller/dynamicclientutils.go b/internal/controller/vaultresourcecontroller/dynamicclientutils.go similarity index 100% rename from controllers/vaultresourcecontroller/dynamicclientutils.go rename to internal/controller/vaultresourcecontroller/dynamicclientutils.go diff --git a/controllers/vaultresourcecontroller/utils.go b/internal/controller/vaultresourcecontroller/utils.go similarity index 100% rename from controllers/vaultresourcecontroller/utils.go rename to internal/controller/vaultresourcecontroller/utils.go diff --git a/controllers/vaultresourcecontroller/utils_test.go b/internal/controller/vaultresourcecontroller/utils_test.go similarity index 100% rename from controllers/vaultresourcecontroller/utils_test.go rename to internal/controller/vaultresourcecontroller/utils_test.go diff --git a/controllers/vaultresourcecontroller/vaultengineresourcereconciler.go b/internal/controller/vaultresourcecontroller/vaultengineresourcereconciler.go similarity index 100% rename from controllers/vaultresourcecontroller/vaultengineresourcereconciler.go rename to internal/controller/vaultresourcecontroller/vaultengineresourcereconciler.go diff --git a/controllers/vaultresourcecontroller/vaultpkiengineresourcereconciler.go b/internal/controller/vaultresourcecontroller/vaultpkiengineresourcereconciler.go similarity index 100% rename from controllers/vaultresourcecontroller/vaultpkiengineresourcereconciler.go rename to internal/controller/vaultresourcecontroller/vaultpkiengineresourcereconciler.go diff --git a/controllers/vaultresourcecontroller/vaultresourcereconciler.go b/internal/controller/vaultresourcecontroller/vaultresourcereconciler.go similarity index 100% rename from controllers/vaultresourcecontroller/vaultresourcereconciler.go rename to internal/controller/vaultresourcecontroller/vaultresourcereconciler.go diff --git a/controllers/vaultsecret_controller.go b/internal/controller/vaultsecret_controller.go similarity index 92% rename from controllers/vaultsecret_controller.go rename to internal/controller/vaultsecret_controller.go index cd8fd4c6..7aa7f6ea 100644 --- a/controllers/vaultsecret_controller.go +++ b/internal/controller/vaultsecret_controller.go @@ -20,6 +20,9 @@ import ( "bytes" "context" + vaultresourcecontroller2 "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" + "github.com/redhat-cop/vault-config-operator/internal/controller/vaultsecretutils" + "errors" "fmt" "math" @@ -41,9 +44,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" - - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" - vaultsecretutils "github.com/redhat-cop/vault-config-operator/controllers/vaultsecretutils" ) const ( @@ -55,7 +55,7 @@ const ( // VaultSecretReconciler reconciles a VaultSecret object type VaultSecretReconciler struct { - vaultresourcecontroller.ReconcilerBase + vaultresourcecontroller2.ReconcilerBase } //+kubebuilder:rbac:groups=redhatcop.redhat.io,resources=vaultsecrets,verbs=get;list;watch;create;update;patch;delete @@ -97,13 +97,13 @@ func (r *VaultSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request) err := r.manageCleanUpLogic(ctx, instance) if err != nil { r.Log.Error(err, "unable to delete instance", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } controllerutil.RemoveFinalizer(instance, vaultutils.GetFinalizer(instance)) err = r.GetClient().Update(ctx, instance) if err != nil { r.Log.Error(err, "unable to update instance", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } return reconcile.Result{}, nil } @@ -111,14 +111,14 @@ func (r *VaultSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request) shouldSync, err := r.shouldSync(ctx, instance) if err != nil { // There was a problem determining if the event should cause a sync. - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } if shouldSync { err = r.manageSyncLogic(ctx, instance) if err != nil { r.Log.Error(err, "unable to complete sync logic", "instance", instance) - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, err) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, err) } } @@ -127,7 +127,7 @@ func (r *VaultSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request) // If a duration incalculable, simply don't requeue if !ok { instance.Status.NextVaultSecretUpdate = nil - return vaultresourcecontroller.ManageOutcome(ctx, r.ReconcilerBase, instance, nil) + return vaultresourcecontroller2.ManageOutcome(ctx, r.ReconcilerBase, instance, nil) } nextUpdateTime := instance.Status.LastVaultSecretUpdate.Add(duration) @@ -138,9 +138,9 @@ func (r *VaultSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request) //we reschedule the next reconcile at the time in the future corresponding to nextSchedule := time.Until(nextUpdateTime) if nextSchedule > 0 { - return vaultresourcecontroller.ManageOutcomeWithRequeue(ctx, r.ReconcilerBase, instance, err, nextSchedule) + return vaultresourcecontroller2.ManageOutcomeWithRequeue(ctx, r.ReconcilerBase, instance, err, nextSchedule) } else { - return vaultresourcecontroller.ManageOutcomeWithRequeue(ctx, r.ReconcilerBase, instance, err, time.Second) + return vaultresourcecontroller2.ManageOutcomeWithRequeue(ctx, r.ReconcilerBase, instance, err, time.Second) } } @@ -170,7 +170,7 @@ func (r *VaultSecretReconciler) formatK8sSecret(instance *redhatcopv1alpha1.Vaul bytesData := make(map[string][]byte) for k, v := range instance.Spec.TemplatizedK8sSecret.StringData { - tpl, err := template.New("").Funcs(vaultresourcecontroller.AdvancedTemplateFuncMap(r.GetRestConfig(), r.Log)).Parse(v) + tpl, err := template.New("").Funcs(vaultresourcecontroller2.AdvancedTemplateFuncMap(r.GetRestConfig(), r.Log)).Parse(v) if err != nil { r.Log.Error(err, "unable to create template", "instance", instance) return nil, err @@ -275,7 +275,7 @@ func (r *VaultSecretReconciler) shouldSync(ctx context.Context, instance *redhat } else { //if the secret exists and isn't owned by this VaultSecret then the name needs to be different - if !vaultresourcecontroller.IsOwner(instance, secret) { + if !vaultresourcecontroller2.IsOwner(instance, secret) { return false, fmt.Errorf("the k8s Secret %v is not owned by VaultSecret %v", secretNamespacedName.String(), toNamespacedName(instance)) } @@ -456,8 +456,9 @@ func (r *VaultSecretReconciler) SetupWithManager(mgr ctrl.Manager) error { } return ctrl.NewControllerManagedBy(mgr). - For(&redhatcopv1alpha1.VaultSecret{}, builder.WithPredicates(vaultSecretPredicate, vaultresourcecontroller.NewDefaultPeriodicReconcilePredicate())). + For(&redhatcopv1alpha1.VaultSecret{}, builder.WithPredicates(vaultSecretPredicate, vaultresourcecontroller2.NewDefaultPeriodicReconcilePredicate())). Owns(&corev1.Secret{}, builder.WithPredicates(k8sSecretPredicate)). + Named("vaultconfigoperator-vaultsecret"). Complete(r) } diff --git a/controllers/vaultsecret_controller_test.go b/internal/controller/vaultsecret_controller_test.go similarity index 99% rename from controllers/vaultsecret_controller_test.go rename to internal/controller/vaultsecret_controller_test.go index 2b67a788..5be2c14d 100644 --- a/controllers/vaultsecret_controller_test.go +++ b/internal/controller/vaultsecret_controller_test.go @@ -5,16 +5,16 @@ package controllers import ( "fmt" + "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" "reflect" "regexp" "time" + "encoding/json" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" - - "encoding/json" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/controllers/vaultsecret_controller_v2_test.go b/internal/controller/vaultsecret_controller_v2_test.go similarity index 99% rename from controllers/vaultsecret_controller_v2_test.go rename to internal/controller/vaultsecret_controller_v2_test.go index e08be190..d32b665a 100644 --- a/controllers/vaultsecret_controller_v2_test.go +++ b/internal/controller/vaultsecret_controller_v2_test.go @@ -7,6 +7,7 @@ import ( "context" "encoding/json" "fmt" + "github.com/redhat-cop/vault-config-operator/internal/controller/vaultresourcecontroller" "reflect" "regexp" "time" @@ -14,8 +15,6 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" redhatcopv1alpha1 "github.com/redhat-cop/vault-config-operator/api/v1alpha1" - "github.com/redhat-cop/vault-config-operator/controllers/vaultresourcecontroller" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" diff --git a/controllers/vaultsecretutils/hash.go b/internal/controller/vaultsecretutils/hash.go similarity index 100% rename from controllers/vaultsecretutils/hash.go rename to internal/controller/vaultsecretutils/hash.go diff --git a/controllers/vaultsecretutils/hash_test.go b/internal/controller/vaultsecretutils/hash_test.go similarity index 100% rename from controllers/vaultsecretutils/hash_test.go rename to internal/controller/vaultsecretutils/hash_test.go diff --git a/main b/main new file mode 100755 index 00000000..4ab94930 Binary files /dev/null and b/main differ