From cd833f07eef46e8c31f0691753e344737d5d0555 Mon Sep 17 00:00:00 2001 From: DQ Date: Fri, 11 Apr 2025 13:01:05 +1000 Subject: [PATCH] Add Cache, Operation, and Requirement CRDs and Controllers - Introduced Cache, Operation, and Requirement custom resource definitions (CRDs) with their respective controllers. - Implemented reconciliation logic for Cache, Operation, and Requirement resources. - Added RBAC roles for managing permissions related to Cache, Operation, and Requirement resources. - Created sample YAML files for Cache, Operation, and Requirement resources. - Added unit tests for Cache, Operation, and Requirement controllers to ensure proper functionality. --- api/v1/cache_types.go | 64 +++++ api/v1/operation_types.go | 64 +++++ api/v1/requirement_types.go | 64 +++++ api/v1/zz_generated.deepcopy.go | 267 ++++++++++++++++++ cmd/main.go | 21 ++ config/crd/kustomization.yaml | 3 + config/rbac/cache_admin_role.yaml | 27 ++ config/rbac/cache_editor_role.yaml | 33 +++ config/rbac/cache_viewer_role.yaml | 29 ++ config/rbac/kustomization.yaml | 9 + config/rbac/operation_admin_role.yaml | 27 ++ config/rbac/operation_editor_role.yaml | 33 +++ config/rbac/operation_viewer_role.yaml | 29 ++ config/rbac/requirement_admin_role.yaml | 27 ++ config/rbac/requirement_editor_role.yaml | 33 +++ config/rbac/requirement_viewer_role.yaml | 29 ++ config/samples/app_v1_cache.yaml | 9 + config/samples/app_v1_operation.yaml | 9 + config/samples/app_v1_requirement.yaml | 9 + config/samples/kustomization.yaml | 3 + internal/controller/cache_controller.go | 63 +++++ internal/controller/cache_controller_test.go | 84 ++++++ internal/controller/operation_controller.go | 63 +++++ .../controller/operation_controller_test.go | 84 ++++++ internal/controller/requirement_controller.go | 63 +++++ .../controller/requirement_controller_test.go | 84 ++++++ 26 files changed, 1230 insertions(+) create mode 100644 api/v1/cache_types.go create mode 100644 api/v1/operation_types.go create mode 100644 api/v1/requirement_types.go create mode 100644 config/rbac/cache_admin_role.yaml create mode 100644 config/rbac/cache_editor_role.yaml create mode 100644 config/rbac/cache_viewer_role.yaml create mode 100644 config/rbac/operation_admin_role.yaml create mode 100644 config/rbac/operation_editor_role.yaml create mode 100644 config/rbac/operation_viewer_role.yaml create mode 100644 config/rbac/requirement_admin_role.yaml create mode 100644 config/rbac/requirement_editor_role.yaml create mode 100644 config/rbac/requirement_viewer_role.yaml create mode 100644 config/samples/app_v1_cache.yaml create mode 100644 config/samples/app_v1_operation.yaml create mode 100644 config/samples/app_v1_requirement.yaml create mode 100644 internal/controller/cache_controller.go create mode 100644 internal/controller/cache_controller_test.go create mode 100644 internal/controller/operation_controller.go create mode 100644 internal/controller/operation_controller_test.go create mode 100644 internal/controller/requirement_controller.go create mode 100644 internal/controller/requirement_controller_test.go diff --git a/api/v1/cache_types.go b/api/v1/cache_types.go new file mode 100644 index 0000000..75ea87d --- /dev/null +++ b/api/v1/cache_types.go @@ -0,0 +1,64 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// CacheSpec defines the desired state of Cache. +type CacheSpec struct { + // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + // Important: Run "make" to regenerate code after modifying this file + + // Foo is an example field of Cache. Edit cache_types.go to remove/update + Foo string `json:"foo,omitempty"` +} + +// CacheStatus defines the observed state of Cache. +type CacheStatus struct { + // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + // Important: Run "make" to regenerate code after modifying this file +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// Cache is the Schema for the caches API. +type Cache struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec CacheSpec `json:"spec,omitempty"` + Status CacheStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// CacheList contains a list of Cache. +type CacheList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Cache `json:"items"` +} + +func init() { + SchemeBuilder.Register(&Cache{}, &CacheList{}) +} diff --git a/api/v1/operation_types.go b/api/v1/operation_types.go new file mode 100644 index 0000000..4fdfc6b --- /dev/null +++ b/api/v1/operation_types.go @@ -0,0 +1,64 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// OperationSpec defines the desired state of Operation. +type OperationSpec struct { + // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + // Important: Run "make" to regenerate code after modifying this file + + // Foo is an example field of Operation. Edit operation_types.go to remove/update + Foo string `json:"foo,omitempty"` +} + +// OperationStatus defines the observed state of Operation. +type OperationStatus struct { + // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + // Important: Run "make" to regenerate code after modifying this file +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// Operation is the Schema for the operations API. +type Operation struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec OperationSpec `json:"spec,omitempty"` + Status OperationStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// OperationList contains a list of Operation. +type OperationList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Operation `json:"items"` +} + +func init() { + SchemeBuilder.Register(&Operation{}, &OperationList{}) +} diff --git a/api/v1/requirement_types.go b/api/v1/requirement_types.go new file mode 100644 index 0000000..30c34a6 --- /dev/null +++ b/api/v1/requirement_types.go @@ -0,0 +1,64 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// RequirementSpec defines the desired state of Requirement. +type RequirementSpec struct { + // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + // Important: Run "make" to regenerate code after modifying this file + + // Foo is an example field of Requirement. Edit requirement_types.go to remove/update + Foo string `json:"foo,omitempty"` +} + +// RequirementStatus defines the observed state of Requirement. +type RequirementStatus struct { + // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + // Important: Run "make" to regenerate code after modifying this file +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// Requirement is the Schema for the requirements API. +type Requirement struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec RequirementSpec `json:"spec,omitempty"` + Status RequirementStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// RequirementList contains a list of Requirement. +type RequirementList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Requirement `json:"items"` +} + +func init() { + SchemeBuilder.Register(&Requirement{}, &RequirementList{}) +} diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index 549947c..176b7bd 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -127,3 +127,270 @@ func (in *AppDeploymentStatus) DeepCopy() *AppDeploymentStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Cache) DeepCopyInto(out *Cache) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cache. +func (in *Cache) DeepCopy() *Cache { + if in == nil { + return nil + } + out := new(Cache) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Cache) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CacheList) DeepCopyInto(out *CacheList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Cache, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CacheList. +func (in *CacheList) DeepCopy() *CacheList { + if in == nil { + return nil + } + out := new(CacheList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CacheList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CacheSpec) DeepCopyInto(out *CacheSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CacheSpec. +func (in *CacheSpec) DeepCopy() *CacheSpec { + if in == nil { + return nil + } + out := new(CacheSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CacheStatus) DeepCopyInto(out *CacheStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CacheStatus. +func (in *CacheStatus) DeepCopy() *CacheStatus { + if in == nil { + return nil + } + out := new(CacheStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Operation) DeepCopyInto(out *Operation) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Operation. +func (in *Operation) DeepCopy() *Operation { + if in == nil { + return nil + } + out := new(Operation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Operation) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OperationList) DeepCopyInto(out *OperationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Operation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperationList. +func (in *OperationList) DeepCopy() *OperationList { + if in == nil { + return nil + } + out := new(OperationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OperationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OperationSpec) DeepCopyInto(out *OperationSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperationSpec. +func (in *OperationSpec) DeepCopy() *OperationSpec { + if in == nil { + return nil + } + out := new(OperationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OperationStatus) DeepCopyInto(out *OperationStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperationStatus. +func (in *OperationStatus) DeepCopy() *OperationStatus { + if in == nil { + return nil + } + out := new(OperationStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Requirement) DeepCopyInto(out *Requirement) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Requirement. +func (in *Requirement) DeepCopy() *Requirement { + if in == nil { + return nil + } + out := new(Requirement) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Requirement) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequirementList) DeepCopyInto(out *RequirementList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Requirement, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequirementList. +func (in *RequirementList) DeepCopy() *RequirementList { + if in == nil { + return nil + } + out := new(RequirementList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *RequirementList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequirementSpec) DeepCopyInto(out *RequirementSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequirementSpec. +func (in *RequirementSpec) DeepCopy() *RequirementSpec { + if in == nil { + return nil + } + out := new(RequirementSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequirementStatus) DeepCopyInto(out *RequirementStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequirementStatus. +func (in *RequirementStatus) DeepCopy() *RequirementStatus { + if in == nil { + return nil + } + out := new(RequirementStatus) + in.DeepCopyInto(out) + return out +} diff --git a/cmd/main.go b/cmd/main.go index 8ee57e0..1f35c2c 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -209,6 +209,27 @@ func main() { setupLog.Error(err, "unable to create controller", "controller", "AppDeployment") os.Exit(1) } + if err = (&controller.OperationReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "Operation") + os.Exit(1) + } + if err = (&controller.CacheReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "Cache") + os.Exit(1) + } + if err = (&controller.RequirementReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "Requirement") + os.Exit(1) + } // +kubebuilder:scaffold:builder if metricsCertWatcher != nil { diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 7535fd1..467a92c 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -3,6 +3,9 @@ # It should be run by config/default resources: - bases/app.github.com_appdeployments.yaml +- bases/app.github.com_operations.yaml +- bases/app.github.com_caches.yaml +- bases/app.github.com_requirements.yaml # +kubebuilder:scaffold:crdkustomizeresource patches: diff --git a/config/rbac/cache_admin_role.yaml b/config/rbac/cache_admin_role.yaml new file mode 100644 index 0000000..d257c5d --- /dev/null +++ b/config/rbac/cache_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project operation-cache-controller itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over app.github.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: operation-cache-controller + app.kubernetes.io/managed-by: kustomize + name: cache-admin-role +rules: +- apiGroups: + - app.github.com + resources: + - caches + verbs: + - '*' +- apiGroups: + - app.github.com + resources: + - caches/status + verbs: + - get diff --git a/config/rbac/cache_editor_role.yaml b/config/rbac/cache_editor_role.yaml new file mode 100644 index 0000000..41bb32d --- /dev/null +++ b/config/rbac/cache_editor_role.yaml @@ -0,0 +1,33 @@ +# This rule is not used by the project operation-cache-controller itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the app.github.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: operation-cache-controller + app.kubernetes.io/managed-by: kustomize + name: cache-editor-role +rules: +- apiGroups: + - app.github.com + resources: + - caches + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - app.github.com + resources: + - caches/status + verbs: + - get diff --git a/config/rbac/cache_viewer_role.yaml b/config/rbac/cache_viewer_role.yaml new file mode 100644 index 0000000..2a28666 --- /dev/null +++ b/config/rbac/cache_viewer_role.yaml @@ -0,0 +1,29 @@ +# This rule is not used by the project operation-cache-controller itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to app.github.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: operation-cache-controller + app.kubernetes.io/managed-by: kustomize + name: cache-viewer-role +rules: +- apiGroups: + - app.github.com + resources: + - caches + verbs: + - get + - list + - watch +- apiGroups: + - app.github.com + resources: + - caches/status + verbs: + - get diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 30becdb..795c6ca 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -22,6 +22,15 @@ resources: # default, aiding admins in cluster management. Those roles are # not used by the {{ .ProjectName }} itself. You can comment the following lines # if you do not want those helpers be installed with your Project. +- requirement_admin_role.yaml +- requirement_editor_role.yaml +- requirement_viewer_role.yaml +- cache_admin_role.yaml +- cache_editor_role.yaml +- cache_viewer_role.yaml +- operation_admin_role.yaml +- operation_editor_role.yaml +- operation_viewer_role.yaml - appdeployment_admin_role.yaml - appdeployment_editor_role.yaml - appdeployment_viewer_role.yaml diff --git a/config/rbac/operation_admin_role.yaml b/config/rbac/operation_admin_role.yaml new file mode 100644 index 0000000..03588ec --- /dev/null +++ b/config/rbac/operation_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project operation-cache-controller itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over app.github.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: operation-cache-controller + app.kubernetes.io/managed-by: kustomize + name: operation-admin-role +rules: +- apiGroups: + - app.github.com + resources: + - operations + verbs: + - '*' +- apiGroups: + - app.github.com + resources: + - operations/status + verbs: + - get diff --git a/config/rbac/operation_editor_role.yaml b/config/rbac/operation_editor_role.yaml new file mode 100644 index 0000000..fff0d21 --- /dev/null +++ b/config/rbac/operation_editor_role.yaml @@ -0,0 +1,33 @@ +# This rule is not used by the project operation-cache-controller itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the app.github.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: operation-cache-controller + app.kubernetes.io/managed-by: kustomize + name: operation-editor-role +rules: +- apiGroups: + - app.github.com + resources: + - operations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - app.github.com + resources: + - operations/status + verbs: + - get diff --git a/config/rbac/operation_viewer_role.yaml b/config/rbac/operation_viewer_role.yaml new file mode 100644 index 0000000..84a06c2 --- /dev/null +++ b/config/rbac/operation_viewer_role.yaml @@ -0,0 +1,29 @@ +# This rule is not used by the project operation-cache-controller itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to app.github.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: operation-cache-controller + app.kubernetes.io/managed-by: kustomize + name: operation-viewer-role +rules: +- apiGroups: + - app.github.com + resources: + - operations + verbs: + - get + - list + - watch +- apiGroups: + - app.github.com + resources: + - operations/status + verbs: + - get diff --git a/config/rbac/requirement_admin_role.yaml b/config/rbac/requirement_admin_role.yaml new file mode 100644 index 0000000..c660140 --- /dev/null +++ b/config/rbac/requirement_admin_role.yaml @@ -0,0 +1,27 @@ +# This rule is not used by the project operation-cache-controller itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants full permissions ('*') over app.github.com. +# This role is intended for users authorized to modify roles and bindings within the cluster, +# enabling them to delegate specific permissions to other users or groups as needed. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: operation-cache-controller + app.kubernetes.io/managed-by: kustomize + name: requirement-admin-role +rules: +- apiGroups: + - app.github.com + resources: + - requirements + verbs: + - '*' +- apiGroups: + - app.github.com + resources: + - requirements/status + verbs: + - get diff --git a/config/rbac/requirement_editor_role.yaml b/config/rbac/requirement_editor_role.yaml new file mode 100644 index 0000000..37e132b --- /dev/null +++ b/config/rbac/requirement_editor_role.yaml @@ -0,0 +1,33 @@ +# This rule is not used by the project operation-cache-controller itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants permissions to create, update, and delete resources within the app.github.com. +# This role is intended for users who need to manage these resources +# but should not control RBAC or manage permissions for others. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: operation-cache-controller + app.kubernetes.io/managed-by: kustomize + name: requirement-editor-role +rules: +- apiGroups: + - app.github.com + resources: + - requirements + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - app.github.com + resources: + - requirements/status + verbs: + - get diff --git a/config/rbac/requirement_viewer_role.yaml b/config/rbac/requirement_viewer_role.yaml new file mode 100644 index 0000000..262853e --- /dev/null +++ b/config/rbac/requirement_viewer_role.yaml @@ -0,0 +1,29 @@ +# This rule is not used by the project operation-cache-controller itself. +# It is provided to allow the cluster admin to help manage permissions for users. +# +# Grants read-only access to app.github.com resources. +# This role is intended for users who need visibility into these resources +# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: operation-cache-controller + app.kubernetes.io/managed-by: kustomize + name: requirement-viewer-role +rules: +- apiGroups: + - app.github.com + resources: + - requirements + verbs: + - get + - list + - watch +- apiGroups: + - app.github.com + resources: + - requirements/status + verbs: + - get diff --git a/config/samples/app_v1_cache.yaml b/config/samples/app_v1_cache.yaml new file mode 100644 index 0000000..cf78bd0 --- /dev/null +++ b/config/samples/app_v1_cache.yaml @@ -0,0 +1,9 @@ +apiVersion: app.github.com/v1 +kind: Cache +metadata: + labels: + app.kubernetes.io/name: operation-cache-controller + app.kubernetes.io/managed-by: kustomize + name: cache-sample +spec: + # TODO(user): Add fields here diff --git a/config/samples/app_v1_operation.yaml b/config/samples/app_v1_operation.yaml new file mode 100644 index 0000000..786066f --- /dev/null +++ b/config/samples/app_v1_operation.yaml @@ -0,0 +1,9 @@ +apiVersion: app.github.com/v1 +kind: Operation +metadata: + labels: + app.kubernetes.io/name: operation-cache-controller + app.kubernetes.io/managed-by: kustomize + name: operation-sample +spec: + # TODO(user): Add fields here diff --git a/config/samples/app_v1_requirement.yaml b/config/samples/app_v1_requirement.yaml new file mode 100644 index 0000000..48b908f --- /dev/null +++ b/config/samples/app_v1_requirement.yaml @@ -0,0 +1,9 @@ +apiVersion: app.github.com/v1 +kind: Requirement +metadata: + labels: + app.kubernetes.io/name: operation-cache-controller + app.kubernetes.io/managed-by: kustomize + name: requirement-sample +spec: + # TODO(user): Add fields here diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index 6700ded..d3670f1 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -1,4 +1,7 @@ ## Append samples of your project ## resources: - app_v1_appdeployment.yaml +- app_v1_operation.yaml +- app_v1_cache.yaml +- app_v1_requirement.yaml # +kubebuilder:scaffold:manifestskustomizesamples diff --git a/internal/controller/cache_controller.go b/internal/controller/cache_controller.go new file mode 100644 index 0000000..9b63bee --- /dev/null +++ b/internal/controller/cache_controller.go @@ -0,0 +1,63 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + logf "sigs.k8s.io/controller-runtime/pkg/log" + + appv1 "github.com/Azure/operation-cache-controller/api/v1" +) + +// CacheReconciler reconciles a Cache object +type CacheReconciler struct { + client.Client + Scheme *runtime.Scheme +} + +// +kubebuilder:rbac:groups=app.github.com,resources=caches,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=app.github.com,resources=caches/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=app.github.com,resources=caches/finalizers,verbs=update + +// Reconcile is part of the main kubernetes reconciliation loop which aims to +// move the current state of the cluster closer to the desired state. +// TODO(user): Modify the Reconcile function to compare the state specified by +// the Cache object against the actual cluster state, and then +// perform operations to make the cluster state reflect the state specified by +// the user. +// +// For more details, check Reconcile and its Result here: +// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.20.4/pkg/reconcile +func (r *CacheReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + _ = logf.FromContext(ctx) + + // TODO(user): your logic here + + return ctrl.Result{}, nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *CacheReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&appv1.Cache{}). + Named("cache"). + Complete(r) +} diff --git a/internal/controller/cache_controller_test.go b/internal/controller/cache_controller_test.go new file mode 100644 index 0000000..14a328f --- /dev/null +++ b/internal/controller/cache_controller_test.go @@ -0,0 +1,84 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + appv1 "github.com/Azure/operation-cache-controller/api/v1" +) + +var _ = Describe("Cache Controller", func() { + Context("When reconciling a resource", func() { + const resourceName = "test-resource" + + ctx := context.Background() + + typeNamespacedName := types.NamespacedName{ + Name: resourceName, + Namespace: "default", // TODO(user):Modify as needed + } + cache := &appv1.Cache{} + + BeforeEach(func() { + By("creating the custom resource for the Kind Cache") + err := k8sClient.Get(ctx, typeNamespacedName, cache) + if err != nil && errors.IsNotFound(err) { + resource := &appv1.Cache{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + Namespace: "default", + }, + // TODO(user): Specify other spec details if needed. + } + Expect(k8sClient.Create(ctx, resource)).To(Succeed()) + } + }) + + AfterEach(func() { + // TODO(user): Cleanup logic after each test, like removing the resource instance. + resource := &appv1.Cache{} + err := k8sClient.Get(ctx, typeNamespacedName, resource) + Expect(err).NotTo(HaveOccurred()) + + By("Cleanup the specific resource instance Cache") + Expect(k8sClient.Delete(ctx, resource)).To(Succeed()) + }) + It("should successfully reconcile the resource", func() { + By("Reconciling the created resource") + controllerReconciler := &CacheReconciler{ + Client: k8sClient, + Scheme: k8sClient.Scheme(), + } + + _, err := controllerReconciler.Reconcile(ctx, reconcile.Request{ + NamespacedName: typeNamespacedName, + }) + Expect(err).NotTo(HaveOccurred()) + // TODO(user): Add more specific assertions depending on your controller's reconciliation logic. + // Example: If you expect a certain status condition after reconciliation, verify it here. + }) + }) +}) diff --git a/internal/controller/operation_controller.go b/internal/controller/operation_controller.go new file mode 100644 index 0000000..6fab454 --- /dev/null +++ b/internal/controller/operation_controller.go @@ -0,0 +1,63 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + logf "sigs.k8s.io/controller-runtime/pkg/log" + + appv1 "github.com/Azure/operation-cache-controller/api/v1" +) + +// OperationReconciler reconciles a Operation object +type OperationReconciler struct { + client.Client + Scheme *runtime.Scheme +} + +// +kubebuilder:rbac:groups=app.github.com,resources=operations,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=app.github.com,resources=operations/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=app.github.com,resources=operations/finalizers,verbs=update + +// Reconcile is part of the main kubernetes reconciliation loop which aims to +// move the current state of the cluster closer to the desired state. +// TODO(user): Modify the Reconcile function to compare the state specified by +// the Operation object against the actual cluster state, and then +// perform operations to make the cluster state reflect the state specified by +// the user. +// +// For more details, check Reconcile and its Result here: +// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.20.4/pkg/reconcile +func (r *OperationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + _ = logf.FromContext(ctx) + + // TODO(user): your logic here + + return ctrl.Result{}, nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *OperationReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&appv1.Operation{}). + Named("operation"). + Complete(r) +} diff --git a/internal/controller/operation_controller_test.go b/internal/controller/operation_controller_test.go new file mode 100644 index 0000000..3c77853 --- /dev/null +++ b/internal/controller/operation_controller_test.go @@ -0,0 +1,84 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + appv1 "github.com/Azure/operation-cache-controller/api/v1" +) + +var _ = Describe("Operation Controller", func() { + Context("When reconciling a resource", func() { + const resourceName = "test-resource" + + ctx := context.Background() + + typeNamespacedName := types.NamespacedName{ + Name: resourceName, + Namespace: "default", // TODO(user):Modify as needed + } + operation := &appv1.Operation{} + + BeforeEach(func() { + By("creating the custom resource for the Kind Operation") + err := k8sClient.Get(ctx, typeNamespacedName, operation) + if err != nil && errors.IsNotFound(err) { + resource := &appv1.Operation{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + Namespace: "default", + }, + // TODO(user): Specify other spec details if needed. + } + Expect(k8sClient.Create(ctx, resource)).To(Succeed()) + } + }) + + AfterEach(func() { + // TODO(user): Cleanup logic after each test, like removing the resource instance. + resource := &appv1.Operation{} + err := k8sClient.Get(ctx, typeNamespacedName, resource) + Expect(err).NotTo(HaveOccurred()) + + By("Cleanup the specific resource instance Operation") + Expect(k8sClient.Delete(ctx, resource)).To(Succeed()) + }) + It("should successfully reconcile the resource", func() { + By("Reconciling the created resource") + controllerReconciler := &OperationReconciler{ + Client: k8sClient, + Scheme: k8sClient.Scheme(), + } + + _, err := controllerReconciler.Reconcile(ctx, reconcile.Request{ + NamespacedName: typeNamespacedName, + }) + Expect(err).NotTo(HaveOccurred()) + // TODO(user): Add more specific assertions depending on your controller's reconciliation logic. + // Example: If you expect a certain status condition after reconciliation, verify it here. + }) + }) +}) diff --git a/internal/controller/requirement_controller.go b/internal/controller/requirement_controller.go new file mode 100644 index 0000000..6452928 --- /dev/null +++ b/internal/controller/requirement_controller.go @@ -0,0 +1,63 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + logf "sigs.k8s.io/controller-runtime/pkg/log" + + appv1 "github.com/Azure/operation-cache-controller/api/v1" +) + +// RequirementReconciler reconciles a Requirement object +type RequirementReconciler struct { + client.Client + Scheme *runtime.Scheme +} + +// +kubebuilder:rbac:groups=app.github.com,resources=requirements,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=app.github.com,resources=requirements/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=app.github.com,resources=requirements/finalizers,verbs=update + +// Reconcile is part of the main kubernetes reconciliation loop which aims to +// move the current state of the cluster closer to the desired state. +// TODO(user): Modify the Reconcile function to compare the state specified by +// the Requirement object against the actual cluster state, and then +// perform operations to make the cluster state reflect the state specified by +// the user. +// +// For more details, check Reconcile and its Result here: +// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.20.4/pkg/reconcile +func (r *RequirementReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + _ = logf.FromContext(ctx) + + // TODO(user): your logic here + + return ctrl.Result{}, nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *RequirementReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&appv1.Requirement{}). + Named("requirement"). + Complete(r) +} diff --git a/internal/controller/requirement_controller_test.go b/internal/controller/requirement_controller_test.go new file mode 100644 index 0000000..cfd3431 --- /dev/null +++ b/internal/controller/requirement_controller_test.go @@ -0,0 +1,84 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + appv1 "github.com/Azure/operation-cache-controller/api/v1" +) + +var _ = Describe("Requirement Controller", func() { + Context("When reconciling a resource", func() { + const resourceName = "test-resource" + + ctx := context.Background() + + typeNamespacedName := types.NamespacedName{ + Name: resourceName, + Namespace: "default", // TODO(user):Modify as needed + } + requirement := &appv1.Requirement{} + + BeforeEach(func() { + By("creating the custom resource for the Kind Requirement") + err := k8sClient.Get(ctx, typeNamespacedName, requirement) + if err != nil && errors.IsNotFound(err) { + resource := &appv1.Requirement{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + Namespace: "default", + }, + // TODO(user): Specify other spec details if needed. + } + Expect(k8sClient.Create(ctx, resource)).To(Succeed()) + } + }) + + AfterEach(func() { + // TODO(user): Cleanup logic after each test, like removing the resource instance. + resource := &appv1.Requirement{} + err := k8sClient.Get(ctx, typeNamespacedName, resource) + Expect(err).NotTo(HaveOccurred()) + + By("Cleanup the specific resource instance Requirement") + Expect(k8sClient.Delete(ctx, resource)).To(Succeed()) + }) + It("should successfully reconcile the resource", func() { + By("Reconciling the created resource") + controllerReconciler := &RequirementReconciler{ + Client: k8sClient, + Scheme: k8sClient.Scheme(), + } + + _, err := controllerReconciler.Reconcile(ctx, reconcile.Request{ + NamespacedName: typeNamespacedName, + }) + Expect(err).NotTo(HaveOccurred()) + // TODO(user): Add more specific assertions depending on your controller's reconciliation logic. + // Example: If you expect a certain status condition after reconciliation, verify it here. + }) + }) +})