diff --git a/PROJECT b/PROJECT index dbac610..868aacc 100644 --- a/PROJECT +++ b/PROJECT @@ -9,13 +9,6 @@ multigroup: true projectName: styra-controller repo: github.com/bankdata/styra-controller resources: -- api: - crdVersion: v1 - domain: bankdata.dk - group: config - kind: ProjectConfig - path: github.com/bankdata/styra-controller/api/config/v1 - version: v1 - api: crdVersion: v1 namespaced: true @@ -49,13 +42,6 @@ resources: kind: Object path: github.com/bankdata/styra-controller/api/test/v1 version: v1 -- api: - crdVersion: v1 - domain: bankdata.dk - group: config - kind: ProjectConfig - path: github.com/bankdata/styra-controller/api/config/v2alpha1 - version: v2alpha1 - api: crdVersion: v1 domain: bankdata.dk diff --git a/api/config/v1/groupversion_info.go b/api/config/v1/groupversion_info.go deleted file mode 100644 index b08adfa..0000000 --- a/api/config/v1/groupversion_info.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright (C) 2023 Bankdata (bankdata@bankdata.dk) - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +kubebuilder:object:generate=true -// +groupName=config.bankdata.dk - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" -) - -var ( - // GroupVersion is group version used to register these objects - GroupVersion = schema.GroupVersion{Group: "config.bankdata.dk", Version: "v1"} - - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} - - // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme -) diff --git a/api/config/v1/projectconfig_types.go b/api/config/v1/projectconfig_types.go deleted file mode 100644 index e64f291..0000000 --- a/api/config/v1/projectconfig_types.go +++ /dev/null @@ -1,119 +0,0 @@ -/* -Copyright (C) 2023 Bankdata (bankdata@bankdata.dk) - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "github.com/bankdata/styra-controller/api/config/v2alpha1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - //nolint:staticcheck // issue https://github.com/Bankdata/styra-controller/issues/82 - cfg "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1" -) - -//+kubebuilder:object:root=true - -// ProjectConfig is the Schema for the projectconfigs API -type ProjectConfig struct { - metav1.TypeMeta `json:",inline"` - - cfg.ControllerManagerConfigurationSpec `json:",inline"` - - StyraToken string `json:"styraToken"` - StyraAddress string `json:"styraAddress"` - StyraSystemUserRoles []string `json:"styraSystemUserRoles"` - StyraSystemPrefix string `json:"styraSystemPrefix"` - StyraSystemSuffix string `json:"styraSystemSuffix"` - LogLevel int `json:"logLevel"` - SentryDSN string `json:"sentryDSN"` - SentryDebug bool `json:"sentryDebug"` - Environment string `json:"environment"` - SentryHTTPSProxy string `json:"sentryHTTPSProxy"` - ControllerClass string `json:"controllerClass"` - WebhooksDisabled bool `json:"webhooksDisabled"` - DatasourceWebhookAddress string `json:"datasourceWebhookAddress"` - IdentityProvider string `json:"identityProvider"` - JwtGroupClaim string `json:"jwtGroupClaim"` - MigrationEnabled bool `json:"migrationEnabled"` - GitCredentials []*GitCredential `json:"gitCredentials"` - // Only used by the now deprecated StyraSystem controller - GitUser string `json:"gitUser"` - GitPassword string `json:"gitPassword"` -} - -// GitCredential defines the structure of a git credential. -type GitCredential struct { - User string `json:"user"` - Password string `json:"password"` - RepoPrefix string `json:"repoPrefix"` -} - -func init() { - SchemeBuilder.Register(&ProjectConfig{}) -} - -// ToV2Alpha1 returns this ProjectConfig converted to a v2alpha1.ProjectConfig -func (c *ProjectConfig) ToV2Alpha1() *v2alpha1.ProjectConfig { - v2cfg := &v2alpha1.ProjectConfig{ - ControllerManagerConfigurationSpec: c.ControllerManagerConfigurationSpec, - ControllerClass: c.ControllerClass, - DisableCRDWebhooks: c.WebhooksDisabled, - EnableMigrations: c.MigrationEnabled, - LogLevel: c.LogLevel, - SystemPrefix: c.StyraSystemPrefix, - SystemSuffix: c.StyraSystemSuffix, - SystemUserRoles: c.StyraSystemUserRoles, - Styra: v2alpha1.StyraConfig{ - Token: c.StyraToken, - Address: c.StyraAddress, - }, - } - - if c.JwtGroupClaim != "" { - v2cfg.SSO = &v2alpha1.SSOConfig{ - IdentityProvider: c.IdentityProvider, - JWTGroupsClaim: c.JwtGroupClaim, - } - } - - if c.SentryDSN != "" { - v2cfg.Sentry = &v2alpha1.SentryConfig{ - DSN: c.SentryDSN, - Debug: c.SentryDebug, - Environment: c.Environment, - HTTPSProxy: c.SentryHTTPSProxy, - } - } - - if c.DatasourceWebhookAddress != "" { - v2cfg.NotificationWebhook = &v2alpha1.NotificationWebhookConfig{ - Address: c.DatasourceWebhookAddress, - } - } - - if c.GitCredentials != nil { - v2cfg.GitCredentials = make([]*v2alpha1.GitCredential, len(c.GitCredentials)) - for i, c := range c.GitCredentials { - v2cfg.GitCredentials[i] = &v2alpha1.GitCredential{ - User: c.User, - Password: c.Password, - RepoPrefix: c.RepoPrefix, - } - } - } - - return v2cfg -} diff --git a/api/config/v1/projectconfig_types_test.go b/api/config/v1/projectconfig_types_test.go deleted file mode 100644 index 7fbae05..0000000 --- a/api/config/v1/projectconfig_types_test.go +++ /dev/null @@ -1,108 +0,0 @@ -/* -Copyright (C) 2023 Bankdata (bankdata@bankdata.dk) - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1_test - -import ( - ginkgo "github.com/onsi/ginkgo/v2" - gomega "github.com/onsi/gomega" - - //nolint:staticcheck // issue https://github.com/Bankdata/styra-controller/issues/82 - cfg "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1" - - v1 "github.com/bankdata/styra-controller/api/config/v1" - "github.com/bankdata/styra-controller/api/config/v2alpha1" -) - -var _ = ginkgo.Describe("ProjectConfig", func() { - ginkgo.Describe("ToV2Alpha1", func() { - ginkgo.It("converts to v2alpha1", func() { - v1cfg := &v1.ProjectConfig{ - //nolint:staticcheck // issue https://github.com/Bankdata/styra-controller/issues/82 - ControllerManagerConfigurationSpec: cfg.ControllerManagerConfigurationSpec{ - CacheNamespace: "test", - }, - StyraToken: "token", - StyraAddress: "addr", - StyraSystemUserRoles: []string{"role1", "role2"}, - StyraSystemPrefix: "prefix", - StyraSystemSuffix: "suffix", - LogLevel: 42, - SentryDSN: "https://my-sentry.com", - SentryDebug: true, - Environment: "test", - SentryHTTPSProxy: "https://my-proxy.com", - ControllerClass: "class", - DatasourceWebhookAddress: "https://my-webhook.com", - WebhooksDisabled: true, - MigrationEnabled: true, - GitCredentials: []*v1.GitCredential{ - { - User: "user", - Password: "password", - RepoPrefix: "https://github.com/my-org", - }, - { - User: "other-user", - Password: "other-password", - RepoPrefix: "https://github.com/my-other-org", - }, - }, - } - - expected := &v2alpha1.ProjectConfig{ - //nolint:staticcheck // issue https://github.com/Bankdata/styra-controller/issues/82 - ControllerManagerConfigurationSpec: cfg.ControllerManagerConfigurationSpec{ - CacheNamespace: "test", - }, - ControllerClass: "class", - DisableCRDWebhooks: true, - EnableMigrations: true, - GitCredentials: []*v2alpha1.GitCredential{ - { - User: "user", - Password: "password", - RepoPrefix: "https://github.com/my-org", - }, - { - User: "other-user", - Password: "other-password", - RepoPrefix: "https://github.com/my-other-org", - }, - }, - LogLevel: 42, - SystemPrefix: "prefix", - SystemSuffix: "suffix", - SystemUserRoles: []string{"role1", "role2"}, - Sentry: &v2alpha1.SentryConfig{ - DSN: "https://my-sentry.com", - Debug: true, - Environment: "test", - HTTPSProxy: "https://my-proxy.com", - }, - NotificationWebhook: &v2alpha1.NotificationWebhookConfig{ - Address: "https://my-webhook.com", - }, - Styra: v2alpha1.StyraConfig{ - Token: "token", - Address: "addr", - }, - } - - gomega.Ω(v1cfg.ToV2Alpha1()).To(gomega.Equal(expected)) - }) - }) -}) diff --git a/api/config/v1/v1.go b/api/config/v1/v1.go deleted file mode 100644 index 44230d3..0000000 --- a/api/config/v1/v1.go +++ /dev/null @@ -1,18 +0,0 @@ -/* -Copyright 2023 Bankdata. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package v1 contains API Schema definitions for the config v1 API group. -package v1 diff --git a/api/config/v1/v1_suite_test.go b/api/config/v1/v1_suite_test.go deleted file mode 100644 index 701ae06..0000000 --- a/api/config/v1/v1_suite_test.go +++ /dev/null @@ -1,29 +0,0 @@ -/* -Copyright (C) 2023 Bankdata (bankdata@bankdata.dk) - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1_test - -import ( - "testing" - - ginkgo "github.com/onsi/ginkgo/v2" - gomega "github.com/onsi/gomega" -) - -func TestV1(t *testing.T) { - gomega.RegisterFailHandler(ginkgo.Fail) - ginkgo.RunSpecs(t, "api/config/v1") -} diff --git a/api/config/v1/zz_generated.deepcopy.go b/api/config/v1/zz_generated.deepcopy.go deleted file mode 100644 index 10ba247..0000000 --- a/api/config/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,81 +0,0 @@ -//go:build !ignore_autogenerated - -/* -Copyright (C) 2023 Bankdata (bankdata@bankdata.dk) - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by controller-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GitCredential) DeepCopyInto(out *GitCredential) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitCredential. -func (in *GitCredential) DeepCopy() *GitCredential { - if in == nil { - return nil - } - out := new(GitCredential) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectConfig) DeepCopyInto(out *ProjectConfig) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ControllerManagerConfigurationSpec.DeepCopyInto(&out.ControllerManagerConfigurationSpec) - if in.StyraSystemUserRoles != nil { - in, out := &in.StyraSystemUserRoles, &out.StyraSystemUserRoles - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.GitCredentials != nil { - in, out := &in.GitCredentials, &out.GitCredentials - *out = make([]*GitCredential, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(GitCredential) - **out = **in - } - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectConfig. -func (in *ProjectConfig) DeepCopy() *ProjectConfig { - if in == nil { - return nil - } - out := new(ProjectConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ProjectConfig) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/api/config/v2alpha1/groupversion_info.go b/api/config/v2alpha1/groupversion_info.go deleted file mode 100644 index a5d49e3..0000000 --- a/api/config/v2alpha1/groupversion_info.go +++ /dev/null @@ -1,37 +0,0 @@ -/* -Copyright (C) 2023 Bankdata (bankdata@bankdata.dk) - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package v2alpha1 contains API Schema definitions for the config v2alpha1 API group -// +kubebuilder:object:generate=true -// +kubebuilder:skip -// +groupName=config.bankdata.dk -package v2alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" -) - -var ( - // GroupVersion is group version used to register these objects - GroupVersion = schema.GroupVersion{Group: "config.bankdata.dk", Version: "v2alpha1"} - - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} - - // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme -) diff --git a/api/config/v2alpha1/projectconfig_types.go b/api/config/v2alpha1/projectconfig_types.go deleted file mode 100644 index 2ee34e2..0000000 --- a/api/config/v2alpha1/projectconfig_types.go +++ /dev/null @@ -1,233 +0,0 @@ -/* -Copyright (C) 2023 Bankdata (bankdata@bankdata.dk) - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v2alpha1 - -import ( - "sort" - "strings" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - //nolint:staticcheck // issue https://github.com/Bankdata/styra-controller/issues/82 - cfg "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1" - - "github.com/bankdata/styra-controller/api/config/v2alpha2" -) - -//+kubebuilder:object:root=true - -// ProjectConfig is the Schema for the projectconfigs API -type ProjectConfig struct { - metav1.TypeMeta `json:",inline"` - - cfg.ControllerManagerConfigurationSpec `json:",inline"` - - // ControllerClass sets a controller class for this controller. This allows - // the provided CRDs to target a specific controller. This is useful when - // running multiple controllers in the same cluster. - ControllerClass string `json:"controllerClass"` - - // DeletionProtectionDefault sets the default to use with regards to deletion - // protection if it is not set on the resource. - DeletionProtectionDefault bool `json:"deletionProtectionDefault"` - - // DisableCRDWebhooks disables the CRD webhooks on the controller. If running - // multiple controllers in the same cluster, only one will need to have it's - // webhooks enabled. - DisableCRDWebhooks bool `json:"disableCRDWebhooks"` - - // EnableMigrations enables the system migration annotation. This should be - // kept disabled unless migrations need to be done. - EnableMigrations bool `json:"enableMigrations"` - - // GitCredentials holds a list of git credential configurations. The - // RepoPrefix of the GitCredential will be matched angainst repository URL in - // order to determine which credential to use. The GitCredential with the - // longest matching RepoPrefix will be selected. - GitCredentials []*GitCredential `json:"gitCredentials"` - - // LogLevel sets the logging level of the controller. A higher number gives - // more verbosity. A number higher than 0 should only be used for debugging - // purposes. - LogLevel int `json:"logLevel"` - - NotificationWebhook *NotificationWebhookConfig `json:"notificationWebhook"` - - Sentry *SentryConfig `json:"sentry"` - - SSO *SSOConfig `json:"sso"` - - Styra StyraConfig `json:"styra"` - - // SystemPrefix is a prefix for all the systems that the controller creates - // in Styra DAS. This is useful in order to be able to identify what - // controller created a system in a shared Styra DAS instance. - SystemPrefix string `json:"systemPrefix"` - - // SystemSuffix is a suffix for all the systems that the controller creates - // in Styra DAS. This is useful in order to be able to identify what - // controller created a system in a shared Styra DAS instance. - SystemSuffix string `json:"systemSuffix"` - - // SystemUserRoles is a list of Styra DAS system level roles which the subjects of - // a system will be granted. - SystemUserRoles []string `json:"systemUserRoles"` -} - -// StyraConfig contains configuration for connecting to the Styra DAS apis -type StyraConfig struct { - // Address is the URL for the Styra DAS API server. - Address string `json:"address"` - - // Token is a Styra DAS API token. These can be created in the Styra DAS GUI - // or through the API. The token should have the `WorkspaceAdministrator` role. - Token string `json:"token"` -} - -// SentryConfig contains configuration for how errors should be reported to -// sentry. -type SentryConfig struct { - // Debug enables Sentry client debugging. - Debug bool `json:"debug"` - - // DSN is the Sentry project DSN. - DSN string `json:"dsn"` - - // Environment sets the environment of the events sent to Sentry. - Environment string `json:"environment"` - - // HTTPSProxy sets an HTTP proxy server for sentry to use. - HTTPSProxy string `json:"httpsProxy"` -} - -// NotificationWebhookConfig contains configuration for how to call the notification -// webhook. -type NotificationWebhookConfig struct { - // Address is the URL to be called when the controller should do a webhook - // notification. Currently the only supported notification is that a - // datasource configuration has changed. - Address string `json:"address"` -} - -// SSOConfig contains configuration for how to use SSO tokens for determining -// what groups a user belongs to. This can be used to grant members of a -// certain group access to systems. -type SSOConfig struct { - // IdentityProvider is the ID of a configured Styra DAS identity provider. - IdentityProvider string `json:"identityProvider"` - - // JWTGroupsClaim is the json path to a claim in issued JWTs which contain a - // list of groups that the user belongs to. - JWTGroupsClaim string `json:"jwtGroupsClaim"` -} - -// GitCredential represents a set of credentials to be used for repositories -// that match the RepoPrefix. -type GitCredential struct { - // User is a http basic auth username used for git. - User string `json:"user"` - - // Password is a http basic auth password used for git. - Password string `json:"password"` - - // RepoPrefix specifies a repo URL prefix. eg. if RepoPrefix is set to - // `https://github.com/bankdata`, then this credentials would apply for any - // repository under the bankdata github org. - RepoPrefix string `json:"repoPrefix"` -} - -// GetGitCredentialForRepo determines which default GitCredential to use for checking out the -// policy repository based on the URL to the policy repository. -func (c *ProjectConfig) GetGitCredentialForRepo(repo string) *GitCredential { - sort.Slice(c.GitCredentials, func(i, j int) bool { - return len(c.GitCredentials[i].RepoPrefix) > len(c.GitCredentials[j].RepoPrefix) - }) - - for _, gitCredential := range c.GitCredentials { - if strings.HasPrefix(repo, gitCredential.RepoPrefix) { - return gitCredential - } - } - - return nil -} - -// ToV2Alpha2 returns this ProjectConfig converted to a v2alpha2.ProjectConfig -func (c *ProjectConfig) ToV2Alpha2() *v2alpha2.ProjectConfig { - v2cfg := &v2alpha2.ProjectConfig{ - ControllerClass: c.ControllerClass, - DeletionProtectionDefault: c.DeletionProtectionDefault, - DisableCRDWebhooks: c.DisableCRDWebhooks, - EnableMigrations: c.EnableMigrations, - LogLevel: c.LogLevel, - Styra: v2alpha2.StyraConfig{ - Token: c.Styra.Token, - Address: c.Styra.Address, - }, - SystemPrefix: c.SystemPrefix, - SystemSuffix: c.SystemSuffix, - SystemUserRoles: c.SystemUserRoles, - } - - if c.SSO != nil { - v2cfg.SSO = &v2alpha2.SSOConfig{ - IdentityProvider: c.SSO.IdentityProvider, - JWTGroupsClaim: c.SSO.JWTGroupsClaim, - } - } - - if c.GitCredentials != nil { - v2cfg.GitCredentials = make([]*v2alpha2.GitCredential, len(c.GitCredentials)) - for i, c := range c.GitCredentials { - v2cfg.GitCredentials[i] = &v2alpha2.GitCredential{ - User: c.User, - Password: c.Password, - RepoPrefix: c.RepoPrefix, - } - } - } - - if c.LeaderElection != nil && c.LeaderElection.LeaderElect != nil && *c.LeaderElection.LeaderElect { - v2cfg.LeaderElection = &v2alpha2.LeaderElectionConfig{ - LeaseDuration: c.LeaderElection.LeaseDuration, - RenewDeadline: c.LeaderElection.RenewDeadline, - RetryPeriod: c.LeaderElection.RetryPeriod, - } - } - - if c.NotificationWebhook != nil { - v2cfg.NotificationWebhooks = &v2alpha2.NotificationWebhooksConfig{ - SystemDatasourceChanged: c.NotificationWebhook.Address, - LibraryDatasourceChanged: "", - } - } - - if c.Sentry != nil { - v2cfg.Sentry = &v2alpha2.SentryConfig{ - DSN: c.Sentry.DSN, - Debug: c.Sentry.Debug, - Environment: c.Sentry.Environment, - HTTPSProxy: c.Sentry.HTTPSProxy, - } - } - - return v2cfg -} - -func init() { - SchemeBuilder.Register(&ProjectConfig{}) -} diff --git a/api/config/v2alpha1/projectconfig_types_test.go b/api/config/v2alpha1/projectconfig_types_test.go deleted file mode 100644 index 7dcd596..0000000 --- a/api/config/v2alpha1/projectconfig_types_test.go +++ /dev/null @@ -1,142 +0,0 @@ -/* -Copyright (C) 2023 Bankdata (bankdata@bankdata.dk) - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v2alpha1_test - -import ( - ginkgo "github.com/onsi/ginkgo/v2" - gomega "github.com/onsi/gomega" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - - //nolint:staticcheck // issue https://github.com/Bankdata/styra-controller/issues/82 - "github.com/bankdata/styra-controller/api/config/v2alpha1" -) - -var _ = ginkgo.Describe("ProjectConfig", func() { - ginkgo.DescribeTable("GetGitCredentialForRepo", - func(gitCredentials []*v2alpha1.GitCredential, repo string, expected *v2alpha1.GitCredential) { - c := &v2alpha1.ProjectConfig{ - GitCredentials: gitCredentials, - } - gomega.Ω(c.GetGitCredentialForRepo(repo)).To(gomega.Equal(expected)) - }, - - ginkgo.Entry("returns nil if the list of credentials is empty", nil, "test", nil), - - ginkgo.Entry("finds matching credential", - []*v2alpha1.GitCredential{ - { - User: "", - Password: "", - RepoPrefix: "https://github.com/bankdata", - }, - }, - "https://github.com/bankdata/styra-controller.git", - &v2alpha1.GitCredential{ - User: "", - Password: "", - RepoPrefix: "https://github.com/bankdata", - }, - ), - ginkgo.Entry("returns longest matching credential", - []*v2alpha1.GitCredential{ - { - User: "", - Password: "", - RepoPrefix: "https://github.com/bankdata", - }, - { - User: "", - Password: "", - RepoPrefix: "https://github.com/bankdata/styra-controller", - }, - }, - "https://github.com/bankdata/styra-controller.git", - &v2alpha1.GitCredential{ - User: "", - Password: "", - RepoPrefix: "https://github.com/bankdata/styra-controller", - }, - ), - ) - - ginkgo.Describe("unmarshalling", func() { - ginkgo.It("correctly unmarshals all fields", func() { - validConfig := []byte(` -apiVersion: config.bankdata.dk/v2alpha1 -kind: ProjectConfig -controllerClass: "class" -deletionProtectionDefault: true -disableCRDWebhooks: true -enableMigrations: true -gitCredentials: - - user: my-git-user - password: my-git-password - repoPrefix: https://github.com/my-org -logLevel: 42 -notificationWebhook: - address: "https://webhook.com" -sentry: - debug: true - dsn: "https://sentry.com" - environment: "test" - httpsProxy: "https://proxy.com" -sso: - identityProvider: "my-provider" - jwtGroupsClaim: "groups" -styra: - address: "https://styra.com" - token: "token" -systemPrefix: "prefix" -systemSuffix: "suffix" -systemUserRoles: - - SystemViewer -`) - scheme := runtime.NewScheme() - gomega.Ω(v2alpha1.AddToScheme(scheme)).Should(gomega.Succeed()) - decoder := serializer.NewCodecFactory(scheme).UniversalDeserializer() - var c v2alpha1.ProjectConfig - _, _, err := decoder.Decode(validConfig, nil, &c) - gomega.Ω(err).ShouldNot(gomega.HaveOccurred()) - gomega.Ω(c.ControllerClass).Should(gomega.Equal("class")) - gomega.Ω(c.DeletionProtectionDefault).Should(gomega.BeTrue()) - gomega.Ω(c.DisableCRDWebhooks).Should(gomega.BeTrue()) - gomega.Ω(c.EnableMigrations).Should(gomega.BeTrue()) - gomega.Ω(len(c.GitCredentials)).Should(gomega.Equal(1)) - gomega.Ω(c.GitCredentials[0].User).Should(gomega.Equal("my-git-user")) - gomega.Ω(c.GitCredentials[0].Password).Should(gomega.Equal("my-git-password")) - gomega.Ω(c.GitCredentials[0].RepoPrefix).Should(gomega.Equal("https://github.com/my-org")) - gomega.Ω(c.LogLevel).Should(gomega.Equal(42)) - gomega.Ω(c.NotificationWebhook).ShouldNot(gomega.BeNil()) - gomega.Ω(c.NotificationWebhook.Address).Should(gomega.Equal("https://webhook.com")) - gomega.Ω(c.Sentry).ShouldNot(gomega.BeNil()) - gomega.Ω(c.Sentry.Debug).Should(gomega.BeTrue()) - gomega.Ω(c.Sentry.DSN).Should(gomega.Equal("https://sentry.com")) - gomega.Ω(c.Sentry.Environment).Should(gomega.Equal("test")) - gomega.Ω(c.Sentry.HTTPSProxy).Should(gomega.Equal("https://proxy.com")) - gomega.Ω(c.SSO).ShouldNot(gomega.BeNil()) - gomega.Ω(c.SSO.IdentityProvider).Should(gomega.Equal("my-provider")) - gomega.Ω(c.SSO.JWTGroupsClaim).Should(gomega.Equal("groups")) - gomega.Ω(c.Styra.Address).Should(gomega.Equal("https://styra.com")) - gomega.Ω(c.Styra.Token).Should(gomega.Equal("token")) - gomega.Ω(c.SystemPrefix).Should(gomega.Equal("prefix")) - gomega.Ω(c.SystemSuffix).Should(gomega.Equal("suffix")) - gomega.Ω(len(c.SystemUserRoles)).Should(gomega.Equal(1)) - gomega.Ω(c.SystemUserRoles[0]).Should(gomega.Equal("SystemViewer")) - }) - }) -}) diff --git a/api/config/v2alpha1/v2alpha1_suite_test.go b/api/config/v2alpha1/v2alpha1_suite_test.go deleted file mode 100644 index 73f17b8..0000000 --- a/api/config/v2alpha1/v2alpha1_suite_test.go +++ /dev/null @@ -1,29 +0,0 @@ -/* -Copyright (C) 2023 Bankdata (bankdata@bankdata.dk) - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v2alpha1_test - -import ( - "testing" - - ginkgo "github.com/onsi/ginkgo/v2" - gomega "github.com/onsi/gomega" -) - -func TestV2Alpha1(t *testing.T) { - gomega.RegisterFailHandler(ginkgo.Fail) - ginkgo.RunSpecs(t, "api/config/v2alpha1") -} diff --git a/api/config/v2alpha1/zz_generated.deepcopy.go b/api/config/v2alpha1/zz_generated.deepcopy.go deleted file mode 100644 index ce1805b..0000000 --- a/api/config/v2alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,157 +0,0 @@ -//go:build !ignore_autogenerated - -/* -Copyright (C) 2023 Bankdata (bankdata@bankdata.dk) - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by controller-gen. DO NOT EDIT. - -package v2alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GitCredential) DeepCopyInto(out *GitCredential) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitCredential. -func (in *GitCredential) DeepCopy() *GitCredential { - if in == nil { - return nil - } - out := new(GitCredential) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NotificationWebhookConfig) DeepCopyInto(out *NotificationWebhookConfig) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NotificationWebhookConfig. -func (in *NotificationWebhookConfig) DeepCopy() *NotificationWebhookConfig { - if in == nil { - return nil - } - out := new(NotificationWebhookConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectConfig) DeepCopyInto(out *ProjectConfig) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ControllerManagerConfigurationSpec.DeepCopyInto(&out.ControllerManagerConfigurationSpec) - if in.GitCredentials != nil { - in, out := &in.GitCredentials, &out.GitCredentials - *out = make([]*GitCredential, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(GitCredential) - **out = **in - } - } - } - if in.NotificationWebhook != nil { - in, out := &in.NotificationWebhook, &out.NotificationWebhook - *out = new(NotificationWebhookConfig) - **out = **in - } - if in.Sentry != nil { - in, out := &in.Sentry, &out.Sentry - *out = new(SentryConfig) - **out = **in - } - if in.SSO != nil { - in, out := &in.SSO, &out.SSO - *out = new(SSOConfig) - **out = **in - } - out.Styra = in.Styra - if in.SystemUserRoles != nil { - in, out := &in.SystemUserRoles, &out.SystemUserRoles - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectConfig. -func (in *ProjectConfig) DeepCopy() *ProjectConfig { - if in == nil { - return nil - } - out := new(ProjectConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ProjectConfig) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SSOConfig) DeepCopyInto(out *SSOConfig) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSOConfig. -func (in *SSOConfig) DeepCopy() *SSOConfig { - if in == nil { - return nil - } - out := new(SSOConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SentryConfig) DeepCopyInto(out *SentryConfig) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SentryConfig. -func (in *SentryConfig) DeepCopy() *SentryConfig { - if in == nil { - return nil - } - out := new(SentryConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StyraConfig) DeepCopyInto(out *StyraConfig) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StyraConfig. -func (in *StyraConfig) DeepCopy() *StyraConfig { - if in == nil { - return nil - } - out := new(StyraConfig) - in.DeepCopyInto(out) - return out -} diff --git a/cmd/main.go b/cmd/main.go index 380780f..db7bd3b 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -40,8 +40,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log/zap" "sigs.k8s.io/controller-runtime/pkg/metrics" - configv1 "github.com/bankdata/styra-controller/api/config/v1" - configv2alpha1 "github.com/bankdata/styra-controller/api/config/v2alpha1" configv2alpha2 "github.com/bankdata/styra-controller/api/config/v2alpha2" styrav1alpha1 "github.com/bankdata/styra-controller/api/styra/v1alpha1" styrav1beta1 "github.com/bankdata/styra-controller/api/styra/v1beta1" @@ -68,9 +66,7 @@ var ( func init() { utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(styrav1alpha1.AddToScheme(scheme)) - utilruntime.Must(configv1.AddToScheme(scheme)) utilruntime.Must(styrav1beta1.AddToScheme(scheme)) - utilruntime.Must(configv2alpha1.AddToScheme(scheme)) utilruntime.Must(configv2alpha2.AddToScheme(scheme)) //+kubebuilder:scaffold:scheme } diff --git a/config/samples/config_v1_projectconfig.yaml b/config/samples/config_v1_projectconfig.yaml deleted file mode 100644 index 3102f26..0000000 --- a/config/samples/config_v1_projectconfig.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: config.bankdata.dk/v1 -kind: ProjectConfig -metadata: - labels: - app.kubernetes.io/name: projectconfig - app.kubernetes.io/instance: projectconfig-sample - app.kubernetes.io/part-of: styra-controller - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: styra-controller - name: projectconfig-sample -spec: - # TODO(user): Add fields here diff --git a/config/samples/config_v2alpha1_projectconfig.yaml b/config/samples/config_v2alpha1_projectconfig.yaml deleted file mode 100644 index be2448c..0000000 --- a/config/samples/config_v2alpha1_projectconfig.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: config.bankdata.dk/v2alpha1 -kind: ProjectConfig - -# controllerClass sets a controller class for this controller. This allows the -# provided CRDs to target a specific controller. This is useful when running -# multiple controllers in the same cluster. -controllerClass: "" - -# deletionProtectionDefault sets the default to use with regards to deletion -# protection if it is not set on the resource. -deletionProtectionDefault: false - -# disableCRDWebhooks disables the CRD webhooks on the controller. If running -# multiple controllers in the same cluster, only one will need to have it's -# webhooks enabled. -disableCRDWebhooks: false - -# enableMigrations enables the system migration annotation. This should be kept -# disabled unless migrations need to be done. -enableMigrations: false - -# gitCredentials holds a list of git credential configurations. The repoPrefix -# of the git credential will be matched angainst repository URL in order to -# determine which credential to use. The git credential with the longest -# matching repoPrefix will be selected. -gitCredentials: [] -# - user: my-git-user -# password: my-git-password -# repoPrefix: https://github.com/my-org - -# logLevel sets the logging level of the controller. A higher number gives more -# verbosity. A number higher than 0 should only be used for debugging purposes. -logLevel: 0 - -# notificationWebhook contains configuration for how to call the notification -# webhook. -#notificationWebhook: -# address: "" - -# sentry contains configuration for how errors should be reported to sentry. -#sentry: -# debug: false -# dsn: "" -# environment: "" -# httpsProxy: "" - -# sso contains configuration for how to use SSO tokens for determining what -# groups a user belongs to. This can be used to grant members of a certain -# group access to systems. -#sso: -# identityProvider: "" -# jwtGroupsClaim: "" - -# styra contains configuration for connecting to the Styra DAS apis -styra: - address: "" - token: "" - -# systemPrefix is a prefix for all the systems that the controller creates -# in Styra DAS. This is useful in order to be able to identify what -# controller created a system in a shared Styra DAS instance. -systemPrefix: "" - -# systemSuffix is a suffix for all the systems that the controller creates -# in Styra DAS. This is useful in order to be able to identify what -# controller created a system in a shared Styra DAS instance. -systemSuffix: "" - -# systemUserRoles is a list of Styra DAS system level roles which the subjects of -# a system will be granted. -systemUserRoles: [] -# - SystemViewer -# - SystemInstall diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index bcbdc46..b356a24 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -1,10 +1,8 @@ ## Append samples of your project ## resources: -- config_v1_projectconfig.yaml - styra_v1beta1_system.yaml - styra_v1alpha1_globaldatasource.yaml - test_v1_object.yaml -- config_v2alpha1_projectconfig.yaml - config_v2alpha2_projectconfig.yaml - styra_v1alpha1_library.yaml #+kubebuilder:scaffold:manifestskustomizesamples diff --git a/docs/apis/styra/v1alpha1.md b/docs/apis/styra/v1alpha1.md index eb11640..f0c7887 100644 --- a/docs/apis/styra/v1alpha1.md +++ b/docs/apis/styra/v1alpha1.md @@ -864,5 +864,5 @@ GitRepo
Generated with gen-crd-api-reference-docs
-on git commit d1f19e4
.
+on git commit 481d857
.
Generated with gen-crd-api-reference-docs
-on git commit d1f19e4
.
+on git commit 481d857
.