From 1862e6b222ccdf038d04e96d72e9b05499d7701f Mon Sep 17 00:00:00 2001
From: bdumpp <144795224+bdumpp@users.noreply.github.com>
Date: Tue, 5 Dec 2023 15:00:28 +0100
Subject: [PATCH] :boom: removed config/v1 and config/v2alpha1 (#223)
---
PROJECT | 14 --
api/config/v1/groupversion_info.go | 36 ---
api/config/v1/projectconfig_types.go | 119 ---------
api/config/v1/projectconfig_types_test.go | 108 --------
api/config/v1/v1.go | 18 --
api/config/v1/v1_suite_test.go | 29 ---
api/config/v1/zz_generated.deepcopy.go | 81 ------
api/config/v2alpha1/groupversion_info.go | 37 ---
api/config/v2alpha1/projectconfig_types.go | 233 ------------------
.../v2alpha1/projectconfig_types_test.go | 142 -----------
api/config/v2alpha1/v2alpha1_suite_test.go | 29 ---
api/config/v2alpha1/zz_generated.deepcopy.go | 157 ------------
cmd/main.go | 4 -
config/samples/config_v1_projectconfig.yaml | 12 -
.../config_v2alpha1_projectconfig.yaml | 73 ------
config/samples/kustomization.yaml | 2 -
docs/apis/styra/v1alpha1.md | 2 +-
docs/apis/styra/v1beta1.md | 2 +-
docs/configuration.md | 66 +++--
internal/config/config.go | 14 --
internal/config/config_test.go | 35 ---
21 files changed, 43 insertions(+), 1170 deletions(-)
delete mode 100644 api/config/v1/groupversion_info.go
delete mode 100644 api/config/v1/projectconfig_types.go
delete mode 100644 api/config/v1/projectconfig_types_test.go
delete mode 100644 api/config/v1/v1.go
delete mode 100644 api/config/v1/v1_suite_test.go
delete mode 100644 api/config/v1/zz_generated.deepcopy.go
delete mode 100644 api/config/v2alpha1/groupversion_info.go
delete mode 100644 api/config/v2alpha1/projectconfig_types.go
delete mode 100644 api/config/v2alpha1/projectconfig_types_test.go
delete mode 100644 api/config/v2alpha1/v2alpha1_suite_test.go
delete mode 100644 api/config/v2alpha1/zz_generated.deepcopy.go
delete mode 100644 config/samples/config_v1_projectconfig.yaml
delete mode 100644 config/samples/config_v2alpha1_projectconfig.yaml
diff --git a/PROJECT b/PROJECT
index dbac610..868aacc 100644
--- a/PROJECT
+++ b/PROJECT
@@ -9,13 +9,6 @@ multigroup: true
projectName: styra-controller
repo: github.com/bankdata/styra-controller
resources:
-- api:
- crdVersion: v1
- domain: bankdata.dk
- group: config
- kind: ProjectConfig
- path: github.com/bankdata/styra-controller/api/config/v1
- version: v1
- api:
crdVersion: v1
namespaced: true
@@ -49,13 +42,6 @@ resources:
kind: Object
path: github.com/bankdata/styra-controller/api/test/v1
version: v1
-- api:
- crdVersion: v1
- domain: bankdata.dk
- group: config
- kind: ProjectConfig
- path: github.com/bankdata/styra-controller/api/config/v2alpha1
- version: v2alpha1
- api:
crdVersion: v1
domain: bankdata.dk
diff --git a/api/config/v1/groupversion_info.go b/api/config/v1/groupversion_info.go
deleted file mode 100644
index b08adfa..0000000
--- a/api/config/v1/groupversion_info.go
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
-Copyright (C) 2023 Bankdata (bankdata@bankdata.dk)
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// +kubebuilder:object:generate=true
-// +groupName=config.bankdata.dk
-
-package v1
-
-import (
- "k8s.io/apimachinery/pkg/runtime/schema"
- "sigs.k8s.io/controller-runtime/pkg/scheme"
-)
-
-var (
- // GroupVersion is group version used to register these objects
- GroupVersion = schema.GroupVersion{Group: "config.bankdata.dk", Version: "v1"}
-
- // SchemeBuilder is used to add go types to the GroupVersionKind scheme
- SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
-
- // AddToScheme adds the types in this group-version to the given scheme.
- AddToScheme = SchemeBuilder.AddToScheme
-)
diff --git a/api/config/v1/projectconfig_types.go b/api/config/v1/projectconfig_types.go
deleted file mode 100644
index e64f291..0000000
--- a/api/config/v1/projectconfig_types.go
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
-Copyright (C) 2023 Bankdata (bankdata@bankdata.dk)
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1
-
-import (
- "github.com/bankdata/styra-controller/api/config/v2alpha1"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
- //nolint:staticcheck // issue https://github.com/Bankdata/styra-controller/issues/82
- cfg "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1"
-)
-
-//+kubebuilder:object:root=true
-
-// ProjectConfig is the Schema for the projectconfigs API
-type ProjectConfig struct {
- metav1.TypeMeta `json:",inline"`
-
- cfg.ControllerManagerConfigurationSpec `json:",inline"`
-
- StyraToken string `json:"styraToken"`
- StyraAddress string `json:"styraAddress"`
- StyraSystemUserRoles []string `json:"styraSystemUserRoles"`
- StyraSystemPrefix string `json:"styraSystemPrefix"`
- StyraSystemSuffix string `json:"styraSystemSuffix"`
- LogLevel int `json:"logLevel"`
- SentryDSN string `json:"sentryDSN"`
- SentryDebug bool `json:"sentryDebug"`
- Environment string `json:"environment"`
- SentryHTTPSProxy string `json:"sentryHTTPSProxy"`
- ControllerClass string `json:"controllerClass"`
- WebhooksDisabled bool `json:"webhooksDisabled"`
- DatasourceWebhookAddress string `json:"datasourceWebhookAddress"`
- IdentityProvider string `json:"identityProvider"`
- JwtGroupClaim string `json:"jwtGroupClaim"`
- MigrationEnabled bool `json:"migrationEnabled"`
- GitCredentials []*GitCredential `json:"gitCredentials"`
- // Only used by the now deprecated StyraSystem controller
- GitUser string `json:"gitUser"`
- GitPassword string `json:"gitPassword"`
-}
-
-// GitCredential defines the structure of a git credential.
-type GitCredential struct {
- User string `json:"user"`
- Password string `json:"password"`
- RepoPrefix string `json:"repoPrefix"`
-}
-
-func init() {
- SchemeBuilder.Register(&ProjectConfig{})
-}
-
-// ToV2Alpha1 returns this ProjectConfig converted to a v2alpha1.ProjectConfig
-func (c *ProjectConfig) ToV2Alpha1() *v2alpha1.ProjectConfig {
- v2cfg := &v2alpha1.ProjectConfig{
- ControllerManagerConfigurationSpec: c.ControllerManagerConfigurationSpec,
- ControllerClass: c.ControllerClass,
- DisableCRDWebhooks: c.WebhooksDisabled,
- EnableMigrations: c.MigrationEnabled,
- LogLevel: c.LogLevel,
- SystemPrefix: c.StyraSystemPrefix,
- SystemSuffix: c.StyraSystemSuffix,
- SystemUserRoles: c.StyraSystemUserRoles,
- Styra: v2alpha1.StyraConfig{
- Token: c.StyraToken,
- Address: c.StyraAddress,
- },
- }
-
- if c.JwtGroupClaim != "" {
- v2cfg.SSO = &v2alpha1.SSOConfig{
- IdentityProvider: c.IdentityProvider,
- JWTGroupsClaim: c.JwtGroupClaim,
- }
- }
-
- if c.SentryDSN != "" {
- v2cfg.Sentry = &v2alpha1.SentryConfig{
- DSN: c.SentryDSN,
- Debug: c.SentryDebug,
- Environment: c.Environment,
- HTTPSProxy: c.SentryHTTPSProxy,
- }
- }
-
- if c.DatasourceWebhookAddress != "" {
- v2cfg.NotificationWebhook = &v2alpha1.NotificationWebhookConfig{
- Address: c.DatasourceWebhookAddress,
- }
- }
-
- if c.GitCredentials != nil {
- v2cfg.GitCredentials = make([]*v2alpha1.GitCredential, len(c.GitCredentials))
- for i, c := range c.GitCredentials {
- v2cfg.GitCredentials[i] = &v2alpha1.GitCredential{
- User: c.User,
- Password: c.Password,
- RepoPrefix: c.RepoPrefix,
- }
- }
- }
-
- return v2cfg
-}
diff --git a/api/config/v1/projectconfig_types_test.go b/api/config/v1/projectconfig_types_test.go
deleted file mode 100644
index 7fbae05..0000000
--- a/api/config/v1/projectconfig_types_test.go
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
-Copyright (C) 2023 Bankdata (bankdata@bankdata.dk)
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1_test
-
-import (
- ginkgo "github.com/onsi/ginkgo/v2"
- gomega "github.com/onsi/gomega"
-
- //nolint:staticcheck // issue https://github.com/Bankdata/styra-controller/issues/82
- cfg "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1"
-
- v1 "github.com/bankdata/styra-controller/api/config/v1"
- "github.com/bankdata/styra-controller/api/config/v2alpha1"
-)
-
-var _ = ginkgo.Describe("ProjectConfig", func() {
- ginkgo.Describe("ToV2Alpha1", func() {
- ginkgo.It("converts to v2alpha1", func() {
- v1cfg := &v1.ProjectConfig{
- //nolint:staticcheck // issue https://github.com/Bankdata/styra-controller/issues/82
- ControllerManagerConfigurationSpec: cfg.ControllerManagerConfigurationSpec{
- CacheNamespace: "test",
- },
- StyraToken: "token",
- StyraAddress: "addr",
- StyraSystemUserRoles: []string{"role1", "role2"},
- StyraSystemPrefix: "prefix",
- StyraSystemSuffix: "suffix",
- LogLevel: 42,
- SentryDSN: "https://my-sentry.com",
- SentryDebug: true,
- Environment: "test",
- SentryHTTPSProxy: "https://my-proxy.com",
- ControllerClass: "class",
- DatasourceWebhookAddress: "https://my-webhook.com",
- WebhooksDisabled: true,
- MigrationEnabled: true,
- GitCredentials: []*v1.GitCredential{
- {
- User: "user",
- Password: "password",
- RepoPrefix: "https://github.com/my-org",
- },
- {
- User: "other-user",
- Password: "other-password",
- RepoPrefix: "https://github.com/my-other-org",
- },
- },
- }
-
- expected := &v2alpha1.ProjectConfig{
- //nolint:staticcheck // issue https://github.com/Bankdata/styra-controller/issues/82
- ControllerManagerConfigurationSpec: cfg.ControllerManagerConfigurationSpec{
- CacheNamespace: "test",
- },
- ControllerClass: "class",
- DisableCRDWebhooks: true,
- EnableMigrations: true,
- GitCredentials: []*v2alpha1.GitCredential{
- {
- User: "user",
- Password: "password",
- RepoPrefix: "https://github.com/my-org",
- },
- {
- User: "other-user",
- Password: "other-password",
- RepoPrefix: "https://github.com/my-other-org",
- },
- },
- LogLevel: 42,
- SystemPrefix: "prefix",
- SystemSuffix: "suffix",
- SystemUserRoles: []string{"role1", "role2"},
- Sentry: &v2alpha1.SentryConfig{
- DSN: "https://my-sentry.com",
- Debug: true,
- Environment: "test",
- HTTPSProxy: "https://my-proxy.com",
- },
- NotificationWebhook: &v2alpha1.NotificationWebhookConfig{
- Address: "https://my-webhook.com",
- },
- Styra: v2alpha1.StyraConfig{
- Token: "token",
- Address: "addr",
- },
- }
-
- gomega.Ω(v1cfg.ToV2Alpha1()).To(gomega.Equal(expected))
- })
- })
-})
diff --git a/api/config/v1/v1.go b/api/config/v1/v1.go
deleted file mode 100644
index 44230d3..0000000
--- a/api/config/v1/v1.go
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
-Copyright 2023 Bankdata.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package v1 contains API Schema definitions for the config v1 API group.
-package v1
diff --git a/api/config/v1/v1_suite_test.go b/api/config/v1/v1_suite_test.go
deleted file mode 100644
index 701ae06..0000000
--- a/api/config/v1/v1_suite_test.go
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
-Copyright (C) 2023 Bankdata (bankdata@bankdata.dk)
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1_test
-
-import (
- "testing"
-
- ginkgo "github.com/onsi/ginkgo/v2"
- gomega "github.com/onsi/gomega"
-)
-
-func TestV1(t *testing.T) {
- gomega.RegisterFailHandler(ginkgo.Fail)
- ginkgo.RunSpecs(t, "api/config/v1")
-}
diff --git a/api/config/v1/zz_generated.deepcopy.go b/api/config/v1/zz_generated.deepcopy.go
deleted file mode 100644
index 10ba247..0000000
--- a/api/config/v1/zz_generated.deepcopy.go
+++ /dev/null
@@ -1,81 +0,0 @@
-//go:build !ignore_autogenerated
-
-/*
-Copyright (C) 2023 Bankdata (bankdata@bankdata.dk)
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by controller-gen. DO NOT EDIT.
-
-package v1
-
-import (
- runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *GitCredential) DeepCopyInto(out *GitCredential) {
- *out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitCredential.
-func (in *GitCredential) DeepCopy() *GitCredential {
- if in == nil {
- return nil
- }
- out := new(GitCredential)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ProjectConfig) DeepCopyInto(out *ProjectConfig) {
- *out = *in
- out.TypeMeta = in.TypeMeta
- in.ControllerManagerConfigurationSpec.DeepCopyInto(&out.ControllerManagerConfigurationSpec)
- if in.StyraSystemUserRoles != nil {
- in, out := &in.StyraSystemUserRoles, &out.StyraSystemUserRoles
- *out = make([]string, len(*in))
- copy(*out, *in)
- }
- if in.GitCredentials != nil {
- in, out := &in.GitCredentials, &out.GitCredentials
- *out = make([]*GitCredential, len(*in))
- for i := range *in {
- if (*in)[i] != nil {
- in, out := &(*in)[i], &(*out)[i]
- *out = new(GitCredential)
- **out = **in
- }
- }
- }
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectConfig.
-func (in *ProjectConfig) DeepCopy() *ProjectConfig {
- if in == nil {
- return nil
- }
- out := new(ProjectConfig)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ProjectConfig) DeepCopyObject() runtime.Object {
- if c := in.DeepCopy(); c != nil {
- return c
- }
- return nil
-}
diff --git a/api/config/v2alpha1/groupversion_info.go b/api/config/v2alpha1/groupversion_info.go
deleted file mode 100644
index a5d49e3..0000000
--- a/api/config/v2alpha1/groupversion_info.go
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
-Copyright (C) 2023 Bankdata (bankdata@bankdata.dk)
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package v2alpha1 contains API Schema definitions for the config v2alpha1 API group
-// +kubebuilder:object:generate=true
-// +kubebuilder:skip
-// +groupName=config.bankdata.dk
-package v2alpha1
-
-import (
- "k8s.io/apimachinery/pkg/runtime/schema"
- "sigs.k8s.io/controller-runtime/pkg/scheme"
-)
-
-var (
- // GroupVersion is group version used to register these objects
- GroupVersion = schema.GroupVersion{Group: "config.bankdata.dk", Version: "v2alpha1"}
-
- // SchemeBuilder is used to add go types to the GroupVersionKind scheme
- SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
-
- // AddToScheme adds the types in this group-version to the given scheme.
- AddToScheme = SchemeBuilder.AddToScheme
-)
diff --git a/api/config/v2alpha1/projectconfig_types.go b/api/config/v2alpha1/projectconfig_types.go
deleted file mode 100644
index 2ee34e2..0000000
--- a/api/config/v2alpha1/projectconfig_types.go
+++ /dev/null
@@ -1,233 +0,0 @@
-/*
-Copyright (C) 2023 Bankdata (bankdata@bankdata.dk)
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v2alpha1
-
-import (
- "sort"
- "strings"
-
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
- //nolint:staticcheck // issue https://github.com/Bankdata/styra-controller/issues/82
- cfg "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1"
-
- "github.com/bankdata/styra-controller/api/config/v2alpha2"
-)
-
-//+kubebuilder:object:root=true
-
-// ProjectConfig is the Schema for the projectconfigs API
-type ProjectConfig struct {
- metav1.TypeMeta `json:",inline"`
-
- cfg.ControllerManagerConfigurationSpec `json:",inline"`
-
- // ControllerClass sets a controller class for this controller. This allows
- // the provided CRDs to target a specific controller. This is useful when
- // running multiple controllers in the same cluster.
- ControllerClass string `json:"controllerClass"`
-
- // DeletionProtectionDefault sets the default to use with regards to deletion
- // protection if it is not set on the resource.
- DeletionProtectionDefault bool `json:"deletionProtectionDefault"`
-
- // DisableCRDWebhooks disables the CRD webhooks on the controller. If running
- // multiple controllers in the same cluster, only one will need to have it's
- // webhooks enabled.
- DisableCRDWebhooks bool `json:"disableCRDWebhooks"`
-
- // EnableMigrations enables the system migration annotation. This should be
- // kept disabled unless migrations need to be done.
- EnableMigrations bool `json:"enableMigrations"`
-
- // GitCredentials holds a list of git credential configurations. The
- // RepoPrefix of the GitCredential will be matched angainst repository URL in
- // order to determine which credential to use. The GitCredential with the
- // longest matching RepoPrefix will be selected.
- GitCredentials []*GitCredential `json:"gitCredentials"`
-
- // LogLevel sets the logging level of the controller. A higher number gives
- // more verbosity. A number higher than 0 should only be used for debugging
- // purposes.
- LogLevel int `json:"logLevel"`
-
- NotificationWebhook *NotificationWebhookConfig `json:"notificationWebhook"`
-
- Sentry *SentryConfig `json:"sentry"`
-
- SSO *SSOConfig `json:"sso"`
-
- Styra StyraConfig `json:"styra"`
-
- // SystemPrefix is a prefix for all the systems that the controller creates
- // in Styra DAS. This is useful in order to be able to identify what
- // controller created a system in a shared Styra DAS instance.
- SystemPrefix string `json:"systemPrefix"`
-
- // SystemSuffix is a suffix for all the systems that the controller creates
- // in Styra DAS. This is useful in order to be able to identify what
- // controller created a system in a shared Styra DAS instance.
- SystemSuffix string `json:"systemSuffix"`
-
- // SystemUserRoles is a list of Styra DAS system level roles which the subjects of
- // a system will be granted.
- SystemUserRoles []string `json:"systemUserRoles"`
-}
-
-// StyraConfig contains configuration for connecting to the Styra DAS apis
-type StyraConfig struct {
- // Address is the URL for the Styra DAS API server.
- Address string `json:"address"`
-
- // Token is a Styra DAS API token. These can be created in the Styra DAS GUI
- // or through the API. The token should have the `WorkspaceAdministrator` role.
- Token string `json:"token"`
-}
-
-// SentryConfig contains configuration for how errors should be reported to
-// sentry.
-type SentryConfig struct {
- // Debug enables Sentry client debugging.
- Debug bool `json:"debug"`
-
- // DSN is the Sentry project DSN.
- DSN string `json:"dsn"`
-
- // Environment sets the environment of the events sent to Sentry.
- Environment string `json:"environment"`
-
- // HTTPSProxy sets an HTTP proxy server for sentry to use.
- HTTPSProxy string `json:"httpsProxy"`
-}
-
-// NotificationWebhookConfig contains configuration for how to call the notification
-// webhook.
-type NotificationWebhookConfig struct {
- // Address is the URL to be called when the controller should do a webhook
- // notification. Currently the only supported notification is that a
- // datasource configuration has changed.
- Address string `json:"address"`
-}
-
-// SSOConfig contains configuration for how to use SSO tokens for determining
-// what groups a user belongs to. This can be used to grant members of a
-// certain group access to systems.
-type SSOConfig struct {
- // IdentityProvider is the ID of a configured Styra DAS identity provider.
- IdentityProvider string `json:"identityProvider"`
-
- // JWTGroupsClaim is the json path to a claim in issued JWTs which contain a
- // list of groups that the user belongs to.
- JWTGroupsClaim string `json:"jwtGroupsClaim"`
-}
-
-// GitCredential represents a set of credentials to be used for repositories
-// that match the RepoPrefix.
-type GitCredential struct {
- // User is a http basic auth username used for git.
- User string `json:"user"`
-
- // Password is a http basic auth password used for git.
- Password string `json:"password"`
-
- // RepoPrefix specifies a repo URL prefix. eg. if RepoPrefix is set to
- // `https://github.com/bankdata`, then this credentials would apply for any
- // repository under the bankdata github org.
- RepoPrefix string `json:"repoPrefix"`
-}
-
-// GetGitCredentialForRepo determines which default GitCredential to use for checking out the
-// policy repository based on the URL to the policy repository.
-func (c *ProjectConfig) GetGitCredentialForRepo(repo string) *GitCredential {
- sort.Slice(c.GitCredentials, func(i, j int) bool {
- return len(c.GitCredentials[i].RepoPrefix) > len(c.GitCredentials[j].RepoPrefix)
- })
-
- for _, gitCredential := range c.GitCredentials {
- if strings.HasPrefix(repo, gitCredential.RepoPrefix) {
- return gitCredential
- }
- }
-
- return nil
-}
-
-// ToV2Alpha2 returns this ProjectConfig converted to a v2alpha2.ProjectConfig
-func (c *ProjectConfig) ToV2Alpha2() *v2alpha2.ProjectConfig {
- v2cfg := &v2alpha2.ProjectConfig{
- ControllerClass: c.ControllerClass,
- DeletionProtectionDefault: c.DeletionProtectionDefault,
- DisableCRDWebhooks: c.DisableCRDWebhooks,
- EnableMigrations: c.EnableMigrations,
- LogLevel: c.LogLevel,
- Styra: v2alpha2.StyraConfig{
- Token: c.Styra.Token,
- Address: c.Styra.Address,
- },
- SystemPrefix: c.SystemPrefix,
- SystemSuffix: c.SystemSuffix,
- SystemUserRoles: c.SystemUserRoles,
- }
-
- if c.SSO != nil {
- v2cfg.SSO = &v2alpha2.SSOConfig{
- IdentityProvider: c.SSO.IdentityProvider,
- JWTGroupsClaim: c.SSO.JWTGroupsClaim,
- }
- }
-
- if c.GitCredentials != nil {
- v2cfg.GitCredentials = make([]*v2alpha2.GitCredential, len(c.GitCredentials))
- for i, c := range c.GitCredentials {
- v2cfg.GitCredentials[i] = &v2alpha2.GitCredential{
- User: c.User,
- Password: c.Password,
- RepoPrefix: c.RepoPrefix,
- }
- }
- }
-
- if c.LeaderElection != nil && c.LeaderElection.LeaderElect != nil && *c.LeaderElection.LeaderElect {
- v2cfg.LeaderElection = &v2alpha2.LeaderElectionConfig{
- LeaseDuration: c.LeaderElection.LeaseDuration,
- RenewDeadline: c.LeaderElection.RenewDeadline,
- RetryPeriod: c.LeaderElection.RetryPeriod,
- }
- }
-
- if c.NotificationWebhook != nil {
- v2cfg.NotificationWebhooks = &v2alpha2.NotificationWebhooksConfig{
- SystemDatasourceChanged: c.NotificationWebhook.Address,
- LibraryDatasourceChanged: "",
- }
- }
-
- if c.Sentry != nil {
- v2cfg.Sentry = &v2alpha2.SentryConfig{
- DSN: c.Sentry.DSN,
- Debug: c.Sentry.Debug,
- Environment: c.Sentry.Environment,
- HTTPSProxy: c.Sentry.HTTPSProxy,
- }
- }
-
- return v2cfg
-}
-
-func init() {
- SchemeBuilder.Register(&ProjectConfig{})
-}
diff --git a/api/config/v2alpha1/projectconfig_types_test.go b/api/config/v2alpha1/projectconfig_types_test.go
deleted file mode 100644
index 7dcd596..0000000
--- a/api/config/v2alpha1/projectconfig_types_test.go
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
-Copyright (C) 2023 Bankdata (bankdata@bankdata.dk)
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v2alpha1_test
-
-import (
- ginkgo "github.com/onsi/ginkgo/v2"
- gomega "github.com/onsi/gomega"
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/runtime/serializer"
-
- //nolint:staticcheck // issue https://github.com/Bankdata/styra-controller/issues/82
- "github.com/bankdata/styra-controller/api/config/v2alpha1"
-)
-
-var _ = ginkgo.Describe("ProjectConfig", func() {
- ginkgo.DescribeTable("GetGitCredentialForRepo",
- func(gitCredentials []*v2alpha1.GitCredential, repo string, expected *v2alpha1.GitCredential) {
- c := &v2alpha1.ProjectConfig{
- GitCredentials: gitCredentials,
- }
- gomega.Ω(c.GetGitCredentialForRepo(repo)).To(gomega.Equal(expected))
- },
-
- ginkgo.Entry("returns nil if the list of credentials is empty", nil, "test", nil),
-
- ginkgo.Entry("finds matching credential",
- []*v2alpha1.GitCredential{
- {
- User: "",
- Password: "",
- RepoPrefix: "https://github.com/bankdata",
- },
- },
- "https://github.com/bankdata/styra-controller.git",
- &v2alpha1.GitCredential{
- User: "",
- Password: "",
- RepoPrefix: "https://github.com/bankdata",
- },
- ),
- ginkgo.Entry("returns longest matching credential",
- []*v2alpha1.GitCredential{
- {
- User: "",
- Password: "",
- RepoPrefix: "https://github.com/bankdata",
- },
- {
- User: "",
- Password: "",
- RepoPrefix: "https://github.com/bankdata/styra-controller",
- },
- },
- "https://github.com/bankdata/styra-controller.git",
- &v2alpha1.GitCredential{
- User: "",
- Password: "",
- RepoPrefix: "https://github.com/bankdata/styra-controller",
- },
- ),
- )
-
- ginkgo.Describe("unmarshalling", func() {
- ginkgo.It("correctly unmarshals all fields", func() {
- validConfig := []byte(`
-apiVersion: config.bankdata.dk/v2alpha1
-kind: ProjectConfig
-controllerClass: "class"
-deletionProtectionDefault: true
-disableCRDWebhooks: true
-enableMigrations: true
-gitCredentials:
- - user: my-git-user
- password: my-git-password
- repoPrefix: https://github.com/my-org
-logLevel: 42
-notificationWebhook:
- address: "https://webhook.com"
-sentry:
- debug: true
- dsn: "https://sentry.com"
- environment: "test"
- httpsProxy: "https://proxy.com"
-sso:
- identityProvider: "my-provider"
- jwtGroupsClaim: "groups"
-styra:
- address: "https://styra.com"
- token: "token"
-systemPrefix: "prefix"
-systemSuffix: "suffix"
-systemUserRoles:
- - SystemViewer
-`)
- scheme := runtime.NewScheme()
- gomega.Ω(v2alpha1.AddToScheme(scheme)).Should(gomega.Succeed())
- decoder := serializer.NewCodecFactory(scheme).UniversalDeserializer()
- var c v2alpha1.ProjectConfig
- _, _, err := decoder.Decode(validConfig, nil, &c)
- gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
- gomega.Ω(c.ControllerClass).Should(gomega.Equal("class"))
- gomega.Ω(c.DeletionProtectionDefault).Should(gomega.BeTrue())
- gomega.Ω(c.DisableCRDWebhooks).Should(gomega.BeTrue())
- gomega.Ω(c.EnableMigrations).Should(gomega.BeTrue())
- gomega.Ω(len(c.GitCredentials)).Should(gomega.Equal(1))
- gomega.Ω(c.GitCredentials[0].User).Should(gomega.Equal("my-git-user"))
- gomega.Ω(c.GitCredentials[0].Password).Should(gomega.Equal("my-git-password"))
- gomega.Ω(c.GitCredentials[0].RepoPrefix).Should(gomega.Equal("https://github.com/my-org"))
- gomega.Ω(c.LogLevel).Should(gomega.Equal(42))
- gomega.Ω(c.NotificationWebhook).ShouldNot(gomega.BeNil())
- gomega.Ω(c.NotificationWebhook.Address).Should(gomega.Equal("https://webhook.com"))
- gomega.Ω(c.Sentry).ShouldNot(gomega.BeNil())
- gomega.Ω(c.Sentry.Debug).Should(gomega.BeTrue())
- gomega.Ω(c.Sentry.DSN).Should(gomega.Equal("https://sentry.com"))
- gomega.Ω(c.Sentry.Environment).Should(gomega.Equal("test"))
- gomega.Ω(c.Sentry.HTTPSProxy).Should(gomega.Equal("https://proxy.com"))
- gomega.Ω(c.SSO).ShouldNot(gomega.BeNil())
- gomega.Ω(c.SSO.IdentityProvider).Should(gomega.Equal("my-provider"))
- gomega.Ω(c.SSO.JWTGroupsClaim).Should(gomega.Equal("groups"))
- gomega.Ω(c.Styra.Address).Should(gomega.Equal("https://styra.com"))
- gomega.Ω(c.Styra.Token).Should(gomega.Equal("token"))
- gomega.Ω(c.SystemPrefix).Should(gomega.Equal("prefix"))
- gomega.Ω(c.SystemSuffix).Should(gomega.Equal("suffix"))
- gomega.Ω(len(c.SystemUserRoles)).Should(gomega.Equal(1))
- gomega.Ω(c.SystemUserRoles[0]).Should(gomega.Equal("SystemViewer"))
- })
- })
-})
diff --git a/api/config/v2alpha1/v2alpha1_suite_test.go b/api/config/v2alpha1/v2alpha1_suite_test.go
deleted file mode 100644
index 73f17b8..0000000
--- a/api/config/v2alpha1/v2alpha1_suite_test.go
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
-Copyright (C) 2023 Bankdata (bankdata@bankdata.dk)
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v2alpha1_test
-
-import (
- "testing"
-
- ginkgo "github.com/onsi/ginkgo/v2"
- gomega "github.com/onsi/gomega"
-)
-
-func TestV2Alpha1(t *testing.T) {
- gomega.RegisterFailHandler(ginkgo.Fail)
- ginkgo.RunSpecs(t, "api/config/v2alpha1")
-}
diff --git a/api/config/v2alpha1/zz_generated.deepcopy.go b/api/config/v2alpha1/zz_generated.deepcopy.go
deleted file mode 100644
index ce1805b..0000000
--- a/api/config/v2alpha1/zz_generated.deepcopy.go
+++ /dev/null
@@ -1,157 +0,0 @@
-//go:build !ignore_autogenerated
-
-/*
-Copyright (C) 2023 Bankdata (bankdata@bankdata.dk)
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by controller-gen. DO NOT EDIT.
-
-package v2alpha1
-
-import (
- runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *GitCredential) DeepCopyInto(out *GitCredential) {
- *out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitCredential.
-func (in *GitCredential) DeepCopy() *GitCredential {
- if in == nil {
- return nil
- }
- out := new(GitCredential)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *NotificationWebhookConfig) DeepCopyInto(out *NotificationWebhookConfig) {
- *out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NotificationWebhookConfig.
-func (in *NotificationWebhookConfig) DeepCopy() *NotificationWebhookConfig {
- if in == nil {
- return nil
- }
- out := new(NotificationWebhookConfig)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ProjectConfig) DeepCopyInto(out *ProjectConfig) {
- *out = *in
- out.TypeMeta = in.TypeMeta
- in.ControllerManagerConfigurationSpec.DeepCopyInto(&out.ControllerManagerConfigurationSpec)
- if in.GitCredentials != nil {
- in, out := &in.GitCredentials, &out.GitCredentials
- *out = make([]*GitCredential, len(*in))
- for i := range *in {
- if (*in)[i] != nil {
- in, out := &(*in)[i], &(*out)[i]
- *out = new(GitCredential)
- **out = **in
- }
- }
- }
- if in.NotificationWebhook != nil {
- in, out := &in.NotificationWebhook, &out.NotificationWebhook
- *out = new(NotificationWebhookConfig)
- **out = **in
- }
- if in.Sentry != nil {
- in, out := &in.Sentry, &out.Sentry
- *out = new(SentryConfig)
- **out = **in
- }
- if in.SSO != nil {
- in, out := &in.SSO, &out.SSO
- *out = new(SSOConfig)
- **out = **in
- }
- out.Styra = in.Styra
- if in.SystemUserRoles != nil {
- in, out := &in.SystemUserRoles, &out.SystemUserRoles
- *out = make([]string, len(*in))
- copy(*out, *in)
- }
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectConfig.
-func (in *ProjectConfig) DeepCopy() *ProjectConfig {
- if in == nil {
- return nil
- }
- out := new(ProjectConfig)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ProjectConfig) DeepCopyObject() runtime.Object {
- if c := in.DeepCopy(); c != nil {
- return c
- }
- return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SSOConfig) DeepCopyInto(out *SSOConfig) {
- *out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSOConfig.
-func (in *SSOConfig) DeepCopy() *SSOConfig {
- if in == nil {
- return nil
- }
- out := new(SSOConfig)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SentryConfig) DeepCopyInto(out *SentryConfig) {
- *out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SentryConfig.
-func (in *SentryConfig) DeepCopy() *SentryConfig {
- if in == nil {
- return nil
- }
- out := new(SentryConfig)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *StyraConfig) DeepCopyInto(out *StyraConfig) {
- *out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StyraConfig.
-func (in *StyraConfig) DeepCopy() *StyraConfig {
- if in == nil {
- return nil
- }
- out := new(StyraConfig)
- in.DeepCopyInto(out)
- return out
-}
diff --git a/cmd/main.go b/cmd/main.go
index 380780f..db7bd3b 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -40,8 +40,6 @@ import (
"sigs.k8s.io/controller-runtime/pkg/log/zap"
"sigs.k8s.io/controller-runtime/pkg/metrics"
- configv1 "github.com/bankdata/styra-controller/api/config/v1"
- configv2alpha1 "github.com/bankdata/styra-controller/api/config/v2alpha1"
configv2alpha2 "github.com/bankdata/styra-controller/api/config/v2alpha2"
styrav1alpha1 "github.com/bankdata/styra-controller/api/styra/v1alpha1"
styrav1beta1 "github.com/bankdata/styra-controller/api/styra/v1beta1"
@@ -68,9 +66,7 @@ var (
func init() {
utilruntime.Must(clientgoscheme.AddToScheme(scheme))
utilruntime.Must(styrav1alpha1.AddToScheme(scheme))
- utilruntime.Must(configv1.AddToScheme(scheme))
utilruntime.Must(styrav1beta1.AddToScheme(scheme))
- utilruntime.Must(configv2alpha1.AddToScheme(scheme))
utilruntime.Must(configv2alpha2.AddToScheme(scheme))
//+kubebuilder:scaffold:scheme
}
diff --git a/config/samples/config_v1_projectconfig.yaml b/config/samples/config_v1_projectconfig.yaml
deleted file mode 100644
index 3102f26..0000000
--- a/config/samples/config_v1_projectconfig.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: config.bankdata.dk/v1
-kind: ProjectConfig
-metadata:
- labels:
- app.kubernetes.io/name: projectconfig
- app.kubernetes.io/instance: projectconfig-sample
- app.kubernetes.io/part-of: styra-controller
- app.kubernetes.io/managed-by: kustomize
- app.kubernetes.io/created-by: styra-controller
- name: projectconfig-sample
-spec:
- # TODO(user): Add fields here
diff --git a/config/samples/config_v2alpha1_projectconfig.yaml b/config/samples/config_v2alpha1_projectconfig.yaml
deleted file mode 100644
index be2448c..0000000
--- a/config/samples/config_v2alpha1_projectconfig.yaml
+++ /dev/null
@@ -1,73 +0,0 @@
-apiVersion: config.bankdata.dk/v2alpha1
-kind: ProjectConfig
-
-# controllerClass sets a controller class for this controller. This allows the
-# provided CRDs to target a specific controller. This is useful when running
-# multiple controllers in the same cluster.
-controllerClass: ""
-
-# deletionProtectionDefault sets the default to use with regards to deletion
-# protection if it is not set on the resource.
-deletionProtectionDefault: false
-
-# disableCRDWebhooks disables the CRD webhooks on the controller. If running
-# multiple controllers in the same cluster, only one will need to have it's
-# webhooks enabled.
-disableCRDWebhooks: false
-
-# enableMigrations enables the system migration annotation. This should be kept
-# disabled unless migrations need to be done.
-enableMigrations: false
-
-# gitCredentials holds a list of git credential configurations. The repoPrefix
-# of the git credential will be matched angainst repository URL in order to
-# determine which credential to use. The git credential with the longest
-# matching repoPrefix will be selected.
-gitCredentials: []
-# - user: my-git-user
-# password: my-git-password
-# repoPrefix: https://github.com/my-org
-
-# logLevel sets the logging level of the controller. A higher number gives more
-# verbosity. A number higher than 0 should only be used for debugging purposes.
-logLevel: 0
-
-# notificationWebhook contains configuration for how to call the notification
-# webhook.
-#notificationWebhook:
-# address: ""
-
-# sentry contains configuration for how errors should be reported to sentry.
-#sentry:
-# debug: false
-# dsn: ""
-# environment: ""
-# httpsProxy: ""
-
-# sso contains configuration for how to use SSO tokens for determining what
-# groups a user belongs to. This can be used to grant members of a certain
-# group access to systems.
-#sso:
-# identityProvider: ""
-# jwtGroupsClaim: ""
-
-# styra contains configuration for connecting to the Styra DAS apis
-styra:
- address: ""
- token: ""
-
-# systemPrefix is a prefix for all the systems that the controller creates
-# in Styra DAS. This is useful in order to be able to identify what
-# controller created a system in a shared Styra DAS instance.
-systemPrefix: ""
-
-# systemSuffix is a suffix for all the systems that the controller creates
-# in Styra DAS. This is useful in order to be able to identify what
-# controller created a system in a shared Styra DAS instance.
-systemSuffix: ""
-
-# systemUserRoles is a list of Styra DAS system level roles which the subjects of
-# a system will be granted.
-systemUserRoles: []
-# - SystemViewer
-# - SystemInstall
diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml
index bcbdc46..b356a24 100644
--- a/config/samples/kustomization.yaml
+++ b/config/samples/kustomization.yaml
@@ -1,10 +1,8 @@
## Append samples of your project ##
resources:
-- config_v1_projectconfig.yaml
- styra_v1beta1_system.yaml
- styra_v1alpha1_globaldatasource.yaml
- test_v1_object.yaml
-- config_v2alpha1_projectconfig.yaml
- config_v2alpha2_projectconfig.yaml
- styra_v1alpha1_library.yaml
#+kubebuilder:scaffold:manifestskustomizesamples
diff --git a/docs/apis/styra/v1alpha1.md b/docs/apis/styra/v1alpha1.md
index eb11640..f0c7887 100644
--- a/docs/apis/styra/v1alpha1.md
+++ b/docs/apis/styra/v1alpha1.md
@@ -864,5 +864,5 @@ GitRepo
Generated with gen-crd-api-reference-docs
-on git commit d1f19e4.
+on git commit 481d857.
diff --git a/docs/apis/styra/v1beta1.md b/docs/apis/styra/v1beta1.md
index 84e1563..0a312da 100644
--- a/docs/apis/styra/v1beta1.md
+++ b/docs/apis/styra/v1beta1.md
@@ -1172,5 +1172,5 @@ System.
Generated with gen-crd-api-reference-docs
-on git commit d1f19e4.
+on git commit 481d857.
diff --git a/docs/configuration.md b/docs/configuration.md
index 21b2544..c26fb4b 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -1,22 +1,20 @@
# Configuration of the Styra Controller
-This document describes the different configuration options for the Styra Controller. The configuration options are defined in `api/config/v1/projectconfig_types.go`. The configuration options are assigned in `config/default/config.yaml`. For the ease of reference the configuration options are listed here:
-
-* `StyraToken`
-* `StyraAddress`
-* `StyraSystemUserRoles`
-* `StyraSystemPrefix`
-* `StyraSystemSuffix`
-* `LogLevel`
-* `SentryDSN`
-* `SentryDebug`
-* `Environment`
-* `SentryHTTPSProxy`
-* `ControllerClass`
-* `WebhooksDisabled`
-* `DatasourceWebhookAddress`
-* `IdentityProvider`
-* `JwtGroupClaim`
-* `GitCredentials`
+This document describes the different configuration options for the Styra Controller. The configuration options are defined in `api/config/v2alpha2/projectconfig_types.go`. The configuration options are assigned in `config/default/config.yaml`. For the ease of reference the configuration options are listed here:
+
+* `controllerClass`
+* `deletionProtectionDefault`
+* `disableCRDWebhooks`
+* `enableMigrations`
+* `gitCredentials`
+* `logLevel`
+* `leaderElection`
+* `notificationWebhooks`
+* `sentry`
+* `sso`
+* `styra`
+* `systemPrefix`
+* `systemSuffix`
+* `systemUserRoles`
## Observability
@@ -28,15 +26,16 @@ verbosity of the controller logs is configured by setting `logLevel` to an
integer. A log level above 0 should only be set for debugging purposes.
### Logging to Sentry
-To configure Sentry there exists four configuration options: `sentryDSN`, `environment`, `sentryDebug`, and `sentryHTTPSProxy`. `sentryDSN` is the DSN to the Sentry instance. `environment` specifies the Sentry environment that the log should be categorized under in Sentry. `sentryDebug` toggles whether information sendt to Sentry should also be sent to stdout. If Sentry can only be reaches through a proxy set `sentryHTTPSProxy` to the proxy URL.
+To configure Sentry there exists four configuration options: `sentry.dsn`, `sentry.environment`, `sentry.debug`, and `sentry.httpsProxy`. `sentry.dsn` is the DSN to the Sentry instance. `sentry.environment` specifies the Sentry environment that the log should be categorized under in Sentry. `sentry.debug` toggles whether information sendt to Sentry should also be sent to stdout. If Sentry can only be reaches through a proxy set `sentry.httpsProxy` to the proxy URL.
In `internal/sentry` is a sentry reconciler that wraps the other reconcilers. The sentry reconciler simply calls the reconcilers. If the reconcilers return an error and Sentry has been configured, the sentry reconciler will send the error to Sentry.
### Metrics
The Styra Controller exposes the standard go and controller runtime metrics. In addition, the controller exposes the `controller_system_status_ready` metric that counts the amount of Systems whose status are Ready.
-### Notification Webhook
-Currently the controller can register a custom notification webhook that will POST the system ID and datasource ID to an URL when a systems datasource is created or updated. The webhook is implemented in `internal/webhook`. The URL is configured by setting `datasourceWebhookAddress` and the data is formatted like this:
+### Notification Webhooks
+#### System Datasources
+Currently the controller can register a custom notification webhook that will POST the system ID and datasource ID to a URL when a system's datasource is created or updated. The webhook is implemented in `internal/webhook`. The URL is configured by setting `notificationWebhooks.systemDatasourceChanged` and the data is formatted like this:
```json
{
@@ -44,9 +43,18 @@ Currently the controller can register a custom notification webhook that will PO
"datasourceId": "datasource ID"
}
```
+#### Library Datasources
+The controller also can register a custom notification webhook that will POST the datasource ID of a Library Datasource to a URL when a library's datasource is created or updated. The webhook is implemented in `internal/webhook`. The URL is configured by setting `notificationWebhooks.libraryDatasourceChanged` and the data is formatted like this:
+
+```json
+{
+ "datasourceID": "datasource ID"
+}
+```
+
## RBAC
-Access to Styra can be given based on emails and SSO claims. The access rights given to the users are defined in `styraSystemUserRoles`. For giving access based on SSO claims set the `identityProvider` to the SSO providor used to login to Styra. Which claim in the JWT to give access upon is define by setting `jwtGroupClaim`. As an example, assume `styraSystemUserRoles` is `[SystemViewer, SystemInstall]`, `identityProvider` is AzureAD, and `jwtGroupClaim` is `companies`. Then if `.spec.subjects` are:
+Access to Styra can be given based on emails and SSO claims. The access rights given to the users are defined in `systemUserRoles`. For giving access based on SSO claims set the `sso.identityProvider` to the SSO providor used to login to Styra. Which claim in the JWT to give access upon is define by setting `sso.jwtGroupsClaim`. As an example, assume `systemUserRoles` is `[SystemViewer, SystemInstall]`, `sso.identityProvider` is AzureAD, and `sso.jwtGroupsClaim` is `companies`. Then if `.spec.subjects` are:
```yaml
spec:
@@ -58,7 +66,7 @@ spec:
Then the user with the `user@users.com` email has access to the system with the access rights defined above. If Styra has been configured with SSO login then users will have access to the system with the same rights if the token from the identity provider has a claim called `companies` that contains `mycompany`. **NOTE:** The `kind: group` element has no functional consequences it is just to distinquish between users and SSO claims.
## Default Git credentials
-Styra needs a set of credentials for fetching the Systems policies the Git repository. The controller can be configured with a set of Git credentials for different domains. This is done by setting the `GitCredentials`. For example, if `GitCredentials` is:
+Styra needs a set of credentials for fetching the Systems policies the Git repository. The controller can be configured with a set of Git credentials for different domains. This is done by setting the `gitCredentials`. For example, if `gitCredentials` is:
```yaml
gitCredentials:
@@ -78,8 +86,16 @@ This section describes how to handle the scenario where multiple controller inst
The controller can be configured to only reconcile resources that has the `styra-controller/class` label set to a specific value. This is configured by setting `controllerClass`. For example, if `controllerClass` is set to `dev` the controller will only reconcile resources with the `styra-controller/class: dev` label. And as default, when no `controllerClass` is configured for the controller, the controller will only reconcile resources that do not have the `styra-controller/class` label.
### Disabling webhooks
-Only one controller per cluster should have webhooks (default and validating) enabled. Therefore, when running multiple controllers in the same cluster set `webhooksDisabled` on one of them. Usually, it is the least stable version of the controller that has webhooks disabled.
+Only one controller per cluster should have webhooks (default and validating) enabled. Therefore, when running multiple controllers in the same cluster set `disableCRDWebhooks` on one of them. Usually, it is the least stable version of the controller that has webhooks disabled.
### Configure prefix and suffix on Systems
-The controller can be configured to add a prefix and a suffix to the Systems names when created in Styra. This is achieved by setting `styraSystemPrefix` and `styraSystemSuffix`.
+The controller can be configured to add a prefix and a suffix to the Systems names when created in Styra. This is achieved by setting `systemPrefix` and `systemSuffix`.
+
+## Delete Protection
+Custom Resources can have delete protection, means that they will not be deleted by the controller in Styra. The default can be configured by setting `deletionProtectionDefault`.
+
+## EnableMigrations
+An annotation that allows configuring Systems in Kubernetes to link to a specific system in Styra. The ID that the system in Kubernetes should link to is configured by setting `styra-contoller/migration-id: [styra system id]` annotation on Kubernetes system resource. Should only be set while migrating.
+## Leader Election
+If multiple instances of the controller are running together, leader election can be configured by setting `leaderElection.leaseDuration`, `leaderElection.renewDeadline`, `leaderElection.retryPeriod`.
\ No newline at end of file
diff --git a/internal/config/config.go b/internal/config/config.go
index b3ce834..512daec 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -20,8 +20,6 @@ package config
import (
"os"
- v1 "github.com/bankdata/styra-controller/api/config/v1"
- "github.com/bankdata/styra-controller/api/config/v2alpha1"
"github.com/bankdata/styra-controller/api/config/v2alpha2"
"github.com/pkg/errors"
"k8s.io/apimachinery/pkg/runtime"
@@ -92,18 +90,6 @@ func deserialize(data []byte, scheme *runtime.Scheme) (*v2alpha2.ProjectConfig,
if _, _, err := decoder.Decode(data, nil, cfg); err != nil {
return nil, errors.Wrap(err, "could not decode into kind")
}
- case v2alpha1.GroupVersion.Version:
- var v2cfg v2alpha1.ProjectConfig
- if _, _, err := decoder.Decode(data, nil, &v2cfg); err != nil {
- return nil, errors.Wrap(err, "could not decode into kind")
- }
- cfg = v2cfg.ToV2Alpha2()
- case v1.GroupVersion.Version:
- var v1cfg v1.ProjectConfig
- if _, _, err := decoder.Decode(data, nil, &v1cfg); err != nil {
- return nil, errors.Wrap(err, "could not decode into kind")
- }
- cfg = v1cfg.ToV2Alpha1().ToV2Alpha2()
default:
return nil, errors.New("unsupported api version")
}
diff --git a/internal/config/config_test.go b/internal/config/config_test.go
index 95b0f89..c994a4a 100644
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -22,8 +22,6 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
- v1 "github.com/bankdata/styra-controller/api/config/v1"
- "github.com/bankdata/styra-controller/api/config/v2alpha1"
"github.com/bankdata/styra-controller/api/config/v2alpha2"
)
@@ -32,10 +30,6 @@ var _ = ginkgo.DescribeTable("deserialize",
scheme := runtime.NewScheme()
err := v2alpha2.AddToScheme(scheme)
gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
- err = v2alpha1.AddToScheme(scheme)
- gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
- err = v1.AddToScheme(scheme)
- gomega.Ω(err).ShouldNot(gomega.HaveOccurred())
actual, err := deserialize(data, scheme)
if shouldErr {
gomega.Ω(err).Should(gomega.HaveOccurred())
@@ -56,35 +50,6 @@ styra:
true,
),
- ginkgo.Entry("can deserialize v1",
- []byte(`
-apiVersion: config.bankdata.dk/v1
-kind: ProjectConfig
-styraToken: my-token
-`),
- &v2alpha2.ProjectConfig{
- Styra: v2alpha2.StyraConfig{
- Token: "my-token",
- },
- },
- false,
- ),
-
- ginkgo.Entry("can deserialize v2alpha1",
- []byte(`
-apiVersion: config.bankdata.dk/v2alpha1
-kind: ProjectConfig
-styra:
- token: my-token
-`),
- &v2alpha2.ProjectConfig{
- Styra: v2alpha2.StyraConfig{
- Token: "my-token",
- },
- },
- false,
- ),
-
ginkgo.Entry("can deserialize v2alpha2",
[]byte(`
apiVersion: config.bankdata.dk/v2alpha2