Merge branch 'master' into hack_k8s_1.22

.github/dependabot.yml

@@ -0,0 +1,29 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    allow:
+      - dependency-type: "direct"
+    ignore:
+      - dependency-name: "k8s.io*"
+        update-types: [ "version-update:semver-major", "version-update:semver-minor" ]
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "golang"

.github/workflows/Release.yaml

@@ -15,7 +15,7 @@ jobs:
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
         with:
           install: true
           version: latest
@@ -28,23 +28,23 @@ jobs:
           platforms: all
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       -
         name: Docker meta
         id: docker_meta
-        uses: crazy-max/ghaction-docker-meta@v1
+        uses: docker/metadata-action@v5
         with:
           images: ${{ github.repository_owner }}/iam-manager
       -
         name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: .
           file: ./Dockerfile
           platforms: linux/amd64,linux/arm/v7,linux/arm64
           push: true
-          tags: ${{ steps.docker_meta.outputs.tags }}
+          tags: ${{ steps.docker_meta.outputs.tags }}

.github/workflows/unit_test.yaml

@@ -12,9 +12,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Set up Go 1.x
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.15
+          go-version: 1.17
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@v2
@@ -32,6 +32,6 @@ jobs:
           make test
 
       - name: Upload to Codecov
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@v3
         with:
           file: ./coverage.txt

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.13 as builder
+FROM golang:1.17 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -16,7 +16,7 @@ COPY controllers/ controllers/
 COPY pkg pkg/
 COPY internal internal/
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -v -a -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

api/v1alpha1/StringOrStrings.go

@@ -2,11 +2,11 @@ package v1alpha1
 
 import "encoding/json"
 
-//StringOrStrings type accepts one string or multiple strings
+// StringOrStrings type accepts one string or multiple strings
 // +kubebuilder:object:generate=false
 type StringOrStrings []string
 
-//MarshalJSON function is a custom implementation of json.Marshal for StringOrStrings
+// MarshalJSON function is a custom implementation of json.Marshal for StringOrStrings
 func (s StringOrStrings) MarshalJSON() ([]byte, error) {
 	//This is going to be tricky
 	//if len(s) == 1 {
@@ -22,7 +22,7 @@ func (s StringOrStrings) MarshalJSON() ([]byte, error) {
 	return json.Marshal(k)
 }
 
-//UnmarshalJson function is a custom implementation of json to unmarshal StringOrStrings
+// UnmarshalJson function is a custom implementation of json to unmarshal StringOrStrings
 func (s *StringOrStrings) UnmarshalJSON(b []byte) error {
 	//Try to convert to array
 	var strings []string

api/v1alpha1/client.go

@@ -0,0 +1,81 @@
+package v1alpha1
+
+import (
+	"context"
+	"encoding/json"
+
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/keikoproj/iam-manager/pkg/logging"
+)
+
+/**
+ * This function is used to retrieve all IAM-Roles from the cluster across all namespaces.
+ * It will return a list of IAM-Roles in structured format.
+ */
+func ListIamRoles(ctx context.Context, c client.Client) ([]*Iamrole, error) {
+	log := logging.Logger(ctx, "k8s", "client", "ListIamRoles")
+
+	var uRoleList *unstructured.UnstructuredList = &unstructured.UnstructuredList{}
+	var iamRoles []*Iamrole = []*Iamrole{}
+	var err error
+	var b []byte
+	var IamroleGroupVersionKind = schema.GroupVersionKind{
+		Group:   "iammanager.keikoproj.io",
+		Version: "v1alpha1",
+		Kind:    "Iamrole",
+	}
+	uRoleList.SetGroupVersionKind(IamroleGroupVersionKind)
+
+	if err = c.List(ctx, uRoleList, &client.ListOptions{}); err != nil {
+		log.Error(err, "unable to list iamroles resources")
+		return iamRoles, err
+	}
+
+	if b, err = json.Marshal(uRoleList.Items); err != nil {
+		log.Error(err, "unable to marshal iamroles resources")
+		return iamRoles, err
+	}
+
+	if err = json.Unmarshal(b, &iamRoles); err != nil {
+		log.Error(err, "unable to unmarshal iamroles resources")
+		return iamRoles, err
+	}
+
+	return iamRoles, nil
+}
+
+func GetIamRole(ctx context.Context, c client.Client, name, namespace string) (*Iamrole, error) {
+	log := logging.Logger(ctx, "k8s", "client", "GetIamRole")
+	log.V(1).Info("get api call for iamrole")
+
+	var uRole *unstructured.Unstructured = &unstructured.Unstructured{}
+	var iamRole *Iamrole = &Iamrole{}
+	var err error
+	var b []byte
+	var IamroleGroupVersionKind = schema.GroupVersionKind{
+		Group:   "iammanager.keikoproj.io",
+		Version: "v1alpha1",
+		Kind:    "Iamrole",
+	}
+	uRole.SetGroupVersionKind(IamroleGroupVersionKind)
+
+	if err = c.Get(ctx, client.ObjectKey{Namespace: namespace, Name: name}, uRole); err != nil {
+		log.Error(err, "unable to get iamrole resource")
+		return iamRole, err
+	}
+
+	if b, err = json.Marshal(uRole); err != nil {
+		log.Error(err, "unable to marshal iamrole resource")
+		return iamRole, err
+	}
+
+	if err = json.Unmarshal(b, iamRole); err != nil {
+		log.Error(err, "unable to unmarshal iamrole resource")
+		return iamRole, err
+	}
+
+	return iamRole, nil
+}

api/v1alpha1/iamrole_types.go

@@ -35,7 +35,7 @@ type IamroleSpec struct {
 
 // +kubebuilder:validation:Required
 
-//PolicyDocument type defines IAM policy struct
+// PolicyDocument type defines IAM policy struct
 type PolicyDocument struct {
 
 	// Version specifies IAM policy version
@@ -82,7 +82,7 @@ type AssumeRolePolicyDocument struct {
 	Statement []TrustPolicyStatement `json:"Statement,omitempty"`
 }
 
-//TrustPolicy struct holds Trust policy
+// TrustPolicy struct holds Trust policy
 // +optional
 type TrustPolicyStatement struct {
 	//Effect allowed/denied
@@ -95,7 +95,7 @@ type TrustPolicyStatement struct {
 	Condition *Condition `json:"Condition,omitempty"`
 }
 
-//Principal struct holds AWS principal
+// Principal struct holds AWS principal
 // +optional
 type Principal struct {
 	// +optional
@@ -106,7 +106,7 @@ type Principal struct {
 	Federated string `json:"Federated,omitempty"`
 }
 
-//Condition struct holds Condition
+// Condition struct holds Condition
 // +optional
 type Condition struct {
 	//StringEquals can be used to define Equal condition