fix: implicit memory aliasing violation

Dockerfile

@@ -15,9 +15,9 @@ COPY go.sum go.sum
 RUN go mod download
 
 # Copy the go source
-COPY main.go main.go
-COPY api/ api/
-COPY controllers/ controllers/
+COPY Nimbus/cmd/main.go Nimbus/cmd/main.go
+COPY Nimbus/api/ Nimbus/api/
+COPY Nimbus/ontrollers/ Nimbus/controllers/
 
 # Build
 # the GOARCH has not a default value to allow the binary be built according to the host where the command

Makefile

@@ -54,7 +54,7 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
-	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+	$(CONTROLLER_GEN) object:headerFile="Nimbus/hack/boilerplate.go.txt" paths="./Nimbus/..."
 
 .PHONY: fmt
 fmt: ## Run go fmt against code.
@@ -68,7 +68,7 @@ vet: ## Run go vet against code.
 test: manifests generate fmt vet envtest ## Run tests.
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out
 
-GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint
+GOLANGCI_LINT = $(shell pwd)/Nimbus/bin/golangci-lint
 GOLANGCI_LINT_VERSION ?= v1.54.2
 golangci-lint:
 	@[ -f $(GOLANGCI_LINT) ] || { \
@@ -88,11 +88,11 @@ lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes
 
 .PHONY: build
 build: manifests generate fmt vet ## Build manager binary.
-	go build -o bin/manager main.go
+	go build -o Nimbus/bin/manager Nimbus/cmd/main.go
 
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
-	go run ./main.go
+	go run Nimbus/cmd/main.go
 
 # If you wish to build the manager image targeting other platforms you can use the --platform flag.
 # (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it.
@@ -149,7 +149,7 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi
 ##@ Build Dependencies
 
 ## Location to install dependencies to
-LOCALBIN ?= $(shell pwd)/bin
+LOCALBIN ?= $(shell pwd)/Nimbus/bin
 $(LOCALBIN):
 	mkdir -p $(LOCALBIN)
 

Nimbus/api/v1/securityintent_types.go

@@ -0,0 +1,151 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2023 Authors of Nimbus
+
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// SecurityIntentSpec defines the desired state of SecurityIntent
+type SecurityIntentSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	Intent Intent `json:"intent"` // Define the details of the security policy.
+}
+
+// Intent defines the security policy details
+type Intent struct {
+	Description string     `json:"description"` // Define the description
+	Action      string     `json:"action"`      // Define the action of the policy
+	Type        string     `json:"type"`        // Defines the type of the policy
+	Resource    []Resource `json:"resource"`    // Define the resources to which the security policy applies
+}
+
+// Resource defines the resources that the security policy applies to
+type Resource struct {
+	Network      []Network      `json:"network,omitempty"`
+	Process      []Process      `json:"process,omitempty"`
+	File         []File         `json:"file,omitempty"`
+	Capabilities []Capabilities `json:"capabilities,omitempty"`
+	Syscalls     []Syscalls     `json:"syscalls,omitempty"`
+	FromCIDRSet  []CIDRSet      `json:"fromCIDRSet,omitempty"`
+	ToPorts      []ToPort       `json:"toPorts,omitempty"`
+}
+
+// Network defines the network-related policies
+type Network struct {
+	MatchProtocols []MatchProtocol `json:"matchProtocols,omitempty"`
+}
+
+// Process defines the process-related policies
+type Process struct {
+	MatchPaths       []MatchPath      `json:"matchPaths,omitempty"`
+	MatchDirectories []MatchDirectory `json:"matchDirectories,omitempty"`
+	MatchPatterns    []MatchPattern   `json:"matchPatterns,omitempty"`
+}
+
+// File defines the file-related policies
+type File struct {
+	MatchPaths       []MatchPath      `json:"matchPaths,omitempty"`
+	MatchDirectories []MatchDirectory `json:"matchDirectories,omitempty"`
+}
+
+// Capabilities defines the capabilities-related policies
+type Capabilities struct {
+	MatchCapabilities []MatchCapability `json:"matchCapabilities,omitempty"`
+}
+
+// Syscalls defines the syscalls-related policies
+type Syscalls struct {
+	MatchSyscalls []MatchSyscall `json:"matchSyscalls,omitempty"`
+}
+
+// CIDRSet defines CIDR ranges for network policies
+type CIDRSet struct {
+	CIDR string `json:"cidr,omitempty"`
+}
+
+// ToPort defines ports and protocols for network policies
+type ToPort struct {
+	Ports []Port `json:"ports,omitempty"`
+}
+
+// Port defines a network port and its protocol
+type Port struct {
+	Port     string `json:"port,omitempty"`
+	Protocol string `json:"protocol,omitempty"`
+}
+
+// MatchProtocol defines a protocol for network policies
+type MatchProtocol struct {
+	Protocol string `json:"protocol,omitempty"`
+}
+
+// MatchPath defines a path for process or file policies
+type MatchPath struct {
+	Path string `json:"path,omitempty"`
+}
+
+// MatchDirectory defines a directory for process or file policies
+type MatchDirectory struct {
+	Directory  string       `json:"dir,omitempty"`
+	FromSource []FromSource `json:"fromSource,omitempty"`
+}
+
+// MatchPattern defines a pattern for process policies
+type MatchPattern struct {
+	Pattern string `json:"pattern,omitempty"`
+}
+
+// MatchSyscall defines a syscall for syscall policies
+type MatchSyscall struct {
+	Syscalls []string `json:"syscalls,omitempty"`
+}
+
+// MatchCapability defines a capability for capabilities policies
+type MatchCapability struct {
+	Capability string `json:"capability,omitempty"`
+}
+
+// FromSource defines a source path for directory-based policies
+type FromSource struct {
+	Path string `json:"path,omitempty"`
+}
+
+// SecurityIntentStatus defines the observed state of SecurityIntent
+type SecurityIntentStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+	// This field can be updated to reflect the actual status of the application of the security intents
+}
+
+// SecurityIntent is the Schema for the securityintents API
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// SecurityIntent is the Schema for the securityintents API
+type SecurityIntent struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              SecurityIntentSpec   `json:"spec,omitempty"`
+	Status            SecurityIntentStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// SecurityIntentList contains a list of SecurityIntent
+type SecurityIntentList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []SecurityIntent `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&SecurityIntent{}, &SecurityIntentList{})
+}

Nimbus/api/v1/securityintentbinding_types.go

@@ -0,0 +1,79 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2023 Authors of Nimbus
+
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// SecurityIntentBindingSpec defines the desired state of SecurityIntentBinding
+type SecurityIntentBindingSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Foo is an example field of SecurityIntentBinding. Edit securityintentbinding_types.go to remove/update
+	Selector       Selector        `json:"selector"`
+	IntentRequests []IntentRequest `json:"intentRequests"`
+}
+
+// Selector defines the selection criteria for resources
+type Selector struct {
+	Any []ResourceFilter `json:"any,omitempty"`
+	All []ResourceFilter `json:"all,omitempty"`
+	CEL []string         `json:"cel,omitempty"`
+}
+
+// ResourceFilter is used for filtering resources
+type ResourceFilter struct {
+	Resources Resources `json:"resources,omitempty"`
+}
+
+// Resources defines the properties for selecting Kubernetes resources
+type Resources struct {
+	Kind        string            `json:"kind,omitempty"`
+	Namespace   string            `json:"namespace,omitempty"`
+	MatchLabels map[string]string `json:"matchLabels,omitempty"`
+}
+
+// IntentRequest defines the request for a specific SecurityIntent
+type IntentRequest struct {
+	Type        string `json:"type"`
+	IntentName  string `json:"intentName"`
+	Description string `json:"description"`
+	Mode        string `json:"mode"`
+}
+
+// SecurityIntentBindingStatus defines the observed state of SecurityIntentBinding
+type SecurityIntentBindingStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// SecurityIntentBinding is the Schema for the securityintentbindings API
+type SecurityIntentBinding struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   SecurityIntentBindingSpec   `json:"spec,omitempty"`
+	Status SecurityIntentBindingStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// SecurityIntentBindingList contains a list of SecurityIntentBinding
+type SecurityIntentBindingList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []SecurityIntentBinding `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&SecurityIntentBinding{}, &SecurityIntentBindingList{})
+}