From cf92b992f17f6958647847428e772d48e047466e Mon Sep 17 00:00:00 2001 From: PINCHON Benjamin Date: Mon, 19 Aug 2024 12:03:30 +0200 Subject: [PATCH] Initial commit Signed-off-by: PINCHON Benjamin --- .dockerignore | 3 + .gitignore | 27 ++ .golangci.yml | 40 +++ CONTRIBUTING.md | 83 +++++ DEV_SETUP.md | 108 ++++++ Dockerfile | 33 ++ LICENSE | 201 +++++++++++ Makefile | 210 ++++++++++++ PROJECT | 28 ++ README.md | 154 +++++++++ api/v1alpha1/groupversion_info.go | 30 ++ api/v1alpha1/rrset_types.go | 69 ++++ api/v1alpha1/zone_types.go | 88 +++++ api/v1alpha1/zz_generated.deepcopy.go | 277 +++++++++++++++ chart/.helmignore | 23 ++ chart/Chart.yaml | 21 ++ chart/crds/rrset-crd.yaml | 85 +++++ chart/crds/zone-crd.yaml | 102 ++++++ chart/templates/_helpers.tpl | 62 ++++ chart/templates/deployment.yaml | 52 +++ chart/templates/leader-election-rbac.yaml | 53 +++ chart/templates/manager-rbac.yaml | 74 ++++ chart/templates/metrics-service.yaml | 14 + chart/templates/rrset-editor-rbac.yaml | 25 ++ chart/templates/rrset-viewer-rbac.yaml | 21 ++ chart/templates/serviceaccount.yaml | 8 + chart/templates/zone-editor-rbac.yaml | 25 ++ chart/templates/zone-viewer-rbac.yaml | 21 ++ chart/values.yaml | 33 ++ cmd/main.go | 190 +++++++++++ .../crd/bases/dns.cav.enablers.ob_rrsets.yaml | 96 ++++++ .../crd/bases/dns.cav.enablers.ob_zones.yaml | 112 +++++++ config/crd/kustomization.yaml | 24 ++ config/crd/kustomizeconfig.yaml | 19 ++ config/default/kustomization.yaml | 143 ++++++++ config/default/manager_config_patch.yaml | 10 + config/default/manager_env_patch.yaml | 14 + config/default/manager_metrics_patch.yaml | 13 + config/manager/kustomization.yaml | 2 + config/manager/manager.yaml | 96 ++++++ config/prometheus/kustomization.yaml | 2 + config/prometheus/monitor.yaml | 18 + config/rbac/kustomization.yaml | 21 ++ config/rbac/leader_election_role.yaml | 40 +++ config/rbac/leader_election_role_binding.yaml | 15 + config/rbac/metrics_service.yaml | 17 + config/rbac/role.yaml | 58 ++++ config/rbac/role_binding.yaml | 15 + config/rbac/rrset_editor_role.yaml | 29 ++ config/rbac/rrset_viewer_role.yaml | 26 ++ config/rbac/service_account.yaml | 8 + config/rbac/zone_editor_role.yaml | 27 ++ config/rbac/zone_viewer_role.yaml | 23 ++ config/samples/dns_v1alpha1_rrset.yaml | 96 ++++++ config/samples/dns_v1alpha1_zone.yaml | 12 + config/samples/kustomization.yaml | 5 + go.mod | 74 ++++ go.sum | 210 ++++++++++++ hack/boilerplate.go.txt | 9 + internal/controller/pdns_helper.go | 85 +++++ internal/controller/rrset_controller.go | 207 ++++++++++++ internal/controller/rrset_controller_test.go | 197 +++++++++++ internal/controller/suite_test.go | 284 ++++++++++++++++ internal/controller/zone_controller.go | 290 ++++++++++++++++ internal/controller/zone_controller_test.go | 317 ++++++++++++++++++ test/e2e/e2e_suite_test.go | 26 ++ test/e2e/e2e_test.go | 116 +++++++ test/utils/utils.go | 134 ++++++++ 68 files changed, 5050 insertions(+) create mode 100644 .dockerignore create mode 100644 .gitignore create mode 100644 .golangci.yml create mode 100644 CONTRIBUTING.md create mode 100644 DEV_SETUP.md create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 Makefile create mode 100644 PROJECT create mode 100644 README.md create mode 100644 api/v1alpha1/groupversion_info.go create mode 100644 api/v1alpha1/rrset_types.go create mode 100644 api/v1alpha1/zone_types.go create mode 100644 api/v1alpha1/zz_generated.deepcopy.go create mode 100644 chart/.helmignore create mode 100644 chart/Chart.yaml create mode 100644 chart/crds/rrset-crd.yaml create mode 100644 chart/crds/zone-crd.yaml create mode 100644 chart/templates/_helpers.tpl create mode 100644 chart/templates/deployment.yaml create mode 100644 chart/templates/leader-election-rbac.yaml create mode 100644 chart/templates/manager-rbac.yaml create mode 100644 chart/templates/metrics-service.yaml create mode 100644 chart/templates/rrset-editor-rbac.yaml create mode 100644 chart/templates/rrset-viewer-rbac.yaml create mode 100644 chart/templates/serviceaccount.yaml create mode 100644 chart/templates/zone-editor-rbac.yaml create mode 100644 chart/templates/zone-viewer-rbac.yaml create mode 100644 chart/values.yaml create mode 100644 cmd/main.go create mode 100644 config/crd/bases/dns.cav.enablers.ob_rrsets.yaml create mode 100644 config/crd/bases/dns.cav.enablers.ob_zones.yaml create mode 100644 config/crd/kustomization.yaml create mode 100644 config/crd/kustomizeconfig.yaml create mode 100644 config/default/kustomization.yaml create mode 100644 config/default/manager_config_patch.yaml create mode 100644 config/default/manager_env_patch.yaml create mode 100644 config/default/manager_metrics_patch.yaml create mode 100644 config/manager/kustomization.yaml create mode 100644 config/manager/manager.yaml create mode 100644 config/prometheus/kustomization.yaml create mode 100644 config/prometheus/monitor.yaml create mode 100644 config/rbac/kustomization.yaml create mode 100644 config/rbac/leader_election_role.yaml create mode 100644 config/rbac/leader_election_role_binding.yaml create mode 100644 config/rbac/metrics_service.yaml create mode 100644 config/rbac/role.yaml create mode 100644 config/rbac/role_binding.yaml create mode 100644 config/rbac/rrset_editor_role.yaml create mode 100644 config/rbac/rrset_viewer_role.yaml create mode 100644 config/rbac/service_account.yaml create mode 100644 config/rbac/zone_editor_role.yaml create mode 100644 config/rbac/zone_viewer_role.yaml create mode 100644 config/samples/dns_v1alpha1_rrset.yaml create mode 100644 config/samples/dns_v1alpha1_zone.yaml create mode 100644 config/samples/kustomization.yaml create mode 100644 go.mod create mode 100644 go.sum create mode 100644 hack/boilerplate.go.txt create mode 100644 internal/controller/pdns_helper.go create mode 100644 internal/controller/rrset_controller.go create mode 100644 internal/controller/rrset_controller_test.go create mode 100644 internal/controller/suite_test.go create mode 100644 internal/controller/zone_controller.go create mode 100644 internal/controller/zone_controller_test.go create mode 100644 test/e2e/e2e_suite_test.go create mode 100644 test/e2e/e2e_test.go create mode 100644 test/utils/utils.go diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..a3aab7a --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file +# Ignore build and test binaries. +bin/ diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ada68ff --- /dev/null +++ b/.gitignore @@ -0,0 +1,27 @@ +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin/* +Dockerfile.cross + +# Test binary, built with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Go workspace file +go.work + +# Kubernetes Generated files - skip generated files, except for vendored files +!vendor/**/zz_generated.* + +# editor and IDE paraphernalia +.idea +.vscode +*.swp +*.swo +*~ diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..ca69a11 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,40 @@ +run: + timeout: 5m + allow-parallel-runners: true + +issues: + # don't skip warning about doc comments + # don't exclude the default set of lint + exclude-use-default: false + # restore some of the defaults + # (fill in the rest as needed) + exclude-rules: + - path: "api/*" + linters: + - lll + - path: "internal/*" + linters: + - dupl + - lll +linters: + disable-all: true + enable: + - dupl + - errcheck + - exportloopref + - goconst + - gocyclo + - gofmt + - goimports + - gosimple + - govet + - ineffassign + - lll + - misspell + - nakedret + - prealloc + - staticcheck + - typecheck + - unconvert + - unparam + - unused diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..650a8ec --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,83 @@ +# Contributors guide + +**Want to contribute?** +We try to make it easy, and all contributions, even the smaller ones, are more than welcome. +This includes bug reports, fixes, documentation, examples... +But first, read this page (including the small print at the end). + +Contributions are available on https://github.com/Orange-OpenSource/PowerDNS-Operator + +## Legal + +All original contributions to _PowerDNS-Operator_ are licensed under the +[Apache License 2.0](https://spdx.org/licenses/Apache-2.0.html), + +All contributions are subject to the [Developer Certificate of Origin](https://developercertificate.org/) (DCO). +The DCO is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. +The DCO text is also included verbatim in the [DCO.txt](DCO.txt) file in the root directory of the repository. + +Contributors **must** _sign-off_ that they adhere to these requirements by adding a `Signed-off-by` line to commit messages, as shown below: + +```text +This is the commit message + +Signed-off-by: Joe Dev +``` + +Git has a handy [`-s` command line option](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---signoff) to append this automatically to your commit message: + +```bash +$ git commit -s -m 'This is the commit message' +``` + +## Reporting an issue + +This project uses Github issues to manage the issues. + +Before creating an issue: + +1. upgrade the operator to the latest supported release version, and check whether your bug is still present, +2. ensure the operator version is supported by the PowerDNS version you are using, +3. have a look in the opened issues if your problem is already known/tracked, and possibly contribute to the thread with your own information. + +If none of the above was met, open an issue directly in Github, select the appropriate issue template and fill-in each section when applicable. + +## Development environment setup +cf. [Development environment setup](./DEV_SETUP.md) + +## Submitting a code change + +### Git Setup + +Before contributing, make sure you have set up your Git authorship correctly: + +```bash +git config --global user.name "Your Full Name" +git config --global user.email your.email@example.com +``` + +### Workflow + +All submissions, including submissions by project members, need to be reviewed before being merged. + +To contribute: + +1. Create an issue describing the bug or enhancement you want to propose (select the right issue template). +2. Make sure the issue has been reviewed and agreed. +3. Create a pull Request, from your **own** fork (see [forking workflow](https://docs.github.com/en/get-started/quickstart/fork-a-repo) documentation). + Don't hesitate to mark yourPMR as `Draft` as long as you think it's not ready to be reviewed. + +### Git Commit Conventions + +In addition to being signed-off according the [Developer Certificate of Origin](https://developercertificate.org/) (see above), +Git commits in _PowerDNS-Operator_ shall be: + +1. **atomic** (1 commit `=` 1 and only 1 _thing_), +2. **semantic** (using [semantic-release commit message syntax](https://semantic-release.gitbook.io/semantic-release/#commit-message-format)). +3. **pattern** + - **SCOPE**: one of (build, chore, ci, docs, feat, fix, perf, refactor, revert, style, test, release) + - **PACKAGE** _(optional)_: one of (zone, rrset, docs) + - **Pattern**: SCOPE(PACKAGE): commit message, #issue_identifier + - ```bash + feat(zone): optimize zone reconcile, #51 + ``` \ No newline at end of file diff --git a/DEV_SETUP.md b/DEV_SETUP.md new file mode 100644 index 0000000..66e8842 --- /dev/null +++ b/DEV_SETUP.md @@ -0,0 +1,108 @@ +# Development Setup + +## Getting Started + +### Prerequisites + +- go version v1.22.0+ +- docker version v27.0.0+ +- kubectl version v1.29+ +- Access to a Kubernetes v1.29+ cluster. + +### Make Help + +Run `make help` for more information on all potential `make` targets + +### To develop localy + +**Install the CRDs into the cluster:** + +```sh +make install +``` + +**Run the controller locally and bind it to the PowerDNS API:** + +```sh +export PDNS_API_URL=https://powerdns.example.local:8081 +export PDNS_API_KEY=secret +export PDNS_API_VHOST=localhost +make run +``` + +### To Deploy on the cluster +**Build and push your image to the location specified by `IMG`:** + +```sh +make docker-build docker-push IMG=/powerdns-operator:tag +``` + +**NOTE:** This image ought to be published in the personal registry you specified. +And it is required to have access to pull the image from the working environment. +Make sure you have the proper permission to the registry if the above commands don’t work. + +**Install the CRDs into the cluster:** + +```sh +make install +``` + +**Deploy the Manager to the cluster with the image specified by `IMG`:** + +```sh +make deploy IMG=/powerdns-operator:tag +``` + +> **NOTE**: If you encounter RBAC errors, you may need to grant yourself cluster-admin +privileges or be logged in as admin. + +**Create instances of your solution** +You can apply the samples (examples) from the config/sample: + +```sh +kubectl apply -k config/samples/ +``` + +>**NOTE**: Ensure that the samples has default values to test it out. + +### To Uninstall +**Delete the instances (CRs) from the cluster:** + +```sh +kubectl delete -k config/samples/ +``` + +**Delete the APIs(CRDs) from the cluster:** + +```sh +make uninstall +``` + +**UnDeploy the controller from the cluster:** + +```sh +make undeploy +``` + +## Project Distribution + +Following are the steps to build the installer and distribute this project to users. + +1. Build the installer for the image built and published in the registry: + +```sh +make build-installer IMG=/powerdns-operator:tag +``` + +NOTE: The makefile target mentioned above generates an 'install.yaml' +file in the dist directory. This file contains all the resources built +with Kustomize, which are necessary to install this project without +its dependencies. + +2. Using the installer + +Users can just run kubectl apply -f to install the project, i.e.: + +```sh +kubectl apply -f https://raw.githubusercontent.com/orange-opensource/powerdns-operator//dist/install.yaml +``` \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..a48973e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,33 @@ +# Build the manager binary +FROM golang:1.22 AS builder +ARG TARGETOS +ARG TARGETARCH + +WORKDIR /workspace +# Copy the Go Modules manifests +COPY go.mod go.mod +COPY go.sum go.sum +# cache deps before building and copying source so that we don't need to re-download as much +# and so that source changes don't invalidate our downloaded layer +RUN go mod download + +# Copy the go source +COPY cmd/main.go cmd/main.go +COPY api/ api/ +COPY internal/controller/ internal/controller/ + +# Build +# the GOARCH has not a default value to allow the binary be built according to the host where the command +# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO +# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, +# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. +RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go + +# Use distroless as minimal base image to package the manager binary +# Refer to https://github.com/GoogleContainerTools/distroless for more details +FROM gcr.io/distroless/static:nonroot +WORKDIR / +COPY --from=builder /workspace/manager . +USER 65532:65532 + +ENTRYPOINT ["/manager"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..7579528 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2024 Benjamin Pinchon + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..5a4b11b --- /dev/null +++ b/Makefile @@ -0,0 +1,210 @@ +# Image URL to use all building/pushing image targets +IMG ?= controller:latest +# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. +ENVTEST_K8S_VERSION = 1.29.0 + +# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) +ifeq (,$(shell go env GOBIN)) +GOBIN=$(shell go env GOPATH)/bin +else +GOBIN=$(shell go env GOBIN) +endif + +# CONTAINER_TOOL defines the container tool to be used for building images. +# Be aware that the target commands are only tested with Docker which is +# scaffolded by default. However, you might want to replace it to use other +# tools. (i.e. podman) +CONTAINER_TOOL ?= docker + +# Setting SHELL to bash allows bash commands to be executed by recipes. +# Options are set to exit when a recipe line exits non-zero or a piped command fails. +SHELL = /usr/bin/env bash -o pipefail +.SHELLFLAGS = -ec + +.PHONY: all +all: build + +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk command is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Development + +.PHONY: manifests +manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. + $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases + +.PHONY: generate +generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. + $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." + +.PHONY: fmt +fmt: ## Run go fmt against code. + go fmt ./... + +.PHONY: vet +vet: ## Run go vet against code. + go vet ./... + +.PHONY: test +test: manifests generate fmt vet envtest ## Run tests. + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $$(go list ./... | grep -v /e2e) -coverprofile cover.out + +# Utilize Kind or modify the e2e tests to load the image locally, enabling compatibility with other vendors. +.PHONY: test-e2e # Run the e2e tests against a Kind k8s instance that is spun up. +test-e2e: + go test ./test/e2e/ -v -ginkgo.v + +.PHONY: lint +lint: golangci-lint ## Run golangci-lint linter & yamllint + $(GOLANGCI_LINT) run + +.PHONY: lint-fix +lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes + $(GOLANGCI_LINT) run --fix + +##@ Build + +.PHONY: build +build: manifests generate fmt vet ## Build manager binary. + go build -o bin/manager cmd/main.go + +.PHONY: run +run: manifests generate fmt vet ## Run a controller from your host. + go run ./cmd/main.go + +# If you wish to build the manager image targeting other platforms you can use the --platform flag. +# (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it. +# More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +.PHONY: docker-build +docker-build: ## Build docker image with the manager. + $(CONTAINER_TOOL) build -t ${IMG} . + +.PHONY: docker-push +docker-push: ## Push docker image with the manager. + $(CONTAINER_TOOL) push ${IMG} + +# PLATFORMS defines the target platforms for the manager image be built to provide support to multiple +# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: +# - be able to use docker buildx. More info: https://docs.docker.com/build/buildx/ +# - have enabled BuildKit. More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +# - be able to push the image to your registry (i.e. if you do not set a valid value via IMG=> then the export will fail) +# To adequately provide solutions that are compatible with multiple platforms, you should consider using this option. +PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le +.PHONY: docker-buildx +docker-buildx: ## Build and push docker image for the manager for cross-platform support + # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile + sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross + - $(CONTAINER_TOOL) buildx create --name project-v3-builder + $(CONTAINER_TOOL) buildx use project-v3-builder + - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . + - $(CONTAINER_TOOL) buildx rm project-v3-builder + rm Dockerfile.cross + +.PHONY: build-installer +build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment. + mkdir -p dist + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default > dist/install.yaml + +##@ Deployment + +ifndef ignore-not-found + ignore-not-found = false +endif + +.PHONY: install +install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f - + +.PHONY: uninstall +uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. + $(KUSTOMIZE) build config/crd | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - + +.PHONY: deploy +deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default | $(KUBECTL) apply -f - + +.PHONY: undeploy +undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. + $(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - + + +##@ Packaging +HELMIFY ?= $(LOCALBIN)/helmify + +.PHONY: helmify +helmify: $(HELMIFY) ## Download helmify locally if necessary. +$(HELMIFY): $(LOCALBIN) + test -s $(LOCALBIN)/helmify || GOBIN=$(LOCALBIN) go install github.com/arttor/helmify/cmd/helmify@latest + +helm: manifests kustomize helmify + $(KUSTOMIZE) build config/default | $(HELMIFY) -crd-dir -image-pull-secrets + +##@ Dependencies + +## Location to install dependencies to +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +## Tool Binaries +KUBECTL ?= kubectl +KUSTOMIZE ?= $(LOCALBIN)/kustomize-$(KUSTOMIZE_VERSION) +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) +ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) +GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION) + +## Tool Versions +KUSTOMIZE_VERSION ?= v5.3.0 +CONTROLLER_TOOLS_VERSION ?= v0.15.0 +ENVTEST_VERSION ?= release-0.17 +GOLANGCI_LINT_VERSION ?= v1.57.2 + +.PHONY: kustomize +kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. +$(KUSTOMIZE): $(LOCALBIN) + $(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION)) + +.PHONY: controller-gen +controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. +$(CONTROLLER_GEN): $(LOCALBIN) + $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION)) + +.PHONY: envtest +envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. +$(ENVTEST): $(LOCALBIN) + $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) + +.PHONY: golangci-lint +golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. +$(GOLANGCI_LINT): $(LOCALBIN) + $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,${GOLANGCI_LINT_VERSION}) + +# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist +# $1 - target path with name of binary (ideally with version) +# $2 - package url which can be installed +# $3 - specific version of package +define go-install-tool +@[ -f $(1) ] || { \ +set -e; \ +package=$(2)@$(3) ;\ +echo "Downloading $${package}" ;\ +GOBIN=$(LOCALBIN) go install $${package} ;\ +mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ +} +endef diff --git a/PROJECT b/PROJECT new file mode 100644 index 0000000..21aa7f5 --- /dev/null +++ b/PROJECT @@ -0,0 +1,28 @@ +# Code generated by tool. DO NOT EDIT. +# This file is used to track the info used to scaffold your project +# and allow the plugins properly work. +# More info: https://book.kubebuilder.io/reference/project-config.html +domain: cav.enablers.ob +layout: +- go.kubebuilder.io/v4 +projectName: powerdns-operator +repo: gitlab.tech.orange/parent-factory/hzf-tools/powerdns-operator +resources: +- api: + crdVersion: v1 + controller: true + domain: cav.enablers.ob + group: dns + kind: Zone + path: gitlab.tech.orange/parent-factory/hzf-tools/powerdns-operator/api/v1alpha1 + version: v1alpha1 +- api: + crdVersion: v1 + namespaced: true + controller: true + domain: cav.enablers.ob + group: dns + kind: RRset + path: gitlab.tech.orange/parent-factory/hzf-tools/powerdns-operator/api/v1alpha1 + version: v1alpha1 +version: "3" diff --git a/README.md b/README.md new file mode 100644 index 0000000..222de72 --- /dev/null +++ b/README.md @@ -0,0 +1,154 @@ +# PowerDNS-Operator + +**This project is a work in progress and is not yet ready for production use.** + +This project is a Kubernetes operator for PowerDNS. + +It provides a way to manage PowerDNS resources in a Kubernetes cluster using Custom Resources. + +## Requirements + +#### Tested PowerDNS versions + +Supported versions of PowerDNS Authoritative Server ("API v1"): + +- 4.7 +- 4.8 +- 4.9 + +It may work on other versions, but it has not been tested. + +#### Tested Kubernetes versions + +- 1.29 +- 1.30 + +It may work on other versions, but it has not been tested. + +## Quick Start + +### Installation + +To install the operator, run the following commands to setup the PowerDNS configuration: + +```sh +kubectl create namespace powerdns-operator-system +``` + +```sh +kubectl apply -f - < patch RRSet + // Other changes => patch Zone + zoneIdentical, nsIdentical := zoneIsIdenticalToExternalZone(zone, zoneRes, nameservers) + + // Nameservers changes + if !nsIdentical { + ttl := Uint32(DEFAULT_TTL_FOR_NS_RECORDS) + if filteredRRset.TTL != nil { + ttl = filteredRRset.TTL + } + err := r.updateNsOnExternalResources(ctx, zone, *ttl) + if err != nil { + return ctrl.Result{}, err + } + } + // Other changes + if !zoneIdentical { + err := r.updateExternalResources(ctx, zone) + if err != nil { + return ctrl.Result{}, err + } + } + } + + // Update ZoneStatus + zoneRes, err = r.getExternalResources(ctx, zone.ObjectMeta.Name) + if err != nil { + return ctrl.Result{}, err + } + + // Get the Zone resource (again) + err = r.Get(ctx, req.NamespacedName, zone) + if err != nil { + return ctrl.Result{}, client.IgnoreNotFound(err) + } + + err = r.updateStatus(ctx, zone, zoneRes) + if err != nil { + return ctrl.Result{}, err + } + + return ctrl.Result{}, nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *ZoneReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&dnsv1alpha1.Zone{}). + Owns(&dnsv1alpha1.RRset{}). + Complete(r) +} + +func (r *ZoneReconciler) getExternalResources(ctx context.Context, domain string) (*powerdns.Zone, error) { + log := log.FromContext(ctx) + zoneRes, err := r.PDNSClient.Zones.Get(ctx, domain) + if err != nil { + if err.Error() != ZONE_NOT_FOUND_MSG { + log.Error(err, "Failed to get zone") + return nil, err + } + } + + return zoneRes, nil +} + +func (r *ZoneReconciler) deleteExternalResources(ctx context.Context, zone *dnsv1alpha1.Zone) error { + log := log.FromContext(ctx) + + err := r.PDNSClient.Zones.Delete(ctx, zone.ObjectMeta.Name) + // Zone may have already been deleted and it is not an error + if err != nil && err.Error() != ZONE_NOT_FOUND_MSG { + log.Error(err, "Failed to delete zone") + return err + } + + return nil +} + +func (r *ZoneReconciler) updateExternalResources(ctx context.Context, zone *dnsv1alpha1.Zone) error { + log := log.FromContext(ctx) + + zoneKind := powerdns.ZoneKind(zone.Spec.Kind) + err := r.PDNSClient.Zones.Change(ctx, zone.ObjectMeta.Name, &powerdns.Zone{ + Name: &zone.ObjectMeta.Name, + Kind: &zoneKind, + Nameservers: zone.Spec.Nameservers, + }) + if err != nil { + log.Error(err, "Failed to update zone") + return err + } + + return nil +} + +func (r *ZoneReconciler) updateNsOnExternalResources(ctx context.Context, zone *dnsv1alpha1.Zone, ttl uint32) error { + log := log.FromContext(ctx) + + nameserversCanonical := []string{} + for _, n := range zone.Spec.Nameservers { + nameserversCanonical = append(nameserversCanonical, fmt.Sprintf("%s.", n)) + } + + err := r.PDNSClient.Records.Change(ctx, makeCanonical(zone.ObjectMeta.Name), makeCanonical(zone.ObjectMeta.Name), powerdns.RRTypeNS, ttl, nameserversCanonical) + if err != nil { + log.Error(err, "Failed to update NS in zone") + return err + } + return nil +} + +func (r *ZoneReconciler) createExternalResources(ctx context.Context, zone *dnsv1alpha1.Zone) error { + log := log.FromContext(ctx) + + // Make Nameservers canonical + for i, ns := range zone.Spec.Nameservers { + zone.Spec.Nameservers[i] = makeCanonical(ns) + } + + z := powerdns.Zone{ + ID: &zone.Name, + Name: &zone.Name, + Kind: powerdns.ZoneKindPtr(powerdns.ZoneKind(zone.Spec.Kind)), + DNSsec: Bool(false), + // SOAEdit: &soaEdit, + // SOAEditAPI: &soaEditApi, + // APIRectify: &apiRectify, + Nameservers: zone.Spec.Nameservers, + } + + _, err := r.PDNSClient.Zones.Add(ctx, &z) + if err != nil { + log.Error(err, "Failed to create zone") + return err + } + + return nil +} + +func (r *ZoneReconciler) updateStatus(ctx context.Context, zone *dnsv1alpha1.Zone, zoneRes *powerdns.Zone) error { + log := log.FromContext(ctx) + + // Update ZoneStatus + zone.Status.ID = zoneRes.ID + zone.Status.Name = zoneRes.Name + if zoneRes.Kind != nil { + kind := string(*zoneRes.Kind) + zone.Status.Kind = &kind + } + zone.Status.Serial = zoneRes.Serial + zone.Status.NotifiedSerial = zoneRes.NotifiedSerial + zone.Status.EditedSerial = zoneRes.EditedSerial + zone.Status.Masters = zoneRes.Masters + zone.Status.DNSsec = zoneRes.DNSsec + zone.Status.Catalog = zoneRes.Catalog + + err := r.Status().Update(ctx, zone) + if err != nil { + log.Error(err, "Failed to update status") + return err + } + + return nil +} diff --git a/internal/controller/zone_controller_test.go b/internal/controller/zone_controller_test.go new file mode 100644 index 0000000..cacfa4b --- /dev/null +++ b/internal/controller/zone_controller_test.go @@ -0,0 +1,317 @@ +/* + * Software Name : PowerDNS-Operator + * + * SPDX-FileCopyrightText: Copyright (c) Orange Business Services SA + * SPDX-License-Identifier: Apache-2.0 + * + * This software is distributed under the Apache 2.0 License, + * see the "LICENSE" file for more details + */ + +package controller + +import ( + "context" + "fmt" + "slices" + "time" + + "github.com/joeig/go-powerdns/v3" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + + dnsv1alpha1 "gitlab.tech.orange/parent-factory/hzf-tools/powerdns-operator/api/v1alpha1" +) + +var _ = Describe("Zone Controller", func() { + + const ( + resourceName = "example1.org" + resourceKind = "Native" + modifiedResourceKind = "Master" + + timeout = time.Second * 10 + interval = time.Millisecond * 250 + ) + resourceNameservers := []string{"ns1.example1.org", "ns2.example1.org"} + slices.Sort(resourceNameservers) + modifiedResourceNameservers := []string{"ns1.example1.org", "ns2.example1.org", "ns3.example1.org"} + slices.Sort(modifiedResourceNameservers) + + recreationResourceName := "example3.org" + recreationResourceKind := "Native" + recreationResourceNameservers := []string{"ns1.example3.org", "ns2.example3.org"} + slices.Sort(recreationResourceNameservers) + + fakeResourceName := "fake.org" + fakeResourceKind := "Native" + fakeResourceNameservers := []string{"ns1.fake.org", "ns2.fake.org"} + slices.Sort(fakeResourceNameservers) + + ctx := context.Background() + typeNamespacedName := types.NamespacedName{ + Name: resourceName, + } + + BeforeEach(func() { + By("creating the zone resource") + resource := &dnsv1alpha1.Zone{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + }, + } + resource.SetResourceVersion("") + _, err := controllerutil.CreateOrUpdate(ctx, k8sClient, resource, func() error { + resource.Spec = dnsv1alpha1.ZoneSpec{ + Kind: resourceKind, + Nameservers: resourceNameservers, + } + return nil + }) + Expect(err).NotTo(HaveOccurred()) + }) + + AfterEach(func() { + resource := &dnsv1alpha1.Zone{} + err := k8sClient.Get(ctx, typeNamespacedName, resource) + Expect(err).NotTo(HaveOccurred()) + + By("Cleanup the specific resource instance Zone") + Expect(k8sClient.Delete(ctx, resource)).To(Succeed()) + + By("Verifying the resource has been deleted") + Eventually(func() bool { + err := k8sClient.Get(ctx, typeNamespacedName, resource) + return errors.IsNotFound(err) + }).Should(BeTrue()) + }) + + Context("When existing resource", func() { + It("should successfully retrieve the resource", Label("zone-initialization"), func() { + By("Getting the existing resource") + zone := &dnsv1alpha1.Zone{} + // Waiting for the resource to be fully created + time.Sleep(1 * time.Second) + Eventually(func() bool { + err := k8sClient.Get(ctx, typeNamespacedName, zone) + return err == nil + }, timeout, interval).Should(BeTrue()) + Expect(getMockedKind(resourceName)).To(Equal(resourceKind), "Kind should be equal") + Expect(getMockedNameservers(resourceName)).To(Equal(resourceNameservers), "Nameservers should be equal") + Expect(zone.GetFinalizers()).To(ContainElement(FINALIZER_NAME), "Zone should contain the finalizer") + Expect(fmt.Sprintf("%d", *(zone.Status.Serial))).To(Equal(fmt.Sprintf("%s01", time.Now().Format("20060102"))), "Serial should be YYYYMMDD01") + }) + }) + + Context("When existing resource", func() { + It("should successfully modify the nameservers of the zone", Label("zone-modification", "nameservers"), func() { + By("Getting the initial Serial of the resource") + zone := &dnsv1alpha1.Zone{} + // Waiting for the resource to be fully created + time.Sleep(1 * time.Second) + Eventually(func() bool { + err := k8sClient.Get(ctx, typeNamespacedName, zone) + return err == nil + }, timeout, interval).Should(BeTrue()) + initialSerial := zone.Status.Serial + + By("Modifying the resource") + resource := &dnsv1alpha1.Zone{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + }, + } + _, err := controllerutil.CreateOrUpdate(ctx, k8sClient, resource, func() error { + resource.Spec.Nameservers = modifiedResourceNameservers + return nil + }) + Expect(err).NotTo(HaveOccurred()) + + By("Getting the modified resource") + modifiedZone := &dnsv1alpha1.Zone{} + // Waiting for the resource to be fully modified + time.Sleep(1 * time.Second) + Eventually(func() bool { + err := k8sClient.Get(ctx, typeNamespacedName, modifiedZone) + return err == nil + }, timeout, interval).Should(BeTrue()) + // + expectedSerial := *initialSerial + uint32(1) + Expect(getMockedNameservers(resourceName)).To(Equal(modifiedResourceNameservers), "Nameservers should be equal") + Expect(*(modifiedZone.Status.Serial)).To(Equal(expectedSerial), "Serial should be incremented") + }) + }) + + Context("When existing resource", func() { + It("should successfully modify the kind of the zone", Label("zone-modification", "kind"), func() { + By("Getting the initial Serial of the resource") + zone := &dnsv1alpha1.Zone{} + // Waiting for the resource to be fully created + time.Sleep(1 * time.Second) + Eventually(func() bool { + err := k8sClient.Get(ctx, typeNamespacedName, zone) + return err == nil + }, timeout, interval).Should(BeTrue()) + initialSerial := zone.Status.Serial + + By("Modifying the resource") + resource := &dnsv1alpha1.Zone{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + }, + } + + // Update the resource for each kind and ensure the serial is incremented + var modifiedResourceKind = []string{"Master", "Native", "Slave", "Producer", "Consumer"} + for i, kind := range modifiedResourceKind { + _, err := controllerutil.CreateOrUpdate(ctx, k8sClient, resource, func() error { + resource.Spec.Kind = kind + return nil + }) + Expect(err).NotTo(HaveOccurred()) + + By("Getting the modified resource") + modifiedZone := &dnsv1alpha1.Zone{} + // Waiting for the resource to be fully modified + time.Sleep(1 * time.Second) + Eventually(func() bool { + err := k8sClient.Get(ctx, typeNamespacedName, modifiedZone) + return err == nil + }, timeout, interval).Should(BeTrue()) + + expectedSerial := *initialSerial + uint32(i+1) + Expect(getMockedKind(resourceName)).To(Equal(kind), "Kind should be equal") + Expect(*(modifiedZone.Status.Serial)).To(Equal(expectedSerial), "Serial should be incremented") + } + }) + + }) + + Context("When existing resource", func() { + It("should successfully recreate an existing zone", Label("zone-recreation"), func() { + By("Creating a Zone directly in the mock") + // Serial initialization + now := time.Now().UTC() + initialSerial := uint32(now.Year())*1000000 + uint32((now.Month()))*10000 + uint32(now.Day())*100 + 1 + zones[makeCanonical(recreationResourceName)] = &powerdns.Zone{ + Name: &recreationResourceName, + Kind: powerdns.ZoneKindPtr(powerdns.ZoneKind(recreationResourceKind)), + Serial: &initialSerial, + } + + By("Recreating a Zone") + resource := &dnsv1alpha1.Zone{ + ObjectMeta: metav1.ObjectMeta{ + Name: recreationResourceName, + }, + } + resource.SetResourceVersion("") + _, err := controllerutil.CreateOrUpdate(ctx, k8sClient, resource, func() error { + resource.Spec = dnsv1alpha1.ZoneSpec{ + Kind: recreationResourceKind, + Nameservers: recreationResourceNameservers, + } + return nil + }) + Expect(err).NotTo(HaveOccurred()) + + By("Getting the resource") + updatedZone := &dnsv1alpha1.Zone{} + typeNamespacedName := types.NamespacedName{ + Name: recreationResourceName, + } + // Waiting for the resource to be fully modified + time.Sleep(1 * time.Second) + Eventually(func() bool { + err := k8sClient.Get(ctx, typeNamespacedName, updatedZone) + return err == nil + }, timeout, interval).Should(BeTrue()) + expectedSerial := initialSerial + uint32(1) + Expect(getMockedKind(recreationResourceName)).To(Equal(recreationResourceKind), "Kind should be equal") + Expect(getMockedNameservers(recreationResourceName)).To(Equal(recreationResourceNameservers), "Nameservers should be equal") + Expect(*(updatedZone.Status.Serial)).To(Equal(expectedSerial), "Serial should be incremented") + }) + }) + + Context("When existing resource", func() { + It("should successfully modify a deleted zone", Label("zone-modification-after-deletion"), func() { + // Waiting for the resource to be fully created + time.Sleep(1 * time.Second) + + By("Deleting a Zone directly in the mock") + delete(zones, makeCanonical(resourceName)) + delete(records, makeCanonical(resourceName)) + + By("Modifying the deleted Zone") + resource := &dnsv1alpha1.Zone{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + }, + } + _, err := controllerutil.CreateOrUpdate(ctx, k8sClient, resource, func() error { + resource.Spec.Kind = resourceKind + resource.Spec.Nameservers = modifiedResourceNameservers + return nil + }) + Expect(err).NotTo(HaveOccurred()) + + By("Getting the resource") + updatedZone := &dnsv1alpha1.Zone{} + // Waiting for the resource to be fully modified + time.Sleep(1 * time.Second) + Eventually(func() bool { + err := k8sClient.Get(ctx, typeNamespacedName, updatedZone) + return err == nil + }, timeout, interval).Should(BeTrue()) + Expect(getMockedKind(resourceName)).To(Equal(resourceKind), "Kind should be equal") + Expect(getMockedNameservers(resourceName)).To(Equal(modifiedResourceNameservers), "Nameservers should be equal") + }) + }) + + Context("When existing resource", func() { + It("should successfully delete a deleted zone", Label("zone-deletion-after-deletion"), func() { + By("Creating a Zone") + fakeResource := &dnsv1alpha1.Zone{ + ObjectMeta: metav1.ObjectMeta{ + Name: fakeResourceName, + }, + } + fakeResource.SetResourceVersion("") + _, err := controllerutil.CreateOrUpdate(ctx, k8sClient, fakeResource, func() error { + fakeResource.Spec = dnsv1alpha1.ZoneSpec{ + Kind: fakeResourceKind, + Nameservers: fakeResourceNameservers, + } + return nil + }) + Expect(err).NotTo(HaveOccurred()) + + By("Deleting a Zone directly in the mock") + // Waiting for the resource to be fully created + time.Sleep(1 * time.Second) + delete(zones, makeCanonical(fakeResourceName)) + delete(records, makeCanonical(fakeResourceName)) + + By("Deleting the Zone") + Eventually(func() bool { + err := k8sClient.Delete(ctx, fakeResource) + return err == nil + }, timeout, interval).Should(BeTrue()) + + By("Getting the Zone") + // Waiting for the resource to be fully deleted + time.Sleep(1 * time.Second) + fakeTypeNamespacedName := types.NamespacedName{ + Name: fakeResourceName, + } + Eventually(func() bool { + err := k8sClient.Get(ctx, fakeTypeNamespacedName, fakeResource) + return errors.IsNotFound(err) + }, timeout, interval).Should(BeTrue()) + }) + }) +}) diff --git a/test/e2e/e2e_suite_test.go b/test/e2e/e2e_suite_test.go new file mode 100644 index 0000000..0ca46cd --- /dev/null +++ b/test/e2e/e2e_suite_test.go @@ -0,0 +1,26 @@ +/* + * Software Name : PowerDNS-Operator + * + * SPDX-FileCopyrightText: Copyright (c) Orange Business Services SA + * SPDX-License-Identifier: Apache-2.0 + * + * This software is distributed under the Apache 2.0 License, + * see the "LICENSE" file for more details + */ + +package e2e + +import ( + "fmt" + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +// Run e2e tests using the Ginkgo runner. +func TestE2E(t *testing.T) { + RegisterFailHandler(Fail) + fmt.Fprintf(GinkgoWriter, "Starting powerdns-operator suite\n") + RunSpecs(t, "e2e suite") +} diff --git a/test/e2e/e2e_test.go b/test/e2e/e2e_test.go new file mode 100644 index 0000000..936fc7c --- /dev/null +++ b/test/e2e/e2e_test.go @@ -0,0 +1,116 @@ +/* + * Software Name : PowerDNS-Operator + * + * SPDX-FileCopyrightText: Copyright (c) Orange Business Services SA + * SPDX-License-Identifier: Apache-2.0 + * + * This software is distributed under the Apache 2.0 License, + * see the "LICENSE" file for more details + */ + +package e2e + +import ( + "fmt" + "os/exec" + "time" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "gitlab.tech.orange/parent-factory/hzf-tools/powerdns-operator/test/utils" +) + +const namespace = "powerdns-operator-system" + +var _ = Describe("controller", Ordered, func() { + BeforeAll(func() { + By("installing prometheus operator") + Expect(utils.InstallPrometheusOperator()).To(Succeed()) + + By("installing the cert-manager") + Expect(utils.InstallCertManager()).To(Succeed()) + + By("creating manager namespace") + cmd := exec.Command("kubectl", "create", "ns", namespace) + _, _ = utils.Run(cmd) + }) + + AfterAll(func() { + By("uninstalling the Prometheus manager bundle") + utils.UninstallPrometheusOperator() + + By("uninstalling the cert-manager bundle") + utils.UninstallCertManager() + + By("removing manager namespace") + cmd := exec.Command("kubectl", "delete", "ns", namespace) + _, _ = utils.Run(cmd) + }) + + Context("Operator", func() { + It("should run successfully", func() { + var controllerPodName string + var err error + + // projectimage stores the name of the image used in the example + var projectimage = "example.com/powerdns-operator:v0.0.1" + + By("building the manager(Operator) image") + cmd := exec.Command("make", "docker-build", fmt.Sprintf("IMG=%s", projectimage)) + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("loading the the manager(Operator) image on Kind") + err = utils.LoadImageToKindClusterWithName(projectimage) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("installing CRDs") + cmd = exec.Command("make", "install") + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("deploying the controller-manager") + cmd = exec.Command("make", "deploy", fmt.Sprintf("IMG=%s", projectimage)) + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("validating that the controller-manager pod is running as expected") + verifyControllerUp := func() error { + // Get pod name + + cmd = exec.Command("kubectl", "get", + "pods", "-l", "control-plane=controller-manager", + "-o", "go-template={{ range .items }}"+ + "{{ if not .metadata.deletionTimestamp }}"+ + "{{ .metadata.name }}"+ + "{{ \"\\n\" }}{{ end }}{{ end }}", + "-n", namespace, + ) + + podOutput, err := utils.Run(cmd) + ExpectWithOffset(2, err).NotTo(HaveOccurred()) + podNames := utils.GetNonEmptyLines(string(podOutput)) + if len(podNames) != 1 { + return fmt.Errorf("expect 1 controller pods running, but got %d", len(podNames)) + } + controllerPodName = podNames[0] + ExpectWithOffset(2, controllerPodName).Should(ContainSubstring("controller-manager")) + + // Validate pod status + cmd = exec.Command("kubectl", "get", + "pods", controllerPodName, "-o", "jsonpath={.status.phase}", + "-n", namespace, + ) + status, err := utils.Run(cmd) + ExpectWithOffset(2, err).NotTo(HaveOccurred()) + if string(status) != "Running" { + return fmt.Errorf("controller pod in %s status", status) + } + return nil + } + EventuallyWithOffset(1, verifyControllerUp, time.Minute, time.Second).Should(Succeed()) + + }) + }) +}) diff --git a/test/utils/utils.go b/test/utils/utils.go new file mode 100644 index 0000000..4bb9f27 --- /dev/null +++ b/test/utils/utils.go @@ -0,0 +1,134 @@ +/* + * Software Name : PowerDNS-Operator + * + * SPDX-FileCopyrightText: Copyright (c) Orange Business Services SA + * SPDX-License-Identifier: Apache-2.0 + * + * This software is distributed under the Apache 2.0 License, + * see the "LICENSE" file for more details + */ + +package utils + +import ( + "fmt" + "os" + "os/exec" + "strings" + + . "github.com/onsi/ginkgo/v2" //nolint:golint,revive +) + +const ( + prometheusOperatorVersion = "v0.72.0" + prometheusOperatorURL = "https://github.com/prometheus-operator/prometheus-operator/" + + "releases/download/%s/bundle.yaml" + + certmanagerVersion = "v1.14.4" + certmanagerURLTmpl = "https://github.com/jetstack/cert-manager/releases/download/%s/cert-manager.yaml" +) + +func warnError(err error) { + fmt.Fprintf(GinkgoWriter, "warning: %v\n", err) +} + +// InstallPrometheusOperator installs the prometheus Operator to be used to export the enabled metrics. +func InstallPrometheusOperator() error { + url := fmt.Sprintf(prometheusOperatorURL, prometheusOperatorVersion) + cmd := exec.Command("kubectl", "create", "-f", url) + _, err := Run(cmd) + return err +} + +// Run executes the provided command within this context +func Run(cmd *exec.Cmd) ([]byte, error) { + dir, _ := GetProjectDir() + cmd.Dir = dir + + if err := os.Chdir(cmd.Dir); err != nil { + fmt.Fprintf(GinkgoWriter, "chdir dir: %s\n", err) + } + + cmd.Env = append(os.Environ(), "GO111MODULE=on") + command := strings.Join(cmd.Args, " ") + fmt.Fprintf(GinkgoWriter, "running: %s\n", command) + output, err := cmd.CombinedOutput() + if err != nil { + return output, fmt.Errorf("%s failed with error: (%v) %s", command, err, string(output)) + } + + return output, nil +} + +// UninstallPrometheusOperator uninstalls the prometheus +func UninstallPrometheusOperator() { + url := fmt.Sprintf(prometheusOperatorURL, prometheusOperatorVersion) + cmd := exec.Command("kubectl", "delete", "-f", url) + if _, err := Run(cmd); err != nil { + warnError(err) + } +} + +// UninstallCertManager uninstalls the cert manager +func UninstallCertManager() { + url := fmt.Sprintf(certmanagerURLTmpl, certmanagerVersion) + cmd := exec.Command("kubectl", "delete", "-f", url) + if _, err := Run(cmd); err != nil { + warnError(err) + } +} + +// InstallCertManager installs the cert manager bundle. +func InstallCertManager() error { + url := fmt.Sprintf(certmanagerURLTmpl, certmanagerVersion) + cmd := exec.Command("kubectl", "apply", "-f", url) + if _, err := Run(cmd); err != nil { + return err + } + // Wait for cert-manager-webhook to be ready, which can take time if cert-manager + // was re-installed after uninstalling on a cluster. + cmd = exec.Command("kubectl", "wait", "deployment.apps/cert-manager-webhook", + "--for", "condition=Available", + "--namespace", "cert-manager", + "--timeout", "5m", + ) + + _, err := Run(cmd) + return err +} + +// LoadImageToKindCluster loads a local docker image to the kind cluster +func LoadImageToKindClusterWithName(name string) error { + cluster := "kind" + if v, ok := os.LookupEnv("KIND_CLUSTER"); ok { + cluster = v + } + kindOptions := []string{"load", "docker-image", name, "--name", cluster} + cmd := exec.Command("kind", kindOptions...) + _, err := Run(cmd) + return err +} + +// GetNonEmptyLines converts given command output string into individual objects +// according to line breakers, and ignores the empty elements in it. +func GetNonEmptyLines(output string) []string { + var res []string + elements := strings.Split(output, "\n") + for _, element := range elements { + if element != "" { + res = append(res, element) + } + } + + return res +} + +// GetProjectDir will return the directory where the project is +func GetProjectDir() (string, error) { + wd, err := os.Getwd() + if err != nil { + return wd, err + } + wd = strings.Replace(wd, "/test/e2e", "", -1) + return wd, nil +}