feat(agent): add vcluster crd and controller (#259)

* feat(agent): add vcluster crd and controller * fix vcluster/agent provisioning and improve cleanup logic * fix lint * support cluster bindings properly * minor fixes and improvements * bump go version in dockerfile * fix nil pointer * use operator helm cache based on tmpdir * improve vcluster/agent redeploy logic and values override * fix yaml/json values unmarshall * add external flag to virtual cluster crd * remove unused methods
pluralsh · Sep 5, 2024 · c98827a · c98827a
1 parent c2203f5
commit c98827a
Show file tree

Hide file tree

Showing 29 changed files with 6,027 additions and 4,660 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -1,5 +1,6 @@
 run:
   modules-download-mode: readonly
+  allow-parallel-runners: true
   timeout: 5m
 
 linters:

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.22.4-alpine3.20 as builder
+FROM golang:1.22.6-alpine3.20 AS builder
 
 ARG TARGETARCH
 

diff --git a/Makefile b/Makefile
@@ -19,7 +19,7 @@ $(LOCALBIN):
 	mkdir -p $(LOCALBIN)
 
 ENVTEST_K8S_VERSION := 1.28.3
-CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
+CONTROLLER_GEN ?= $(shell which controller-gen)
 MOCKERY ?= $(shell which mockery)
 include tools.mk
 
@@ -35,10 +35,6 @@ PRE = --ensure
 help: ## Display this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
-.PHONY: controller-gen
-controller-gen: ## Download controller-gen locally if necessary.
-	$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/[email protected])
-
 .PHONY: crd-docs
 crd-docs: ##generate docs from the CRDs
 	$(CRDDOCS) --source-path=./api --renderer=markdown --output-path=./docs/api.md --config=config.yaml
@@ -177,6 +173,10 @@ mockery: --tool
 crd-ref-docs: TOOL = crd-ref-docs
 crd-ref-docs: --tool
 
+.PHONY: controller-gen
+controller-gen: TOOL = controller-gen
+controller-gen: --tool
+
 # go-get-tool will 'go get' any package $2 and install it to $1.
 PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
 define go-get-tool

diff --git a/api/v1alpha1/common_types.go b/api/v1alpha1/common_types.go
@@ -1,13 +1,24 @@
 package v1alpha1
 
+import (
+	console "github.com/pluralsh/console/go/client"
+	"github.com/pluralsh/polly/algorithms"
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
 type ConditionType string
 
 func (c ConditionType) String() string {
 	return string(c)
 }
 
 const (
-	ReadyConditionType ConditionType = "Ready"
+	ReadonlyConditionType       ConditionType = "Readonly"
+	ReadyConditionType          ConditionType = "Ready"
+	SynchronizedConditionType   ConditionType = "Synchronized"
+	VirtualClusterConditionType ConditionType = "VirtualCluster"
+	AgentConditionType          ConditionType = "Agent"
 )
 
 type ConditionReason string
@@ -17,11 +28,135 @@ func (c ConditionReason) String() string {
 }
 
 const (
-	ReadyConditionReason ConditionReason = "Ready"
+	ReadonlyConditionReason             ConditionReason = "Readonly"
+	ReadyConditionReason                ConditionReason = "Ready"
+	ErrorConditionReason                ConditionReason = "Error"
+	SynchronizedConditionReason         ConditionReason = "Synchronized"
+	SynchronizedConditionReasonNotFound ConditionReason = "NotFound"
+	SynchronizedConditionReasonDeleting ConditionReason = "Deleting"
 )
 
 type ConditionMessage string
 
 func (c ConditionMessage) String() string {
 	return string(c)
 }
+
+const (
+	ReadonlyTrueConditionMessage         ConditionMessage = "Running in read-only mode"
+	SynchronizedNotFoundConditionMessage ConditionMessage = "Could not find resource in Console API"
+)
+
+// Hasher
+// +kubebuilder:object:generate:=false
+type Hasher func(interface{}) (string, error)
+
+type Status struct {
+	// ID of the resource in the Console API.
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:Type:=string
+	ID *string `json:"id,omitempty"`
+	// SHA of last applied configuration.
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:Type:=string
+	SHA *string `json:"sha,omitempty"`
+	// Represents the observations of a PrAutomation's current state.
+	// +patchMergeKey=type
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=type
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+}
+
+func (p *Status) GetID() string {
+	if !p.HasID() {
+		return ""
+	}
+
+	return *p.ID
+}
+
+func (p *Status) HasID() bool {
+	return p.ID != nil && len(*p.ID) > 0
+}
+
+func (p *Status) GetSHA() string {
+	if !p.HasSHA() {
+		return ""
+	}
+
+	return *p.SHA
+}
+
+func (p *Status) HasSHA() bool {
+	return p.SHA != nil && len(*p.SHA) > 0
+}
+
+func (p *Status) IsSHAEqual(sha string) bool {
+	if !p.HasSHA() {
+		return false
+	}
+
+	return p.GetSHA() == sha
+}
+
+func (p *Status) IsStatusConditionTrue(condition ConditionType) bool {
+	return meta.IsStatusConditionTrue(p.Conditions, condition.String())
+}
+
+// Bindings represents a policy bindings that
+// can be used to define read/write permissions
+// to this resource for users/groups in the system.
+type Bindings struct {
+	// Read bindings.
+	// +kubebuilder:validation:Optional
+	Read []Binding `json:"read,omitempty"`
+
+	// Write bindings.
+	// +kubebuilder:validation:Optional
+	Write []Binding `json:"write,omitempty"`
+}
+
+// Binding ...
+type Binding struct {
+	// +kubebuilder:validation:Optional
+	ID *string `json:"id,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	UserID *string `json:"UserID,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	UserEmail *string `json:"userEmail,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	GroupID *string `json:"groupID,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	GroupName *string `json:"groupName,omitempty"`
+}
+
+func (b *Binding) Attributes() *console.PolicyBindingAttributes {
+	if b == nil {
+		return nil
+	}
+
+	return &console.PolicyBindingAttributes{
+		ID:      b.ID,
+		UserID:  b.UserID,
+		GroupID: b.GroupID,
+	}
+}
+
+func PolicyBindings(bindings []Binding) []*console.PolicyBindingAttributes {
+	if bindings == nil {
+		return nil
+	}
+
+	filtered := algorithms.Filter(bindings, func(b Binding) bool {
+		return b.UserID != nil || b.GroupID != nil
+	})
+
+	return algorithms.Map(filtered, func(b Binding) *console.PolicyBindingAttributes {
+		return b.Attributes()
+	})
+}