diff --git a/controllers/clusterwidenetworkpolicy_controller.go b/controllers/clusterwidenetworkpolicy_controller.go index 4987d18a..897af31a 100644 --- a/controllers/clusterwidenetworkpolicy_controller.go +++ b/controllers/clusterwidenetworkpolicy_controller.go @@ -5,8 +5,8 @@ import ( "fmt" "time" - "github.com/metal-stack/firewall-controller/pkg/dns" - "github.com/metal-stack/firewall-controller/pkg/nftables" + "github.com/metal-stack/firewall-controller/v2/pkg/dns" + "github.com/metal-stack/firewall-controller/v2/pkg/nftables" "github.com/go-logr/logr" @@ -21,7 +21,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/source" firewallv2 "github.com/metal-stack/firewall-controller-manager/api/v2" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" ) // ClusterwideNetworkPolicyReconciler reconciles a ClusterwideNetworkPolicy object diff --git a/controllers/clusterwidenetworkpolicy_validation_controller.go b/controllers/clusterwidenetworkpolicy_validation_controller.go index 1d69ac61..1fb7cd2a 100644 --- a/controllers/clusterwidenetworkpolicy_validation_controller.go +++ b/controllers/clusterwidenetworkpolicy_validation_controller.go @@ -11,7 +11,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" ) // ClusterwideNetworkPolicyValidationReconciler validates a ClusterwideNetworkPolicy object diff --git a/controllers/droptailer_controller.go b/controllers/droptailer_controller.go index d8ec6dfd..400140c6 100644 --- a/controllers/droptailer_controller.go +++ b/controllers/droptailer_controller.go @@ -15,7 +15,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/source" "github.com/go-logr/logr" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" "github.com/txn2/txeh" corev1 "k8s.io/api/core/v1" diff --git a/controllers/firewall_controller.go b/controllers/firewall_controller.go index df9f9d85..348f28dc 100644 --- a/controllers/firewall_controller.go +++ b/controllers/firewall_controller.go @@ -25,10 +25,10 @@ import ( firewallv2 "github.com/metal-stack/firewall-controller-manager/api/v2" "github.com/metal-stack/firewall-controller-manager/api/v2/helper" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" - "github.com/metal-stack/firewall-controller/pkg/network" - "github.com/metal-stack/firewall-controller/pkg/nftables" - "github.com/metal-stack/firewall-controller/pkg/updater" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" + "github.com/metal-stack/firewall-controller/v2/pkg/network" + "github.com/metal-stack/firewall-controller/v2/pkg/nftables" + "github.com/metal-stack/firewall-controller/v2/pkg/updater" ) // FirewallReconciler reconciles a Firewall object diff --git a/controllers/firewall_controller_test.go b/controllers/firewall_controller_test.go index 772ff91d..15fc7367 100644 --- a/controllers/firewall_controller_test.go +++ b/controllers/firewall_controller_test.go @@ -6,7 +6,7 @@ import ( "reflect" "testing" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" corev1 "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/controllers/firewall_monitor_controller.go b/controllers/firewall_monitor_controller.go index d5fcee76..6a57bede 100644 --- a/controllers/firewall_monitor_controller.go +++ b/controllers/firewall_monitor_controller.go @@ -7,9 +7,9 @@ import ( "github.com/go-logr/logr" firewallv2 "github.com/metal-stack/firewall-controller-manager/api/v2" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" - "github.com/metal-stack/firewall-controller/pkg/collector" - "github.com/metal-stack/firewall-controller/pkg/suricata" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" + "github.com/metal-stack/firewall-controller/v2/pkg/collector" + "github.com/metal-stack/firewall-controller/v2/pkg/suricata" "github.com/metal-stack/v" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/go.mod b/go.mod index c2d337bc..0b26b65d 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/metal-stack/firewall-controller +module github.com/metal-stack/firewall-controller/v2 go 1.21 diff --git a/main.go b/main.go index 8f50995f..8f7cb0a2 100644 --- a/main.go +++ b/main.go @@ -25,16 +25,15 @@ import ( "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" controllerclient "sigs.k8s.io/controller-runtime/pkg/client" firewallv2 "github.com/metal-stack/firewall-controller-manager/api/v2" "github.com/metal-stack/firewall-controller-manager/api/v2/helper" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" - "github.com/metal-stack/firewall-controller/controllers" - "github.com/metal-stack/firewall-controller/pkg/sysctl" - "github.com/metal-stack/firewall-controller/pkg/updater" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" + "github.com/metal-stack/firewall-controller/v2/controllers" + "github.com/metal-stack/firewall-controller/v2/pkg/sysctl" + "github.com/metal-stack/firewall-controller/v2/pkg/updater" // +kubebuilder:scaffold:imports ) @@ -217,7 +216,7 @@ func main() { l.Fatalw("unable to create shoot manager", "error", err) } - shootClient, err := client.New(shootConfig, client.Options{Scheme: scheme}) + shootClient, err := controllerclient.New(shootConfig, controllerclient.Options{Scheme: scheme}) if err != nil { l.Fatalw("unable to create shoot client", "error", err) } @@ -351,9 +350,9 @@ func isFirewallV2GVKPresent(config *rest.Config) error { return fmt.Errorf("client cannot find firewall v2 resource on server side, assuming that this firewall was provisioned with shoot client in the past") } -func findResponsibleFirewall(ctx context.Context, seed client.Client, firewallName, seedNamespace string) (*firewallv2.Firewall, error) { +func findResponsibleFirewall(ctx context.Context, seed controllerclient.Client, firewallName, seedNamespace string) (*firewallv2.Firewall, error) { fwList := &firewallv2.FirewallList{} - err := seed.List(ctx, fwList, &client.ListOptions{ + err := seed.List(ctx, fwList, &controllerclient.ListOptions{ Namespace: seedNamespace, }) if err != nil { @@ -391,7 +390,7 @@ func getSeedNamespace(rawKubeconfig []byte) (string, error) { return "", fmt.Errorf("unable to figure out seed namespace from kubeconfig") } -func controllerMigration(ctx context.Context, log logr.Logger, c client.Client, firewallName, seedNamespace string) error { +func controllerMigration(ctx context.Context, log logr.Logger, c controllerclient.Client, firewallName, seedNamespace string) error { // changing from existing shoot kubeconfig from deployments before firewall-controller-manager // to seed kubeconfig by trying to use an offered migration secret in the shoot's firewall namespace. @@ -401,7 +400,7 @@ func controllerMigration(ctx context.Context, log logr.Logger, c client.Client, Namespace: firewallv2.FirewallShootNamespace, }, } - err := c.Get(ctx, client.ObjectKeyFromObject(migrationSecret), migrationSecret) + err := c.Get(ctx, controllerclient.ObjectKeyFromObject(migrationSecret), migrationSecret) if err != nil { return fmt.Errorf("no migration secret found, cannot run with shoot client: %w", err) } @@ -415,7 +414,7 @@ func controllerMigration(ctx context.Context, log logr.Logger, c client.Client, return fmt.Errorf("unable to create rest config from migration secret: %w", err) } - seed, err := client.New(seedConfig, client.Options{ + seed, err := controllerclient.New(seedConfig, controllerclient.Options{ Scheme: scheme, }) if err != nil { diff --git a/pkg/dns/dnscache.go b/pkg/dns/dnscache.go index 7a793691..3c5dbfc8 100644 --- a/pkg/dns/dnscache.go +++ b/pkg/dns/dnscache.go @@ -18,7 +18,7 @@ import ( dnsgo "github.com/miekg/dns" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" ) type IPVersion string diff --git a/pkg/dns/dnscache_test.go b/pkg/dns/dnscache_test.go index a1e77f78..ade37e6c 100644 --- a/pkg/dns/dnscache_test.go +++ b/pkg/dns/dnscache_test.go @@ -5,7 +5,7 @@ import ( "github.com/go-logr/logr" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" ) func Test_GetSetsForFQDN(t *testing.T) { diff --git a/pkg/dns/dnsproxy.go b/pkg/dns/dnsproxy.go index 096d24bf..d5056de2 100644 --- a/pkg/dns/dnsproxy.go +++ b/pkg/dns/dnsproxy.go @@ -3,16 +3,17 @@ package dns import ( "context" "fmt" - "github.com/metal-stack/metal-networker/pkg/netconf" "net" "strconv" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" + "github.com/metal-stack/metal-networker/pkg/netconf" + + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" "github.com/go-logr/logr" dnsgo "github.com/miekg/dns" - "github.com/metal-stack/firewall-controller/pkg/network" + "github.com/metal-stack/firewall-controller/v2/pkg/network" ) const ( diff --git a/pkg/nftables/firewall.go b/pkg/nftables/firewall.go index 28066b0d..f7911504 100644 --- a/pkg/nftables/firewall.go +++ b/pkg/nftables/firewall.go @@ -8,9 +8,9 @@ import ( "os/exec" "path/filepath" - "github.com/metal-stack/firewall-controller/pkg/dns" + "github.com/metal-stack/firewall-controller/v2/pkg/dns" - "github.com/metal-stack/firewall-controller/pkg/network" + "github.com/metal-stack/firewall-controller/v2/pkg/network" "github.com/go-logr/logr" "github.com/vishvananda/netlink" @@ -21,7 +21,7 @@ import ( "github.com/metal-stack/metal-networker/pkg/netconf" firewallv2 "github.com/metal-stack/firewall-controller-manager/api/v2" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" ) const ( diff --git a/pkg/nftables/mocks/mock_fqdncache.go b/pkg/nftables/mocks/mock_fqdncache.go index e7812461..568cf1fc 100644 --- a/pkg/nftables/mocks/mock_fqdncache.go +++ b/pkg/nftables/mocks/mock_fqdncache.go @@ -1,5 +1,5 @@ // Code generated by MockGen. DO NOT EDIT. -// Source: github.com/metal-stack/firewall-controller/pkg/nftables (interfaces: FQDNCache) +// Source: github.com/metal-stack/firewall-controller/v2/pkg/nftables (interfaces: FQDNCache) // Package mocks is a generated GoMock package. package mocks @@ -8,8 +8,8 @@ import ( reflect "reflect" gomock "github.com/golang/mock/gomock" - v1 "github.com/metal-stack/firewall-controller/api/v1" - dns "github.com/metal-stack/firewall-controller/pkg/dns" + v1 "github.com/metal-stack/firewall-controller/v2/api/v1" + dns "github.com/metal-stack/firewall-controller/v2/pkg/dns" ) // MockFQDNCache is a mock of FQDNCache interface. diff --git a/pkg/nftables/networkpolicy.go b/pkg/nftables/networkpolicy.go index 1567867c..e4db6e87 100644 --- a/pkg/nftables/networkpolicy.go +++ b/pkg/nftables/networkpolicy.go @@ -6,7 +6,7 @@ import ( networkingv1 "k8s.io/api/networking/v1" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" ) type ruleBase struct { diff --git a/pkg/nftables/networkpolicy_test.go b/pkg/nftables/networkpolicy_test.go index 4f9dd851..e4815671 100644 --- a/pkg/nftables/networkpolicy_test.go +++ b/pkg/nftables/networkpolicy_test.go @@ -10,8 +10,8 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/pointer" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" - "github.com/metal-stack/firewall-controller/pkg/nftables/mocks" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" + "github.com/metal-stack/firewall-controller/v2/pkg/nftables/mocks" ) func port(p int) *intstr.IntOrString { diff --git a/pkg/nftables/ratelimit_test.go b/pkg/nftables/ratelimit_test.go index 66c64b7d..9a15e215 100644 --- a/pkg/nftables/ratelimit_test.go +++ b/pkg/nftables/ratelimit_test.go @@ -8,7 +8,7 @@ import ( mn "github.com/metal-stack/metal-lib/pkg/net" firewallv2 "github.com/metal-stack/firewall-controller-manager/api/v2" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" ) func TestRateLimitRules(t *testing.T) { diff --git a/pkg/nftables/rendering.go b/pkg/nftables/rendering.go index 8f75caba..6b428c32 100644 --- a/pkg/nftables/rendering.go +++ b/pkg/nftables/rendering.go @@ -8,7 +8,7 @@ import ( "strings" "text/template" - "github.com/metal-stack/firewall-controller/pkg/dns" + "github.com/metal-stack/firewall-controller/v2/pkg/dns" ) // firewallRenderingData holds the data available in the nftables template diff --git a/pkg/nftables/rendering_test.go b/pkg/nftables/rendering_test.go index 8c73ffb4..1701a49a 100644 --- a/pkg/nftables/rendering_test.go +++ b/pkg/nftables/rendering_test.go @@ -7,7 +7,7 @@ import ( "github.com/google/go-cmp/cmp" - "github.com/metal-stack/firewall-controller/pkg/dns" + "github.com/metal-stack/firewall-controller/v2/pkg/dns" ) func TestFirewallRenderingData_renderString(t *testing.T) { diff --git a/pkg/nftables/snat_test.go b/pkg/nftables/snat_test.go index f331e012..003bd936 100644 --- a/pkg/nftables/snat_test.go +++ b/pkg/nftables/snat_test.go @@ -11,7 +11,7 @@ import ( networking "k8s.io/api/networking/v1" firewallv2 "github.com/metal-stack/firewall-controller-manager/api/v2" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" ) func TestSnatRules(t *testing.T) { diff --git a/pkg/updater/updater.go b/pkg/updater/updater.go index de2296b4..18c8da18 100644 --- a/pkg/updater/updater.go +++ b/pkg/updater/updater.go @@ -6,7 +6,7 @@ import ( "github.com/go-logr/logr" firewallv2 "github.com/metal-stack/firewall-controller-manager/api/v2" - firewallv1 "github.com/metal-stack/firewall-controller/api/v1" + firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" corev1 "k8s.io/api/core/v1" "k8s.io/client-go/tools/record" )