From 5b0842d67100875051ee218e721d872023b53c7e Mon Sep 17 00:00:00 2001
From: Stefan Majer <stefan.majer@f-i-ts.de>
Date: Mon, 8 Feb 2021 15:22:10 +0100
Subject: [PATCH] Export Namespace where CNWPs are expected

---
 api/v1/clusterwidenetworkpolicy_types.go           | 5 +++++
 controllers/clusterwidenetworkpolicy_controller.go | 6 ++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/api/v1/clusterwidenetworkpolicy_types.go b/api/v1/clusterwidenetworkpolicy_types.go
index 5ce1150d..ed26fb0d 100644
--- a/api/v1/clusterwidenetworkpolicy_types.go
+++ b/api/v1/clusterwidenetworkpolicy_types.go
@@ -45,6 +45,11 @@ type ClusterwideNetworkPolicyList struct {
 	Items           []ClusterwideNetworkPolicy `json:"items"`
 }
 
+const (
+	// ClusterwideNetworkPolicyNamespace defines the namespace CNWPs are expected.
+	ClusterwideNetworkPolicyNamespace = "firewall"
+)
+
 // PolicySpec defines the rules to create for ingress and egress
 type PolicySpec struct {
 	// Description is a free form string, it can be used by the creator of
diff --git a/controllers/clusterwidenetworkpolicy_controller.go b/controllers/clusterwidenetworkpolicy_controller.go
index 9e71ca1e..602c139c 100644
--- a/controllers/clusterwidenetworkpolicy_controller.go
+++ b/controllers/clusterwidenetworkpolicy_controller.go
@@ -37,8 +37,6 @@ type ClusterwideNetworkPolicyReconciler struct {
 	recorder record.EventRecorder
 }
 
-const clusterwideNPNamespace = "firewall"
-
 // Reconcile ClusterwideNetworkPolicy and creates nftables rules accordingly
 // +kubebuilder:rbac:groups=metal-stack.io,resources=clusterwidenetworkpolicies,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=metal-stack.io,resources=clusterwidenetworkpolicies/status,verbs=get;update;patch
@@ -52,8 +50,8 @@ func (r *ClusterwideNetworkPolicyReconciler) Reconcile(req ctrl.Request) (ctrl.R
 
 	// if network policy does not belong to the namespace where clusterwide network policies are stored:
 	// update status with error message
-	if req.Namespace != clusterwideNPNamespace {
-		r.recorder.Event(&clusterNP, "Warning", "Unapplicable", fmt.Sprintf("cluster wide network policies must be defined in namespace %s otherwise they won't take effect", clusterwideNPNamespace))
+	if req.Namespace != firewallv1.ClusterwideNetworkPolicyNamespace {
+		r.recorder.Event(&clusterNP, "Warning", "Unapplicable", fmt.Sprintf("cluster wide network policies must be defined in namespace %s otherwise they won't take effect", firewallv1.ClusterwideNetworkPolicyNamespace))
 		return ctrl.Result{}, nil
 	}