diff --git a/.chainsaw copy.yaml b/.chainsaw copy.yaml new file mode 100644 index 0000000..fa5ed92 --- /dev/null +++ b/.chainsaw copy.yaml @@ -0,0 +1,15 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Configuration +metadata: + name: custom-config +spec: + timeouts: + apply: 300s + assert: 600s + cleanup: 240s + delete: 240s + error: 180s + exec: 300s + skipDelete: false + failFast: true + forceTerminationGracePeriod: 10s diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 195c012..3af9767 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -23,47 +23,17 @@ jobs: golang-lint: - name: Golang Lint - runs-on: ubuntu-22.04 + name: golang-lint + runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 - with: - go-version: '1.22' - cache: false - - name: golangci-lint - uses: golangci/golangci-lint-action@v3 - with: - # Require: The version of golangci-lint to use. - # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version. - # When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit. - version: v1.54 - - # Optional: working directory, useful for monorepos - # working-directory: somedir - - # Optional: golangci-lint command line arguments. - # - # Note: By default, the `.golangci.yml` file should be at the root of the repository. - # The location of the configuration file can be changed by using `--config=` - # args: --timeout=30m --config=/my/path/.golangci.yml --issues-exit-code=0 - args: --timeout=30m - - # Optional: show only new issues if it's a pull request. The default value is `false`. - # only-new-issues: true - - # Optional: if set to true, then all caching functionality will be completely disabled, - # takes precedence over all other caching options. - # skip-cache: true - - # Optional: if set to true, then the action won't cache or restore ~/go/pkg. - # skip-pkg-cache: true - - # Optional: if set to true, then the action won't cache or restore ~/.cache/go-build. - # skip-build-cache: true - - # Optional: The mode to install golangci-lint. It can be 'binary' or 'goinstall'. - # install-mode: "goinstall" + - uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version: '1.22' + cache: false + - name: golangci-lint + run: | + make lint golang-test: @@ -129,3 +99,7 @@ jobs: run: | make catalog make catalog-buildx + - name: Build and push catalog + run: | + make catalog + make catalog-buildx diff --git a/Dockerfile b/Dockerfile index 257f5dd..b57de40 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.22 as builder +FROM golang:1.23 as builder ARG TARGETOS ARG TARGETARCH diff --git a/Makefile b/Makefile index ef4750b..a40ac9a 100644 --- a/Makefile +++ b/Makefile @@ -103,8 +103,7 @@ help: ## Display this help. .PHONY: manifests manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - go get github.com/zncdatadev/operator-go@v0.8.3 - $(CONTROLLER_GEN) rbac:roleName=manager-role crd:allowDangerousTypes=true,generateEmbeddedObjectMeta=true webhook paths="github.com/zncdatadev/operator-go/pkg/apis/database/..." output:crd:artifacts:config=config/crd/bases + go get github.com/zncdatadev/operator-go@v0.9.0 $(CONTROLLER_GEN) rbac:roleName=manager-role crd:allowDangerousTypes=true,generateEmbeddedObjectMeta=true webhook paths="github.com/zncdatadev/operator-go/pkg/apis/s3/..." output:crd:artifacts:config=config/crd/bases $(CONTROLLER_GEN) rbac:roleName=manager-role crd:allowDangerousTypes=true,generateEmbeddedObjectMeta=true webhook paths="github.com/zncdatadev/operator-go/pkg/apis/authentication/..." output:crd:artifacts:config=config/crd/bases @@ -120,6 +119,23 @@ fmt: ## Run go fmt against code. vet: ## Run go vet against code. go vet ./... + +GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint +GOLANGCI_LINT_VERSION ?= v1.60.3 +golangci-lint: + @[ -f $(GOLANGCI_LINT) ] || { \ + set -e ;\ + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(shell dirname $(GOLANGCI_LINT)) $(GOLANGCI_LINT_VERSION) ;\ + } + +.PHONY: lint +lint: golangci-lint ## Run golangci-lint linter & yamllint + $(GOLANGCI_LINT) run --timeout 5m + +.PHONY: lint-fix +lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes + $(GOLANGCI_LINT) run --fix + .PHONY: test test: manifests generate fmt vet envtest ## Run tests. KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out @@ -127,7 +143,7 @@ test: manifests generate fmt vet envtest ## Run tests. ##@ Build .PHONY: build -build: manifests generate fmt vet ## Build manager binary. +build: manifests generate fmt vet lint ## Build manager binary. go build -o bin/manager cmd/main.go .PHONY: run @@ -325,3 +341,77 @@ catalog-buildx: catalog-validate ## Build and push a catalog image for cross-pla $(CONTAINER_TOOL) buildx use project-v3-builder - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) -f catalog.Dockerfile --tag ${CATALOG_IMG} . - $(CONTAINER_TOOL) buildx rm project-v3-builder + + +##@ E2E + +# kind +KIND_VERSION ?= v0.23.0 + +KINDTEST_K8S_VERSION ?= 1.26.14 + +KIND_IMAGE ?= kindest/node:v${KINDTEST_K8S_VERSION} + +KIND_KUBECONFIG ?= ./kind-kubeconfig-$(KINDTEST_K8S_VERSION) +KIND_CLUSTER_NAME ?= ${PROJECT_NAME}-$(KINDTEST_K8S_VERSION) + +.PHONY: kind +KIND = $(LOCALBIN)/kind +kind: ## Download kind locally if necessary. +ifeq (,$(shell which $(KIND))) +ifeq (,$(shell which kind 2>/dev/null)) + @{ \ + set -e ;\ + go install sigs.k8s.io/kind@$(KIND_VERSION) ;\ + } +KIND = $(GOBIN)/bin/kind +else +KIND = $(shell which kind) +endif +endif + +OLM_VERSION ?= v0.28.0 +KIND_CONFIG ?= test/e2e/kind-config.yaml + +# Create a kind cluster, install ingress-nginx, and wait for it to be available. +.PHONY: kind-create +kind-create: kind ## Create a kind cluster. + $(KIND) create cluster --config $(KIND_CONFIG) --image $(KIND_IMAGE) --name $(KIND_CLUSTER_NAME) --kubeconfig $(KIND_KUBECONFIG) --wait 120s + KUBECONFIG=$(KIND_KUBECONFIG) make kind-setup + +.PHONY: kind-setup +kind-setup: kind ## setup kind cluster base environment + @echo "Setup kind cluster base environment, install ingress-nginx and OLM" + kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml + kubectl -n ingress-nginx wait deployment ingress-nginx-controller --for=condition=available --timeout=300s + curl -sSL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/$(OLM_VERSION)/install.sh | bash -s $(OLM_VERSION) + +.PHONY: kind-delete +kind-delete: kind ## Delete a kind cluster. + $(KIND) delete cluster --name $(KIND_CLUSTER_NAME) + +# chainsaw + +CHAINSAW_VERSION ?= v0.2.6 +CHAINSAW = $(LOCALBIN)/chainsaw + +.PHONY: chainsaw +chainsaw: $(CHAINSAW) ## Download chainsaw locally if necessary. +$(CHAINSAW): $(LOCALBIN) + test -s $(LOCALBIN)/chainsaw && $(LOCALBIN)/chainsaw version | grep -q $(CHAINSAW_VERSION) || \ + GOBIN=$(LOCALBIN) go install github.com/kyverno/chainsaw@$(CHAINSAW_VERSION) + +.PHONY: chainsaw-setup +chainsaw-setup: manifests kustomize ## Run the chainsaw setup + @echo "\nSetup chainsaw test environment" + make docker-build + $(KIND) --name $(KIND_CLUSTER_NAME) load docker-image $(IMG) + KUBECONFIG=$(KIND_KUBECONFIG) make deploy + +.PHONY: chainsaw-test +chainsaw-test: chainsaw ## Run the chainsaw test + KUBECONFIG=$(KIND_KUBECONFIG) $(CHAINSAW) test --cluster cluster-1=$(KIND_KUBECONFIG) --test-dir ./test/e2e/ + +.PHONY: chainsaw-cleanup +chainsaw-cleanup: manifests kustomize ## Run the chainsaw cleanup + KUBECONFIG=$(KIND_KUBECONFIG) make undeploy diff --git a/PROJECT b/PROJECT index 3c59ae1..32d0119 100644 --- a/PROJECT +++ b/PROJECT @@ -21,15 +21,6 @@ resources: kind: AuthenticationClass path: github.com/zncdatadev/commons-operator/api/authentication/v1alpha1 version: v1alpha1 -- api: - crdVersion: v1 - namespaced: true - controller: true - domain: zncdata.dev - group: database - kind: Database - path: github.com/zncdatadev/commons-operator/api/database/v1alpha1 - version: v1alpha1 - api: crdVersion: v1 namespaced: true @@ -48,13 +39,4 @@ resources: kind: S3Bucket path: github.com/zncdatadev/commons-operator/api/s3/v1alpha1 version: v1alpha1 -- api: - crdVersion: v1 - namespaced: true - controller: true - domain: zncdata.dev - group: database - kind: DatabaseConnection - path: github.com/zncdatadev/commons-operator/api/database/v1alpha1 - version: v1alpha1 version: "3" diff --git a/config/crd/bases/database.zncdata.dev_databaseconnections.yaml b/config/crd/bases/database.zncdata.dev_databaseconnections.yaml deleted file mode 100644 index 2ae03f9..0000000 --- a/config/crd/bases/database.zncdata.dev_databaseconnections.yaml +++ /dev/null @@ -1,199 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - name: databaseconnections.database.zncdata.dev -spec: - group: database.zncdata.dev - names: - kind: DatabaseConnection - listKind: DatabaseConnectionList - plural: databaseconnections - singular: databaseconnection - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: DatabaseConnection is the Schema for the databaseconnections - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DatabaseConnectionSpec defines the desired state of DatabaseConnection - properties: - default: - type: boolean - provider: - description: |- - DatabaseConnectionProvider defines the enum provider for DataConnection. - You can choose one of mysql, postgres, redis, and provider is required. - properties: - mysql: - description: MysqlProvider defines the desired connection info - of Mysql - properties: - credential: - description: 'DatabaseCredentialSpec include: Username and - Password or ExistSecret.' - properties: - existingSecret: - description: |- - ExistSecret is a Secret name, created by user. - It includes Username and Password, it is encrypted by base64. - If ExistSecret is not empty, Username and Password will be ignored. - type: string - password: - description: Password is the password for the database. - type: string - username: - description: Username is the username for the database. - type: string - type: object - driver: - default: mysql - type: string - host: - type: string - port: - type: integer - ssl: - type: boolean - type: object - postgres: - description: PostgresProvider defines the desired connection info - of Postgres - properties: - credential: - description: 'DatabaseCredentialSpec include: Username and - Password or ExistSecret.' - properties: - existingSecret: - description: |- - ExistSecret is a Secret name, created by user. - It includes Username and Password, it is encrypted by base64. - If ExistSecret is not empty, Username and Password will be ignored. - type: string - password: - description: Password is the password for the database. - type: string - username: - description: Username is the username for the database. - type: string - type: object - driver: - default: org.postgresql.Driver - type: string - host: - type: string - port: - type: integer - ssl: - type: boolean - type: object - redis: - description: RedisProvider defines the desired connection info - of Redis - properties: - host: - type: string - port: - type: string - type: object - type: object - type: object - status: - properties: - condition: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/crd/bases/database.zncdata.dev_databases.yaml b/config/crd/bases/database.zncdata.dev_databases.yaml deleted file mode 100644 index e417c24..0000000 --- a/config/crd/bases/database.zncdata.dev_databases.yaml +++ /dev/null @@ -1,142 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - name: databases.database.zncdata.dev -spec: - group: database.zncdata.dev - names: - kind: Database - listKind: DatabaseList - plural: databases - singular: database - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Database is the Schema for the databases API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DatabaseSpec defines the desired connection info of Database - properties: - credential: - description: |- - Credential is the credential for the database. - It contains Username and Password, or ExistSecret. - properties: - existingSecret: - description: |- - ExistSecret is a Secret name, created by user. - It includes Username and Password, it is encrypted by base64. - If ExistSecret is not empty, Username and Password will be ignored. - type: string - password: - description: Password is the password for the database. - type: string - username: - description: Username is the username for the database. - type: string - type: object - databaseName: - type: string - reference: - description: Name of DatabaseConnection CR to use for this database. - type: string - type: object - status: - properties: - condition: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 5185c3f..cb5e24e 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -3,29 +3,23 @@ # It should be run by config/default resources: - bases/authentication.zncdata.dev_authenticationclasses.yaml -- bases/database.zncdata.dev_databases.yaml - bases/s3.zncdata.dev_s3connections.yaml - bases/s3.zncdata.dev_s3buckets.yaml -- bases/database.zncdata.dev_databaseconnections.yaml #+kubebuilder:scaffold:crdkustomizeresource patches: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD #- path: patches/webhook_in_authenticationclasses.yaml -#- path: patches/webhook_in_database_databases.yaml #- path: patches/webhook_in_s3_s3connections.yaml #- path: patches/webhook_in_s3_s3buckets.yaml -#- path: patches/webhook_in_database_databaseconnections.yaml #+kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. # patches here are for enabling the CA injection for each CRD #- path: patches/cainjection_in_authenticationclasses.yaml -#- path: patches/cainjection_in_database_databases.yaml #- path: patches/cainjection_in_s3_s3connections.yaml #- path: patches/cainjection_in_s3_s3buckets.yaml -#- path: patches/cainjection_in_database_databaseconnections.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch # [WEBHOOK] To enable webhook, uncomment the following section diff --git a/config/rbac/database_database_editor_role.yaml b/config/rbac/database_database_editor_role.yaml deleted file mode 100644 index f08e9b5..0000000 --- a/config/rbac/database_database_editor_role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# permissions for end users to edit databases. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: database-editor-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: commons-operator - app.kubernetes.io/part-of: commons-operator - app.kubernetes.io/managed-by: kustomize - name: database-editor-role -rules: -- apiGroups: - - database.zncdata.dev - resources: - - databases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - database.zncdata.dev - resources: - - databases/status - verbs: - - get diff --git a/config/rbac/database_database_viewer_role.yaml b/config/rbac/database_database_viewer_role.yaml deleted file mode 100644 index 5409122..0000000 --- a/config/rbac/database_database_viewer_role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# permissions for end users to view databases. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: database-viewer-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: commons-operator - app.kubernetes.io/part-of: commons-operator - app.kubernetes.io/managed-by: kustomize - name: database-viewer-role -rules: -- apiGroups: - - database.zncdata.dev - resources: - - databases - verbs: - - get - - list - - watch -- apiGroups: - - database.zncdata.dev - resources: - - databases/status - verbs: - - get diff --git a/config/rbac/database_databaseconnection_editor_role.yaml b/config/rbac/database_databaseconnection_editor_role.yaml deleted file mode 100644 index e6f96cf..0000000 --- a/config/rbac/database_databaseconnection_editor_role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# permissions for end users to edit databaseconnections. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: databaseconnection-editor-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: commons-operator - app.kubernetes.io/part-of: commons-operator - app.kubernetes.io/managed-by: kustomize - name: databaseconnection-editor-role -rules: -- apiGroups: - - database.zncdata.dev - resources: - - databaseconnections - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - database.zncdata.dev - resources: - - databaseconnections/status - verbs: - - get diff --git a/config/rbac/database_databaseconnection_viewer_role.yaml b/config/rbac/database_databaseconnection_viewer_role.yaml deleted file mode 100644 index 5c1b3b1..0000000 --- a/config/rbac/database_databaseconnection_viewer_role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# permissions for end users to view databaseconnections. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: databaseconnection-viewer-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: commons-operator - app.kubernetes.io/part-of: commons-operator - app.kubernetes.io/managed-by: kustomize - name: databaseconnection-viewer-role -rules: -- apiGroups: - - database.zncdata.dev - resources: - - databaseconnections - verbs: - - get - - list - - watch -- apiGroups: - - database.zncdata.dev - resources: - - databaseconnections/status - verbs: - - get diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 111c343..115dc5e 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -90,58 +90,6 @@ rules: - patch - update - watch -- apiGroups: - - database.zncdata.dev - resources: - - databaseconnections - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - database.zncdata.dev - resources: - - databaseconnections/finalizers - verbs: - - update -- apiGroups: - - database.zncdata.dev - resources: - - databaseconnections/status - verbs: - - get - - patch - - update -- apiGroups: - - database.zncdata.dev - resources: - - databases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - database.zncdata.dev - resources: - - databases/finalizers - verbs: - - update -- apiGroups: - - database.zncdata.dev - resources: - - databases/status - verbs: - - get - - patch - - update - apiGroups: - rbac.authorization.k8s.io resources: diff --git a/config/samples/authentication_v1alpha1_authenticationclass.yaml b/config/samples/authentication_v1alpha1_authenticationclass.yaml index 9104661..6dc4f5b 100644 --- a/config/samples/authentication_v1alpha1_authenticationclass.yaml +++ b/config/samples/authentication_v1alpha1_authenticationclass.yaml @@ -9,4 +9,45 @@ metadata: app.kubernetes.io/created-by: commons-operator name: authenticationclass-sample spec: - # TODO(user): Add fields here + provider: + oidc: + hostname: keycloak.example.com + port: 8080 + rootPath: /auth + providerHint: keycloak + scopes: + - openid + - email + - profile + principalClaim: preferred_username + tls: + verification: + none: {} + server: + caCert: + secretClass: tls + webPIK: ca.crt + tls: + secretClass: tls + static: + credential: static-credentials + ldap: + hostname: ldap.example.com + port: 389 + credential: + secretClass: ldap-credentials + ldapFieldNames: + surname: cn + givenName: cn + group: cn + email: mail + uid: cn + searchBase: ou=people,dc=example,dc=com + searchFilter: (uid={username}) + tls: + verification: + none: {} + server: + caCert: + secretClass: tls + webPIK: ca.crt diff --git a/config/samples/database_v1alpha1_database.yaml b/config/samples/database_v1alpha1_database.yaml deleted file mode 100644 index f22fc91..0000000 --- a/config/samples/database_v1alpha1_database.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: database.zncdata.dev/v1alpha1 -kind: Database -metadata: - labels: - app.kubernetes.io/name: database - app.kubernetes.io/instance: database-sample - app.kubernetes.io/part-of: commons-operator - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: commons-operator - name: database-sample -spec: - # TODO(user): Add fields here diff --git a/config/samples/database_v1alpha1_databaseconnection.yaml b/config/samples/database_v1alpha1_databaseconnection.yaml deleted file mode 100644 index 39abb81..0000000 --- a/config/samples/database_v1alpha1_databaseconnection.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: database.zncdata.dev/v1alpha1 -kind: DatabaseConnection -metadata: - labels: - app.kubernetes.io/name: databaseconnection - app.kubernetes.io/instance: databaseconnection-sample - app.kubernetes.io/part-of: commons-operator - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: commons-operator - name: databaseconnection-sample -spec: - # TODO(user): Add fields here diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index a0e8dda..c8c9308 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -1,8 +1,6 @@ ## Append samples of your project ## resources: - authentication_v1alpha1_authenticationclass.yaml -- database_v1alpha1_database.yaml - s3_v1alpha1_s3connection.yaml - s3_v1alpha1_s3bucket.yaml -- database_v1alpha1_databaseconnection.yaml #+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/s3_v1alpha1_s3bucket.yaml b/config/samples/s3_v1alpha1_s3bucket.yaml index 9ff8a22..6cb3e9f 100644 --- a/config/samples/s3_v1alpha1_s3bucket.yaml +++ b/config/samples/s3_v1alpha1_s3bucket.yaml @@ -9,4 +9,7 @@ metadata: app.kubernetes.io/created-by: commons-operator name: s3bucket-sample spec: - # TODO(user): Add fields here + bucketName: s3bucket-sample + credential: + secretClass: s3-credentials + reference: s3-connection diff --git a/config/samples/s3_v1alpha1_s3connection.yaml b/config/samples/s3_v1alpha1_s3connection.yaml index 0a12efd..b86243b 100644 --- a/config/samples/s3_v1alpha1_s3connection.yaml +++ b/config/samples/s3_v1alpha1_s3connection.yaml @@ -9,4 +9,15 @@ metadata: app.kubernetes.io/created-by: commons-operator name: s3connection-sample spec: - # TODO(user): Add fields here + credential: + secretClass: s3-credentials + scope: + node: false + pod: true + services: + - foo + endpoint: s3.example.com + region: us-west-1 + pathStyle: false + tls: + secretClass: tls diff --git a/deploy/catalog.yaml b/deploy/catalog.yaml deleted file mode 100644 index cd8f83a..0000000 --- a/deploy/catalog.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: commons-catalog - namespace: kubedatastack-operator -spec: - sourceType: grpc - image: quay.io/zncdatadev/commons-operator-catalog:latest - displayName: commons catalog - publisher: zncdatadev - updateStrategy: - registryPoll: - interval: 5m diff --git a/deploy/cluster.yaml b/deploy/cluster.yaml deleted file mode 100644 index e9f15e6..0000000 --- a/deploy/cluster.yaml +++ /dev/null @@ -1,70 +0,0 @@ -apiVersion: zncdata.dev/v1alpha1 -kind: Database -metadata: - labels: - app.kubernetes.io/name: database - app.kubernetes.io/instance: database-sample - app.kubernetes.io/part-of: commons-operator - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: commons-operator - name: database-sample -spec: - databaseName: znc_prod - reference: databaseconnection-sample - credential: - existingSecret: database-sample-pg-user-1 ---- -apiVersion: zncdata.dev/v1alpha1 -kind: DatabaseConnection -metadata: - labels: - app.kubernetes.io/name: databaseconnection - app.kubernetes.io/instance: databaseconnection-sample - app.kubernetes.io/part-of: commons-operator - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: commons-operator - name: databaseconnection-sample -spec: - provider: - postgres: - driver: org.postgresql.Driver - host: postgresql - port: 5432 - ssl: false - credential: - existingSecret: databaseconnect-sample-pg-root-1 ---- -apiVersion: zncdata.dev/v1alpha1 -kind: S3Bucket -metadata: - labels: - app.kubernetes.io/name: s3bucket - app.kubernetes.io/instance: s3bucket-sample - app.kubernetes.io/part-of: commons-operator - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: commons-operator - name: s3bucket-sample -spec: - bucketName: znc-warehouse - reference: s3connection-sample - credential: - existSecret: s3bucket-sample-user-1 ---- -apiVersion: zncdata.dev/v1alpha1 -kind: S3Connection -metadata: - labels: - app.kubernetes.io/name: s3connection - app.kubernetes.io/instance: s3connection-sample - app.kubernetes.io/part-of: commons-operator - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: commons-operator - name: s3connection-sample -spec: - endpoint: http://minio:9000 - region: us-east-1 - ssl: false - pathStyle: true - credential: - existSecret: s3connection-sample-root-1 - diff --git a/deploy/namespace.yaml b/deploy/namespace.yaml deleted file mode 100644 index 9c0e6f4..0000000 --- a/deploy/namespace.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: kubedatastack-operators ---- -apiVersion: v1 -kind: Namespace -metadata: - name: kubedatastack diff --git a/deploy/operator-group.yaml b/deploy/operator-group.yaml deleted file mode 100644 index 94364ba..0000000 --- a/deploy/operator-group.yaml +++ /dev/null @@ -1,8 +0,0 @@ -kind: OperatorGroup -apiVersion: operators.coreos.com/v1 -metadata: - name: kubedatastack - namespace: kubedatastack-operators -spec: - targetNamespaces: - - kubedatastack \ No newline at end of file diff --git a/deploy/subscription.yaml b/deploy/subscription.yaml deleted file mode 100644 index faab365..0000000 --- a/deploy/subscription.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: commons-sub - namespace: kubedatastack-operators -spec: - channel: stable - name: commons-operator - source: commons-catalog - sourceNamespace: kubedatastack-operator - installPlanApproval: Automated diff --git a/go.mod b/go.mod index 2adbfcd..3f12dfc 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/zncdatadev/commons-operator -go 1.22.4 +go 1.23.0 require ( k8s.io/api v0.31.0 @@ -14,7 +14,7 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.11.2 // indirect - github.com/evanphx/json-patch v5.6.0+incompatible // indirect + github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect @@ -37,6 +37,8 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/onsi/ginkgo/v2 v2.20.1 // indirect + github.com/onsi/gomega v1.34.1 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_golang v1.19.1 // indirect github.com/prometheus/client_model v0.6.1 // indirect @@ -44,15 +46,15 @@ require ( github.com/prometheus/procfs v0.15.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/x448/float16 v0.8.4 // indirect - github.com/zncdatadev/operator-go v0.8.3 // indirect + github.com/zncdatadev/operator-go v0.9.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e // indirect - golang.org/x/net v0.26.0 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect + golang.org/x/net v0.28.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/term v0.21.0 // indirect - golang.org/x/text v0.16.0 // indirect + golang.org/x/sys v0.23.0 // indirect + golang.org/x/term v0.23.0 // indirect + golang.org/x/text v0.17.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.34.2 // indirect diff --git a/go.sum b/go.sum index 2713589..3e00640 100644 --- a/go.sum +++ b/go.sum @@ -8,8 +8,8 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/emicklei/go-restful/v3 v3.11.2 h1:1onLa9DcsMYO9P+CXaL0dStDqQ2EHHXLiz+BtnqkLAU= github.com/emicklei/go-restful/v3 v3.11.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= -github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= @@ -42,8 +42,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= @@ -67,10 +67,10 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= -github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= -github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo= +github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -96,8 +96,8 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/zncdatadev/operator-go v0.8.3 h1:OwjvVf9PR+s1BEWW2tCKUuHOV0iVnsr1ReGVbdDNaKo= -github.com/zncdatadev/operator-go v0.8.3/go.mod h1:wwISwqkAhgyeaJ6OSBji2PB1a3Jsz0Yu0uTabmWxUpM= +github.com/zncdatadev/operator-go v0.9.0 h1:oti/Xnlct8aAL9tuIRGnA/xszlAHDU+2TsKJUhtmcJk= +github.com/zncdatadev/operator-go v0.9.0/go.mod h1:k8v05akeQUEyLqqDdd1Kgrckhi5LKsBTFOExrHttO8M= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -107,16 +107,16 @@ go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e h1:723BNChdd0c2Wk6WOE320qGBiPtYx0F0Bbm1kriShfE= -golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -125,22 +125,22 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= +golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= +golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/kind-kubeconfig-1.26.14 b/kind-kubeconfig-1.26.14 new file mode 100644 index 0000000..a284155 --- /dev/null +++ b/kind-kubeconfig-1.26.14 @@ -0,0 +1,19 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJRnBjci83S3RoS1l3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBNU1ERXhNakEyTkRKYUZ3MHpOREE0TXpBeE1qRXhOREphTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURkM2VhSkZVU1R2dlBJRkRvbnpINVJKb1hXMGtrNXNXOFF6b2dtNHRNcUhXdW5HNTBDTHRhN1FVSnIKaUx3ejF2eFB0YkppOU9GemlLVFE4RkEzOUZSQW1yZXBxdmdteENSUktVS3duaU94eWJCczhtUnRBVHowQnpjNApsWmpWa2RCQzk1dSs5dFZFOHJROXE1azhYU1JzT2F2Tmd4N3NPRWhiNytMcW11aURHbnBnL1FBcGQzOWRCTE8xCk5ha2dGMENuVUZGRzJ4QU9JbjRaSjZYNXJ2bUNEUENmQitRdU5MMkp2Q1p2YkQ5UXhJc1FMQ3BseUNEd0UwSjgKcmFSQzZzaVV4V3RMNG55anVGYm9LOFE5QlNjaFJUNWtaTVQza25xS0QyV0kvbGpmUVIrZkYvZ3dwdHBiRlJKTQpiS2lhbmg2Q0lJSkJmVTg4T1hvS2pUaGZkRnJiQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJRb0ZXdkVGenFiVmd6WDNQTDVzWWZqVlFDeDV6QVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQmRTQURqMXJ3aAprcDRHaTR5ZlJOODFGWnIwM29sdXJLVkxiZThlK1dGY2N2QTVGejdZQzR4M1RWWVd2UUhRcEVZV3VjSkU5QjJYCm5zaXcwR1BzcFRCTExUdXJLbXZLeVB4OVBJbFFvWWY0T28vbW43OTlTRWlZdlFSVUF0VjEyaEh0dDY2MnJuTXYKaU9yTlhjSHlYMUs4N3JIRmN5M1dGdGRXZUpvZ0ExS0hydEhKcGJjQ0ZzZFZ6TFBDKzl5MHp0UEcvaGVVTk82cwo5Mk8xZkZIUGRScGdzM0dxMkxHd05TQVJVOUp3LzFWQWtVQU9pUXhVRVNzYzdxenlESFA0cGs0cUhEQ0lydGZCCkx1czd5Y0JOaEVoK0FTRTliRGcrbktURnF3aWJGZk0zbDVnekxSWlhuTWZ3TEZUMzM0QWNGQlZkdFlYbVUzeHYKdzlTRjE1eVg4VHBpCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + server: https://127.0.0.1:61425 + name: kind-commons-operator-1.26.14 +contexts: +- context: + cluster: kind-commons-operator-1.26.14 + user: kind-commons-operator-1.26.14 + name: kind-commons-operator-1.26.14 +current-context: kind-commons-operator-1.26.14 +kind: Config +preferences: {} +users: +- name: kind-commons-operator-1.26.14 + user: + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJRFJXV1VYSU5tUGd3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBNU1ERXhNakEyTkRKYUZ3MHlOVEE1TURFeE1qRXhORFJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXRNbXZ1TGRMWkVRYnAxVncKOCtkdmpCb0Z3VEI5a1RzUFdEdHB5T2U3VTJsdjYvU0E2d3premRmY2QrdFduY3F3clRlNGUyN0dBVUZxTXR6UgpERnRKOGhQbjd3elNMT2QvS1IvWnQyTUwxSElFSzVXd29jYmwzbmF6dTBhQ1hSNlF2UHk4cFZ2bFVVLzI4eWdZCkw4UHRVYlNmMndhRk0wT2NUeS9WQWxURkR4TTdhU3ZHN2tUNVA4VHJTUXRRQ0o5ZUhOUElOaldUQmV5K1pnUE4KM0N6S0pwVlVySmlQdFA2dDc1VjMrS2lLdU03SFUzTm0yUCtGMVZESHZXelFuaTd2dW9RVVRFSTNyRll4Smx6aApaK0loQjgzckFPWS9lRysvSUZhdVpFVUFRMGRFZ04zWWRuTGw4akEwUnpFOHlMd2FqMXRNbGhOZkhhaEc3cEE4CktrQ1BaUUlEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JRb0ZXdkVGenFiVmd6WDNQTDVzWWZqVlFDeAo1ekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBRkFGMGNJZUhpV25rN1Zlbm1nVERYNmFVelhMd1BwVTlxRXIxClBwckFTSHFDNDlGS2tsN0dSS0JjbXVXWFB2ZklmMjVhOUdVV3dweFJMZlA2emtTQ1g3TmxqL1JnTkFvRzlETUMKTTY1NldLT3pxQTRHZVZxUUp6VTFVMkw2ZzI2RHNXblVia2pVWWNYa2U4ejFnd2MyZDNDaGhZenEyTll0Q0VHQgozWFByZncxOFVRZW92TThIby9CbW9vR0REd2xXcmNmVUR1WEpmaTZJd1lSZjFnLzJKREVlekdKWTRjOGFOOFYzCkw2bjBpc2FCQVVxMDY5d05neHVxSzRwY2FJMHBlMVNSVkFINHMwSmduYjZ1TWVQd3IreWIvSmJXMlFJeFd4TkcKSC80STFRNytpR1Fjbm9QNHpKT3NBVEc4ZlY5ZXRvcG5kY0k2VHdkdmF1VWk1dU5RdXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdE1tdnVMZExaRVFicDFWdzgrZHZqQm9Gd1RCOWtUc1BXRHRweU9lN1UybHY2L1NBCjZ3emt6ZGZjZCt0V25jcXdyVGU0ZTI3R0FVRnFNdHpSREZ0SjhoUG43d3pTTE9kL0tSL1p0Mk1MMUhJRUs1V3cKb2NibDNuYXp1MGFDWFI2UXZQeThwVnZsVVUvMjh5Z1lMOFB0VWJTZjJ3YUZNME9jVHkvVkFsVEZEeE03YVN2Rwo3a1Q1UDhUclNRdFFDSjllSE5QSU5qV1RCZXkrWmdQTjNDektKcFZVckppUHRQNnQ3NVYzK0tpS3VNN0hVM05tCjJQK0YxVkRIdld6UW5pN3Z1b1FVVEVJM3JGWXhKbHpoWitJaEI4M3JBT1kvZUcrL0lGYXVaRVVBUTBkRWdOM1kKZG5MbDhqQTBSekU4eUx3YWoxdE1saE5mSGFoRzdwQThLa0NQWlFJREFRQUJBb0lCQVFDTWRwTnYyZ0hha2t4RwpFODFodzdSWVR6T2ZhVFIyYlVPNzB0V2JBZWo2b3RZUnB2T3ZMR0p0U0VVRWF6WHQvVGlPTE5mS0YwUUNYN2ZLCmN1UjlURVJFc0pDb20vYUVhd3pTZit1aFgzUW1pTHVTdllmeCtkNUpuVUtCeEFPdm8vcml5eDhxL3g1SnNlNTEKOS9YcXpyaUpuZVFCd2F3bUsyYTc0N2NGUzZXYjBvLzBJWVdQWkMvRDNuN2RvSkVGTURMb3A1b1FaWnZZTlJMbgpvb1RmR09iRFdoUXI5WEgzV0ZLSXovek1MdkhvNm9qYys0VlZZQmxTRkk2NGRDSWM1OGNkWWQ3YU9UNDB1QlJSCkJRUWNmTXRDLytNcmt3L3FvNitScjN4c054Uk1wV3Q3a3F6bCtPZUFkRkVuaU5yQmh1eUhFU2NpclFhV1hHWmwKU3ZkTzE1dGhBb0dCQU45Qjd2MkQ4TTF3M3NxakR4bWlvNzdSYjEyMkRBZXJSbW5xbmgvWDljb1JQWE9leDRhUgowRU9pb2h5LzNrUU5mSWU1a3Q5aG5GaHNtS0hzT1pHWTFTTjZCQkdxbTc0VTloUkFyMzdOcGQ5Y1MxcEwyVDE0Ckw1QWppZFNkZndZUjE3SmZZT1NBNUV0YXRiSWhrRTdEeXpXU1dKMTBCR2NtRStOdEhUM25KVnJOQW9HQkFNOU4KUVBPQWM1UGs2STZrTlZLY0Eyb2VUcWh6WFJuaDIzRGhHN2lvSXJnL2N6M2VRSjVUeUJiWXpqbDRndHFGZUtrTgpYOEExVXBwWjM1cnpNbzlBUThCemppbHA4R1lHTEE2WDJuOUIyY3dpeklrTzFSZnV6cFdEYWVtQ1lXY2JjNW93CnFSdWlPeEFoUjk5WUh1WlFxdythTExWd1FjQkNhbGxrUmJKVTFEYjVBb0dCQU5VYVBtRkdlNmZkd1F0ek1ZcXEKcjlvSVYyRC96K1BTSE5nazF1SldaWXFIZ2p6R3BuVlE0Wlp0dW9mdXJONFFjWG1zTFFHRVRwUW90Rmg2LzBoMgp0WnV6Y0FiYzd1UTFaZDVYRUN6ZFp5TVpHZVFLMmtYT1hyZ2E5QWs2ZkhEeXZ3ekg5ZGluSDBLK1J3ak0rTTMyCkhoWDRweFZFRkovUXZOTXM1K2lhcGhGUkFvR0FhbUhhMHhzNE5NMWtDczk2RGNyQ2RkTFh5dHBwREw4N1BkSkgKeDV1Qk5jeFo5NFgyNDBsYmhWMzlkc0RCWmlMWXFPaVVHcTlDbExOS2JOb2hPQ0ppb29DcWs5WXA2REdDcW5xRApSb3NrbWYzQnVSUkRodVNtWDFQeEprUWllQ2MrVEFKc3hpR2E3Y3dtZGhkaXhBN2h1a0FFY1pnS0pmL3ZVN0NCCmsrSzBoUUVDZ1lFQXZjYnZpNm5lY25UdUhXdE5vZW5kOXZMQ0VCaEVFZm9vMGwwWkIzS2VBOEVkR0pMWXNrUUMKaitxa0hrK0VXcmw3QjJQbzZWSCtpazRRWnpsVkwzV1g0N1RLTkdBRTFtWEpFZVFOaENSd2Q5OVFvait2bldaawptR2ExVldLMmhnNUI1QjRTVWlDMEo0ekRRb2RuN0gyUDU4SUluUmV4WFczM2NQYVRDT05VVUNZPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= diff --git a/test/e2e/default/00-assert.yaml b/test/e2e/default/00-assert.yaml new file mode 100644 index 0000000..b1cd96c --- /dev/null +++ b/test/e2e/default/00-assert.yaml @@ -0,0 +1,9 @@ +apiVersion: s3.zncdata.dev/v1alpha1 +kind: S3Connection +metadata: + name: s3connection +--- +apiVersion: s3.zncdata.dev/v1alpha1 +kind: S3Bucket +metadata: + name: s3bucket diff --git a/test/e2e/default/00-s3.yaml b/test/e2e/default/00-s3.yaml new file mode 100644 index 0000000..093ae2b --- /dev/null +++ b/test/e2e/default/00-s3.yaml @@ -0,0 +1,30 @@ + +--- +apiVersion: s3.zncdata.dev/v1alpha1 +kind: S3Connection +metadata: + name: s3connection +spec: + credential: + secretClass: s3-credentials + scope: + node: false + pod: true + services: + - foo + endpoint: s3.example.com + region: us-west-1 + pathStyle: false + tls: + secretClass: tls + +--- +apiVersion: s3.zncdata.dev/v1alpha1 +kind: S3Bucket +metadata: + name: s3bucket +spec: + bucketName: s3bucket + credential: + secretClass: s3-credentials + reference: s3-connection diff --git a/test/e2e/default/01-assert.yaml b/test/e2e/default/01-assert.yaml new file mode 100644 index 0000000..8368556 --- /dev/null +++ b/test/e2e/default/01-assert.yaml @@ -0,0 +1,4 @@ +apiVersion: authentication.zncdata.dev/v1alpha1 +kind: AuthenticationClass +metadata: + name: authenticationclass diff --git a/test/e2e/default/01-authentication.yaml b/test/e2e/default/01-authentication.yaml new file mode 100644 index 0000000..580b900 --- /dev/null +++ b/test/e2e/default/01-authentication.yaml @@ -0,0 +1,47 @@ +apiVersion: authentication.zncdata.dev/v1alpha1 +kind: AuthenticationClass +metadata: + name: authenticationclass +spec: + provider: + oidc: + hostname: keycloak.example.com + port: 8080 + rootPath: /auth + providerHint: keycloak + scopes: + - openid + - email + - profile + principalClaim: preferred_username + tls: + verification: + none: {} + server: + caCert: + secretClass: tls + webPIK: ca.crt + tls: + secretClass: tls + static: + credential: static-credentials + ldap: + hostname: ldap.example.com + port: 389 + credential: + secretClass: ldap-credentials + ldapFieldNames: + surname: cn + givenName: cn + group: cn + email: mail + uid: cn + searchBase: ou=people,dc=example,dc=com + searchFilter: \(uid={username}\) + tls: + verification: + none: {} + server: + caCert: + secretClass: tls + webPIK: ca.crt diff --git a/test/e2e/kind-config.yaml b/test/e2e/kind-config.yaml new file mode 100644 index 0000000..5cb7cef --- /dev/null +++ b/test/e2e/kind-config.yaml @@ -0,0 +1,16 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: +- role: control-plane + image: kindest/node:v1.26.14@sha256:5d548739ddef37b9318c70cb977f57bf3e5015e4552be4e27e57280a8cbb8e4f + kubeadmConfigPatches: + - | + kind: InitConfiguration + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + extraPortMappings: + - containerPort: 80 + protocol: TCP + - containerPort: 443 + protocol: TCP