chore: Reorganize project structure

main.go → Nimbus/cmd/main.go

@@ -4,11 +4,15 @@
 package main
 
 import (
+	"context"
 	"flag"
 	"os"
+	"os/signal"
+	"syscall"
+	"time"
 
-	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
-	// to ensure that exec-entrypoint and run can make use of them.
+	// Importing all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
+	// to ensure that exec-entrypoint and run can utilize them.
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
 	"k8s.io/apimachinery/pkg/runtime"
@@ -19,11 +23,14 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 
-	intentv1 "github.com/5GSEC/nimbus/api/v1"
-	"github.com/5GSEC/nimbus/controllers"
-	general "github.com/5GSEC/nimbus/controllers/general"
-	policy "github.com/5GSEC/nimbus/controllers/policy"
+	// Importing custom API types and controllers
+	intentv1 "github.com/5GSEC/nimbus/Nimbus/api/v1"
+	"github.com/5GSEC/nimbus/Nimbus/controllers"
+	cleanup "github.com/5GSEC/nimbus/Nimbus/controllers/cleanup"
+	general "github.com/5GSEC/nimbus/Nimbus/controllers/general"
+	policy "github.com/5GSEC/nimbus/Nimbus/controllers/policy"
 
+	// Importing third-party Kubernetes resource types
 	ciliumv2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
 	kubearmorhostpolicyv1 "github.com/kubearmor/KubeArmor/pkg/KubeArmorHostPolicy/api/security.kubearmor.com/v1"
 	kubearmorpolicyv1 "github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy/api/security.kubearmor.com/v1"
@@ -39,17 +46,15 @@ var (
 func init() {
 	// In init, various Kubernetes and custom resources are added to the scheme.
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
-
 	utilruntime.Must(intentv1.AddToScheme(scheme))
-
 	utilruntime.Must(kubearmorpolicyv1.AddToScheme(scheme))
 	utilruntime.Must(kubearmorhostpolicyv1.AddToScheme(scheme))
 	utilruntime.Must(ciliumv2.AddToScheme(scheme))
 	//+kubebuilder:scaffold:scheme
 }
 
 func main() {
-	// Flags for the command line parameters like metrics address, leader election, etc.
+	// Flags for command line parameters such as metrics address, leader election, etc.
 	var metricsAddr string
 	var enableLeaderElection bool
 	var probeAddr string
@@ -88,14 +93,14 @@ func main() {
 		// LeaderElectionReleaseOnCancel: true,
 	})
 	if err != nil {
-		setupLog.Error(err, "unable to start manager")
+		setupLog.Error(err, "Unable to start manager")
 		os.Exit(1)
 	}
 
 	// Setting up the GeneralController and PolicyController.
 	generalController, err := general.NewGeneralController(mgr.GetClient())
 	if err != nil {
-		setupLog.Error(err, "unable to create GeneralController")
+		setupLog.Error(err, "Unable to create GeneralController")
 		os.Exit(1)
 	}
 
@@ -106,27 +111,61 @@ func main() {
 		Client:            mgr.GetClient(),
 		Scheme:            mgr.GetScheme(),
 		GeneralController: generalController,
-		PolicyController:  policyController,
 	}).SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "SecurityIntent")
+		setupLog.Error(err, "Unable to create controller", "controller", "SecurityIntent")
 		os.Exit(1)
 	}
 
+	if err = (&controllers.SecurityIntentBindingReconciler{
+		Client:            mgr.GetClient(),
+		Scheme:            mgr.GetScheme(),
+		GeneralController: generalController,
+		PolicyController:  policyController,
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "Unable to create controller", "controller", "SecurityIntentBinding")
+		os.Exit(1)
+	}
 	//+kubebuilder:scaffold:builder
 
+	// Setting up health checks for the manager.
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
-		setupLog.Error(err, "unable to set up health check")
+		setupLog.Error(err, "Unable to set up health check")
 		os.Exit(1)
 	}
 	if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil {
-		setupLog.Error(err, "unable to set up ready check")
+		setupLog.Error(err, "Unable to set up ready check")
 		os.Exit(1)
 	}
 
-	// Starting the manager.
-	setupLog.Info("starting manager")
+	// Creating channels for handling termination signals.
+	sigs := make(chan os.Signal, 1)
+	cleanupDone := make(chan bool)
+	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
+
+	// Separate goroutine to wait for termination signal.
+	go func() {
+		<-sigs // Waiting for termination signal
+		setupLog.Info("Received termination signal, performing cleanup...")
+
+		// Calling the Cleanup function
+		ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+		defer cancel()
+		err := cleanup.Cleanup(ctx, mgr.GetClient(), setupLog)
+
+		if err != nil {
+			setupLog.Error(err, "Cleanup failed")
+		}
+
+		cleanupDone <- true // Signaling cleanup completion
+	}()
+
+	// Starting the manager
+	setupLog.Info("Starting manager")
 	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
-		setupLog.Error(err, "problem running manager")
+		setupLog.Error(err, "Problem running manager")
 		os.Exit(1)
 	}
+
+	<-cleanupDone // Waiting for cleanup completion
+	setupLog.Info("Cleanup completed")
 }

Nimbus/config/crd/bases/intent.security.nimbus.com_securityintents.yaml

@@ -0,0 +1,196 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.13.0
+  name: securityintents.intent.security.nimbus.com
+spec:
+  group: intent.security.nimbus.com
+  names:
+    kind: SecurityIntent
+    listKind: SecurityIntentList
+    plural: securityintents
+    singular: securityintent
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: SecurityIntent is the Schema for the securityintents API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: SecurityIntentSpec defines the desired state of SecurityIntent
+            properties:
+              intent:
+                description: Intent defines the security policy details
+                properties:
+                  action:
+                    type: string
+                  mode:
+                    type: string
+                  resource:
+                    items:
+                      description: Resource defines the resources that the security
+                        policy applies to
+                      properties:
+                        attrs:
+                          items:
+                            type: string
+                          type: array
+                        key:
+                          type: string
+                        val:
+                          items:
+                            type: string
+                          type: array
+                        valcel:
+                          type: string
+                      type: object
+                    type: array
+                  type:
+                    type: string
+                required:
+                - action
+                - mode
+                - resource
+                - type
+                type: object
+              selector:
+                description: Selector defines the selection criteria for resources
+                properties:
+                  cel:
+                    items:
+                      type: string
+                    type: array
+                  match:
+                    description: Match defines the resource filters to be used
+                    properties:
+                      all:
+                        items:
+                          description: ResourceFilter is used for filtering resources,
+                            subjects, roles, and cluster roles
+                          properties:
+                            resources:
+                              description: Resources defines the properties for selecting
+                                Kubernetes resources
+                              properties:
+                                kinds:
+                                  items:
+                                    type: string
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                                names:
+                                  items:
+                                    type: string
+                                  type: array
+                                namespaces:
+                                  items:
+                                    type: string
+                                  type: array
+                                operations:
+                                  items:
+                                    type: string
+                                  type: array
+                              required:
+                              - kinds
+                              type: object
+                            roles:
+                              items:
+                                type: string
+                              type: array
+                            subjects:
+                              items:
+                                description: Subject defines the subject for filtering
+                                properties:
+                                  kind:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - kind
+                                type: object
+                              type: array
+                          type: object
+                        type: array
+                      any:
+                        items:
+                          description: ResourceFilter is used for filtering resources,
+                            subjects, roles, and cluster roles
+                          properties:
+                            resources:
+                              description: Resources defines the properties for selecting
+                                Kubernetes resources
+                              properties:
+                                kinds:
+                                  items:
+                                    type: string
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                                names:
+                                  items:
+                                    type: string
+                                  type: array
+                                namespaces:
+                                  items:
+                                    type: string
+                                  type: array
+                                operations:
+                                  items:
+                                    type: string
+                                  type: array
+                              required:
+                              - kinds
+                              type: object
+                            roles:
+                              items:
+                                type: string
+                              type: array
+                            subjects:
+                              items:
+                                description: Subject defines the subject for filtering
+                                properties:
+                                  kind:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - kind
+                                type: object
+                              type: array
+                          type: object
+                        type: array
+                    type: object
+                required:
+                - cel
+                type: object
+            required:
+            - intent
+            - selector
+            type: object
+          status:
+            description: SecurityIntentStatus defines the observed state of SecurityIntent
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}