Skip to content

Commit

Permalink
Merge branch 'main' into integration-tests
Browse files Browse the repository at this point in the history
  • Loading branch information
VedRatan authored Feb 20, 2024
2 parents 8f5a459 + e4dee8e commit 0e5f6d2
Show file tree
Hide file tree
Showing 45 changed files with 988 additions and 554 deletions.
7 changes: 6 additions & 1 deletion api/v1/clusternimbuspolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,18 @@ type ClusterNimbusPolicySpec struct {

// ClusterNimbusPolicyStatus defines the observed state of ClusterNimbusPolicy
type ClusterNimbusPolicyStatus struct {
Status string `json:"status"`
Status string `json:"status"`
LastUpdated metav1.Time `json:"lastUpdated,omitempty"`
NumberOfAdapterPolicies int32 `json:"numberOfAdapterPolicies"`
Policies []string `json:"adapterPolicies,omitempty"`
}

//+kubebuilder:object:root=true
//+kubebuilder:subresource:status
//+kubebuilder:resource:scope=Cluster,shortName="cwnp"
//+kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status"
//+kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
//+kubebuilder:printcolumn:name="Policies",type="integer",JSONPath=".status.numberOfAdapterPolicies"

// ClusterNimbusPolicy is the Schema for the clusternimbuspolicies API
type ClusterNimbusPolicy struct {
Expand Down
11 changes: 9 additions & 2 deletions api/v1/clustersecurityintentbinding_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,20 @@ type ClusterSecurityIntentBindingSpec struct {

// ClusterSecurityIntentBindingStatus defines the observed state of ClusterSecurityIntentBinding
type ClusterSecurityIntentBindingStatus struct {
Status string `json:"status"`
Status string `json:"status"`
LastUpdated metav1.Time `json:"lastUpdated,omitempty"`
NumberOfBoundIntents int32 `json:"numberOfBoundIntents"`
BoundIntents []string `json:"boundIntents,omitempty"`
ClusterNimbusPolicy string `json:"clusterNimbusPolicy"`
}

//+kubebuilder:object:root=true
//+kubebuilder:subresource:status
//+kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status"
//+kubebuilder:resource:scope=Cluster,shortName="csib"
//+kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status"
//+kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
//+kubebuilder:printcolumn:name="Intents",type="integer",JSONPath=".status.numberOfBoundIntents"
//+kubebuilder:printcolumn:name="ClusterNimbusPolicy",type="string",JSONPath=".status.clusterNimbusPolicy"
//+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// ClusterSecurityIntentBinding is the Schema for the clustersecurityintentbindings API
Expand Down
11 changes: 7 additions & 4 deletions api/v1/nimbuspolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,20 +32,23 @@ type NimbusRules struct {

type Rule struct {
RuleAction string `json:"action"`
Mode string `json:"mode"`
Params map[string][]string `json:"params,omitempty"`
}

// NimbusPolicyStatus defines the observed state of NimbusPolicy
type NimbusPolicyStatus struct {
Status string `json:"status"`
LastUpdated metav1.Time `json:"lastUpdated,omitempty"`
Status string `json:"status"`
LastUpdated metav1.Time `json:"lastUpdated,omitempty"`
NumberOfAdapterPolicies int32 `json:"numberOfAdapterPolicies"`
Policies []string `json:"adapterPolicies,omitempty"`
}

//+kubebuilder:object:root=true
//+kubebuilder:subresource:status
//+kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status"
//+kubebuilder:resource: shortName="np"
//+kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status"
//+kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
//+kubebuilder:printcolumn:name="Policies",type="integer",JSONPath=".status.numberOfAdapterPolicies"

// NimbusPolicy is the Schema for the nimbuspolicies API
type NimbusPolicy struct {
Expand Down
11 changes: 5 additions & 6 deletions api/v1/securityintent_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,6 @@ type Intent struct {
// Action defines how the security policy will be enforced.
Action string `json:"action"`

// Mode defines the enforcement behavior of the intent.
// Defaults to best-effort.
//+kubebuilder:default:="best-effort"
Mode string `json:"mode,omitempty"`

// Severity defines the potential impact of a security violation related to the intent.
// Defaults to Low.
//+kubebuilder:default:=Low
Expand All @@ -45,14 +40,18 @@ type Intent struct {

// SecurityIntentStatus defines the observed state of SecurityIntent
type SecurityIntentStatus struct {
ID string `json:"id"`
Action string `json:"action"`
Status string `json:"status"`
}

// SecurityIntent is the Schema for the securityintents API
// +kubebuilder:object:root=true
// +kubebuilder:resource:shortName="si",scope="Cluster"
// +kubebuilder:subresource:status
// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status"
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:printcolumn:name="ID",type="string",JSONPath=".spec.intent.id",priority=1
// +kubebuilder:printcolumn:name="Action",type="string",JSONPath=".spec.intent.action",priority=1
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// SecurityIntent is the Schema for the securityintents API
Expand Down
10 changes: 8 additions & 2 deletions api/v1/securityintentbinding_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,14 +39,20 @@ type Resources struct {

// SecurityIntentBindingStatus defines the observed state of SecurityIntentBinding
type SecurityIntentBindingStatus struct {
Status string `json:"status"`
LastUpdated metav1.Time `json:"lastUpdated,omitempty"`
Status string `json:"status"`
LastUpdated metav1.Time `json:"lastUpdated,omitempty"`
NumberOfBoundIntents int32 `json:"numberOfBoundIntents"`
BoundIntents []string `json:"boundIntents,omitempty"`
NimbusPolicy string `json:"nimbusPolicy"`
}

// +kubebuilder:object:root=true
// +kubebuilder:resource: shortName="sib"
// +kubebuilder:subresource:status
// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status"
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:printcolumn:name="Intents",type="integer",JSONPath=".status.numberOfBoundIntents"
// +kubebuilder:printcolumn:name="NimbusPolicy",type="string",JSONPath=".status.nimbusPolicy"
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// SecurityIntentBinding is the Schema for the securityintentbindings API
Expand Down
26 changes: 24 additions & 2 deletions api/v1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 7 additions & 6 deletions cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,11 @@ import (
"flag"
"os"

// Importing all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
// to ensure that exec-entrypoint and run can utilize them.
_ "k8s.io/client-go/plugin/pkg/client/auth"

"k8s.io/apimachinery/pkg/runtime"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/config"
"sigs.k8s.io/controller-runtime/pkg/healthz"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
Expand Down Expand Up @@ -43,6 +40,7 @@ func main() {
var metricsAddr string
var enableLeaderElection bool
var probeAddr string
recoverPanic := true

flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
Expand All @@ -59,8 +57,11 @@ func main() {
Scheme: scheme,
Metrics: metricsserver.Options{BindAddress: metricsAddr},
HealthProbeBindAddress: probeAddr,
LeaderElection: enableLeaderElection,
LeaderElectionID: "44502a2e.security.nimbus.com",
Controller: config.Controller{
RecoverPanic: &recoverPanic,
},
LeaderElection: enableLeaderElection,
LeaderElectionID: "44502a2e.security.nimbus.com",
// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
// when the Manager ends. This requires the binary to immediately end when the
// Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ spec:
- jsonPath: .status.status
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.numberOfAdapterPolicies
name: Policies
type: integer
name: v1
schema:
openAPIV3Schema:
Expand Down Expand Up @@ -54,8 +60,6 @@ spec:
properties:
action:
type: string
mode:
type: string
params:
additionalProperties:
items:
Expand All @@ -64,7 +68,6 @@ spec:
type: object
required:
- action
- mode
type: object
type:
type: string
Expand Down Expand Up @@ -105,9 +108,20 @@ spec:
status:
description: ClusterNimbusPolicyStatus defines the observed state of ClusterNimbusPolicy
properties:
adapterPolicies:
items:
type: string
type: array
lastUpdated:
format: date-time
type: string
numberOfAdapterPolicies:
format: int32
type: integer
status:
type: string
required:
- numberOfAdapterPolicies
- status
type: object
type: object
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,15 @@ spec:
- jsonPath: .status.status
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.numberOfBoundIntents
name: Intents
type: integer
- jsonPath: .status.clusterNimbusPolicy
name: ClusterNimbusPolicy
type: string
name: v1
schema:
openAPIV3Schema:
Expand Down Expand Up @@ -86,9 +95,23 @@ spec:
description: ClusterSecurityIntentBindingStatus defines the observed state
of ClusterSecurityIntentBinding
properties:
boundIntents:
items:
type: string
type: array
clusterNimbusPolicy:
type: string
lastUpdated:
format: date-time
type: string
numberOfBoundIntents:
format: int32
type: integer
status:
type: string
required:
- clusterNimbusPolicy
- numberOfBoundIntents
- status
type: object
type: object
Expand Down
17 changes: 14 additions & 3 deletions config/crd/bases/intent.security.nimbus.com_nimbuspolicies.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ spec:
- jsonPath: .status.status
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.numberOfAdapterPolicies
name: Policies
type: integer
name: v1
schema:
openAPIV3Schema:
Expand Down Expand Up @@ -55,8 +61,6 @@ spec:
properties:
action:
type: string
mode:
type: string
params:
additionalProperties:
items:
Expand All @@ -65,7 +69,6 @@ spec:
type: object
required:
- action
- mode
type: object
type:
type: string
Expand Down Expand Up @@ -94,12 +97,20 @@ spec:
status:
description: NimbusPolicyStatus defines the observed state of NimbusPolicy
properties:
adapterPolicies:
items:
type: string
type: array
lastUpdated:
format: date-time
type: string
numberOfAdapterPolicies:
format: int32
type: integer
status:
type: string
required:
- numberOfAdapterPolicies
- status
type: object
type: object
Expand Down
Loading

0 comments on commit 0e5f6d2

Please sign in to comment.