feat: Add Status and OwnerReferences fields

Signed-off-by: Anurag Rajawat <[email protected]>

api/v1/clusternimbuspolicy_types.go

@@ -21,7 +21,7 @@ type ClusterNimbusPolicyStatus struct {
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
 //+kubebuilder:resource:scope=Cluster,shortName="cwnp"
-//+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+//+kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status"
 
 // ClusterNimbusPolicy is the Schema for the clusternimbuspolicies API
 type ClusterNimbusPolicy struct {

api/v1/clustersecurityintentbinding_types.go

@@ -32,6 +32,7 @@ type ClusterSecurityIntentBindingStatus struct {
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
+//+kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status"
 //+kubebuilder:resource:scope=Cluster,shortName="csib"
 //+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 

api/v1/nimbuspolicy_types.go

@@ -32,7 +32,7 @@ type NimbusRules struct {
 
 type Rule struct {
 	RuleAction string              `json:"action"`
-	Mode       string              `json:"mode,omitempty"`
+	Mode       string              `json:"mode"`
 	Params     map[string][]string `json:"params,omitempty"`
 }
 
@@ -43,8 +43,8 @@ type NimbusPolicyStatus struct {
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
+//+kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status"
 //+kubebuilder:resource: shortName="np"
-//+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // NimbusPolicy is the Schema for the nimbuspolicies API
 type NimbusPolicy struct {

api/v1/securityintent_types.go

@@ -52,6 +52,7 @@ type SecurityIntentStatus struct {
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:shortName="si",scope="Cluster"
 // +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status"
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // SecurityIntent is the Schema for the securityintents API

api/v1/securityintentbinding_types.go

@@ -45,6 +45,7 @@ type SecurityIntentBindingStatus struct {
 // +kubebuilder:object:root=true
 // +kubebuilder:resource: shortName="sib"
 // +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status"
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // SecurityIntentBinding is the Schema for the securityintentbindings API

cmd/main.go

@@ -115,34 +115,6 @@ func main() {
 		setupLog.Error(err, "unable to create controller", "controller", "ClusterSecurityIntentBinding")
 		os.Exit(1)
 	}
-
-	nimbusPolicyReconciler := controller.NewNimbusPolicyReconciler(mgr.GetClient(), mgr.GetScheme())
-	if err != nil {
-		setupLog.Error(err, "Unable to create NimbusPolicyReconciler")
-		os.Exit(1)
-	}
-	nimbusPolicywatcher, err := watcher.NewNimbusPolicy(mgr.GetClient())
-	if err != nil {
-		setupLog.Error(err, "Unable to create NimbusPolicyWatcher")
-		os.Exit(1)
-	}
-	nimbusPolicyReconciler.NimbusPolicyWatcher = nimbusPolicywatcher
-	if err = nimbusPolicyReconciler.SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "Unable to set up NimbusPolicyReconciler with manager", "controller", "NimbusPolicy")
-		os.Exit(1)
-	}
-
-	clusterNpReconciler := controller.NewClusterNimbusPolicyReconciler(mgr.GetClient(), mgr.GetScheme())
-	clusterNpWatcher, err := watcher.NewClusterNimbusPolicy(mgr.GetClient())
-	if err != nil {
-		setupLog.Error(err, "Unable to create ClusterNimbusPolicyWatcher")
-		os.Exit(1)
-	}
-	clusterNpReconciler.ClusterNimbusPolicyWatcher = clusterNpWatcher
-	if err = clusterNpReconciler.SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "Unable to setup ClusterNimbusPolicyReconciler with manager", "controller", "ClusterNimbusPolicy")
-		os.Exit(1)
-	}
 	//+kubebuilder:scaffold:builder
 
 	// Adding health and readiness checks.

config/crd/bases/intent.security.nimbus.com_clusternimbuspolicies.yaml

@@ -16,7 +16,11 @@ spec:
     singular: clusternimbuspolicy
   scope: Cluster
   versions:
-  - name: v1
+  - additionalPrinterColumns:
+    - jsonPath: .status.status
+      name: Status
+      type: string
+    name: v1
     schema:
       openAPIV3Schema:
         description: ClusterNimbusPolicy is the Schema for the clusternimbuspolicies
@@ -60,6 +64,7 @@ spec:
                           type: object
                       required:
                       - action
+                      - mode
                       type: object
                     type:
                       type: string

config/crd/bases/intent.security.nimbus.com_clustersecurityintentbindings.yaml

@@ -16,7 +16,11 @@ spec:
     singular: clustersecurityintentbinding
   scope: Cluster
   versions:
-  - name: v1
+  - additionalPrinterColumns:
+    - jsonPath: .status.status
+      name: Status
+      type: string
+    name: v1
     schema:
       openAPIV3Schema:
         description: ClusterSecurityIntentBinding is the Schema for the clustersecurityintentbindings

config/crd/bases/intent.security.nimbus.com_nimbuspolicies.yaml

@@ -16,7 +16,11 @@ spec:
     singular: nimbuspolicy
   scope: Namespaced
   versions:
-  - name: v1
+  - additionalPrinterColumns:
+    - jsonPath: .status.status
+      name: Status
+      type: string
+    name: v1
     schema:
       openAPIV3Schema:
         description: NimbusPolicy is the Schema for the nimbuspolicies API
@@ -61,6 +65,7 @@ spec:
                           type: object
                       required:
                       - action
+                      - mode
                       type: object
                     type:
                       type: string

config/crd/bases/intent.security.nimbus.com_securityintentbindings.yaml

@@ -16,7 +16,11 @@ spec:
     singular: securityintentbinding
   scope: Namespaced
   versions:
-  - name: v1
+  - additionalPrinterColumns:
+    - jsonPath: .status.status
+      name: Status
+      type: string
+    name: v1
     schema:
       openAPIV3Schema:
         description: SecurityIntentBinding is the Schema for the securityintentbindings

config/crd/bases/intent.security.nimbus.com_securityintents.yaml

@@ -16,7 +16,11 @@ spec:
     singular: securityintent
   scope: Cluster
   versions:
-  - name: v1
+  - additionalPrinterColumns:
+    - jsonPath: .status.status
+      name: Status
+      type: string
+    name: v1
     schema:
       openAPIV3Schema:
         description: SecurityIntent is the Schema for the securityintents API

internal/controller/clustersecurityintentbinding_controller.go

@@ -30,6 +30,9 @@ type ClusterSecurityIntentBindingReconciler struct {
 //+kubebuilder:rbac:groups=intent.security.nimbus.com,resources=clustersecurityintentbindings,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=intent.security.nimbus.com,resources=clustersecurityintentbindings/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=intent.security.nimbus.com,resources=clustersecurityintentbindings/finalizers,verbs=update
+//+kubebuilder:rbac:groups=intent.security.nimbus.com,resources=clusternimbuspolicies,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=intent.security.nimbus.com,resources=clusternimbuspolicies/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=intent.security.nimbus.com,resources=clusternimbuspolicies/finalizers,verbs=update
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
@@ -47,22 +50,15 @@ func (r *ClusterSecurityIntentBindingReconciler) Reconcile(ctx context.Context,
 
 	if clusterBinding != nil {
 		logger.Info("ClusterSecurityIntentBinding found", "Name", req.Name)
-	} else {
-		logger.Info("ClusterSecurityIntentBinding not found", "Name", req.Name)
-		// Delete associated ClusterNimbusPolicy if exists.
-		var clusterNp v1.ClusterNimbusPolicy
-		err = r.Get(ctx, types.NamespacedName{Name: req.Name}, &clusterNp)
-		if errors.IsNotFound(err) {
-			logger.Error(err, "failed to get ClusterNimbusPolicy for deletion", "ClusterNimbusPolicy", clusterNp.Name)
-			return ctrl.Result{}, err
-		}
-		if err == nil {
-			if err = r.Delete(ctx, &clusterNp); err != nil {
-				logger.Error(err, "failed to delete ClusterNimbusPolicy for deletion", "ClusterNimbusPolicy", clusterNp.Name)
+		if clusterBinding.Status.Status == "" || clusterBinding.Status.Status == StatusPending {
+			clusterBinding.Status.Status = StatusCreated
+			if err = r.Status().Update(ctx, clusterBinding); err != nil {
+				logger.Error(err, "failed to update ClusterSecurityIntentBinding status", "Name", clusterBinding.Name)
 				return ctrl.Result{}, err
 			}
-			logger.Info("Deleted ClusterNimbusPolicy due to ClusterSecurityIntentBinding deletion", "ClusterNimbusPolicy", clusterNp.Name)
 		}
+	} else {
+		logger.Info("ClusterSecurityIntentBinding not found", "Name", req.Name)
 		//Todo: Signal adapters to delete corresponding policies.
 		return ctrl.Result{}, nil
 	}
@@ -73,24 +69,39 @@ func (r *ClusterSecurityIntentBindingReconciler) Reconcile(ctx context.Context,
 		return ctrl.Result{}, err
 	}
 
-	cwnp, err := policybuilder.BuildClusterNimbusPolicy(ctx, r.Client, clusterBindingInfo)
+	cwnp, err := policybuilder.BuildClusterNimbusPolicy(ctx, r.Client, r.Scheme, clusterBindingInfo)
 	if err != nil {
 		logger.Error(err, "failed to build ClusterNimbusPolicy")
 		return ctrl.Result{}, err
 	}
 
-	if err = r.Create(ctx, cwnp); err != nil {
-		logger.Error(err, "failed to create ClusterNimbusPolicy", "ClusterNimbusPolicy", cwnp.Name)
+	err = r.Get(ctx, types.NamespacedName{Name: req.Name}, cwnp)
+	if err != nil && errors.IsNotFound(err) {
+		logger.Info("Creating a new ClusterNimbusPolicy")
+		if err = r.Create(ctx, cwnp); err != nil {
+			logger.Error(err, "failed to create ClusterNimbusPolicy", "Name", cwnp.Name)
+			return ctrl.Result{}, err
+		}
+		return ctrl.Result{}, nil
+	}
+	if err != nil {
+		logger.Error(err, "failed to get ClusterNimbusPolicy", "Name", cwnp.Name)
 		return ctrl.Result{}, err
 	}
-	// Todo: Update Status
-	//cwnp.Status = v1.ClusterNimbusPolicyStatus{Status: "Created"}
+	if cwnp.Status.Status == "" || cwnp.Status.Status == StatusPending {
+		cwnp.Status.Status = StatusCreated
+		if err = r.Status().Update(ctx, cwnp); err != nil {
+			logger.Error(err, "failed to update ClusterNimbusPolicy status", "Name", cwnp.Name)
+			return ctrl.Result{}, err
+		}
+	}
 	return ctrl.Result{}, nil
 }
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *ClusterSecurityIntentBindingReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&v1.ClusterSecurityIntentBinding{}).
+		Owns(&v1.ClusterNimbusPolicy{}).
 		Complete(r)
 }