From 04559884f530297b398d9c63e57d213a10b4a901 Mon Sep 17 00:00:00 2001 From: Rashmi Khanna Date: Thu, 26 Mar 2020 19:31:12 +0530 Subject: [PATCH] Redhat certification (#58) * code for redhat cert * add scorecard file * add olm catalog and csv files * update dockerfiles * changes to make the scan pass * update csv * update secret * update resources * update resources * update resources auth * update resources * update versions of resources * update node status * update status descriptor * update status descriptor for security onboarding * final changes for redhat cert * update channel * renegerate bundle * add status for security onboarding * remove bundle dir from checkin * update spelling error Co-authored-by: root --- .osdk-scorecard.yaml | 24 + build/Dockerfile | 16 + build/Dockerfile.ppc64le | 24 +- build/Dockerfile.s390x | 24 +- common/Makefile.common.mk | 23 +- ...operator.v3.5.0.clusterserviceversion.yaml | 732 +++++++++++++++++- .../securityonboarding_controller.go | 35 +- 7 files changed, 847 insertions(+), 31 deletions(-) create mode 100644 .osdk-scorecard.yaml diff --git a/.osdk-scorecard.yaml b/.osdk-scorecard.yaml new file mode 100644 index 00000000..3de8d89e --- /dev/null +++ b/.osdk-scorecard.yaml @@ -0,0 +1,24 @@ +scorecard: + # Setting a global scorecard option + output: json + plugins: + # `basic` tests configured to test 2 CRs + - basic: + cr-manifest: + - "deploy/crds/operator.ibm.com_v1alpha1_authentication_cr.yaml" + - "deploy/crds/operator.ibm.com_v1alpha1_oidcclientwatcher_cr.yaml" + - "deploy/crds/operator.ibm.com_v1alpha1_pap_cr.yaml" + - "deploy/crds/operator.ibm.com_v1alpha1_policycontroller_cr.yaml" + - "deploy/crds/operator.ibm.com_v1alpha1_policydecision_cr.yaml" + - "deploy/crds/operator.ibm.com_v1alpha1_secretwatcher_cr.yaml" + - "deploy/crds/operator.ibm.com_v1alpha1_securityonboarding_cr.yaml" + - olm: + cr-manifest: + - "deploy/crds/operator.ibm.com_v1alpha1_authentication_cr.yaml" + - "deploy/crds/operator.ibm.com_v1alpha1_oidcclientwatcher_cr.yaml" + - "deploy/crds/operator.ibm.com_v1alpha1_pap_cr.yaml" + - "deploy/crds/operator.ibm.com_v1alpha1_policycontroller_cr.yaml" + - "deploy/crds/operator.ibm.com_v1alpha1_policydecision_cr.yaml" + - "deploy/crds/operator.ibm.com_v1alpha1_secretwatcher_cr.yaml" + - "deploy/crds/operator.ibm.com_v1alpha1_securityonboarding_cr.yaml" + csv-path: "deploy/olm-catalog/ibm-iam-operator/3.5.0/ibm-iam-operator.v3.5.0.clusterserviceversion.yaml" diff --git a/build/Dockerfile b/build/Dockerfile index 4d709cd3..2d1114e4 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,5 +1,17 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1-398 +LABEL org.label-schema.vendor="IBM" \ + org.label-schema.name="ibm-iam-operator" \ + org.label-schema.description="IBM IAM Operator" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url=$VCS_URL \ + org.label-schema.license="Licensed Materials - Property of IBM" \ + org.label-schema.schema-version="1.0" \ + name="ibm-iam-operator" \ + vendor="IBM" \ + description="IBM IAM Operator" \ + summary="IBM IAM Operator" + ENV OPERATOR=/usr/local/bin/ibm-iam-operator \ USER_UID=1001 \ USER_NAME=ibm-iam-operator @@ -10,6 +22,10 @@ COPY build/_output/bin/ibm-iam-operator ${OPERATOR} COPY build/bin /usr/local/bin RUN /usr/local/bin/user_setup +# copy licenses +RUN mkdir /licenses +COPY LICENSE /licenses + ENTRYPOINT ["/usr/local/bin/entrypoint"] USER ${USER_UID} diff --git a/build/Dockerfile.ppc64le b/build/Dockerfile.ppc64le index 013ad40b..792cc972 100644 --- a/build/Dockerfile.ppc64le +++ b/build/Dockerfile.ppc64le @@ -25,16 +25,16 @@ ARG VCS_REF ARG VCS_URL LABEL org.label-schema.vendor="IBM" \ - org.label-schema.name="go-repo-template" \ - org.label-schema.description="A github repo with golang" \ - org.label-schema.vcs-ref=$VCS_REF \ - org.label-schema.vcs-url=$VCS_URL \ - org.label-schema.license="Licensed Materials - Property of IBM" \ - org.label-schema.schema-version="1.0" \ - name="go-repo-template" \ - vendor="IBM" \ - description="A github repo with golang" \ - summary="A github repo with golang" + org.label-schema.name="ibm-iam-operator" \ + org.label-schema.description="IBM IAM Operator" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url=$VCS_URL \ + org.label-schema.license="Licensed Materials - Property of IBM" \ + org.label-schema.schema-version="1.0" \ + name="ibm-iam-operator" \ + vendor="IBM" \ + description="IBM IAM Operator" \ + summary="IBM IAM Operator" ENV OPERATOR=/usr/local/bin/ibm-iam-operator \ USER_UID=1001 \ @@ -56,9 +56,5 @@ ENTRYPOINT ["/usr/local/bin/entrypoint"] USER ${USER_UID} -LABEL name="ibm-iam-operator" -LABEL vendor="IBM" LABEL version="0.0.1" LABEL release="0.0.1" -LABEL summary="Operator for the IBM IAM microservice" -LABEL description="Operator for the IBM IAM microservice" diff --git a/build/Dockerfile.s390x b/build/Dockerfile.s390x index 1fed5110..1760cd05 100644 --- a/build/Dockerfile.s390x +++ b/build/Dockerfile.s390x @@ -25,16 +25,16 @@ ARG VCS_REF ARG VCS_URL LABEL org.label-schema.vendor="IBM" \ - org.label-schema.name="go-repo-template" \ - org.label-schema.description="A github repo with golang" \ - org.label-schema.vcs-ref=$VCS_REF \ - org.label-schema.vcs-url=$VCS_URL \ - org.label-schema.license="Licensed Materials - Property of IBM" \ - org.label-schema.schema-version="1.0" \ - name="go-repo-template" \ - vendor="IBM" \ - description="A github repo with golang" \ - summary="A github repo with golang" + org.label-schema.name="ibm-iam-operator" \ + org.label-schema.description="IBM IAM Operator" \ + org.label-schema.vcs-ref=$VCS_REF \ + org.label-schema.vcs-url=$VCS_URL \ + org.label-schema.license="Licensed Materials - Property of IBM" \ + org.label-schema.schema-version="1.0" \ + name="ibm-iam-operator" \ + vendor="IBM" \ + description="IBM IAM Operator" \ + summary="IBM IAM Operator" ENV OPERATOR=/usr/local/bin/ibm-iam-operator \ USER_UID=1001 \ @@ -56,9 +56,5 @@ ENTRYPOINT ["/usr/local/bin/entrypoint"] USER ${USER_UID} -LABEL name="ibm-iam-operator" -LABEL vendor="IBM" LABEL version="0.0.1" LABEL release="0.0.1" -LABEL summary="Operator for the IBM IAM microservice" -LABEL description="Operator for the IBM IAM microservice" diff --git a/common/Makefile.common.mk b/common/Makefile.common.mk index 0a9e4c00..7f9a2b06 100644 --- a/common/Makefile.common.mk +++ b/common/Makefile.common.mk @@ -96,4 +96,25 @@ format-python: format-protos: @$(FINDFILES) -name '*.proto' -print0 | $(XARGS) -L 1 prototool format -w -.PHONY: lint-dockerfiles lint-scripts lint-yaml lint-copyright-banner lint-go lint-python lint-helm lint-markdown lint-sass lint-typescript lint-protos lint-all format-go format-python format-protos config-docker +csv-gen: + @echo Updating the CSV files with the changes in the CRD + operator-sdk generate csv --csv-version ${CSV_VERSION} --update-crds + +bundle: + @echo --- Updating the bundle directory with latest yamls from olm-catalog --- + rm -rf bundle/* + cp -r deploy/olm-catalog/ibm-iam-operator/${CSV_VERSION}/* bundle/ + cp deploy/olm-catalog/ibm-iam-operator/ibm-iam-operator.package.yaml bundle/ + zip bundle/ibm-iam-metadata bundle/*.yaml + +install-operator-courier: + @echo --- Installing Operator Courier --- + pip3 install operator-courier + +verify-bundle: + @echo --- Verify Bundle is Redhat Certify ready --- + operator-courier --verbose verify --ui_validate_io bundle/ + +redhat-certify-ready: bundle install-operator-courier verify-bundle + +.PHONY: lint-dockerfiles lint-scripts lint-yaml lint-copyright-banner lint-go lint-python lint-helm lint-markdown lint-sass lint-typescript lint-protos lint-all format-go format-python format-protos csv-gen bundle install-operator-courier verify-bundle redhat-certify-ready config-docker diff --git a/deploy/olm-catalog/ibm-iam-operator/3.5.0/ibm-iam-operator.v3.5.0.clusterserviceversion.yaml b/deploy/olm-catalog/ibm-iam-operator/3.5.0/ibm-iam-operator.v3.5.0.clusterserviceversion.yaml index 3d582baf..9dc75cdc 100644 --- a/deploy/olm-catalog/ibm-iam-operator/3.5.0/ibm-iam-operator.v3.5.0.clusterserviceversion.yaml +++ b/deploy/olm-catalog/ibm-iam-operator/3.5.0/ibm-iam-operator.v3.5.0.clusterserviceversion.yaml @@ -225,120 +225,850 @@ spec: kind: Authentication name: authentications.operator.ibm.com displayName: Authentication + resources: + - kind: secrets + name: '' + version: v1 + - kind: mutatingwebhookconfigurations + name: '' + version: v1beta1 + - kind: paps + name: '' + version: v1alpha1 + - kind: clusterroles + name: '' + version: v1 + - kind: clusterrolebindings + name: '' + version: v1 + - kind: policycontrollers + name: '' + version: v1alpha1 + - kind: ingresses + name: '' + version: v1beta1 + - kind: securityonboardings + name: '' + version: v1alpha1 + - kind: customresourcedefinitions + name: '' + version: v1beta1 + - kind: policydecisions + name: '' + version: v1alpha1 + - kind: secretwatchers + name: '' + version: v1alpha1 + - kind: servicemonitors + name: '' + version: v1 + - kind: authentications + name: '' + version: v1alpha1 + - kind: Pods + name: '' + version: v1 + - kind: statefulsets + name: '' + version: v1 + - kind: services + name: '' + version: v1 + - kind: persistentvolumeclaims + name: '' + version: v1 + - kind: Jobs + name: '' + version: v1 + - kind: configmaps + name: '' + version: v1 + - kind: certificates + name: '' + version: v1alpha1 + - kind: deployments + name: '' + version: v1 + - kind: oidcclientwatchers + name: '' + version: v1alpha1 + - kind: users + name: '' + version: v1 + - kind: replicasets + name: '' + version: v1 specDescriptors: - description: A list defines the catalog information for operators. displayName: Operators path: operators x-descriptors: - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for identity manager. + displayName: identityManager + path: identityManager + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for operator version. + displayName: OperatorVersion + path: operatorVersion + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for audit service. + displayName: AuditService + path: auditService + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for auth service. + displayName: authService + path: authService + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for identity provider. + displayName: identityProvider + path: identityProvider + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for init mongodb. + displayName: initMongodb + path: initMongodb + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for replicas. + displayName: Replicas + path: replicas + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for client registration. + displayName: ClientRegistration + path: clientRegistration + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for config. + displayName: Config + path: config + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' statusDescriptors: - description: The status of operators. displayName: Operator Status path: OperatorsStatus x-descriptors: - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: The status of nodes. + displayName: Node Status + path: nodes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses version: v1alpha1 - description: OIDCClientWatcher is the Schema for the oidcclientwatchers API kind: OIDCClientWatcher name: oidcclientwatchers.operator.ibm.com displayName: OIDCClientWatcher + resources: + - kind: secrets + name: '' + version: v1 + - kind: mutatingwebhookconfigurations + name: '' + version: v1beta1 + - kind: clusterroles + name: '' + version: v1 + - kind: clusterrolebindings + name: '' + version: v1 + - kind: paps + name: '' + version: v1alpha1 + - kind: policycontrollers + name: '' + version: v1alpha1 + - kind: ingresses + name: '' + version: v1beta1 + - kind: securityonboardings + name: '' + version: v1alpha1 + - kind: customresourcedefinitions + name: '' + version: v1beta1 + - kind: policydecisions + name: '' + version: v1alpha1 + - kind: secretwatchers + name: '' + version: v1alpha1 + - kind: authentications + name: '' + version: v1alpha1 + - kind: Pods + name: '' + version: v1 + - kind: statefulsets + name: '' + version: v1 + - kind: services + name: '' + version: v1 + - kind: persistentvolumeclaims + name: '' + version: v1 + - kind: Jobs + name: '' + version: v1 + - kind: configmaps + name: '' + version: v1 + - kind: certificates + name: '' + version: v1alpha1 + - kind: deployments + name: '' + version: v1 + - kind: oidcclientwatchers + name: '' + version: v1alpha1 + - kind: users + name: '' + version: v1 + - kind: replicasets + name: '' + version: v1 + - kind: securityonboardings + name: '' + version: v1alpha1 + - kind: servicemonitors + name: '' + version: v1 specDescriptors: - description: A list defines the catalog information for operators. displayName: Operators path: operators x-descriptors: - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for image registry. + displayName: imageRegistry + path: imageRegistry + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for image tag postfix. + displayName: imageTagPostfix + path: imageTagPostfix + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for operator version. + displayName: operatorVersion + path: operatorVersion + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for replicas. + displayName: Replicas + path: replicas + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' statusDescriptors: - description: The status of operators. displayName: Operator Status path: OperatorsStatus x-descriptors: - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: The status of nodes. + displayName: Node Status + path: nodes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses version: v1alpha1 - description: Pap is the Schema for the paps API kind: Pap name: paps.operator.ibm.com displayName: Pap + resources: + - kind: secrets + name: '' + version: v1 + - kind: paps + name: '' + version: v1alpha1 + - kind: policycontrollers + name: '' + version: v1alpha1 + - kind: ingresses + name: '' + version: v1beta1 + - kind: securityonboardings + name: '' + version: v1alpha1 + - kind: customresourcedefinitions + name: '' + version: v1beta1 + - kind: policydecisions + name: '' + version: v1alpha1 + - kind: secretwatchers + name: '' + version: v1alpha1 + - kind: servicemonitors + name: '' + version: v1 + - kind: authentications + name: '' + version: v1alpha1 + - kind: Pods + name: '' + version: v1 + - kind: statefulsets + name: '' + version: v1 + - kind: services + name: '' + version: v1 + - kind: persistentvolumeclaims + name: '' + version: v1 + - kind: Jobs + name: '' + version: v1 + - kind: configmaps + name: '' + version: v1 + - kind: certificates + name: '' + version: v1alpha1 + - kind: deployments + name: '' + version: v1 + - kind: oidcclientwatchers + name: '' + version: v1alpha1 + - kind: users + name: '' + version: v1 + - kind: replicasets + name: '' + version: v1 specDescriptors: - description: A list defines the catalog information for operators. displayName: Operators path: operators x-descriptors: - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for replicas. + displayName: Replicas + path: replicas + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for audit service. + displayName: AuditService + path: auditService + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for operator version. + displayName: OperatorVersion + path: operatorVersion + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for pap service. + displayName: PapService + path: papService + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' statusDescriptors: - description: The status of operators. displayName: Operator Status path: OperatorsStatus x-descriptors: - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: The status of nodes. + displayName: Node Status + path: nodes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses version: v1alpha1 - description: PolicyController is the Schema for the policycontrollers API kind: PolicyController name: policycontrollers.operator.ibm.com displayName: PolicyController + resources: + - kind: secrets + name: '' + version: v1 + - kind: clusterroles + name: '' + version: v1 + - kind: clusterrolebindings + name: '' + version: v1 + - kind: paps + name: '' + version: v1alpha1 + - kind: policycontrollers + name: '' + version: v1alpha1 + - kind: ingresses + name: '' + version: v1beta1 + - kind: securityonboardings + name: '' + version: v1alpha1 + - kind: customresourcedefinitions + name: '' + version: v1beta1 + - kind: policydecisions + name: '' + version: v1alpha1 + - kind: secretwatchers + name: '' + version: v1alpha1 + - kind: servicemonitors + name: '' + version: v1 + - kind: authentications + name: '' + version: v1alpha1 + - kind: Pods + name: '' + version: v1 + - kind: statefulsets + name: '' + version: v1 + - kind: services + name: '' + version: v1 + - kind: persistentvolumeclaims + name: '' + version: v1 + - kind: Jobs + name: '' + version: v1 + - kind: configmaps + name: '' + version: v1 + - kind: certificates + name: '' + version: v1alpha1 + - kind: deployments + name: '' + version: v1 + - kind: oidcclientwatchers + name: '' + version: v1alpha1 + - kind: users + name: '' + version: v1 + - kind: replicasets + name: '' + version: v1 specDescriptors: - description: A list defines the catalog information for operators. displayName: Operators path: operators x-descriptors: - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for image registry. + displayName: imageRegistry + path: imageRegistry + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for image tag postfix. + displayName: imageTagPostfix + path: imageTagPostfix + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for operator version. + displayName: operatorVersion + path: operatorVersion + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for replicas. + displayName: Replicas + path: replicas + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' statusDescriptors: - description: The status of operators. displayName: Operator Status path: OperatorsStatus x-descriptors: - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: The status of nodes. + displayName: Node Status + path: nodes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses version: v1alpha1 - description: PolicyDecision is the Schema for the policydecisions API kind: PolicyDecision name: policydecisions.operator.ibm.com displayName: PolicyDecision + resources: + - kind: secrets + name: '' + version: v1 + - kind: paps + name: '' + version: v1alpha1 + - kind: policycontrollers + name: '' + version: v1alpha1 + - kind: ingresses + name: '' + version: v1beta1 + - kind: securityonboardings + name: '' + version: v1alpha1 + - kind: customresourcedefinitions + name: '' + version: v1beta1 + - kind: policydecisions + name: '' + version: v1alpha1 + - kind: secretwatchers + name: '' + version: v1alpha1 + - kind: servicemonitors + name: '' + version: v1 + - kind: authentications + name: '' + version: v1alpha1 + - kind: Pods + name: '' + version: v1 + - kind: statefulsets + name: '' + version: v1 + - kind: services + name: '' + version: v1 + - kind: persistentvolumeclaims + name: '' + version: v1 + - kind: Jobs + name: '' + version: v1 + - kind: configmaps + name: '' + version: v1 + - kind: certificates + name: '' + version: v1alpha1 + - kind: deployments + name: '' + version: v1 + - kind: oidcclientwatchers + name: '' + version: v1alpha1 + - kind: users + name: '' + version: v1 + - kind: replicasets + name: '' + version: v1 specDescriptors: - description: A list defines the catalog information for operators. displayName: Operators path: operators x-descriptors: - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for image registry. + displayName: imageRegistry + path: imageRegistry + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for image tag. + displayName: imageTag + path: imageTag + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for init mongodb. + displayName: initMongodb + path: initMongodb + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for operator version. + displayName: operatorVersion + path: operatorVersion + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for replicas. + displayName: replicas + path: replicas + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for audit service. + displayName: auditService + path: auditService + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for image name. + displayName: imageName + path: imageName + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' statusDescriptors: - description: The status of operators. displayName: Operator Status path: OperatorsStatus x-descriptors: - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: The status of nodes. + displayName: Node Status + path: nodes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses version: v1alpha1 - description: SecretWatcher is the Schema for the secretwatchers API kind: SecretWatcher name: secretwatchers.operator.ibm.com displayName: SecretWatcher + resources: + - kind: secrets + name: '' + version: v1 + - kind: paps + name: '' + version: v1alpha1 + - kind: policycontrollers + name: '' + version: v1alpha1 + - kind: ingresses + name: '' + version: v1beta1 + - kind: securityonboardings + name: '' + version: v1alpha1 + - kind: customresourcedefinitions + name: '' + version: v1beta1 + - kind: policydecisions + name: '' + version: v1alpha1 + - kind: secretwatchers + name: '' + version: v1alpha1 + - kind: servicemonitors + name: '' + version: v1 + - kind: authentications + name: '' + version: v1alpha1 + - kind: Pods + name: '' + version: v1 + - kind: statefulsets + name: '' + version: v1 + - kind: services + name: '' + version: v1 + - kind: persistentvolumeclaims + name: '' + version: v1 + - kind: Jobs + name: '' + version: v1 + - kind: configmaps + name: '' + version: v1 + - kind: certificates + name: '' + version: v1alpha1 + - kind: deployments + name: '' + version: v1 + - kind: oidcclientwatchers + name: '' + version: v1alpha1 + - kind: users + name: '' + version: v1 + - kind: replicasets + name: '' + version: v1 specDescriptors: - description: A list defines the catalog information for operators. displayName: Operators path: operators x-descriptors: - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for image registry. + displayName: imageRegistry + path: imageRegistry + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for image tag postfix. + displayName: imageTagPostfix + path: imageTagPostfix + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for operator version. + displayName: operatorVersion + path: operatorVersion + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for replicas. + displayName: Replicas + path: replicas + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' statusDescriptors: - description: The status of operators. displayName: Operator Status path: OperatorsStatus x-descriptors: - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: The status of nodes. + displayName: Node Status + path: nodes + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses version: v1alpha1 - description: SecurityOnboarding is the Schema for the securityonboardings API kind: SecurityOnboarding name: securityonboardings.operator.ibm.com displayName: SecurityOnboarding + resources: + - kind: secrets + name: '' + version: v1 + - kind: paps + name: '' + version: v1alpha1 + - kind: policycontrollers + name: '' + version: v1alpha1 + - kind: ingresses + name: '' + version: v1beta1 + - kind: securityonboardings + name: '' + version: v1alpha1 + - kind: customresourcedefinitions + name: '' + version: v1beta1 + - kind: policydecisions + name: '' + version: v1alpha1 + - kind: secretwatchers + name: '' + version: v1alpha1 + - kind: servicemonitors + name: '' + version: v1 + - kind: authentications + name: '' + version: v1alpha1 + - kind: Pods + name: '' + version: v1 + - kind: statefulsets + name: '' + version: v1 + - kind: services + name: '' + version: v1 + - kind: persistentvolumeclaims + name: '' + version: v1 + - kind: Jobs + name: '' + version: v1 + - kind: configmaps + name: '' + version: v1 + - kind: certificates + name: '' + version: v1alpha1 + - kind: deployments + name: '' + version: v1 + - kind: oidcclientwatchers + name: '' + version: v1alpha1 + - kind: users + name: '' + version: v1 + - kind: replicasets + name: '' + version: v1 specDescriptors: - description: A list defines the catalog information for operators. displayName: Operators path: operators x-descriptors: - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for image name. + displayName: imageName + path: imageName + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for impersonation. + displayName: impersonation + path: impersonation + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for init identity manager. + displayName: initIdentityManager + path: initIdentityManager + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for replicas. + displayName: Replicas + path: replicas + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for iam onboarding. + displayName: iamOnboarding + path: iamOnboarding + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for image registry. + displayName: imageRegistry + path: imageRegistry + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for image tag. + displayName: imageTag + path: imageTag + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for init auth service. + displayName: initAuthService + path: initAuthService + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for init identity provider. + displayName: initIdentityProvider + path: initIdentityProvider + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for init pap spec. + displayName: initPAPSpec + path: initPAPSpec + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for init token service. + displayName: initTokenService + path: initTokenService + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: A list defines the catalog information for operator version. + displayName: operatorVersion + path: operatorVersion + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' statusDescriptors: - description: The status of operators. displayName: Operator Status path: OperatorsStatus x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:podStatuses + - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' + - description: The status of pod names. + displayName: PodNames Status + path: podNames + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' version: v1alpha1 required: - description: CertManager is the Schema for the certmanagers API diff --git a/pkg/controller/securityonboarding/securityonboarding_controller.go b/pkg/controller/securityonboarding/securityonboarding_controller.go index 2779889f..fcb7dcb0 100644 --- a/pkg/controller/securityonboarding/securityonboarding_controller.go +++ b/pkg/controller/securityonboarding/securityonboarding_controller.go @@ -29,6 +29,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" + "reflect" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" @@ -164,10 +165,42 @@ func (r *ReconcileSecurityOnboarding) Reconcile(request reconcile.Request) (reco } reqLogger.Info("Complete - handleConfigMap") - + // Update the SecurityOnboarding status with the pod names + // List the pods for this SecurityOnboarding's job + jobList := &batchv1.JobList{} + listOpts := []client.ListOption{ + client.InNamespace(instance.Namespace), + client.MatchingLabels(map[string]string{"app": "security-onboarding"}), + } + reqLogger.Info("Complete - got job list") + if err = r.client.List(context.TODO(), jobList, listOpts...); err != nil { + reqLogger.Error(err, "Failed to list jobs", "SecurityOnboarding.Namespace", instance.Namespace, "SecurityOnboarding.Name", instance.Name) + return reconcile.Result{}, err + } + jobNames := getJobNames(jobList.Items) + // Update status.Nodes if needed + if !reflect.DeepEqual(jobNames, instance.Status.PodNames) { + instance.Status.PodNames = jobNames + err := r.client.Status().Update(context.TODO(), instance) + if err != nil { + reqLogger.Error(err, "Failed to update SecurityOnboarding status") + return reconcile.Result{}, err + } + } return reconcile.Result{}, nil } +// getJobNames returns the pod names of the array of pods passed in +func getJobNames(jobs []batchv1.Job) []string { + reqLogger := log.WithValues("Request.Namespace", "CS??? namespace", "Request.Name", "CS???") + var jobNames []string + for _, job := range jobs { + jobNames = append(jobNames, job.Name) + reqLogger.Info("CS??? pod name=" + job.Name) + } + return jobNames +} + func (r *ReconcileSecurityOnboarding) handleConfigMap(instance *operatorv1alpha1.SecurityOnboarding) (reconcile.Result, error) { reqLogger := log.WithValues("Instance.Namespace", instance.Namespace, "Instance.Name", instance.Name)