Add CustomRole CRD

coralogix · Jan 1, 2025 · f92b1b3 · f92b1b3
1 parent d7c470e
commit f92b1b3
Show file tree

Hide file tree

Showing 18 changed files with 904 additions and 4 deletions.
diff --git a/PROJECT b/PROJECT
@@ -63,4 +63,13 @@ resources:
   webhooks:
     validation: true
     webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: coralogix.com
+  group: coralogix
+  kind: CustomRole
+  path: github.com/coralogix/coralogix-operator/api/coralogix/v1alpha1
+  version: v1alpha1
 version: "3"
diff --git a/api/coralogix/v1alpha1/customrole_types.go b/api/coralogix/v1alpha1/customrole_types.go
@@ -0,0 +1,87 @@
+// Copyright 2024 Coralogix Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1alpha1
+
+import (
+	"strconv"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
+
+	cxsdk "github.com/coralogix/coralogix-management-sdk/go"
+)
+
+// CustomRoleSpec defines the desired state of CustomRole.
+type CustomRoleSpec struct {
+	Name string `json:"name"`
+
+	Description string `json:"description"`
+
+	ParentRoleName string `json:"parentRoleName"`
+
+	Permissions []string `json:"permissions"`
+}
+
+func (s *CustomRoleSpec) ExtractCreateCustomRoleRequest() *cxsdk.CreateRoleRequest {
+	return &cxsdk.CreateRoleRequest{
+		Name:        s.Name,
+		Description: s.Description,
+		ParentRole:  ptr.To(cxsdk.CreateRoleRequestParentRoleName{ParentRoleName: s.ParentRoleName}),
+		Permissions: s.Permissions,
+	}
+}
+
+func (s *CustomRoleSpec) ExtractUpdateCustomRoleRequest(id string) (*cxsdk.UpdateRoleRequest, error) {
+	roleID, err := strconv.Atoi(id)
+	if err != nil {
+		return &cxsdk.UpdateRoleRequest{}, err
+	}
+	return &cxsdk.UpdateRoleRequest{
+		RoleId:         uint32(roleID),
+		NewName:        ptr.To(s.Name),
+		NewDescription: ptr.To(s.Description),
+		NewPermissions: ptr.To(cxsdk.RolePermissions{Permissions: s.Permissions}),
+	}, nil
+}
+
+// CustomRoleStatus defines the observed state of CustomRole.
+type CustomRoleStatus struct {
+	ID *string `json:"id"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// CustomRole is the Schema for the customroles API.
+type CustomRole struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   CustomRoleSpec   `json:"spec,omitempty"`
+	Status CustomRoleStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// CustomRoleList contains a list of CustomRole.
+type CustomRoleList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []CustomRole `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&CustomRole{}, &CustomRoleList{})
+}
diff --git a/api/coralogix/v1alpha1/zz_generated.deepcopy.go b/api/coralogix/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/coralogix-operator/templates/cluster_role.yaml b/charts/coralogix-operator/templates/cluster_role.yaml
@@ -125,6 +125,32 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - coralogix.com
+  resources:
+  - customroles
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - coralogix.com
+  resources:
+  - customroles/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - coralogix.com
+  resources:
+  - customroles/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - coralogix.com
   resources:

diff --git a/charts/coralogix-operator/templates/crds/coralogix.com_customroles.yaml b/charts/coralogix-operator/templates/crds/coralogix.com_customroles.yaml
@@ -0,0 +1,70 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.15.0
+  name: customroles.coralogix.com
+spec:
+  group: coralogix.com
+  names:
+    kind: CustomRole
+    listKind: CustomRoleList
+    plural: customroles
+    singular: customrole
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: CustomRole is the Schema for the customroles API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: CustomRoleSpec defines the desired state of CustomRole.
+            properties:
+              description:
+                type: string
+              name:
+                type: string
+              parentRoleName:
+                type: string
+              permissions:
+                items:
+                  type: string
+                type: array
+            required:
+            - description
+            - name
+            - parentRoleName
+            - permissions
+            type: object
+          status:
+            description: CustomRoleStatus defines the observed state of CustomRole.
+            properties:
+              id:
+                type: string
+            required:
+            - id
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/cmd/main.go b/cmd/main.go
@@ -37,6 +37,8 @@ import (
 	// to ensure that exec-entrypoint and run can make use of them.
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
+	cxsdk "github.com/coralogix/coralogix-management-sdk/go"
+
 	utils "github.com/coralogix/coralogix-operator/api"
 	coralogixv1alpha1 "github.com/coralogix/coralogix-operator/api/coralogix/v1alpha1"
 	controllers "github.com/coralogix/coralogix-operator/internal/controller"
@@ -203,6 +205,8 @@ func main() {
 		os.Exit(1)
 	}
 
+	sdkClientSet := cxsdk.NewClientSet(targetUrl, apiKey, apiKey)
+
 	if err = (&coralogixcontrollers.RuleGroupReconciler{
 		CoralogixClientSet: clientset.NewClientSet(targetUrl, apiKey),
 		Client:             mgr.GetClient(),
@@ -255,6 +259,14 @@ func main() {
 		setupLog.Error(err, "unable to create controller", "controller", "ApiKey")
 		os.Exit(1)
 	}
+	if err = (&coralogixcontrollers.CustomRoleReconciler{
+		CustomRolesClient: sdkClientSet.Roles(),
+		Client:            mgr.GetClient(),
+		Scheme:            mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "CustomRole")
+		os.Exit(1)
+	}
 
 	if prometheusRuleController {
 		if err = (&controllers.AlertmanagerConfigReconciler{