update NetworkPolicyRule type, add validation and registry

api/core/v1alpha1/networkpolicyrule_types.go

@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors
 // SPDX-License-Identifier: Apache-2.0
 
 package v1alpha1
@@ -42,8 +42,6 @@ type NetworkPolicyTargetRef struct {
 	UID types.UID `json:"uid"`
 	// Name is the name of the target.
 	Name string `json:"name"`
-	// ProviderID is the provider internal id of the target.
-	ProviderID string `json:"providerID"`
 }
 
 type Rule struct {

go.sum

@@ -139,6 +139,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
 github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
 github.com/onsi/gomega v1.33.0 h1:snPCflnZrpMsy94p4lXVEkHo12lmPnc3vY5XBbreexE=

internal/apis/core/networkpolicy_types.go

@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors
 // SPDX-License-Identifier: Apache-2.0
 
 package core

internal/apis/core/networkpolicyrule_types.go

@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors
 // SPDX-License-Identifier: Apache-2.0
 
 package core
@@ -42,8 +42,6 @@ type NetworkPolicyTargetRef struct {
 	UID types.UID `json:"uid"`
 	// Name is the name of the target.
 	Name string `json:"name"`
-	// ProviderID is the provider internal id of the target.
-	ProviderID string `json:"providerID"`
 }
 
 type Rule struct {

internal/apis/core/validation/networkpolicyrule.go

@@ -0,0 +1,27 @@
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package validation
+
+import (
+	"github.com/ironcore-dev/ironcore-net/internal/apis/core"
+	"k8s.io/apimachinery/pkg/api/validation"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+)
+
+func ValidateNetworkPolicyRule(networkPolicyRule *core.NetworkPolicyRule) field.ErrorList {
+	var allErrs field.ErrorList
+
+	allErrs = append(allErrs, validation.ValidateObjectMetaAccessor(networkPolicyRule, true, validation.NameIsDNSLabel, field.NewPath("metadata"))...)
+
+	return allErrs
+}
+
+func ValidateNetworkPolicyRuleUpdate(newNetworkPolicyRule, oldNetworkPolicyRule *core.NetworkPolicyRule) field.ErrorList {
+	var allErrs field.ErrorList
+
+	allErrs = append(allErrs, validation.ValidateObjectMetaAccessorUpdate(newNetworkPolicyRule, oldNetworkPolicyRule, field.NewPath("metadata"))...)
+	allErrs = append(allErrs, ValidateNetworkPolicyRule(newNetworkPolicyRule)...)
+
+	return allErrs
+}

internal/registry/networkpolicy/storage.go

@@ -0,0 +1,87 @@
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package networkpolicy
+
+import (
+	"context"
+
+	"github.com/ironcore-dev/ironcore-net/internal/apis/core"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apiserver/pkg/registry/generic"
+	genericregistry "k8s.io/apiserver/pkg/registry/generic/registry"
+	"k8s.io/apiserver/pkg/registry/rest"
+	"sigs.k8s.io/structured-merge-diff/v4/fieldpath"
+)
+
+type NetworkPolicyStorage struct {
+	NetworkPolicy *REST
+	Status        *StatusREST
+}
+
+type REST struct {
+	*genericregistry.Store
+}
+
+func (REST) ShortNames() []string {
+	return []string{"netpol"}
+}
+
+func NewStorage(scheme *runtime.Scheme, optsGetter generic.RESTOptionsGetter) (NetworkPolicyStorage, error) {
+	strategy := NewStrategy(scheme)
+	statusStrategy := NewStatusStrategy(scheme)
+	store := &genericregistry.Store{
+		NewFunc: func() runtime.Object {
+			return &core.NetworkPolicy{}
+		},
+		NewListFunc: func() runtime.Object {
+			return &core.NetworkPolicyList{}
+		},
+		PredicateFunc:             MatchNetworkPolicy,
+		DefaultQualifiedResource:  core.Resource("networkpolicies"),
+		SingularQualifiedResource: core.Resource("networkpolicy"),
+
+		CreateStrategy: strategy,
+		UpdateStrategy: strategy,
+		DeleteStrategy: strategy,
+
+		TableConvertor: newTableConvertor(),
+	}
+
+	options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: GetAttrs}
+	if err := store.CompleteWithOptions(options); err != nil {
+		return NetworkPolicyStorage{}, err
+	}
+
+	statusStore := *store
+	statusStore.UpdateStrategy = statusStrategy
+	statusStore.ResetFieldsStrategy = statusStrategy
+
+	return NetworkPolicyStorage{
+		NetworkPolicy: &REST{store},
+		Status:        &StatusREST{&statusStore},
+	}, nil
+}
+
+type StatusREST struct {
+	store *genericregistry.Store
+}
+
+func (r *StatusREST) New() runtime.Object {
+	return &core.NetworkPolicy{}
+}
+
+func (r *StatusREST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) {
+	return r.store.Get(ctx, name, options)
+}
+
+func (r *StatusREST) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) {
+	return r.store.Update(ctx, name, objInfo, createValidation, updateValidation, false, options)
+}
+
+func (r *StatusREST) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set {
+	return r.store.GetResetFields()
+}
+
+func (r *StatusREST) Destroy() {}

internal/registry/networkpolicy/strategy.go

@@ -0,0 +1,117 @@
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package networkpolicy
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/ironcore-dev/ironcore-net/internal/apis/core"
+	"github.com/ironcore-dev/ironcore-net/internal/apis/core/validation"
+	"k8s.io/apimachinery/pkg/fields"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+	"k8s.io/apiserver/pkg/registry/generic"
+	apisrvstorage "k8s.io/apiserver/pkg/storage"
+	"k8s.io/apiserver/pkg/storage/names"
+	"sigs.k8s.io/structured-merge-diff/v4/fieldpath"
+)
+
+func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) {
+	networkPolicy, ok := obj.(*core.NetworkPolicy)
+	if !ok {
+		return nil, nil, fmt.Errorf("given object is not a NetworkPolicy")
+	}
+	return networkPolicy.Labels, SelectableFields(networkPolicy), nil
+}
+
+func MatchNetworkPolicy(label labels.Selector, field fields.Selector) apisrvstorage.SelectionPredicate {
+	return apisrvstorage.SelectionPredicate{
+		Label:    label,
+		Field:    field,
+		GetAttrs: GetAttrs,
+	}
+}
+
+func SelectableFields(networkPolicy *core.NetworkPolicy) fields.Set {
+	return generic.ObjectMetaFieldsSet(&networkPolicy.ObjectMeta, true)
+}
+
+type networkPolicyStrategy struct {
+	runtime.ObjectTyper
+	names.NameGenerator
+}
+
+func NewStrategy(typer runtime.ObjectTyper) networkPolicyStrategy {
+	return networkPolicyStrategy{typer, names.SimpleNameGenerator}
+}
+func (networkPolicyStrategy) NamespaceScoped() bool {
+	return true
+}
+
+func (networkPolicyStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
+
+}
+
+func (networkPolicyStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
+}
+
+func (networkPolicyStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
+	networkPolicy := obj.(*core.NetworkPolicy)
+	return validation.ValidateNetworkPolicy(networkPolicy)
+}
+
+func (networkPolicyStrategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string {
+	return nil
+}
+
+func (networkPolicyStrategy) AllowCreateOnUpdate() bool {
+	return false
+}
+
+func (networkPolicyStrategy) AllowUnconditionalUpdate() bool {
+	return false
+}
+
+func (networkPolicyStrategy) Canonicalize(obj runtime.Object) {
+}
+
+func (networkPolicyStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
+	newNetworkPolicy := obj.(*core.NetworkPolicy)
+	oldNetworkPolicy := old.(*core.NetworkPolicy)
+	return validation.ValidateNetworkPolicyUpdate(newNetworkPolicy, oldNetworkPolicy)
+}
+
+func (networkPolicyStrategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string {
+	return nil
+}
+
+type networkPolicyStatusStrategy struct {
+	networkPolicyStrategy
+}
+
+func NewStatusStrategy(typer runtime.ObjectTyper) networkPolicyStatusStrategy {
+	return networkPolicyStatusStrategy{NewStrategy(typer)}
+}
+func (networkPolicyStatusStrategy) GetResetFields() map[fieldpath.APIVersion]*fieldpath.Set {
+	return map[fieldpath.APIVersion]*fieldpath.Set{
+		"apinet.ironcore.dev/v1alpha1": fieldpath.NewSet(
+			fieldpath.MakePathOrDie("spec"),
+		),
+	}
+}
+
+func (networkPolicyStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
+}
+
+func (networkPolicyStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
+	newNetworkPolicy := obj.(*core.NetworkPolicy)
+	oldNetworkPolicy := old.(*core.NetworkPolicy)
+	return validation.ValidateNetworkPolicyUpdate(newNetworkPolicy, oldNetworkPolicy)
+}
+
+func (networkPolicyStatusStrategy) WarningsOnUpdate(cxt context.Context, obj, old runtime.Object) []string {
+	return nil
+}