Creation of CompassManagerMapping CRD after successfull registration …

…Runtime in Compass (#27)

<!-- Thank you for your contribution. Before you submit the pull
request:
1. Follow contributing guidelines, templates, the recommended Git
workflow, and any related documentation.
2. Read and submit the required Contributor Licence Agreements
(https://github.com/kyma-project/community/blob/main/CONTRIBUTING.md#agreements-and-licenses).
3. Test your changes and attach their results to the pull request.
4. Update the relevant documentation.

If the pull request requires a decision, follow the [decision-making
process](https://github.com/kyma-project/community/blob/main/governance.md)
and replace the PR template with the [decision record
template](https://github.com/kyma-project/community/blob/main/.github/ISSUE_TEMPLATE/decision-record.md).
-->

**Description**

Changes proposed in this pull request:

- reconcile triggers only while the Application Connector module is
present in Kyma CR
- changed the way of marking Runtime as connected to Compass from
labeling Kyma CR to creating Compass Manager Mapping CRD with all the
data needed
- added WhiteSource and Protecode scans for module
- ~Compass Manager is capable of refreshing Compass one-time token~
commented -> moved to different PR

**Related issue(s)**
<!-- If you refer to a particular issue, provide its number. For
example, `Resolves #123`, `Fixes #43`, or `See also #33`. -->

.github/workflows/golangci-lint.yaml

@@ -1,8 +1,5 @@
 name: golangci-lint
 on:
-  push:
-    branches:
-      - main
   pull_request:
 
 permissions:
@@ -36,7 +33,7 @@ jobs:
           # Note: By default, the `.golangci.yml` file should be at the root of the repository.
           # The location of the configuration file can be changed by using `--config=`
           # args: --timeout=30m --config=/my/path/.golangci.yml --issues-exit-code=0
-          args: --timeout=5m
+          args: --timeout=5m --out-format=github-actions
 
           # Optional: show only new issues if it's a pull request. The default value is `false`.
           # only-new-issues: true

.golangci.yaml

@@ -79,7 +79,7 @@ linters:
     - godox # detects TODOs keywords
     # - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt. Dissabled as can't work together with `gci`
     - gomnd # detects magic numbers
-    - gomoddirectives # manages the use of 'replace', 'retract', and 'excludes' directives in go.mod
+    # - gomoddirectives # manages the use of 'replace', 'retract', and 'excludes' directives in go.mod
     - nestif # reports deeply nested if statements
     - nilerr # finds the code that returns nil even if it checks that the error is not nil
     - nilnil # checks that there is no simultaneous return of nil error and an invalid value

Dockerfile

@@ -13,6 +13,7 @@ RUN go mod download
 
 # Copy the go source
 COPY main.go main.go
+COPY api/ api/
 COPY controllers/ controllers/
 COPY internal/ internal/
 COPY pkg/ pkg/

PROJECT

@@ -11,10 +11,9 @@ resources:
 - api:
     crdVersion: v1
     namespaced: true
-  controller: true
   domain: kyma-project.io
   group: operator
-  kind: CompassManager
+  kind: CompassManagerMapping
   path: github.com/kyma-project/compass-manager/api/v1beta1
   version: v1beta1
 version: "3"

api/v1beta1/compassmanagermapping_types.go

@@ -0,0 +1,36 @@
+package v1beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// CompassManagerMappingSpec defines the desired state of CompassManagerMapping
+type CompassManagerMappingSpec struct{}
+
+// CompassManagerMappingStatus defines the observed state of CompassManagerMapping
+type CompassManagerMappingStatus struct{}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// CompassManagerMapping is the Schema for the compassmanagermappings API
+type CompassManagerMapping struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   CompassManagerMappingSpec   `json:"spec,omitempty"`
+	Status CompassManagerMappingStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// CompassManagerMappingList contains a list of CompassManagerMapping
+type CompassManagerMappingList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []CompassManagerMapping `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&CompassManagerMapping{}, &CompassManagerMappingList{})
+}

api/v1beta1/groupversion_info.go

@@ -0,0 +1,20 @@
+// Package v1beta1 contains API Schema definitions for the operator v1beta1 API group
+// +kubebuilder:object:generate=true
+// +groupName=operator.kyma-project.io
+package v1beta1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "operator.kyma-project.io", Version: "v1beta1"} //nolint:gochecknoglobals
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} //nolint:gochecknoglobals
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme //nolint:gochecknoglobals
+)

config/crd/bases/operator.kyma-project.io_compassmanagermappings.yaml

@@ -0,0 +1,47 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.2
+  creationTimestamp: null
+  name: compassmanagermappings.operator.kyma-project.io
+spec:
+  group: operator.kyma-project.io
+  names:
+    kind: CompassManagerMapping
+    listKind: CompassManagerMappingList
+    plural: compassmanagermappings
+    singular: compassmanagermapping
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: CompassManagerMapping is the Schema for the compassmanagermappings
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: CompassManagerMappingSpec defines the desired state of CompassManagerMapping
+            type: object
+          status:
+            description: CompassManagerMappingStatus defines the observed state of
+              CompassManagerMapping
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/kustomization.yaml

@@ -0,0 +1,21 @@
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/operator.kyma-project.io_compassmanagermappings.yaml
+#+kubebuilder:scaffold:crdkustomizeresource
+
+patchesStrategicMerge:
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
+# patches here are for enabling the conversion webhook for each CRD
+#- patches/webhook_in_compassmanagermappings.yaml
+#+kubebuilder:scaffold:crdkustomizewebhookpatch
+
+# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
+# patches here are for enabling the CA injection for each CRD
+#- patches/cainjection_in_compassmanagermappings.yaml
+#+kubebuilder:scaffold:crdkustomizecainjectionpatch
+
+# the following config is for teaching kustomize how to do kustomization for CRDs.
+configurations:
+- kustomizeconfig.yaml

config/crd/kustomizeconfig.yaml

@@ -0,0 +1,19 @@
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - kind: CustomResourceDefinition
+    version: v1
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhook/clientConfig/service/name
+
+namespace:
+- kind: CustomResourceDefinition
+  version: v1
+  group: apiextensions.k8s.io
+  path: spec/conversion/webhook/clientConfig/service/namespace
+  create: false
+
+varReference:
+- path: metadata/annotations

config/crd/patches/cainjection_in_compassmanagermappings.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: compassmanagermappings.operator.kyma-project.io

config/crd/patches/webhook_in_compassmanagermappings.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: compassmanagermappings.operator.kyma-project.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1

config/rbac/compassmanagermapping_editor_role.yaml

@@ -0,0 +1,31 @@
+# permissions for end users to edit compassmanagermappings.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: compassmanagermapping-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: compass-manager
+    app.kubernetes.io/part-of: compass-manager
+    app.kubernetes.io/managed-by: kustomize
+  name: compassmanagermapping-editor-role
+rules:
+- apiGroups:
+  - operator.kyma-project.io
+  resources:
+  - compassmanagermappings
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - operator.kyma-project.io
+  resources:
+  - compassmanagermappings/status
+  verbs:
+  - get

config/rbac/compassmanagermapping_viewer_role.yaml

@@ -0,0 +1,27 @@
+# permissions for end users to view compassmanagermappings.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: compassmanagermapping-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: compass-manager
+    app.kubernetes.io/part-of: compass-manager
+    app.kubernetes.io/managed-by: kustomize
+  name: compassmanagermapping-viewer-role
+rules:
+- apiGroups:
+  - operator.kyma-project.io
+  resources:
+  - compassmanagermappings
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - operator.kyma-project.io
+  resources:
+  - compassmanagermappings/status
+  verbs:
+  - get