Skip to content

Commit

Permalink
Merge pull request #186 from raffaelespazzoli/groups
Browse files Browse the repository at this point in the history
Adds Groups and GroupAlias vault API
  • Loading branch information
davgordo authored Aug 23, 2023
2 parents 150ec1a + 9c37c22 commit 4b49204
Show file tree
Hide file tree
Showing 122 changed files with 3,061 additions and 1,404 deletions.
5 changes: 3 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ KUBECTL_VERSION ?= v1.25.3
K8S_MAJOR_VERSION ?= 1.25
VAULT_VERSION ?= 1.12.2


# VERSION defines the project version for the bundle.
# Update this value when you upgrade the version of your project.
# To re-generate a bundle for another specific version without changing the standard setup, you can:
Expand Down Expand Up @@ -60,7 +61,7 @@ IMG ?= controller:latest
# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
ENVTEST_K8S_VERSION = 1.25.0
ENVTEST_K8S_VERSION ?= 1.26.0

# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
Expand Down Expand Up @@ -167,7 +168,7 @@ ldap-setup: kind-setup vault
##@ Build

.PHONY: build
build: generate fmt vet ## Build manager binary.
build: manifests generate fmt vet ## Build manager binary.
go build -o bin/manager main.go

.PHONY: run
Expand Down
30 changes: 30 additions & 0 deletions PROJECT
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# Code generated by tool. DO NOT EDIT.
# This file is used to track the info used to scaffold your project
# and allow the plugins properly work.
# More info: https://book.kubebuilder.io/reference/project-config.html
domain: redhat.io
layout:
- go.kubebuilder.io/v3
Expand Down Expand Up @@ -343,4 +347,30 @@ resources:
defaulting: true
validation: true
webhookVersion: v1
- api:
crdVersion: v1
namespaced: true
controller: true
domain: redhat.io
group: redhatcop
kind: Group
path: github.com/redhat-cop/vault-config-operator/api/v1alpha1
version: v1alpha1
webhooks:
defaulting: true
validation: true
webhookVersion: v1
- api:
crdVersion: v1
namespaced: true
controller: true
domain: redhat.io
group: redhatcop
kind: GroupAlias
path: github.com/redhat-cop/vault-config-operator/api/v1alpha1
version: v1alpha1
webhooks:
defaulting: true
validation: true
webhookVersion: v1
version: "3"
1 change: 1 addition & 0 deletions api/v1alpha1/authenginemount_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,7 @@ type AuthMountConfig struct {

var _ vaultutils.VaultObject = &AuthEngineMount{}
var _ vaultutils.VaultEngineObject = &AuthEngineMount{}
var _ vaultutils.ConditionsAware = &AuthEngineMount{}

func (mc *AuthMountConfig) toMap() map[string]interface{} {
return map[string]interface{}{
Expand Down
17 changes: 9 additions & 8 deletions api/v1alpha1/authenginemount_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
ctrl "sigs.k8s.io/controller-runtime"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/webhook"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)

// log is for logging in this package.
Expand Down Expand Up @@ -52,36 +53,36 @@ func (r *AuthEngineMount) Default() {
var _ webhook.Validator = &AuthEngineMount{}

// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (r *AuthEngineMount) ValidateCreate() error {
func (r *AuthEngineMount) ValidateCreate() (admission.Warnings, error) {
authenginemountlog.Info("validate create", "name", r.Name)

// TODO(user): fill in your validation logic upon object creation.
return nil
return nil, nil
}

// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
func (r *AuthEngineMount) ValidateUpdate(old runtime.Object) error {
func (r *AuthEngineMount) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
authenginemountlog.Info("validate update", "name", r.Name)

// the path cannot be updated
if r.Spec.Path != old.(*AuthEngineMount).Spec.Path {
return errors.New("spec.path cannot be updated")
return nil, errors.New("spec.path cannot be updated")
}
// only mount config can be modified
oldMount := old.(*AuthEngineMount).Spec.AuthMount
newMount := r.Spec.AuthMount
oldMount.Config = AuthMountConfig{}
newMount.Config = AuthMountConfig{}
if !reflect.DeepEqual(oldMount, newMount) {
return errors.New("only .spec.config can be modified")
return nil, errors.New("only .spec.config can be modified")
}
return nil
return nil, nil
}

// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
func (r *AuthEngineMount) ValidateDelete() error {
func (r *AuthEngineMount) ValidateDelete() (admission.Warnings, error) {
authenginemountlog.Info("validate delete", "name", r.Name)

// TODO(user): fill in your validation logic upon object deletion.
return nil
return nil, nil
}
3 changes: 1 addition & 2 deletions api/v1alpha1/databasesecretengineconfig_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import (
"reflect"

vault "github.com/hashicorp/vault/api"
"github.com/redhat-cop/operator-utils/pkg/util/apis"
vaultutils "github.com/redhat-cop/vault-config-operator/api/v1alpha1/utils"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -271,7 +270,7 @@ type DatabaseSecretEngineConfigStatus struct {
LastRootPasswordRotation metav1.Time `json:"lastRootPasswordRotation,omitempty"`
}

var _ apis.ConditionsAware = &DatabaseSecretEngineConfig{}
var _ vaultutils.ConditionsAware = &DatabaseSecretEngineConfig{}

func (m *DatabaseSecretEngineConfig) GetConditions() []metav1.Condition {
return m.Status.Conditions
Expand Down
15 changes: 8 additions & 7 deletions api/v1alpha1/databasesecretengineconfig_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
ctrl "sigs.k8s.io/controller-runtime"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/webhook"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)

// log is for logging in this package.
Expand Down Expand Up @@ -51,20 +52,20 @@ func (r *DatabaseSecretEngineConfig) Default() {
var _ webhook.Validator = &DatabaseSecretEngineConfig{}

// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (r *DatabaseSecretEngineConfig) ValidateCreate() error {
func (r *DatabaseSecretEngineConfig) ValidateCreate() (admission.Warnings, error) {
databasesecretengineconfiglog.Info("validate create", "name", r.Name)

// TODO(user): fill in your validation logic upon object creation.
return r.isValid()
return nil, r.isValid()
}

// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
func (r *DatabaseSecretEngineConfig) ValidateUpdate(old runtime.Object) error {
func (r *DatabaseSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
databasesecretengineconfiglog.Info("validate update", "name", r.Name)

// the path cannot be updated
if r.Spec.Path != old.(*DatabaseSecretEngineConfig).Spec.Path {
return errors.New("spec.path cannot be updated")
return nil, errors.New("spec.path cannot be updated")
}
//connection_url, username and verify_connection cannot be changed because they cannot be compare with the actual.
// if r.Spec.ConnectionURL != old.(*DatabaseSecretEngineConfig).Spec.ConnectionURL {
Expand All @@ -76,13 +77,13 @@ func (r *DatabaseSecretEngineConfig) ValidateUpdate(old runtime.Object) error {
// if r.Spec.VerifyConnection != old.(*DatabaseSecretEngineConfig).Spec.VerifyConnection {
// return errors.New("spec.verifyConnection cannot be updated")
// }
return r.isValid()
return nil, r.isValid()
}

// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
func (r *DatabaseSecretEngineConfig) ValidateDelete() error {
func (r *DatabaseSecretEngineConfig) ValidateDelete() (admission.Warnings, error) {
databasesecretengineconfiglog.Info("validate delete", "name", r.Name)

// TODO(user): fill in your validation logic upon object deletion.
return nil
return nil, nil
}
3 changes: 1 addition & 2 deletions api/v1alpha1/databasesecretenginerole_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"context"
"reflect"

"github.com/redhat-cop/operator-utils/pkg/util/apis"
vaultutils "github.com/redhat-cop/vault-config-operator/api/v1alpha1/utils"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
Expand Down Expand Up @@ -53,7 +52,7 @@ type DatabaseSecretEngineRoleSpec struct {

var _ vaultutils.VaultObject = &DatabaseSecretEngineRole{}

var _ apis.ConditionsAware = &DatabaseSecretEngineRole{}
var _ vaultutils.ConditionsAware = &DatabaseSecretEngineRole{}

func (d *DatabaseSecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection {
return d.Spec.Connection
Expand Down
15 changes: 8 additions & 7 deletions api/v1alpha1/databasesecretenginerole_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
ctrl "sigs.k8s.io/controller-runtime"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/webhook"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)

// log is for logging in this package.
Expand Down Expand Up @@ -51,28 +52,28 @@ func (r *DatabaseSecretEngineRole) Default() {
var _ webhook.Validator = &DatabaseSecretEngineRole{}

// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (r *DatabaseSecretEngineRole) ValidateCreate() error {
func (r *DatabaseSecretEngineRole) ValidateCreate() (admission.Warnings, error) {
databasesecretenginerolelog.Info("validate create", "name", r.Name)

// TODO(user): fill in your validation logic upon object creation.
return nil
return nil, nil
}

// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
func (r *DatabaseSecretEngineRole) ValidateUpdate(old runtime.Object) error {
func (r *DatabaseSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
databasesecretenginerolelog.Info("validate update", "name", r.Name)

// the path cannot be updated
if r.Spec.Path != old.(*DatabaseSecretEngineRole).Spec.Path {
return errors.New("spec.path cannot be updated")
return nil, errors.New("spec.path cannot be updated")
}
return nil
return nil, nil
}

// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
func (r *DatabaseSecretEngineRole) ValidateDelete() error {
func (r *DatabaseSecretEngineRole) ValidateDelete() (admission.Warnings, error) {
databasesecretenginerolelog.Info("validate delete", "name", r.Name)

// TODO(user): fill in your validation logic upon object deletion.
return nil
return nil, nil
}
3 changes: 1 addition & 2 deletions api/v1alpha1/databasesecretenginestaticrole_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import (
"reflect"
"strconv"

"github.com/redhat-cop/operator-utils/pkg/util/apis"
vaultutils "github.com/redhat-cop/vault-config-operator/api/v1alpha1/utils"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
Expand Down Expand Up @@ -134,7 +133,7 @@ func (i *DBSEStaticRole) toMap() map[string]interface{} {

var _ vaultutils.VaultObject = &DatabaseSecretEngineStaticRole{}

var _ apis.ConditionsAware = &DatabaseSecretEngineStaticRole{}
var _ vaultutils.ConditionsAware = &DatabaseSecretEngineStaticRole{}

func (d *DatabaseSecretEngineStaticRole) GetVaultConnection() *vaultutils.VaultConnection {
return d.Spec.Connection
Expand Down
15 changes: 8 additions & 7 deletions api/v1alpha1/databasesecretenginestaticrole_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
ctrl "sigs.k8s.io/controller-runtime"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/webhook"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)

// log is for logging in this package.
Expand Down Expand Up @@ -52,28 +53,28 @@ func (r *DatabaseSecretEngineStaticRole) Default() {
var _ webhook.Validator = &DatabaseSecretEngineStaticRole{}

// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (r *DatabaseSecretEngineStaticRole) ValidateCreate() error {
func (r *DatabaseSecretEngineStaticRole) ValidateCreate() (admission.Warnings, error) {
databasesecretenginestaticrolelog.Info("validate create", "name", r.Name)

// TODO(user): fill in your validation logic upon object creation.
return r.isValid()
return nil, r.isValid()
}

// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
func (r *DatabaseSecretEngineStaticRole) ValidateUpdate(old runtime.Object) error {
func (r *DatabaseSecretEngineStaticRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
databasesecretenginestaticrolelog.Info("validate update", "name", r.Name)
// the path cannot be updated
if r.Spec.Path != old.(*DatabaseSecretEngineStaticRole).Spec.Path {
return errors.New("spec.path cannot be updated")
return nil, errors.New("spec.path cannot be updated")
}
// TODO(user): fill in your validation logic upon object update.
return r.isValid()
return nil, r.isValid()
}

// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
func (r *DatabaseSecretEngineStaticRole) ValidateDelete() error {
func (r *DatabaseSecretEngineStaticRole) ValidateDelete() (admission.Warnings, error) {
databasesecretenginestaticrolelog.Info("validate delete", "name", r.Name)

// TODO(user): fill in your validation logic upon object deletion.
return nil
return nil, nil
}
3 changes: 1 addition & 2 deletions api/v1alpha1/githubsecretengineconfig_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import (
"reflect"

vault "github.com/hashicorp/vault/api"
"github.com/redhat-cop/operator-utils/pkg/util/apis"
vaultutils "github.com/redhat-cop/vault-config-operator/api/v1alpha1/utils"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -167,7 +166,7 @@ type GitHubSecretEngineConfigStatus struct {
Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

var _ apis.ConditionsAware = &GitHubSecretEngineConfig{}
var _ vaultutils.ConditionsAware = &GitHubSecretEngineConfig{}

func (m *GitHubSecretEngineConfig) GetConditions() []metav1.Condition {
return m.Status.Conditions
Expand Down
15 changes: 8 additions & 7 deletions api/v1alpha1/githubsecretengineconfig_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
ctrl "sigs.k8s.io/controller-runtime"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/webhook"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)

// log is for logging in this package.
Expand Down Expand Up @@ -53,28 +54,28 @@ func (r *GitHubSecretEngineConfig) Default() {
var _ webhook.Validator = &GitHubSecretEngineConfig{}

// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (r *GitHubSecretEngineConfig) ValidateCreate() error {
func (r *GitHubSecretEngineConfig) ValidateCreate() (admission.Warnings, error) {
githubsecretengineconfiglog.Info("validate create", "name", r.Name)

// TODO(user): fill in your validation logic upon object creation.
return r.isValid()
return nil, r.isValid()
}

// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
func (r *GitHubSecretEngineConfig) ValidateUpdate(old runtime.Object) error {
func (r *GitHubSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
githubsecretengineconfiglog.Info("validate update", "name", r.Name)

// the path cannot be updated
if r.Spec.Path != old.(*GitHubSecretEngineConfig).Spec.Path {
return errors.New("spec.path cannot be updated")
return nil, errors.New("spec.path cannot be updated")
}
return r.isValid()
return nil, r.isValid()
}

// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
func (r *GitHubSecretEngineConfig) ValidateDelete() error {
func (r *GitHubSecretEngineConfig) ValidateDelete() (admission.Warnings, error) {
githubsecretengineconfiglog.Info("validate delete", "name", r.Name)

// TODO(user): fill in your validation logic upon object deletion.
return nil
return nil, nil
}
3 changes: 1 addition & 2 deletions api/v1alpha1/githubsecretenginerole_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"context"
"reflect"

"github.com/redhat-cop/operator-utils/pkg/util/apis"
vaultutils "github.com/redhat-cop/vault-config-operator/api/v1alpha1/utils"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
Expand Down Expand Up @@ -128,7 +127,7 @@ type GitHubSecretEngineRoleStatus struct {
Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

var _ apis.ConditionsAware = &GitHubSecretEngineRole{}
var _ vaultutils.ConditionsAware = &GitHubSecretEngineRole{}

func (m *GitHubSecretEngineRole) GetConditions() []metav1.Condition {
return m.Status.Conditions
Expand Down
Loading

0 comments on commit 4b49204

Please sign in to comment.