diff --git a/Makefile b/Makefile index 4e5f19429..6ae4633b4 100644 --- a/Makefile +++ b/Makefile @@ -296,7 +296,7 @@ endef .PHONY: manifests manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) crd paths="./api/v1alpha1;./api/v1beta1;./api/v1beta2;./api/v1beta3" output:crd:artifacts:config=config/crd/bases + $(CONTROLLER_GEN) crd paths="./api/v1alpha1;./api/v1alpha2;./api/v1beta1;./api/v1beta2;./api/v1beta3" output:crd:artifacts:config=config/crd/bases $(CONTROLLER_GEN) rbac:roleName=manager-role webhook paths="./..." .PHONY: dependencies-manifests diff --git a/README.md b/README.md index b18b3c190..5fbdb441c 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ The kuadrant control plane owns the following [Custom Resource Definitions, CRDs | AuthPolicy CRD [\[doc\]](doc/auth.md) [[reference]](doc/reference/authpolicy.md) | Enable AuthN and AuthZ based access control on workloads | [AuthPolicy CR](https://github.com/Kuadrant/kuadrant-operator/blob/main/examples/toystore/authpolicy.yaml) | | RateLimitPolicy CRD [\[doc\]](doc/rate-limiting.md) [[reference]](doc/reference/ratelimitpolicy.md) | Enable access control on workloads based on HTTP rate limiting | [RateLimitPolicy CR](https://raw.githubusercontent.com/Kuadrant/kuadrant-operator/main/examples/toystore/ratelimitpolicy_httproute.yaml) | | DNSPolicy CRD [\[doc\]](doc/dns.md) [[reference]](doc/reference/dnspolicy.md) | Enable DNS management | [DNSPolicy CR](config/samples/kuadrant_v1alpha1_dnspolicy.yaml) | -| TLSPolicy CRD [\[doc\]](doc/tls.md) [[reference]](doc/reference/tlspolicy.md) | Enable TLS management | [TLSPolicy CR](config/samples/kuadrant_v1alpha1_tlspolicy.yaml) | +| TLSPolicy CRD [\[doc\]](doc/tls.md) [[reference]](doc/reference/tlspolicy.md) | Enable TLS management | [TLSPolicy CR](config/samples/kuadrant_v1alpha2_tlspolicy.yaml) | Additionally, Kuadrant provides the following CRDs diff --git a/api/v1alpha1/topology.go b/api/v1alpha1/topology.go index 0ab5156bf..a2e3b2ad0 100644 --- a/api/v1alpha1/topology.go +++ b/api/v1alpha1/topology.go @@ -1,6 +1,6 @@ package v1alpha1 -// Contains of this file allow the DNSPolicy and TLSPolicy to adhere to the machinery.Policy interface +// Contains of this file allow the DNSPolicy to adhere to the machinery.Policy interface import ( "github.com/kuadrant/policy-machinery/machinery" @@ -10,8 +10,6 @@ import ( var ( DNSPoliciesResource = GroupVersion.WithResource("dnspolicies") DNSPolicyGroupKind = schema.GroupKind{Group: GroupVersion.Group, Kind: "DNSPolicy"} - TLSPoliciesResource = GroupVersion.WithResource("tlspolicies") - TLSPolicyGroupKind = schema.GroupKind{Group: GroupVersion.Group, Kind: "TLSPolicy"} ) var _ machinery.Policy = &DNSPolicy{} @@ -38,28 +36,3 @@ func (p *DNSPolicy) Merge(other machinery.Policy) machinery.Policy { func (p *DNSPolicy) GetLocator() string { return machinery.LocatorFromObject(p) } - -var _ machinery.Policy = &TLSPolicy{} - -func (p *TLSPolicy) GetTargetRefs() []machinery.PolicyTargetReference { - return []machinery.PolicyTargetReference{ - machinery.LocalPolicyTargetReference{ - LocalPolicyTargetReference: p.Spec.TargetRef, - PolicyNamespace: p.Namespace, - }, - } -} - -func (p *TLSPolicy) GetMergeStrategy() machinery.MergeStrategy { - return func(policy machinery.Policy, _ machinery.Policy) machinery.Policy { - return policy - } -} - -func (p *TLSPolicy) Merge(other machinery.Policy) machinery.Policy { - return other -} - -func (p *TLSPolicy) GetLocator() string { - return machinery.LocatorFromObject(p) -} diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 53a868b6c..9f57ebe91 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -21,53 +21,11 @@ limitations under the License. package v1alpha1 import ( - certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" apiv1alpha1 "github.com/kuadrant/dns-operator/api/v1alpha1" "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) { - *out = *in - out.IssuerRef = in.IssuerRef - if in.Duration != nil { - in, out := &in.Duration, &out.Duration - *out = new(v1.Duration) - **out = **in - } - if in.RenewBefore != nil { - in, out := &in.RenewBefore, &out.RenewBefore - *out = new(v1.Duration) - **out = **in - } - if in.Usages != nil { - in, out := &in.Usages, &out.Usages - *out = make([]certmanagerv1.KeyUsage, len(*in)) - copy(*out, *in) - } - if in.RevisionHistoryLimit != nil { - in, out := &in.RevisionHistoryLimit, &out.RevisionHistoryLimit - *out = new(int32) - **out = **in - } - if in.PrivateKey != nil { - in, out := &in.PrivateKey, &out.PrivateKey - *out = new(certmanagerv1.CertificatePrivateKey) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec. -func (in *CertificateSpec) DeepCopy() *CertificateSpec { - if in == nil { - return nil - } - out := new(CertificateSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DNSPolicy) DeepCopyInto(out *DNSPolicy) { *out = *in @@ -222,101 +180,3 @@ func (in *LoadBalancingSpec) DeepCopy() *LoadBalancingSpec { in.DeepCopyInto(out) return out } - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSPolicy) DeepCopyInto(out *TLSPolicy) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicy. -func (in *TLSPolicy) DeepCopy() *TLSPolicy { - if in == nil { - return nil - } - out := new(TLSPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *TLSPolicy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSPolicyList) DeepCopyInto(out *TLSPolicyList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]TLSPolicy, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicyList. -func (in *TLSPolicyList) DeepCopy() *TLSPolicyList { - if in == nil { - return nil - } - out := new(TLSPolicyList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *TLSPolicyList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSPolicySpec) DeepCopyInto(out *TLSPolicySpec) { - *out = *in - out.TargetRef = in.TargetRef - in.CertificateSpec.DeepCopyInto(&out.CertificateSpec) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicySpec. -func (in *TLSPolicySpec) DeepCopy() *TLSPolicySpec { - if in == nil { - return nil - } - out := new(TLSPolicySpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSPolicyStatus) DeepCopyInto(out *TLSPolicyStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicyStatus. -func (in *TLSPolicyStatus) DeepCopy() *TLSPolicyStatus { - if in == nil { - return nil - } - out := new(TLSPolicyStatus) - in.DeepCopyInto(out) - return out -} diff --git a/api/v1alpha2/groupversion_info.go b/api/v1alpha2/groupversion_info.go new file mode 100644 index 000000000..70405423e --- /dev/null +++ b/api/v1alpha2/groupversion_info.go @@ -0,0 +1,36 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1alpha2 contains API Schema definitions for the kuadrant.io v1alpha2 API group +// +kubebuilder:object:generate=true +// +groupName=kuadrant.io +package v1alpha2 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "kuadrant.io", Version: "v1alpha2"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/api/v1alpha1/tlspolicy_types.go b/api/v1alpha2/tlspolicy_types.go similarity index 99% rename from api/v1alpha1/tlspolicy_types.go rename to api/v1alpha2/tlspolicy_types.go index ebf168a85..dfaeee31f 100644 --- a/api/v1alpha1/tlspolicy_types.go +++ b/api/v1alpha2/tlspolicy_types.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1alpha1 +package v1alpha2 import ( "context" diff --git a/api/v1alpha2/topology.go b/api/v1alpha2/topology.go new file mode 100644 index 000000000..b68b154af --- /dev/null +++ b/api/v1alpha2/topology.go @@ -0,0 +1,38 @@ +package v1alpha2 + +// Contains of this file allow the TLSPolicy to adhere to the machinery.Policy interface + +import ( + "github.com/kuadrant/policy-machinery/machinery" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + TLSPoliciesResource = GroupVersion.WithResource("tlspolicies") + TLSPolicyGroupKind = schema.GroupKind{Group: GroupVersion.Group, Kind: "TLSPolicy"} +) + +var _ machinery.Policy = &TLSPolicy{} + +func (p *TLSPolicy) GetTargetRefs() []machinery.PolicyTargetReference { + return []machinery.PolicyTargetReference{ + machinery.LocalPolicyTargetReference{ + LocalPolicyTargetReference: p.Spec.TargetRef, + PolicyNamespace: p.Namespace, + }, + } +} + +func (p *TLSPolicy) GetMergeStrategy() machinery.MergeStrategy { + return func(policy machinery.Policy, _ machinery.Policy) machinery.Policy { + return policy + } +} + +func (p *TLSPolicy) Merge(other machinery.Policy) machinery.Policy { + return other +} + +func (p *TLSPolicy) GetLocator() string { + return machinery.LocatorFromObject(p) +} diff --git a/api/v1alpha2/zz_generated.deepcopy.go b/api/v1alpha2/zz_generated.deepcopy.go new file mode 100644 index 000000000..c2ee99946 --- /dev/null +++ b/api/v1alpha2/zz_generated.deepcopy.go @@ -0,0 +1,166 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2021. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) { + *out = *in + out.IssuerRef = in.IssuerRef + if in.Duration != nil { + in, out := &in.Duration, &out.Duration + *out = new(v1.Duration) + **out = **in + } + if in.RenewBefore != nil { + in, out := &in.RenewBefore, &out.RenewBefore + *out = new(v1.Duration) + **out = **in + } + if in.Usages != nil { + in, out := &in.Usages, &out.Usages + *out = make([]certmanagerv1.KeyUsage, len(*in)) + copy(*out, *in) + } + if in.RevisionHistoryLimit != nil { + in, out := &in.RevisionHistoryLimit, &out.RevisionHistoryLimit + *out = new(int32) + **out = **in + } + if in.PrivateKey != nil { + in, out := &in.PrivateKey, &out.PrivateKey + *out = new(certmanagerv1.CertificatePrivateKey) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec. +func (in *CertificateSpec) DeepCopy() *CertificateSpec { + if in == nil { + return nil + } + out := new(CertificateSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSPolicy) DeepCopyInto(out *TLSPolicy) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicy. +func (in *TLSPolicy) DeepCopy() *TLSPolicy { + if in == nil { + return nil + } + out := new(TLSPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TLSPolicy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSPolicyList) DeepCopyInto(out *TLSPolicyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TLSPolicy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicyList. +func (in *TLSPolicyList) DeepCopy() *TLSPolicyList { + if in == nil { + return nil + } + out := new(TLSPolicyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TLSPolicyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSPolicySpec) DeepCopyInto(out *TLSPolicySpec) { + *out = *in + out.TargetRef = in.TargetRef + in.CertificateSpec.DeepCopyInto(&out.CertificateSpec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicySpec. +func (in *TLSPolicySpec) DeepCopy() *TLSPolicySpec { + if in == nil { + return nil + } + out := new(TLSPolicySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSPolicyStatus) DeepCopyInto(out *TLSPolicyStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicyStatus. +func (in *TLSPolicyStatus) DeepCopy() *TLSPolicyStatus { + if in == nil { + return nil + } + out := new(TLSPolicyStatus) + in.DeepCopyInto(out) + return out +} diff --git a/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml b/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml index 24b333884..abc268bc7 100644 --- a/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml +++ b/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml @@ -23,7 +23,7 @@ metadata: } }, { - "apiVersion": "kuadrant.io/v1alpha1", + "apiVersion": "kuadrant.io/v1alpha2", "kind": "TLSPolicy", "metadata": { "name": "tlspolicy-sample" @@ -106,7 +106,7 @@ metadata: capabilities: Basic Install categories: Integration & Delivery containerImage: quay.io/kuadrant/kuadrant-operator:latest - createdAt: "2024-10-04T10:37:57Z" + createdAt: "2024-10-10T13:07:30Z" description: A Kubernetes Operator to manage the lifecycle of the Kuadrant system operators.operatorframework.io/builder: operator-sdk-v1.32.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 @@ -142,12 +142,9 @@ spec: kind: RateLimitPolicy name: ratelimitpolicies.kuadrant.io version: v1beta3 - - description: TLSPolicy provides tls for gateway listeners by managing the lifecycle - of tls certificates - displayName: TLSPolicy - kind: TLSPolicy + - kind: TLSPolicy name: tlspolicies.kuadrant.io - version: v1alpha1 + version: v1alpha2 description: A Kubernetes Operator to manage the lifecycle of the Kuadrant system displayName: Kuadrant Operator icon: diff --git a/bundle/manifests/kuadrant.io_tlspolicies.yaml b/bundle/manifests/kuadrant.io_tlspolicies.yaml index 7635d670a..f186298b9 100644 --- a/bundle/manifests/kuadrant.io_tlspolicies.yaml +++ b/bundle/manifests/kuadrant.io_tlspolicies.yaml @@ -41,7 +41,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - name: v1alpha1 + name: v1alpha2 schema: openAPIV3Schema: description: TLSPolicy is the Schema for the tlspolicies API diff --git a/charts/kuadrant-operator/templates/manifests.yaml b/charts/kuadrant-operator/templates/manifests.yaml index 36a5a8921..0848e5d62 100644 --- a/charts/kuadrant-operator/templates/manifests.yaml +++ b/charts/kuadrant-operator/templates/manifests.yaml @@ -14423,7 +14423,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - name: v1alpha1 + name: v1alpha2 schema: openAPIV3Schema: description: TLSPolicy is the Schema for the tlspolicies API diff --git a/config/crd/bases/kuadrant.io_tlspolicies.yaml b/config/crd/bases/kuadrant.io_tlspolicies.yaml index a26086554..a40c0ebd0 100644 --- a/config/crd/bases/kuadrant.io_tlspolicies.yaml +++ b/config/crd/bases/kuadrant.io_tlspolicies.yaml @@ -40,7 +40,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - name: v1alpha1 + name: v1alpha2 schema: openAPIV3Schema: description: TLSPolicy is the Schema for the tlspolicies API diff --git a/config/samples/kuadrant_v1alpha1_tlspolicy.yaml b/config/samples/kuadrant_v1alpha2_tlspolicy.yaml similarity index 88% rename from config/samples/kuadrant_v1alpha1_tlspolicy.yaml rename to config/samples/kuadrant_v1alpha2_tlspolicy.yaml index 89dc838d0..da9cc2fff 100644 --- a/config/samples/kuadrant_v1alpha1_tlspolicy.yaml +++ b/config/samples/kuadrant_v1alpha2_tlspolicy.yaml @@ -1,5 +1,5 @@ --- -apiVersion: kuadrant.io/v1alpha1 +apiVersion: kuadrant.io/v1alpha2 kind: TLSPolicy metadata: name: tlspolicy-sample diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index ea729496b..65c919056 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -4,5 +4,5 @@ resources: - kuadrant_v1beta2_authpolicy.yaml - kuadrant_v1beta3_ratelimitpolicy.yaml - kuadrant_v1alpha1_dnspolicy.yaml -- kuadrant_v1alpha1_tlspolicy.yaml +- kuadrant_v1alpha2_tlspolicy.yaml #+kubebuilder:scaffold:manifestskustomizesamples diff --git a/controllers/state_of_the_world.go b/controllers/state_of_the_world.go index 3a6a31d7d..dec660bd2 100644 --- a/controllers/state_of_the_world.go +++ b/controllers/state_of_the_world.go @@ -26,6 +26,7 @@ import ( gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" kuadrantv1alpha1 "github.com/kuadrant/kuadrant-operator/api/v1alpha1" + kuadrantv1alpha2 "github.com/kuadrant/kuadrant-operator/api/v1alpha2" kuadrantv1beta1 "github.com/kuadrant/kuadrant-operator/api/v1beta1" kuadrantv1beta2 "github.com/kuadrant/kuadrant-operator/api/v1beta2" kuadrantv1beta3 "github.com/kuadrant/kuadrant-operator/api/v1beta3" @@ -63,10 +64,10 @@ func NewPolicyMachineryController(manager ctrlruntime.Manager, client *dynamic.D controller.WithPredicates(&ctrlruntimepredicate.TypedGenerationChangedPredicate[*kuadrantv1alpha1.DNSPolicy]{}), )), controller.WithRunnable("tlspolicy watcher", controller.Watch( - &kuadrantv1alpha1.TLSPolicy{}, - kuadrantv1alpha1.TLSPoliciesResource, + &kuadrantv1alpha2.TLSPolicy{}, + kuadrantv1alpha2.TLSPoliciesResource, metav1.NamespaceAll, - controller.WithPredicates(&ctrlruntimepredicate.TypedGenerationChangedPredicate[*kuadrantv1alpha1.TLSPolicy]{}), + controller.WithPredicates(&ctrlruntimepredicate.TypedGenerationChangedPredicate[*kuadrantv1alpha2.TLSPolicy]{}), )), controller.WithRunnable("authpolicy watcher", controller.Watch( &kuadrantv1beta2.AuthPolicy{}, @@ -100,7 +101,7 @@ func NewPolicyMachineryController(manager ctrlruntime.Manager, client *dynamic.D )), controller.WithPolicyKinds( kuadrantv1alpha1.DNSPolicyGroupKind, - kuadrantv1alpha1.TLSPolicyGroupKind, + kuadrantv1alpha2.TLSPolicyGroupKind, kuadrantv1beta2.AuthPolicyGroupKind, kuadrantv1beta3.RateLimitPolicyGroupKind, ), @@ -316,7 +317,7 @@ func (b *BootOptionsBuilder) Reconciler() controller.ReconcileFunc { func certManagerControllerOpts() []controller.ControllerOption { isCertificateOwnedByTLSPolicy := func(c *certmanagerv1.Certificate) bool { - return isObjectOwnedByGroupKind(c, kuadrantv1alpha1.TLSPolicyGroupKind) + return isObjectOwnedByGroupKind(c, kuadrantv1alpha2.TLSPolicyGroupKind) } return []controller.ControllerOption{ diff --git a/controllers/target_status_controller.go b/controllers/target_status_controller.go index 799a73131..e4d393468 100644 --- a/controllers/target_status_controller.go +++ b/controllers/target_status_controller.go @@ -39,6 +39,7 @@ import ( gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" kuadrantv1alpha1 "github.com/kuadrant/kuadrant-operator/api/v1alpha1" + kuadrantv1alpha2 "github.com/kuadrant/kuadrant-operator/api/v1alpha2" kuadrantv1beta2 "github.com/kuadrant/kuadrant-operator/api/v1beta2" kuadrantv1beta3 "github.com/kuadrant/kuadrant-operator/api/v1beta3" "github.com/kuadrant/kuadrant-operator/pkg/library/fieldindexers" @@ -83,7 +84,7 @@ func (r *TargetStatusReconciler) reconcileResources(ctx context.Context, gw *gat policyKinds := map[kuadrantgatewayapi.Policy]client.ObjectList{ &kuadrantv1beta2.AuthPolicy{TypeMeta: ctrl.TypeMeta{Kind: "AuthPolicy"}}: &kuadrantv1beta2.AuthPolicyList{}, &kuadrantv1alpha1.DNSPolicy{TypeMeta: ctrl.TypeMeta{Kind: "DNSPolicy"}}: &kuadrantv1alpha1.DNSPolicyList{}, - &kuadrantv1alpha1.TLSPolicy{TypeMeta: ctrl.TypeMeta{Kind: "TLSPolicy"}}: &kuadrantv1alpha1.TLSPolicyList{}, + &kuadrantv1alpha2.TLSPolicy{TypeMeta: ctrl.TypeMeta{Kind: "TLSPolicy"}}: &kuadrantv1alpha2.TLSPolicyList{}, &kuadrantv1beta3.RateLimitPolicy{TypeMeta: ctrl.TypeMeta{Kind: "RateLimitPolicy"}}: &kuadrantv1beta3.RateLimitPolicyList{}, } @@ -393,7 +394,7 @@ func (r *TargetStatusReconciler) SetupWithManager(mgr ctrl.Manager) error { builder.WithPredicates(policyStatusChangedPredicate), ). Watches( - &kuadrantv1alpha1.TLSPolicy{}, + &kuadrantv1alpha2.TLSPolicy{}, handler.EnqueueRequestsFromMapFunc(policyToParentGatewaysEventMapper.Map), builder.WithPredicates(policyStatusChangedPredicate), ). diff --git a/controllers/test_common.go b/controllers/test_common.go index 43d355ab9..909a0c1db 100644 --- a/controllers/test_common.go +++ b/controllers/test_common.go @@ -52,6 +52,7 @@ import ( maistraapis "github.com/kuadrant/kuadrant-operator/api/external/maistra" kuadrantv1alpha1 "github.com/kuadrant/kuadrant-operator/api/v1alpha1" + kuadrantv1alpha2 "github.com/kuadrant/kuadrant-operator/api/v1alpha2" kuadrantv1beta1 "github.com/kuadrant/kuadrant-operator/api/v1beta1" kuadrantv1beta2 "github.com/kuadrant/kuadrant-operator/api/v1beta2" kuadrantv1beta3 "github.com/kuadrant/kuadrant-operator/api/v1beta3" @@ -293,6 +294,7 @@ func BootstrapScheme() *runtime.Scheme { scheme.AddToScheme, kuadrantdnsv1alpha1.AddToScheme, kuadrantv1alpha1.AddToScheme, + kuadrantv1alpha2.AddToScheme, kuadrantv1beta1.AddToScheme, kuadrantv1beta2.AddToScheme, kuadrantv1beta3.AddToScheme, diff --git a/controllers/tls_workflow.go b/controllers/tls_workflow.go index 627fa1896..57ee2bb80 100644 --- a/controllers/tls_workflow.go +++ b/controllers/tls_workflow.go @@ -10,7 +10,7 @@ import ( "k8s.io/client-go/dynamic" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" - kuadrantv1alpha1 "github.com/kuadrant/kuadrant-operator/api/v1alpha1" + kuadrantv1alpha2 "github.com/kuadrant/kuadrant-operator/api/v1alpha2" ) const ( @@ -80,7 +80,7 @@ func LinkListenerToCertificateFunc(objs controller.Store) machinery.LinkFunc { func LinkGatewayToIssuerFunc(objs controller.Store) machinery.LinkFunc { gateways := lo.Map(objs.FilterByGroupKind(machinery.GatewayGroupKind), controller.ObjectAs[*gwapiv1.Gateway]) - tlsPolicies := lo.Map(objs.FilterByGroupKind(kuadrantv1alpha1.TLSPolicyGroupKind), controller.ObjectAs[*kuadrantv1alpha1.TLSPolicy]) + tlsPolicies := lo.Map(objs.FilterByGroupKind(kuadrantv1alpha2.TLSPolicyGroupKind), controller.ObjectAs[*kuadrantv1alpha2.TLSPolicy]) return machinery.LinkFunc{ From: machinery.GatewayGroupKind, @@ -91,7 +91,7 @@ func LinkGatewayToIssuerFunc(objs controller.Store) machinery.LinkFunc { // Policies linked to Issuer // Issuer must be in the same namespace as the policy - linkedPolicies := lo.Filter(tlsPolicies, func(p *kuadrantv1alpha1.TLSPolicy, index int) bool { + linkedPolicies := lo.Filter(tlsPolicies, func(p *kuadrantv1alpha2.TLSPolicy, index int) bool { return p.Spec.IssuerRef.Name == issuer.GetName() && p.GetNamespace() == issuer.GetNamespace() && p.Spec.IssuerRef.Kind == certmanagerv1.IssuerKind }) @@ -119,7 +119,7 @@ func LinkGatewayToIssuerFunc(objs controller.Store) machinery.LinkFunc { func LinkGatewayToClusterIssuerFunc(objs controller.Store) machinery.LinkFunc { gateways := lo.Map(objs.FilterByGroupKind(machinery.GatewayGroupKind), controller.ObjectAs[*gwapiv1.Gateway]) - tlsPolicies := lo.Map(objs.FilterByGroupKind(kuadrantv1alpha1.TLSPolicyGroupKind), controller.ObjectAs[*kuadrantv1alpha1.TLSPolicy]) + tlsPolicies := lo.Map(objs.FilterByGroupKind(kuadrantv1alpha2.TLSPolicyGroupKind), controller.ObjectAs[*kuadrantv1alpha2.TLSPolicy]) return machinery.LinkFunc{ From: machinery.GatewayGroupKind, @@ -129,7 +129,7 @@ func LinkGatewayToClusterIssuerFunc(objs controller.Store) machinery.LinkFunc { clusterIssuer := o.Object.(*certmanagerv1.ClusterIssuer) // Policies linked to ClusterIssuer - linkedPolicies := lo.Filter(tlsPolicies, func(p *kuadrantv1alpha1.TLSPolicy, index int) bool { + linkedPolicies := lo.Filter(tlsPolicies, func(p *kuadrantv1alpha2.TLSPolicy, index int) bool { return p.Spec.IssuerRef.Name == clusterIssuer.GetName() && p.Spec.IssuerRef.Kind == certmanagerv1.ClusterIssuerKind }) diff --git a/controllers/tlspolicies_validator.go b/controllers/tlspolicies_validator.go index 368395caf..e16fe1850 100644 --- a/controllers/tlspolicies_validator.go +++ b/controllers/tlspolicies_validator.go @@ -10,7 +10,7 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/utils/ptr" - kuadrantv1alpha1 "github.com/kuadrant/kuadrant-operator/api/v1alpha1" + kuadrantv1alpha2 "github.com/kuadrant/kuadrant-operator/api/v1alpha2" "github.com/kuadrant/kuadrant-operator/pkg/library/kuadrant" ) @@ -28,8 +28,8 @@ func (t *ValidateTLSPoliciesValidatorReconciler) Subscription() *controller.Subs return &controller.Subscription{ Events: []controller.ResourceEventMatcher{ {Kind: &machinery.GatewayGroupKind}, - {Kind: &kuadrantv1alpha1.TLSPolicyGroupKind, EventType: ptr.To(controller.CreateEvent)}, - {Kind: &kuadrantv1alpha1.TLSPolicyGroupKind, EventType: ptr.To(controller.UpdateEvent)}, + {Kind: &kuadrantv1alpha2.TLSPolicyGroupKind, EventType: ptr.To(controller.CreateEvent)}, + {Kind: &kuadrantv1alpha2.TLSPolicyGroupKind, EventType: ptr.To(controller.UpdateEvent)}, {Kind: &CertManagerCertificateKind}, {Kind: &CertManagerIssuerKind}, {Kind: &CertManagerClusterIssuerKind}, @@ -42,8 +42,8 @@ func (t *ValidateTLSPoliciesValidatorReconciler) Validate(ctx context.Context, _ logger := controller.LoggerFromContext(ctx).WithName("ValidateTLSPolicyTask").WithName("Reconcile") // Get all TLS Policies - policies := lo.FilterMap(topology.Policies().Items(), func(item machinery.Policy, index int) (*kuadrantv1alpha1.TLSPolicy, bool) { - p, ok := item.(*kuadrantv1alpha1.TLSPolicy) + policies := lo.FilterMap(topology.Policies().Items(), func(item machinery.Policy, index int) (*kuadrantv1alpha2.TLSPolicy, bool) { + p, ok := item.(*kuadrantv1alpha2.TLSPolicy) return p, ok }) @@ -64,7 +64,7 @@ func (t *ValidateTLSPoliciesValidatorReconciler) Validate(ctx context.Context, _ // Policies are already linked to their targets, if is target ref length and length of targetables by this policy is the same if len(p.GetTargetRefs()) != len(topology.Targetables().Children(p)) { logger.V(1).Info("tls policy cannot find target ref", "name", p.Name, "namespace", p.Namespace) - isPolicyValidErrorMap[p.GetLocator()] = kuadrant.NewErrTargetNotFound(p.Kind(), p.GetTargetRef(), apierrors.NewNotFound(kuadrantv1alpha1.TLSPoliciesResource.GroupResource(), p.GetName())) + isPolicyValidErrorMap[p.GetLocator()] = kuadrant.NewErrTargetNotFound(p.Kind(), p.GetTargetRef(), apierrors.NewNotFound(kuadrantv1alpha2.TLSPoliciesResource.GroupResource(), p.GetName())) continue } diff --git a/controllers/tlspolicy_certmanager.go b/controllers/tlspolicy_certmanager.go index c9cf53ded..0098e6712 100644 --- a/controllers/tlspolicy_certmanager.go +++ b/controllers/tlspolicy_certmanager.go @@ -11,7 +11,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1" - "github.com/kuadrant/kuadrant-operator/api/v1alpha1" + "github.com/kuadrant/kuadrant-operator/api/v1alpha2" ) // https://cert-manager.io/docs/usage/gateway/#supported-annotations @@ -67,7 +67,7 @@ func validateGatewayListenerBlock(path *field.Path, l gatewayapiv1.Listener, ing // translatePolicy updates the Certificate spec using the TLSPolicy spec // converted from https://github.com/cert-manager/cert-manager/blob/master/pkg/controller/certificate-shim/helper.go#L63 -func translatePolicy(crt *certmanv1.Certificate, tlsPolicy v1alpha1.TLSPolicySpec) { +func translatePolicy(crt *certmanv1.Certificate, tlsPolicy v1alpha2.TLSPolicySpec) { if tlsPolicy.CommonName != "" { crt.Spec.CommonName = tlsPolicy.CommonName } @@ -116,7 +116,7 @@ func translatePolicy(crt *certmanv1.Certificate, tlsPolicy v1alpha1.TLSPolicySpe } // validateIssuer validates that the issuer specified exists -func validateIssuer(ctx context.Context, k8sClient client.Client, policy *v1alpha1.TLSPolicy) error { +func validateIssuer(ctx context.Context, k8sClient client.Client, policy *v1alpha2.TLSPolicy) error { var issuer client.Object issuerNamespace := "" switch policy.Spec.IssuerRef.Kind { diff --git a/controllers/tlspolicy_certmanager_certificates.go b/controllers/tlspolicy_certmanager_certificates.go index fcce87f80..abb8c390f 100644 --- a/controllers/tlspolicy_certmanager_certificates.go +++ b/controllers/tlspolicy_certmanager_certificates.go @@ -16,11 +16,11 @@ import ( crlog "sigs.k8s.io/controller-runtime/pkg/log" gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1" - "github.com/kuadrant/kuadrant-operator/api/v1alpha1" + "github.com/kuadrant/kuadrant-operator/api/v1alpha2" reconcilerutils "github.com/kuadrant/kuadrant-operator/pkg/library/reconcilers" ) -func (r *TLSPolicyReconciler) reconcileCertificates(ctx context.Context, tlsPolicy *v1alpha1.TLSPolicy, gwDiffObj *reconcilerutils.GatewayDiffs) error { +func (r *TLSPolicyReconciler) reconcileCertificates(ctx context.Context, tlsPolicy *v1alpha2.TLSPolicy, gwDiffObj *reconcilerutils.GatewayDiffs) error { log := crlog.FromContext(ctx) log.V(3).Info("reconciling certificates") @@ -45,7 +45,7 @@ func (r *TLSPolicyReconciler) reconcileCertificates(ctx context.Context, tlsPoli return nil } -func (r *TLSPolicyReconciler) createOrUpdateGatewayCertificates(ctx context.Context, tlspolicy *v1alpha1.TLSPolicy, expectedCertificates []*certmanv1.Certificate) error { +func (r *TLSPolicyReconciler) createOrUpdateGatewayCertificates(ctx context.Context, tlspolicy *v1alpha2.TLSPolicy, expectedCertificates []*certmanv1.Certificate) error { //create or update all expected Certificates for idx := range expectedCertificates { cert := expectedCertificates[idx] @@ -60,11 +60,11 @@ func (r *TLSPolicyReconciler) createOrUpdateGatewayCertificates(ctx context.Cont return nil } -func (r *TLSPolicyReconciler) deleteGatewayCertificates(ctx context.Context, gateway *gatewayapiv1.Gateway, tlsPolicy *v1alpha1.TLSPolicy) error { +func (r *TLSPolicyReconciler) deleteGatewayCertificates(ctx context.Context, gateway *gatewayapiv1.Gateway, tlsPolicy *v1alpha2.TLSPolicy) error { return r.deleteCertificatesWithLabels(ctx, commonTLSCertificateLabels(client.ObjectKeyFromObject(gateway), tlsPolicy), tlsPolicy.Namespace) } -func (r *TLSPolicyReconciler) deleteCertificates(ctx context.Context, tlsPolicy *v1alpha1.TLSPolicy) error { +func (r *TLSPolicyReconciler) deleteCertificates(ctx context.Context, tlsPolicy *v1alpha2.TLSPolicy) error { return r.deleteCertificatesWithLabels(ctx, policyTLSCertificateLabels(tlsPolicy), tlsPolicy.Namespace) } @@ -83,7 +83,7 @@ func (r *TLSPolicyReconciler) deleteCertificatesWithLabels(ctx context.Context, return nil } -func (r *TLSPolicyReconciler) deleteUnexpectedCertificates(ctx context.Context, expectedCertificates []*certmanv1.Certificate, gateway *gatewayapiv1.Gateway, tlsPolicy *v1alpha1.TLSPolicy) error { +func (r *TLSPolicyReconciler) deleteUnexpectedCertificates(ctx context.Context, expectedCertificates []*certmanv1.Certificate, gateway *gatewayapiv1.Gateway, tlsPolicy *v1alpha2.TLSPolicy) error { // remove any certificates for this gateway and TLSPolicy that are no longer expected existingCertificates := &certmanv1.CertificateList{} dnsLabels := commonTLSCertificateLabels(client.ObjectKeyFromObject(gateway), tlsPolicy) @@ -103,7 +103,7 @@ func (r *TLSPolicyReconciler) deleteUnexpectedCertificates(ctx context.Context, return nil } -func expectedCertificatesForGateway(ctx context.Context, gateway *gatewayapiv1.Gateway, tlsPolicy *v1alpha1.TLSPolicy) []*certmanv1.Certificate { +func expectedCertificatesForGateway(ctx context.Context, gateway *gatewayapiv1.Gateway, tlsPolicy *v1alpha2.TLSPolicy) []*certmanv1.Certificate { log := crlog.FromContext(ctx) tlsHosts := make(map[corev1.ObjectReference][]string) @@ -136,7 +136,7 @@ func expectedCertificatesForGateway(ctx context.Context, gateway *gatewayapiv1.G return certs } -func expectedCertificatesForListener(l *machinery.Listener, tlsPolicy *v1alpha1.TLSPolicy) []*certmanv1.Certificate { +func expectedCertificatesForListener(l *machinery.Listener, tlsPolicy *v1alpha2.TLSPolicy) []*certmanv1.Certificate { tlsHosts := make(map[corev1.ObjectReference][]string) hostname := "*" @@ -165,7 +165,7 @@ func expectedCertificatesForListener(l *machinery.Listener, tlsPolicy *v1alpha1. return certs } -func buildCertManagerCertificate(gateway *gatewayapiv1.Gateway, tlsPolicy *v1alpha1.TLSPolicy, secretRef corev1.ObjectReference, hosts []string) *certmanv1.Certificate { +func buildCertManagerCertificate(gateway *gatewayapiv1.Gateway, tlsPolicy *v1alpha2.TLSPolicy, secretRef corev1.ObjectReference, hosts []string) *certmanv1.Certificate { tlsCertLabels := commonTLSCertificateLabels(client.ObjectKeyFromObject(gateway), tlsPolicy) crt := &certmanv1.Certificate{ @@ -188,7 +188,7 @@ func buildCertManagerCertificate(gateway *gatewayapiv1.Gateway, tlsPolicy *v1alp return crt } -func commonTLSCertificateLabels(gwKey client.ObjectKey, p *v1alpha1.TLSPolicy) map[string]string { +func commonTLSCertificateLabels(gwKey client.ObjectKey, p *v1alpha2.TLSPolicy) map[string]string { common := map[string]string{} for k, v := range policyTLSCertificateLabels(p) { common[k] = v @@ -199,7 +199,7 @@ func commonTLSCertificateLabels(gwKey client.ObjectKey, p *v1alpha1.TLSPolicy) m return common } -func policyTLSCertificateLabels(p *v1alpha1.TLSPolicy) map[string]string { +func policyTLSCertificateLabels(p *v1alpha2.TLSPolicy) map[string]string { return map[string]string{ p.DirectReferenceAnnotationName(): p.Name, fmt.Sprintf("%s-namespace", p.DirectReferenceAnnotationName()): p.Namespace, diff --git a/controllers/tlspolicy_controller.go b/controllers/tlspolicy_controller.go index 723d0e263..0556f9994 100644 --- a/controllers/tlspolicy_controller.go +++ b/controllers/tlspolicy_controller.go @@ -30,7 +30,7 @@ import ( crlog "sigs.k8s.io/controller-runtime/pkg/log" gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1" - "github.com/kuadrant/kuadrant-operator/api/v1alpha1" + "github.com/kuadrant/kuadrant-operator/api/v1alpha2" kuadrantgatewayapi "github.com/kuadrant/kuadrant-operator/pkg/library/gatewayapi" "github.com/kuadrant/kuadrant-operator/pkg/library/mappers" "github.com/kuadrant/kuadrant-operator/pkg/library/reconcilers" @@ -58,7 +58,7 @@ func (r *TLSPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( log.Info("Reconciling TLSPolicy") ctx = crlog.IntoContext(ctx, log) - previous := &v1alpha1.TLSPolicy{} + previous := &v1alpha2.TLSPolicy{} if err := r.Client().Get(ctx, req.NamespacedName, previous); err != nil { if err := client.IgnoreNotFound(err); err == nil { return ctrl.Result{}, nil @@ -112,7 +112,7 @@ func (r *TLSPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( return ctrl.Result{}, specErr } -func (r *TLSPolicyReconciler) reconcileResources(ctx context.Context, tlsPolicy *v1alpha1.TLSPolicy, targetNetworkObject client.Object) error { +func (r *TLSPolicyReconciler) reconcileResources(ctx context.Context, tlsPolicy *v1alpha2.TLSPolicy, targetNetworkObject client.Object) error { err := validateIssuer(ctx, r.Client(), tlsPolicy) if err != nil { return err @@ -141,7 +141,7 @@ func (r *TLSPolicyReconciler) reconcileResources(ctx context.Context, tlsPolicy return nil } -func (r *TLSPolicyReconciler) deleteResources(ctx context.Context, tlsPolicy *v1alpha1.TLSPolicy, targetNetworkObject client.Object) error { +func (r *TLSPolicyReconciler) deleteResources(ctx context.Context, tlsPolicy *v1alpha2.TLSPolicy, targetNetworkObject client.Object) error { // delete based on gateway diffs gatewayDiffObj, err := reconcilers.ComputeGatewayDiffs(ctx, r.Client(), tlsPolicy, targetNetworkObject) if err != nil { @@ -184,13 +184,13 @@ func (r *TLSPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error { } gatewayEventMapper := mappers.NewGatewayEventMapper( - v1alpha1.NewTLSPolicyType(), + v1alpha2.NewTLSPolicyType(), mappers.WithLogger(r.Logger().WithName("gateway.mapper")), mappers.WithClient(mgr.GetClient()), ) return ctrl.NewControllerManagedBy(mgr). - For(&v1alpha1.TLSPolicy{}). + For(&v1alpha2.TLSPolicy{}). Owns(&certmanagerv1.Certificate{}). Watches(&gatewayapiv1.Gateway{}, handler.EnqueueRequestsFromMapFunc(gatewayEventMapper.Map)). Complete(r) diff --git a/controllers/tlspolicy_status_updater.go b/controllers/tlspolicy_status_updater.go index 98c1c6d1d..c9b408256 100644 --- a/controllers/tlspolicy_status_updater.go +++ b/controllers/tlspolicy_status_updater.go @@ -19,7 +19,7 @@ import ( "k8s.io/utils/ptr" gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - kuadrantv1alpha1 "github.com/kuadrant/kuadrant-operator/api/v1alpha1" + kuadrantv1alpha2 "github.com/kuadrant/kuadrant-operator/api/v1alpha2" "github.com/kuadrant/kuadrant-operator/pkg/library/kuadrant" "github.com/kuadrant/kuadrant-operator/pkg/library/utils" ) @@ -36,8 +36,8 @@ func (t *TLSPolicyStatusUpdaterReconciler) Subscription() *controller.Subscripti return &controller.Subscription{ Events: []controller.ResourceEventMatcher{ {Kind: &machinery.GatewayGroupKind}, - {Kind: &kuadrantv1alpha1.TLSPolicyGroupKind, EventType: ptr.To(controller.CreateEvent)}, - {Kind: &kuadrantv1alpha1.TLSPolicyGroupKind, EventType: ptr.To(controller.UpdateEvent)}, + {Kind: &kuadrantv1alpha2.TLSPolicyGroupKind, EventType: ptr.To(controller.CreateEvent)}, + {Kind: &kuadrantv1alpha2.TLSPolicyGroupKind, EventType: ptr.To(controller.UpdateEvent)}, {Kind: &CertManagerCertificateKind}, {Kind: &CertManagerIssuerKind}, {Kind: &CertManagerClusterIssuerKind}, @@ -49,8 +49,8 @@ func (t *TLSPolicyStatusUpdaterReconciler) Subscription() *controller.Subscripti func (t *TLSPolicyStatusUpdaterReconciler) UpdateStatus(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, s *sync.Map) error { logger := controller.LoggerFromContext(ctx).WithName("TLSPolicyStatusUpdaterReconciler").WithName("Reconcile") - policies := lo.FilterMap(topology.Policies().Items(), func(item machinery.Policy, index int) (*kuadrantv1alpha1.TLSPolicy, bool) { - p, ok := item.(*kuadrantv1alpha1.TLSPolicy) + policies := lo.FilterMap(topology.Policies().Items(), func(item machinery.Policy, index int) (*kuadrantv1alpha2.TLSPolicy, bool) { + p, ok := item.(*kuadrantv1alpha2.TLSPolicy) return p, ok }) @@ -68,7 +68,7 @@ func (t *TLSPolicyStatusUpdaterReconciler) UpdateStatus(ctx context.Context, _ [ continue } - newStatus := &kuadrantv1alpha1.TLSPolicyStatus{ + newStatus := &kuadrantv1alpha2.TLSPolicyStatus{ // Copy initial conditions. Otherwise, status will always be updated Conditions: slices.Clone(policy.Status.Conditions), ObservedGeneration: policy.Status.ObservedGeneration, @@ -94,7 +94,7 @@ func (t *TLSPolicyStatusUpdaterReconciler) UpdateStatus(ctx context.Context, _ [ newStatus.ObservedGeneration = policy.Generation policy.Status = *newStatus - resource := t.Client.Resource(kuadrantv1alpha1.TLSPoliciesResource).Namespace(policy.GetNamespace()) + resource := t.Client.Resource(kuadrantv1alpha2.TLSPoliciesResource).Namespace(policy.GetNamespace()) un, err := controller.Destruct(policy) if err != nil { logger.Error(err, "unable to destruct policy") @@ -110,7 +110,7 @@ func (t *TLSPolicyStatusUpdaterReconciler) UpdateStatus(ctx context.Context, _ [ return nil } -func (t *TLSPolicyStatusUpdaterReconciler) enforcedCondition(ctx context.Context, tlsPolicy *kuadrantv1alpha1.TLSPolicy, topology *machinery.Topology) *metav1.Condition { +func (t *TLSPolicyStatusUpdaterReconciler) enforcedCondition(ctx context.Context, tlsPolicy *kuadrantv1alpha2.TLSPolicy, topology *machinery.Topology) *metav1.Condition { if err := t.isIssuerReady(ctx, tlsPolicy, topology); err != nil { return kuadrant.EnforcedCondition(tlsPolicy, kuadrant.NewErrUnknown(tlsPolicy.Kind(), err), false) } @@ -122,7 +122,7 @@ func (t *TLSPolicyStatusUpdaterReconciler) enforcedCondition(ctx context.Context return kuadrant.EnforcedCondition(tlsPolicy, nil, true) } -func (t *TLSPolicyStatusUpdaterReconciler) isIssuerReady(ctx context.Context, tlsPolicy *kuadrantv1alpha1.TLSPolicy, topology *machinery.Topology) error { +func (t *TLSPolicyStatusUpdaterReconciler) isIssuerReady(ctx context.Context, tlsPolicy *kuadrantv1alpha2.TLSPolicy, topology *machinery.Topology) error { logger := controller.LoggerFromContext(ctx).WithName("TLSPolicyStatusUpdaterReconciler").WithName("isIssuerReady") // Get all gateways @@ -189,7 +189,7 @@ func (t *TLSPolicyStatusUpdaterReconciler) isIssuerReady(ctx context.Context, tl } func (t *TLSPolicyStatusUpdaterReconciler) isCertificatesReady(p machinery.Policy, topology *machinery.Topology) error { - tlsPolicy, ok := p.(*kuadrantv1alpha1.TLSPolicy) + tlsPolicy, ok := p.(*kuadrantv1alpha2.TLSPolicy) if !ok { return errors.New("invalid policy") } diff --git a/controllers/tlspolicy_status_updater_test.go b/controllers/tlspolicy_status_updater_test.go index f43199e21..6697dc697 100644 --- a/controllers/tlspolicy_status_updater_test.go +++ b/controllers/tlspolicy_status_updater_test.go @@ -19,7 +19,7 @@ import ( gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - kuadrantv1alpha1 "github.com/kuadrant/kuadrant-operator/api/v1alpha1" + kuadrantv1alpha2 "github.com/kuadrant/kuadrant-operator/api/v1alpha2" "github.com/kuadrant/kuadrant-operator/pkg/library/kuadrant" ) @@ -32,8 +32,8 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { gwName = "kuadrant-gateway" ) - policyFactory := func(mutateFn ...func(policy *kuadrantv1alpha1.TLSPolicy)) *kuadrantv1alpha1.TLSPolicy { - p := &kuadrantv1alpha1.TLSPolicy{ + policyFactory := func(mutateFn ...func(policy *kuadrantv1alpha2.TLSPolicy)) *kuadrantv1alpha2.TLSPolicy { + p := &kuadrantv1alpha2.TLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Namespace: ns, Name: tlsPolicyName, @@ -41,10 +41,10 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { }, TypeMeta: metav1.TypeMeta{ Kind: "TLSPolicy", - APIVersion: kuadrantv1alpha1.GroupVersion.String(), + APIVersion: kuadrantv1alpha2.GroupVersion.String(), }, - Spec: kuadrantv1alpha1.TLSPolicySpec{ - CertificateSpec: kuadrantv1alpha1.CertificateSpec{ + Spec: kuadrantv1alpha2.TLSPolicySpec{ + CertificateSpec: kuadrantv1alpha2.CertificateSpec{ IssuerRef: certmanmetav1.ObjectReference{ Name: issuerName, Kind: certmanv1.IssuerKind, @@ -64,7 +64,7 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { return p } - withClusterIssuerMutater := func(p *kuadrantv1alpha1.TLSPolicy) { + withClusterIssuerMutater := func(p *kuadrantv1alpha2.TLSPolicy) { p.Spec.CertificateSpec.IssuerRef.Kind = certmanv1.ClusterIssuerKind } @@ -212,7 +212,7 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { } } - topologyOpts := func(policy *kuadrantv1alpha1.TLSPolicy, additionalOps ...machinery.GatewayAPITopologyOptionsFunc) []machinery.GatewayAPITopologyOptionsFunc { + topologyOpts := func(policy *kuadrantv1alpha2.TLSPolicy, additionalOps ...machinery.GatewayAPITopologyOptionsFunc) []machinery.GatewayAPITopologyOptionsFunc { store := make(controller.Store) gw := gwFactory() store[string(gw.UID)] = gw @@ -234,8 +234,8 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { } type args struct { - tlsPolicy *kuadrantv1alpha1.TLSPolicy - topology func(*kuadrantv1alpha1.TLSPolicy) *machinery.Topology + tlsPolicy *kuadrantv1alpha2.TLSPolicy + topology func(*kuadrantv1alpha2.TLSPolicy) *machinery.Topology } tests := []struct { name string @@ -246,7 +246,7 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { name: "unable to get issuer", args: args{ tlsPolicy: policyFactory(), - topology: func(p *kuadrantv1alpha1.TLSPolicy) *machinery.Topology { + topology: func(p *kuadrantv1alpha2.TLSPolicy) *machinery.Topology { topology, _ := machinery.NewGatewayAPITopology( topologyOpts(p)..., ) @@ -264,7 +264,7 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { name: "unable to get cluster issuer", args: args{ tlsPolicy: policyFactory(withClusterIssuerMutater), - topology: func(p *kuadrantv1alpha1.TLSPolicy) *machinery.Topology { + topology: func(p *kuadrantv1alpha2.TLSPolicy) *machinery.Topology { topology, _ := machinery.NewGatewayAPITopology( topologyOpts(p)..., ) @@ -282,7 +282,7 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { name: "issuer not ready", args: args{ tlsPolicy: policyFactory(), - topology: func(p *kuadrantv1alpha1.TLSPolicy) *machinery.Topology { + topology: func(p *kuadrantv1alpha2.TLSPolicy) *machinery.Topology { opts := topologyOpts(p, machinery.WithGatewayAPITopologyObjects( &controller.RuntimeObject{Object: issuerFactory(issuerNotReadyMutater)}, )) @@ -301,7 +301,7 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { name: "issuer has no ready condition", args: args{ tlsPolicy: policyFactory(), - topology: func(p *kuadrantv1alpha1.TLSPolicy) *machinery.Topology { + topology: func(p *kuadrantv1alpha2.TLSPolicy) *machinery.Topology { opts := topologyOpts(p, machinery.WithGatewayAPITopologyObjects( &controller.RuntimeObject{Object: issuerFactory(func(issuer *certmanv1.Issuer) { issuer.Status.Conditions = []certmanv1.IssuerCondition{} @@ -322,7 +322,7 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { name: "cluster issuer not ready", args: args{ tlsPolicy: policyFactory(withClusterIssuerMutater), - topology: func(p *kuadrantv1alpha1.TLSPolicy) *machinery.Topology { + topology: func(p *kuadrantv1alpha2.TLSPolicy) *machinery.Topology { opts := topologyOpts(p, machinery.WithGatewayAPITopologyObjects( &controller.RuntimeObject{Object: clusterIssuerFactory(clusterIssuerNotReadyMutater)}, )) @@ -341,7 +341,7 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { name: "cluster issuer has no ready condition", args: args{ tlsPolicy: policyFactory(withClusterIssuerMutater), - topology: func(p *kuadrantv1alpha1.TLSPolicy) *machinery.Topology { + topology: func(p *kuadrantv1alpha2.TLSPolicy) *machinery.Topology { opts := topologyOpts(p, machinery.WithGatewayAPITopologyObjects( &controller.RuntimeObject{Object: clusterIssuerFactory(func(issuer *certmanv1.ClusterIssuer) { issuer.Status.Conditions = []certmanv1.IssuerCondition{} @@ -362,7 +362,7 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { name: "no valid gateways found", args: args{ tlsPolicy: policyFactory(), - topology: func(_ *kuadrantv1alpha1.TLSPolicy) *machinery.Topology { + topology: func(_ *kuadrantv1alpha2.TLSPolicy) *machinery.Topology { opts := topologyOpts(policyFactory(), machinery.WithGatewayAPITopologyObjects( &controller.RuntimeObject{Object: issuerFactory()}, )) @@ -381,7 +381,7 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { name: "unable to get certificate", args: args{ tlsPolicy: policyFactory(), - topology: func(policy *kuadrantv1alpha1.TLSPolicy) *machinery.Topology { + topology: func(policy *kuadrantv1alpha2.TLSPolicy) *machinery.Topology { opts := topologyOpts(policy, machinery.WithGatewayAPITopologyObjects( &controller.RuntimeObject{Object: issuerFactory()}, )) @@ -400,7 +400,7 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { name: "certificate is not ready", args: args{ tlsPolicy: policyFactory(), - topology: func(policy *kuadrantv1alpha1.TLSPolicy) *machinery.Topology { + topology: func(policy *kuadrantv1alpha2.TLSPolicy) *machinery.Topology { opts := topologyOpts(policy, machinery.WithGatewayAPITopologyObjects( &controller.RuntimeObject{Object: issuerFactory()}, &controller.RuntimeObject{Object: certificateFactory(certificateNotReadyMutater)}, @@ -420,7 +420,7 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { name: "certificate has no ready condition", args: args{ tlsPolicy: policyFactory(), - topology: func(policy *kuadrantv1alpha1.TLSPolicy) *machinery.Topology { + topology: func(policy *kuadrantv1alpha2.TLSPolicy) *machinery.Topology { opts := topologyOpts(policy, machinery.WithGatewayAPITopologyObjects( &controller.RuntimeObject{Object: issuerFactory()}, &controller.RuntimeObject{Object: certificateFactory(func(certificate *certmanv1.Certificate) { @@ -442,7 +442,7 @@ func TestTLSPolicyStatusTask_enforcedCondition(t *testing.T) { name: "is enforced", args: args{ tlsPolicy: policyFactory(), - topology: func(policy *kuadrantv1alpha1.TLSPolicy) *machinery.Topology { + topology: func(policy *kuadrantv1alpha2.TLSPolicy) *machinery.Topology { opts := topologyOpts(policy, machinery.WithGatewayAPITopologyObjects( &controller.RuntimeObject{Object: issuerFactory()}, &controller.RuntimeObject{Object: certificateFactory()}, diff --git a/doc/tls.md b/doc/tls.md index 0a2439ff0..83810a0bd 100644 --- a/doc/tls.md +++ b/doc/tls.md @@ -23,7 +23,7 @@ The `TLSPolicy` spec includes the following parts: [//]: # (ToDo mnairn) ```yaml -apiVersion: kuadrant.io/v1alpha1 +apiVersion: kuadrant.io/v1alpha2 kind: TLSPolicy metadata: name: my-tls-policy diff --git a/doc/user-guides/gateway-tls.md b/doc/user-guides/gateway-tls.md index 36ed36f87..0e4bafd9d 100644 --- a/doc/user-guides/gateway-tls.md +++ b/doc/user-guides/gateway-tls.md @@ -87,7 +87,7 @@ selfsigned-issuer True 18s Create a Kuadrant `TLSPolicy` to configure TLS: ```sh kubectl apply -n my-gateways -f - <