diff --git a/cmd/aws-application-networking-k8s/main.go b/cmd/aws-application-networking-k8s/main.go index 35d75648..8b8eb538 100644 --- a/cmd/aws-application-networking-k8s/main.go +++ b/cmd/aws-application-networking-k8s/main.go @@ -73,18 +73,18 @@ func addOptionalCRDs(scheme *runtime.Scheme) { scheme.AddKnownTypes(dnsEndpoint, &endpoint.DNSEndpoint{}, &endpoint.DNSEndpointList{}) metav1.AddToGroupVersion(scheme, dnsEndpoint) - awsGatewayControllerCRDGroupVersion := schema.GroupVersion{ + groupVersion := schema.GroupVersion{ Group: anv1alpha1.GroupName, Version: "v1alpha1", } - scheme.AddKnownTypes(awsGatewayControllerCRDGroupVersion, &anv1alpha1.TargetGroupPolicy{}, &anv1alpha1.TargetGroupPolicyList{}) - metav1.AddToGroupVersion(scheme, awsGatewayControllerCRDGroupVersion) - scheme.AddKnownTypes(awsGatewayControllerCRDGroupVersion, &anv1alpha1.VpcAssociationPolicy{}, &anv1alpha1.VpcAssociationPolicyList{}) - metav1.AddToGroupVersion(scheme, awsGatewayControllerCRDGroupVersion) + scheme.AddKnownTypes(groupVersion, + &anv1alpha1.TargetGroupPolicy{}, &anv1alpha1.TargetGroupPolicyList{}, + &anv1alpha1.AccessLogPolicy{}, &anv1alpha1.AccessLogPolicyList{}, + &anv1alpha1.VpcAssociationPolicy{}, &anv1alpha1.VpcAssociationPolicyList{}, + &anv1alpha1.IAMAuthPolicy{}, &anv1alpha1.IAMAuthPolicyList{}) - scheme.AddKnownTypes(awsGatewayControllerCRDGroupVersion, &anv1alpha1.AccessLogPolicy{}, &anv1alpha1.AccessLogPolicyList{}) - metav1.AddToGroupVersion(scheme, awsGatewayControllerCRDGroupVersion) + metav1.AddToGroupVersion(scheme, groupVersion) } func main() { @@ -186,6 +186,11 @@ func main() { setupLog.Fatalf("accesslogpolicy controller setup failed: %s", err) } + err = controllers.RegisterIAMAuthPolicyController(ctrlLog.Named("iam-auth-policy"), mgr) + if err != nil { + setupLog.Fatalf("iam auth policy controller setup failed: %s", err) + } + go latticestore.GetDefaultLatticeDataStore().ServeIntrospection() //+kubebuilder:scaffold:builder diff --git a/controllers/iamauthpolicy_controller.go b/controllers/iamauthpolicy_controller.go new file mode 100644 index 00000000..6d269c7a --- /dev/null +++ b/controllers/iamauthpolicy_controller.go @@ -0,0 +1,68 @@ +package controllers + +import ( + "context" + "fmt" + + anv1alpha1 "github.com/aws/aws-application-networking-k8s/pkg/apis/applicationnetworking/v1alpha1" + "github.com/aws/aws-application-networking-k8s/pkg/utils/gwlog" + + k8serr "k8s.io/apimachinery/pkg/api/errors" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +type IAMAuthPolicyController struct { + log gwlog.Logger + client client.Client +} + +func RegisterIAMAuthPolicyController(log gwlog.Logger, mgr ctrl.Manager) error { + controller := &IAMAuthPolicyController{ + log: log, + client: mgr.GetClient(), + } + err := ctrl.NewControllerManagedBy(mgr). + For(&anv1alpha1.IAMAuthPolicy{}). + Complete(controller) + return err +} + +func (c *IAMAuthPolicyController) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + c.log.Infow("reconcile", "req", req) + + policy := &anv1alpha1.IAMAuthPolicy{} + err := c.client.Get(ctx, req.NamespacedName, policy) + if !k8serr.IsNotFound(err) { + return ctrl.Result{}, err + } + + switch policy.Spec.TargetRef.Kind { + case "Gateway": + err = c.reconcileGateway(ctx, policy) + break + case "HTTPRoute": + case "GRPCRoute": + err = c.reconcileRoute(ctx, policy) + break + default: + err = fmt.Errorf("unsupported targetRef type, req=%s, kind=%s", + req, policy.Spec.TargetRef.Kind) + } + if err != nil { + return ctrl.Result{}, err + } + + c.log.Infow("successfully reconciled", "req", req) + return ctrl.Result{}, nil +} + +func (c *IAMAuthPolicyController) reconcileGateway(ctx context.Context, policy *anv1alpha1.IAMAuthPolicy) error { + c.log.Debugw("reconcile gateway iam policy", "policy", policy) + return nil +} + +func (c IAMAuthPolicyController) reconcileRoute(ctx context.Context, policy *anv1alpha1.IAMAuthPolicy) error { + c.log.Debugw("reconcile route iam policy", "policy", policy) + return nil +}