Implement KongVault controller and translator to translate and apply configuration of custom Kong vaults

[randmonkey]

Is there an existing issue for this?

• I have searched the existing issues

Problem Statement

Split from #4559.

The issue tracks the implementation of controller and translator of KongVault that reconciles KongVault resources and translate them to configurations of custom Kong vaults, then apply the configuration on Kong gateway(s).

Proposed Solution

• Implement a KongVault controller to reconcile and store KongVault resources
• Add a translator to translate KongVault to configuration of custom Kong vault and apply the config on Kong gateway

Additional information

No response

Acceptance Criteria

• KongVault resources are correctly translated and configured on Kong gateway.

[randmonkey]

Finished in multiple PRs.

[programmer04]

KongVault should be handled in

kubernetes-ingress-controller/internal/dataplane/configfetcher/kongrawstate.go

Lines 14 to 172 in b8b543c

	// KongRawStateToKongState converts a Deck kongRawState to a KIC KongState.
	func KongRawStateToKongState(rawstate *utils.KongRawState) *kongstate.KongState {
	kongState := &kongstate.KongState{}
	if rawstate == nil {
	return kongState
	}
	routes := make(map[string][]*kong.Route)
	for _, r := range rawstate.Routes {
	if r.Service != nil && r.Service.ID != nil {
	routes[*r.Service.ID] = append(routes[*r.Service.ID], r)
	}
	}
	pluginsByService := make(map[string][]*kong.Plugin)
	pluginsByRoute := make(map[string][]*kong.Plugin)
	for _, p := range rawstate.Plugins {
	if p.Service != nil && p.Service.ID != nil {
	pluginsByService[*p.Service.ID] = append(pluginsByService[*p.Service.ID], p)
	}
	if p.Route != nil && p.Route.ID != nil {
	pluginsByRoute[*p.Route.ID] = append(pluginsByRoute[*p.Route.ID], p)
	}
	}
	for _, cg := range rawstate.ConsumerGroups {
	kongState.ConsumerGroups = append(kongState.ConsumerGroups, kongstate.ConsumerGroup{ConsumerGroup: sanitizeConsumerGroup(*cg.ConsumerGroup)})
	}
	targets := make(map[string][]*kong.Target)
	for _, u := range rawstate.Targets {
	if u.Upstream != nil && u.Upstream.ID != nil {
	targets[*u.Upstream.ID] = append(targets[*u.Upstream.ID], u)
	}
	}
	for i, s := range rawstate.Services {
	kongState.Services = append(kongState.Services, kongstate.Service{
	Service: sanitizeKongService(*s),
	Routes: []kongstate.Route{},
	Plugins: []kong.Plugin{},
	})
	for j, r := range routes[*s.ID] {
	kongState.Services[i].Routes = append(kongState.Services[i].Routes, kongstate.Route{
	Route: sanitizeKongRoute(*r),
	Plugins: []kong.Plugin{},
	})
	if r.ID != nil {
	kongState.Services[i].Routes[j].Plugins = rawPluginsToPlugins(pluginsByRoute[*r.ID])
	}
	}
	kongState.Services[i].Plugins = rawPluginsToPlugins(pluginsByService[*s.ID])
	}
	for _, u := range rawstate.Upstreams {
	newUpstream := kongstate.Upstream{
	Upstream: *u,
	}
	if u.ID != nil {
	newUpstream.Targets = rawTargetsToTargets(targets[*u.ID])
	}
	kongState.Upstreams = append(kongState.Upstreams, sanitizeUpstream(newUpstream))
	}
	kongState.CACertificates = rawCACertificatesToCACertificates(rawstate.CACertificates)
	kongState.Certificates = rawCertificatesToCertificates(rawstate.Certificates)
	for i, consumer := range rawstate.Consumers {
	kongState.Consumers = append(kongState.Consumers, kongstate.Consumer{
	Consumer: sanitizeConsumer(*consumer),
	})
	for _, keyAuth := range rawstate.KeyAuths {
	if keyAuth.Consumer != nil {
	if *keyAuth.Consumer.ID == *consumer.ID {
	sanitizeAuth(keyAuth)
	kongState.Consumers[i].KeyAuths = append(kongState.Consumers[i].KeyAuths,
	&kongstate.KeyAuth{
	KeyAuth: *keyAuth,
	},
	)
	}
	}
	}
	for _, hmacAuth := range rawstate.HMACAuths {
	if hmacAuth.Consumer != nil {
	if *hmacAuth.Consumer.ID == *consumer.ID {
	sanitizeAuth(hmacAuth)
	kongState.Consumers[i].HMACAuths = append(kongState.Consumers[i].HMACAuths,
	&kongstate.HMACAuth{
	HMACAuth: *hmacAuth,
	},
	)
	}
	}
	}
	for _, jwtAuth := range rawstate.JWTAuths {
	if jwtAuth.Consumer != nil {
	if *jwtAuth.Consumer.ID == *consumer.ID {
	sanitizeAuth(jwtAuth)
	kongState.Consumers[i].JWTAuths = append(kongState.Consumers[i].JWTAuths,
	&kongstate.JWTAuth{
	JWTAuth: *jwtAuth,
	},
	)
	}
	}
	}
	for _, basicAuth := range rawstate.BasicAuths {
	if basicAuth.Consumer != nil {
	if *basicAuth.Consumer.ID == *consumer.ID {
	sanitizeAuth(basicAuth)
	kongState.Consumers[i].BasicAuths = append(kongState.Consumers[i].BasicAuths,
	&kongstate.BasicAuth{
	BasicAuth: *basicAuth,
	},
	)
	}
	}
	}
	for _, aclGroup := range rawstate.ACLGroups {
	if aclGroup.Consumer != nil {
	if *aclGroup.Consumer.ID == *consumer.ID {
	sanitizeAuth(aclGroup)
	kongState.Consumers[i].ACLGroups = append(kongState.Consumers[i].ACLGroups,
	&kongstate.ACLGroup{
	ACLGroup: *aclGroup,
	},
	)
	}
	}
	}
	for _, oauth2Cred := range rawstate.Oauth2Creds {
	if oauth2Cred.Consumer != nil {
	if *oauth2Cred.Consumer.ID == *consumer.ID {
	sanitizeAuth(oauth2Cred)
	kongState.Consumers[i].Oauth2Creds = append(kongState.Consumers[i].Oauth2Creds,
	&kongstate.Oauth2Credential{
	Oauth2Credential: *oauth2Cred,
	},
	)
	}
	}
	}
	for _, mTLSAuth := range rawstate.MTLSAuths {
	if mTLSAuth.Consumer != nil {
	if *mTLSAuth.Consumer.ID == *consumer.ID {
	sanitizeAuth(mTLSAuth)
	kongState.Consumers[i].MTLSAuths = append(kongState.Consumers[i].MTLSAuths,
	&kongstate.MTLSAuth{
	MTLSAuth: *mTLSAuth,
	},
	)
	}
	}
	}
	}
	return kongState
	}

too @randmonkey, see #5377