feat: admission webhooks

.circleci/config.yml

@@ -5,7 +5,7 @@ orbs:
   go: circleci/go@1.7.1
   helm: circleci/helm@2.0.1
   keeper: gravitee-io/keeper@0.6.2
-  gravitee: gravitee-io/gravitee@2.1.15
+  gravitee: gravitee-io/gravitee@2.1.16
 
 executors:
   azure-cli:
@@ -18,13 +18,13 @@ executors:
     docker:
       # Version can be found here https://docs.microsoft.com/en-us/cli/azure/release-notes-azure-cli
       # be careful when updating the version as it looks it is not following semver
-      - image: mcr.microsoft.com/azure-cli:2.40.0
+      - image: mcr.microsoft.com/azure-cli:2.41.0
     resource_class: <<parameters.resource_class>>
 
 jobs:
   lint:
     docker:
-      - image: cimg/go:1.19.1-node
+      - image: cimg/go:1.19.2-node
     steps:
       - checkout
       - go/mod-download-cached
@@ -66,7 +66,7 @@ jobs:
     steps:
       - checkout
       - go/install:
-          version: '1.18.4'
+          version: '1.19.2'
       - go/load-cache
       - kubernetes/install-kubectl
       - helm/install-helm-client
@@ -83,22 +83,28 @@ jobs:
           name: Docker login
           command: echo $AZURE_DOCKER_REGISTRY_PASSWORD | docker login --username $AZURE_DOCKER_REGISTRY_USERNAME --password-stdin graviteeio.azurecr.io
       - run:
-          name: Install gotestsum
-          command: make gotestsum
+          name: Install ginkgo
+          command: make ginkgo
       - run:
-          name: Start APIM using k3d
+          name: Start test cluster
           command: |
             export APIM_IMAGE_REGISTRY=graviteeio.azurecr.io
             export APIM_IMAGE_TAG=master-latest
             make k3d-apim-init
       - run:
-          name: Wait for APIM to be ready
-          command: kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=apim3 --timeout 300s
+          name: Install cert-manager on test cluster
+          command: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.0/cert-manager.yaml 
+      - run:
+          name: Deploy operator on test cluster
+          command: make k3d-gko-deploy
       - run:
           name: Run tests
-          command: GOTESTARGS="--junitfile=/tmp/junit/reports/junit.xml" make test
+          command: |
+            export KUBECONFIG=$HOME/.kube/config
+            export ENV=ci
+            GOTESTARGS="--output-dir=/tmp/junit/reports --junit-report=junit.xml" make test
       - store_test_results:
-          path: /tmp/junit
+          path: /tmp/junit/reports
 
   login-to-azure:
     executor:
@@ -144,7 +150,7 @@ jobs:
 
   deploy-gko-image:
     docker:
-      - image: cimg/go:1.19.1
+      - image: cimg/go:1.19.2
     steps:
       - attach_workspace:
           at: ~/
@@ -155,7 +161,7 @@ jobs:
 
   semantic-release:
     docker:
-      - image: cimg/go:1.19.1-node
+      - image: cimg/go:1.19.2-node
     environment:
       GITHUB_TOKEN: "keeper://TIlcGPFq4rN5GvgnZb9hng/field/password"
       GIT_AUTHOR_NAME: "keeper://q9AKrHbbTqSGDoUl-Lg85g/field/login"

.gitignore

@@ -14,6 +14,8 @@ testbin/*
 
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
+*.out.*
+junit.xml
 
 # Kubernetes Generated files - skip generated files, except for vendored files
 
@@ -32,4 +34,4 @@ gko-config-default.yml
 
 # K8S OLM 
 cache/
-bundle/
+bundle/

CHANGELOG.md

@@ -1,3 +1,70 @@
+# [0.1.0-alpha.14](https://github.com/gravitee-io/gravitee-kubernetes-operator/compare/0.1.0-alpha.13...0.1.0-alpha.14) (2022-11-03)
+
+
+### Bug Fixes
+
+* import api with disabled health check ([a874ac6](https://github.com/gravitee-io/gravitee-kubernetes-operator/commit/a874ac68908f91890956e1077f5a447f68b36cc4))
+* import API with logging ([7179561](https://github.com/gravitee-io/gravitee-kubernetes-operator/commit/7179561e64a2114c93031c2326b9b6a0227044c3))
+* import api with several endpoint groups ([c4032eb](https://github.com/gravitee-io/gravitee-kubernetes-operator/commit/c4032eb4090057c6d4aac0ab4cc9b2711db0033a))
+
+# [0.1.0-alpha.13](https://github.com/gravitee-io/gravitee-kubernetes-operator/compare/0.1.0-alpha.12...0.1.0-alpha.13) (2022-11-02)
+
+
+### Bug Fixes
+
+* add rbac marker for secret lists ([4bd7456](https://github.com/gravitee-io/gravitee-kubernetes-operator/commit/4bd7456472aabe98aad95a7e14260dba42363a23))
+
+# [0.1.0-alpha.12](https://github.com/gravitee-io/gravitee-kubernetes-operator/compare/0.1.0-alpha.11...0.1.0-alpha.12) (2022-10-28)
+
+
+### Bug Fixes
+
+* reference secret in context ([b54d9a7](https://github.com/gravitee-io/gravitee-kubernetes-operator/commit/b54d9a721d28002c83fe2b72d8bbe04acfc87cba))
+
+# [0.1.0-alpha.11](https://github.com/gravitee-io/gravitee-kubernetes-operator/compare/0.1.0-alpha.10...0.1.0-alpha.11) (2022-10-28)
+
+
+### Bug Fixes
+
+* add enabled in health check model ([bbe475a](https://github.com/gravitee-io/gravitee-kubernetes-operator/commit/bbe475adee1023f7f8fd603342ea69bdc8f84ca7))
+* align endpoint mapping with apim ([565d745](https://github.com/gravitee-io/gravitee-kubernetes-operator/commit/565d745b27a81c7ccf06cf682a0f7511e93a0666))
+* change fail over data type ([71346fa](https://github.com/gravitee-io/gravitee-kubernetes-operator/commit/71346fa278f3cf18efffe6e05aab7853369fe998))
+
+# [0.1.0-alpha.10](https://github.com/gravitee-io/gravitee-kubernetes-operator/compare/0.1.0-alpha.9...0.1.0-alpha.10) (2022-10-27)
+
+
+### Bug Fixes
+
+* reconcile api resources on context updates ([43276ce](https://github.com/gravitee-io/gravitee-kubernetes-operator/commit/43276ce640bf2774b99d5edbd381e637c94cb908))
+
+# [0.1.0-alpha.9](https://github.com/gravitee-io/gravitee-kubernetes-operator/compare/0.1.0-alpha.8...0.1.0-alpha.9) (2022-10-25)
+
+
+### Bug Fixes
+
+* import api with life cycle state ([7427457](https://github.com/gravitee-io/gravitee-kubernetes-operator/commit/7427457a1ba4abf81b2e19dc61f8fc6152987469))
+
+# [0.1.0-alpha.8](https://github.com/gravitee-io/gravitee-kubernetes-operator/compare/0.1.0-alpha.7...0.1.0-alpha.8) (2022-10-20)
+
+
+### Bug Fixes
+
+* merge create and update of api definition ([19e9dd3](https://github.com/gravitee-io/gravitee-kubernetes-operator/commit/19e9dd35448e373d3f3173a3c6ef456d5ec27ae2))
+
+# [0.1.0-alpha.7](https://github.com/gravitee-io/gravitee-kubernetes-operator/compare/0.1.0-alpha.6...0.1.0-alpha.7) (2022-10-17)
+
+
+### Bug Fixes
+
+* rename cors fields to match v3 definition ([2278a16](https://github.com/gravitee-io/gravitee-kubernetes-operator/commit/2278a16707d002c7012efa17e7f2c873cdfaa44d))
+
+# [0.1.0-alpha.6](https://github.com/gravitee-io/gravitee-kubernetes-operator/compare/0.1.0-alpha.5...0.1.0-alpha.6) (2022-10-14)
+
+
+### Bug Fixes
+
+* add base href for k3d uri ([79757d0](https://github.com/gravitee-io/gravitee-kubernetes-operator/commit/79757d07e7502409855aa4053f9456ade0b625e2))
+
 # [0.1.0-alpha.5](https://github.com/gravitee-io/gravitee-kubernetes-operator/compare/0.1.0-alpha.4...0.1.0-alpha.5) (2022-09-30)
 
 

Makefile

@@ -120,9 +120,9 @@ lint-license: addlicense ## Run addlicense lint and fail on error
 
 GOTESTARGS ?= ""
 .PHONY: test
-test: manifests generate install## Run tests.
+test: manifests generate install ## Run tests with the operator running locally
 	kubectl config use-context k3d-graviteeio
-	KUBEBUILDER_ASSETS=USE_EXISTING_CLUSTER=true $(GOTESTSUM) $(GOTESTARGS) ./... -timeout 380s -coverprofile cover.out
+	KUBEBUILDER_ASSETS=USE_EXISTING_CLUSTER=true $(GINKGO) $(GOTESTARGS) --timeout 380s --cover --coverprofile=cover.out ./...
 
 .PHONY: k3d-apim-init
 k3d-apim-init: ## Init APIM locally using k3d
@@ -149,7 +149,7 @@ k3d-gko-push: ## Push the gko image for k3d deployment
 	$(MAKE) docker-push IMG=$(K3D_IMG)
 
 .PHONY: k3d-gko-deploy
-k3d-gko-deploy: ## Push the gko image for k3d deployment
+k3d-gko-deploy: k3d-gko-build k3d-gko-push ## Push the gko image for k3d deployment
 	$(MAKE) deploy IMG=$(K3D_IMG)
 
 .PHONY:
@@ -209,7 +209,7 @@ $(LOCALBIN):
 KUSTOMIZE ?= $(LOCALBIN)/kustomize
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
-GOTESTSUM ?= $(LOCALBIN)/gotestsum
+GINKGO ?= $(LOCALBIN)/ginkgo
 CRDOC ?= $(LOCALBIN)/crdoc
 GOLANGCILINT ?= $(LOCALBIN)/golangci-lint
 ADDLICENSE ?= $(LOCALBIN)/addlicense
@@ -235,10 +235,10 @@ envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
 	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 
-.PHONY: gotestsum
-gotestsum: $(GOTESTSUM) ## Download gotestsum locally if necessary.
-$(GOTESTSUM): $(LOCALBIN)
-	GOBIN=$(LOCALBIN) go install gotest.tools/gotestsum@latest
+.PHONY: ginkgo
+ginkgo: $(GINKGO) ## Download ginkgo cli locally if necessary.
+$(GINKGO): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install github.com/onsi/ginkgo/v2/ginkgo@latest
 
 .PHONY: crdoc
 crdoc: $(CRDOC)

PROJECT

@@ -23,4 +23,8 @@ resources:
   kind: ManagementContext
   path: github.com/gravitee-io/gravitee-kubernetes-operator/api/v1alpha1
   version: v1alpha1
+  webhooks:
+    defaulting: true
+    validation: true
+    webhookVersion: v1
 version: "3"

api/model/api.go

@@ -32,7 +32,8 @@ type Api struct {
 	// +kubebuilder:default:=`2.0.0`
 	DefinitionVersion DefinitionVersion `json:"gravitee,omitempty"`
 	// +kubebuilder:default:=`STARTED`
-	State State `json:"state,omitempty"`
+	// +kubebuilder:validation:Enum=STARTED;STOPPED;
+	State string `json:"state,omitempty"`
 	// +kubebuilder:default:=`CREATED`
 	LifecycleState LifecycleState `json:"lifecycle_state,omitempty"`
 	// +kubebuilder:validation:Required
@@ -75,12 +76,9 @@ const (
 // +kubebuilder:validation:Enum=CREATED;PUBLISHED;UNPUBLISHED;DEPRECATED;ARCHIVED;
 type LifecycleState string
 
-// +kubebuilder:validation:Enum=STARTED;STOPPED;
-type State string
-
 const (
-	StateStarted State = "STARTED"
-	StateStopped State = "STOPPED"
+	StateStarted string = "STARTED"
+	StateStopped string = "STOPPED"
 )
 
 type Resource struct {

api/model/context.go

@@ -15,11 +15,6 @@
 // +kubebuilder:object:generate=true
 package model
 
-import (
-	"net/http"
-	"strings"
-)
-
 type ContextRef struct {
 	Name      string `json:"name"`
 	Namespace string `json:"namespace,omitempty"`
@@ -39,6 +34,7 @@ type Context struct {
 type Auth struct {
 	BearerToken string     `json:"bearerToken,omitempty"`
 	Credentials *BasicAuth `json:"credentials,omitempty"`
+	SecretRef   *SecretRef `json:"secretRef,omitempty"`
 }
 
 type BasicAuth struct {
@@ -48,33 +44,7 @@ type BasicAuth struct {
 	Password string `json:"password,omitempty"`
 }
 
-func (ctx Context) BuildUrl(path string) string {
-	orgId, envId := ctx.OrgId, ctx.EnvId
-	baseUrl := strings.TrimSuffix(ctx.BaseUrl, "/")
-	url := baseUrl + "/management/organizations/" + orgId
-	if envId != "" {
-		url = url + "/environments/" + envId
-	}
-	return url + path
-}
-
-func (ctx Context) Authenticate(req *http.Request) {
-	if ctx.Auth == nil {
-		return
-	}
-
-	bearerToken := ctx.Auth.BearerToken
-	if bearerToken != "" {
-		req.Header.Add("Authorization", "Bearer "+bearerToken)
-	} else if ctx.Auth.Credentials != nil {
-		username := ctx.Auth.Credentials.Username
-		password := ctx.Auth.Credentials.Password
-		setBasicAuth(req, username, password)
-	}
-}
-
-func setBasicAuth(request *http.Request, username, password string) {
-	if username != "" {
-		request.SetBasicAuth(username, password)
-	}
+type SecretRef struct {
+	Name      string `json:"name"`
+	Namespace string `json:"namespace,omitempty"`
 }