Add by pod status for mutators (#1260)

* Add by pod status for mutators

Signed-off-by: Max Smythe <smythe@google.com>

* Only enable mutation status if mutation is enabled

Signed-off-by: Max Smythe <smythe@google.com>

* Add tests

Signed-off-by: Max Smythe <smythe@google.com>

* Address PR comments

Signed-off-by: Max Smythe <smythe@google.com>

Makefile

@@ -165,7 +165,7 @@ install: manifests
 	kustomize build config/crd | kubectl apply -f -
 
 deploy-mutation: patch-image
-	@grep -q -v 'enable-mutation' ./config/overlays/dev_mutation/manager_image_patch.yaml && sed -i '/- --operation=webhook/a \ \ \ \ \ \ \ \ - --enable-mutation=true' ./config/overlays/dev_mutation/manager_image_patch.yaml
+	@grep -q -v 'enable-mutation' ./config/overlays/dev_mutation/manager_image_patch.yaml && sed -i '/- --operation=webhook/a \ \ \ \ \ \ \ \ - --enable-mutation=true' ./config/overlays/dev_mutation/manager_image_patch.yaml && sed -i '/- --operation=status/a \ \ \ \ \ \ \ \ - --operation=mutation-status' ./config/overlays/dev_mutation/manager_image_patch.yaml
 	kustomize build config/overlays/dev_mutation | kubectl apply -f -
 	kustomize build --load_restrictor LoadRestrictionsNone config/overlays/mutation | kubectl apply -f -
 

apis/mutations/v1alpha1/assign_types.go

@@ -18,6 +18,8 @@ package v1alpha1
 import (
 	"encoding/json"
 
+	"github.com/open-policy-agent/gatekeeper/apis/status/v1beta1"
+	"github.com/open-policy-agent/gatekeeper/pkg/mutation/match"
 	"github.com/open-policy-agent/gatekeeper/pkg/mutation/path/tester"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -30,18 +32,10 @@ import (
 type AssignSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
-	ApplyTo    []ApplyTo  `json:"applyTo,omitempty"`
-	Match      Match      `json:"match,omitempty"`
-	Location   string     `json:"location,omitempty"`
-	Parameters Parameters `json:"parameters,omitempty"`
-}
-
-// ApplyTo determines what GVKs items the mutation should apply to.
-// Globs are not allowed.
-type ApplyTo struct {
-	Groups   []string `json:"groups,omitempty"`
-	Kinds    []string `json:"kinds,omitempty"`
-	Versions []string `json:"versions,omitempty"`
+	ApplyTo    []match.ApplyTo `json:"applyTo,omitempty"`
+	Match      match.Match     `json:"match,omitempty"`
+	Location   string          `json:"location,omitempty"`
+	Parameters Parameters      `json:"parameters,omitempty"`
 }
 
 type Parameters struct {
@@ -75,11 +69,14 @@ type PathTest struct {
 type AssignStatus struct {
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
+
+	ByPod []v1beta1.MutatorPodStatusStatus `json:"byPod,omitempty"`
 }
 
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:path="assign"
 // +kubebuilder:resource:scope="Cluster"
+// +kubebuilder:subresource:status
 
 // Assign is the Schema for the assign API
 type Assign struct {

apis/mutations/v1alpha1/assignmetadata_types.go

@@ -16,6 +16,8 @@ limitations under the License.
 package v1alpha1
 
 import (
+	"github.com/open-policy-agent/gatekeeper/apis/status/v1beta1"
+	"github.com/open-policy-agent/gatekeeper/pkg/mutation/match"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
@@ -25,7 +27,7 @@ import (
 
 // AssignMetadataSpec defines the desired state of AssignMetadata
 type AssignMetadataSpec struct {
-	Match      Match              `json:"match,omitempty"`
+	Match      match.Match        `json:"match,omitempty"`
 	Location   string             `json:"location,omitempty"`
 	Parameters MetadataParameters `json:"parameters,omitempty"`
 }
@@ -40,10 +42,12 @@ type MetadataParameters struct {
 type AssignMetadataStatus struct {
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
+	ByPod []v1beta1.MutatorPodStatusStatus `json:"byPod,omitempty"`
 }
 
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:scope="Cluster"
+// +kubebuilder:subresource:status
 
 // AssignMetadata is the Schema for the assignmetadata API
 type AssignMetadata struct {

apis/status/v1beta1/constraintpodstatus_types.go

@@ -29,10 +29,7 @@ import (
 )
 
 const (
-	ConstraintNameLabel = "internal.gatekeeper.sh/constraint-name"
-	ConstraintKindLabel = "internal.gatekeeper.sh/constraint-kind"
-	PodLabel            = "internal.gatekeeper.sh/pod"
-	ConstraintsGroup    = "constraints.gatekeeper.sh"
+	ConstraintsGroup = "constraints.gatekeeper.sh"
 )
 
 // ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus

apis/status/v1beta1/constrainttemplatepodstatus_types.go

@@ -26,10 +26,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 )
 
-const (
-	ConstraintTemplateNameLabel = "internal.gatekeeper.sh/constrainttemplate-name"
-)
-
 // ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus
 type ConstraintTemplatePodStatusStatus struct {
 	// Important: Run "make" to regenerate code after modifying this file

apis/status/v1beta1/labels.go

@@ -0,0 +1,10 @@
+package v1beta1
+
+const (
+	ConstraintNameLabel         = "internal.gatekeeper.sh/constraint-name"
+	ConstraintKindLabel         = "internal.gatekeeper.sh/constraint-kind"
+	ConstraintTemplateNameLabel = "internal.gatekeeper.sh/constrainttemplate-name"
+	MutatorNameLabel            = "internal.gatekeeper.sh/mutator-name"
+	MutatorKindLabel            = "internal.gatekeeper.sh/mutator-kind"
+	PodLabel                    = "internal.gatekeeper.sh/pod"
+)