From ff7aacbc66dc1009a6fe28cfeca5c8457ff33c2a Mon Sep 17 00:00:00 2001 From: Dejan Kitic Date: Wed, 5 Feb 2025 10:47:31 +0000 Subject: [PATCH 01/29] Focom operator inital import --- operators/focom-operator/.dockerignore | 3 + operators/focom-operator/.gitignore | 28 + operators/focom-operator/Dockerfile | 33 + operators/focom-operator/Makefile | 330 ++++++++++ operators/focom-operator/PROJECT | 40 ++ operators/focom-operator/README.md | 199 ++++++ .../focomprovisioningrequest_types.go | 84 +++ .../api/focom/v1alpha1/groupversion_info.go | 36 + .../api/focom/v1alpha1/ocloud_types.go | 76 +++ .../focom/v1alpha1/zz_generated.deepcopy.go | 240 +++++++ .../v1alpha1/groupversion_info.go | 36 + .../v1alpha1/templateinfo_types.go | 68 ++ .../v1alpha1/zz_generated.deepcopy.go | 114 ++++ operators/focom-operator/cmd/main.go | 173 +++++ .../focom-operator/config/crd/bases/_.yaml | 13 + ....nephio.org_focomprovisioningrequests.yaml | 85 +++ .../crd/bases/focom.nephio.org_oclouds.yaml | 72 ++ .../provisioning.oran.org_templateinfoes.yaml | 62 ++ .../config/crd/kustomization.yaml | 26 + .../config/crd/kustomizeconfig.yaml | 19 + .../config/default/kustomization.yaml | 151 +++++ .../config/default/manager_metrics_patch.yaml | 4 + .../config/default/metrics_service.yaml | 17 + .../config/manager/kustomization.yaml | 8 + .../config/manager/manager.yaml | 95 +++ .../config/manifests/kustomization.yaml | 28 + .../network-policy/allow-metrics-traffic.yaml | 26 + .../config/network-policy/kustomization.yaml | 2 + .../config/prometheus/kustomization.yaml | 2 + .../config/prometheus/monitor.yaml | 30 + .../focomprovisioningrequest_editor_role.yaml | 27 + .../focomprovisioningrequest_viewer_role.yaml | 23 + .../config/rbac/kustomization.yaml | 31 + .../config/rbac/leader_election_role.yaml | 40 ++ .../rbac/leader_election_role_binding.yaml | 15 + .../config/rbac/metrics_auth_role.yaml | 17 + .../rbac/metrics_auth_role_binding.yaml | 12 + .../config/rbac/metrics_reader_role.yaml | 9 + .../config/rbac/ocloud_editor_role.yaml | 27 + .../config/rbac/ocloud_viewer_role.yaml | 23 + ...provisioning_templateinfo_editor_role.yaml | 27 + ...provisioning_templateinfo_viewer_role.yaml | 23 + .../focom-operator/config/rbac/role.yaml | 44 ++ .../config/rbac/role_binding.yaml | 15 + .../config/rbac/service_account.yaml | 8 + ...com_v1alpha1_focomprovisioningrequest.yaml | 9 + .../config/samples/focom_v1alpha1_ocloud.yaml | 9 + .../config/samples/kustomization.yaml | 6 + .../provisioning_v1alpha1_templateinfo.yaml | 9 + .../config/scorecard/bases/config.yaml | 7 + .../config/scorecard/kustomization.yaml | 18 + .../scorecard/patches/basic.config.yaml | 10 + .../config/scorecard/patches/olm.config.yaml | 50 ++ operators/focom-operator/go.sum | 247 +++++++ .../focom-operator/hack/boilerplate.go.txt | 15 + .../focomprovisioningrequest_controller.go | 195 ++++++ .../focomprovisioningrequest_helpers.go | 158 +++++ .../focomprovisioningrequest_helpers_test.go | 184 ++++++ .../focomprovisioningrequest_kubeconfig.go | 85 +++ .../focomprovisioningrequest_validation.go | 48 ++ ...ocomprovisioningrequest_validation_test.go | 61 ++ .../internal/controller/suite_test.go | 95 +++ operators/focom-operator/kpt-package/Kptfile | 8 + .../kpt-package/focom-operator.yaml | 622 ++++++++++++++++++ .../kpt-package/package-context.yaml | 8 + .../provisioning-request-crd.yaml | 133 ++++ .../focom-provisioning-request-rh.yaml | 27 + .../test-data/o2ims-provisioning-role.yaml | 22 + .../focom-operator/test-data/ocloud-1.yaml | 13 + .../test-data/provisioning-request-crd.yaml | 133 ++++ .../test-data/red-hat-cluster-template.yaml | 23 + .../focom-operator/test-data/super-rbac.yaml | 27 + .../focom-operator/test/e2e/e2e_suite_test.go | 32 + operators/focom-operator/test/e2e/e2e_test.go | 122 ++++ operators/focom-operator/test/utils/utils.go | 140 ++++ 75 files changed, 4957 insertions(+) create mode 100644 operators/focom-operator/.dockerignore create mode 100644 operators/focom-operator/.gitignore create mode 100644 operators/focom-operator/Dockerfile create mode 100644 operators/focom-operator/Makefile create mode 100644 operators/focom-operator/PROJECT create mode 100644 operators/focom-operator/README.md create mode 100644 operators/focom-operator/api/focom/v1alpha1/focomprovisioningrequest_types.go create mode 100644 operators/focom-operator/api/focom/v1alpha1/groupversion_info.go create mode 100644 operators/focom-operator/api/focom/v1alpha1/ocloud_types.go create mode 100644 operators/focom-operator/api/focom/v1alpha1/zz_generated.deepcopy.go create mode 100644 operators/focom-operator/api/provisioning/v1alpha1/groupversion_info.go create mode 100644 operators/focom-operator/api/provisioning/v1alpha1/templateinfo_types.go create mode 100644 operators/focom-operator/api/provisioning/v1alpha1/zz_generated.deepcopy.go create mode 100644 operators/focom-operator/cmd/main.go create mode 100644 operators/focom-operator/config/crd/bases/_.yaml create mode 100644 operators/focom-operator/config/crd/bases/focom.nephio.org_focomprovisioningrequests.yaml create mode 100644 operators/focom-operator/config/crd/bases/focom.nephio.org_oclouds.yaml create mode 100644 operators/focom-operator/config/crd/bases/provisioning.oran.org_templateinfoes.yaml create mode 100644 operators/focom-operator/config/crd/kustomization.yaml create mode 100644 operators/focom-operator/config/crd/kustomizeconfig.yaml create mode 100644 operators/focom-operator/config/default/kustomization.yaml create mode 100644 operators/focom-operator/config/default/manager_metrics_patch.yaml create mode 100644 operators/focom-operator/config/default/metrics_service.yaml create mode 100644 operators/focom-operator/config/manager/kustomization.yaml create mode 100644 operators/focom-operator/config/manager/manager.yaml create mode 100644 operators/focom-operator/config/manifests/kustomization.yaml create mode 100644 operators/focom-operator/config/network-policy/allow-metrics-traffic.yaml create mode 100644 operators/focom-operator/config/network-policy/kustomization.yaml create mode 100644 operators/focom-operator/config/prometheus/kustomization.yaml create mode 100644 operators/focom-operator/config/prometheus/monitor.yaml create mode 100644 operators/focom-operator/config/rbac/focomprovisioningrequest_editor_role.yaml create mode 100644 operators/focom-operator/config/rbac/focomprovisioningrequest_viewer_role.yaml create mode 100644 operators/focom-operator/config/rbac/kustomization.yaml create mode 100644 operators/focom-operator/config/rbac/leader_election_role.yaml create mode 100644 operators/focom-operator/config/rbac/leader_election_role_binding.yaml create mode 100644 operators/focom-operator/config/rbac/metrics_auth_role.yaml create mode 100644 operators/focom-operator/config/rbac/metrics_auth_role_binding.yaml create mode 100644 operators/focom-operator/config/rbac/metrics_reader_role.yaml create mode 100644 operators/focom-operator/config/rbac/ocloud_editor_role.yaml create mode 100644 operators/focom-operator/config/rbac/ocloud_viewer_role.yaml create mode 100644 operators/focom-operator/config/rbac/provisioning_templateinfo_editor_role.yaml create mode 100644 operators/focom-operator/config/rbac/provisioning_templateinfo_viewer_role.yaml create mode 100644 operators/focom-operator/config/rbac/role.yaml create mode 100644 operators/focom-operator/config/rbac/role_binding.yaml create mode 100644 operators/focom-operator/config/rbac/service_account.yaml create mode 100644 operators/focom-operator/config/samples/focom_v1alpha1_focomprovisioningrequest.yaml create mode 100644 operators/focom-operator/config/samples/focom_v1alpha1_ocloud.yaml create mode 100644 operators/focom-operator/config/samples/kustomization.yaml create mode 100644 operators/focom-operator/config/samples/provisioning_v1alpha1_templateinfo.yaml create mode 100644 operators/focom-operator/config/scorecard/bases/config.yaml create mode 100644 operators/focom-operator/config/scorecard/kustomization.yaml create mode 100644 operators/focom-operator/config/scorecard/patches/basic.config.yaml create mode 100644 operators/focom-operator/config/scorecard/patches/olm.config.yaml create mode 100644 operators/focom-operator/go.sum create mode 100644 operators/focom-operator/hack/boilerplate.go.txt create mode 100644 operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go create mode 100644 operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go create mode 100644 operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go create mode 100644 operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go create mode 100644 operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go create mode 100644 operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go create mode 100644 operators/focom-operator/internal/controller/suite_test.go create mode 100644 operators/focom-operator/kpt-package/Kptfile create mode 100644 operators/focom-operator/kpt-package/focom-operator.yaml create mode 100644 operators/focom-operator/kpt-package/package-context.yaml create mode 100644 operators/focom-operator/oran-provisioning-crd/provisioning-request-crd.yaml create mode 100644 operators/focom-operator/test-data/focom-provisioning-request-rh.yaml create mode 100644 operators/focom-operator/test-data/o2ims-provisioning-role.yaml create mode 100644 operators/focom-operator/test-data/ocloud-1.yaml create mode 100644 operators/focom-operator/test-data/provisioning-request-crd.yaml create mode 100644 operators/focom-operator/test-data/red-hat-cluster-template.yaml create mode 100644 operators/focom-operator/test-data/super-rbac.yaml create mode 100644 operators/focom-operator/test/e2e/e2e_suite_test.go create mode 100644 operators/focom-operator/test/e2e/e2e_test.go create mode 100644 operators/focom-operator/test/utils/utils.go diff --git a/operators/focom-operator/.dockerignore b/operators/focom-operator/.dockerignore new file mode 100644 index 00000000..a3aab7af --- /dev/null +++ b/operators/focom-operator/.dockerignore @@ -0,0 +1,3 @@ +# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file +# Ignore build and test binaries. +bin/ diff --git a/operators/focom-operator/.gitignore b/operators/focom-operator/.gitignore new file mode 100644 index 00000000..39fab550 --- /dev/null +++ b/operators/focom-operator/.gitignore @@ -0,0 +1,28 @@ +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin/* +Dockerfile.cross + +# Test binary, built with `go test -c` +*.test +test-data/create-secret.sh +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Go workspace file +go.work + +# Kubernetes Generated files - skip generated files, except for vendored files +!vendor/**/zz_generated.* +bin/* +testbin/* +# editor and IDE paraphernalia +.idea +.vscode +*.swp +*.swo +*~ diff --git a/operators/focom-operator/Dockerfile b/operators/focom-operator/Dockerfile new file mode 100644 index 00000000..3110e057 --- /dev/null +++ b/operators/focom-operator/Dockerfile @@ -0,0 +1,33 @@ +# Build the manager binary +FROM golang:1.23 AS builder +ARG TARGETOS +ARG TARGETARCH + +WORKDIR /workspace +# Copy the Go Modules manifests +COPY go.mod go.mod +COPY go.sum go.sum +# cache deps before building and copying source so that we don't need to re-download as much +# and so that source changes don't invalidate our downloaded layer +RUN go mod download + +# Copy the go source +COPY cmd/main.go cmd/main.go +COPY api/ api/ +COPY internal/controller/ internal/controller/ + +# Build +# the GOARCH has not a default value to allow the binary be built according to the host where the command +# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO +# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, +# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. +RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go + +# Use distroless as minimal base image to package the manager binary +# Refer to https://github.com/GoogleContainerTools/distroless for more details +FROM gcr.io/distroless/static:nonroot +WORKDIR / +COPY --from=builder /workspace/manager . +USER 65532:65532 + +ENTRYPOINT ["/manager"] diff --git a/operators/focom-operator/Makefile b/operators/focom-operator/Makefile new file mode 100644 index 00000000..5e78a740 --- /dev/null +++ b/operators/focom-operator/Makefile @@ -0,0 +1,330 @@ +# VERSION defines the project version for the bundle. +# Update this value when you upgrade the version of your project. +# To re-generate a bundle for another specific version without changing the standard setup, you can: +# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) +# - use environment variables to overwrite this value (e.g export VERSION=0.0.2) +VERSION ?= 0.0.1 + +# CHANNELS define the bundle channels used in the bundle. +# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") +# To re-generate a bundle for other specific channels without changing the standard setup, you can: +# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) +# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") +ifneq ($(origin CHANNELS), undefined) +BUNDLE_CHANNELS := --channels=$(CHANNELS) +endif + +# DEFAULT_CHANNEL defines the default channel used in the bundle. +# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable") +# To re-generate a bundle for any other default channel without changing the default setup, you can: +# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable) +# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable") +ifneq ($(origin DEFAULT_CHANNEL), undefined) +BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) +endif +BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) + +# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images. +# This variable is used to construct full image tags for bundle and catalog images. +# +# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both +# nephio.org/focom-operator-bundle:$VERSION and nephio.org/focom-operator-catalog:$VERSION. +IMAGE_TAG_BASE ?= nephio.org/focom-operator + +# BUNDLE_IMG defines the image:tag used for the bundle. +# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) + +# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command +BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) + +# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests +# You can enable this value if you would like to use SHA Based Digests +# To enable set flag to true +USE_IMAGE_DIGESTS ?= false +ifeq ($(USE_IMAGE_DIGESTS), true) + BUNDLE_GEN_FLAGS += --use-image-digests +endif + +# Set the Operator SDK version to use. By default, what is installed on the system is used. +# This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit. +OPERATOR_SDK_VERSION ?= v1.39.1 +# Image URL to use all building/pushing image targets +IMG ?= controller:latest +# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. +ENVTEST_K8S_VERSION = 1.31.0 + +# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) +ifeq (,$(shell go env GOBIN)) +GOBIN=$(shell go env GOPATH)/bin +else +GOBIN=$(shell go env GOBIN) +endif + +# CONTAINER_TOOL defines the container tool to be used for building images. +# Be aware that the target commands are only tested with Docker which is +# scaffolded by default. However, you might want to replace it to use other +# tools. (i.e. podman) +CONTAINER_TOOL ?= docker + +# Setting SHELL to bash allows bash commands to be executed by recipes. +# Options are set to exit when a recipe line exits non-zero or a piped command fails. +SHELL = /usr/bin/env bash -o pipefail +.SHELLFLAGS = -ec + +.PHONY: all +all: build + +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk command is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Development + +.PHONY: manifests +manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. + $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases + +.PHONY: generate +generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. + $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." + +.PHONY: fmt +fmt: ## Run go fmt against code. + go fmt ./... + +.PHONY: vet +vet: ## Run go vet against code. + go vet ./... + +.PHONY: test +test: manifests generate fmt vet envtest ## Run tests. + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $$(go list ./... | grep -v /e2e) -coverprofile cover.out + +# Utilize Kind or modify the e2e tests to load the image locally, enabling compatibility with other vendors. +.PHONY: test-e2e # Run the e2e tests against a Kind k8s instance that is spun up. +test-e2e: + go test ./test/e2e/ -v -ginkgo.v + +.PHONY: lint +lint: golangci-lint ## Run golangci-lint linter + $(GOLANGCI_LINT) run + +.PHONY: lint-fix +lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes + $(GOLANGCI_LINT) run --fix + +##@ Build + +.PHONY: build +build: manifests generate fmt vet ## Build manager binary. + go build -o bin/manager cmd/main.go + +.PHONY: run +run: manifests generate fmt vet ## Run a controller from your host. + go run ./cmd/main.go + +# If you wish to build the manager image targeting other platforms you can use the --platform flag. +# (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it. +# More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +.PHONY: docker-build +docker-build: ## Build docker image with the manager. + $(CONTAINER_TOOL) build -t ${IMG} . + +.PHONY: docker-push +docker-push: ## Push docker image with the manager. + $(CONTAINER_TOOL) push ${IMG} + +# PLATFORMS defines the target platforms for the manager image be built to provide support to multiple +# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: +# - be able to use docker buildx. More info: https://docs.docker.com/build/buildx/ +# - have enabled BuildKit. More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +# - be able to push the image to your registry (i.e. if you do not set a valid value via IMG=> then the export will fail) +# To adequately provide solutions that are compatible with multiple platforms, you should consider using this option. +PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le +.PHONY: docker-buildx +docker-buildx: ## Build and push docker image for the manager for cross-platform support + # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile + sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross + - $(CONTAINER_TOOL) buildx create --name focom-operator-builder + $(CONTAINER_TOOL) buildx use focom-operator-builder + - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . + - $(CONTAINER_TOOL) buildx rm focom-operator-builder + rm Dockerfile.cross + +.PHONY: build-installer +build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment. + mkdir -p dist + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default > dist/install.yaml + +##@ Deployment + +ifndef ignore-not-found + ignore-not-found = false +endif + +.PHONY: install +install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f - + +.PHONY: uninstall +uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. + $(KUSTOMIZE) build config/crd | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - + +.PHONY: deploy +deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default | $(KUBECTL) apply -f - + +.PHONY: build-k8s-deployment +build-k8s-deployment: manifests kustomize + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default > kpt-package/focom-operator.yaml + + +.PHONY: undeploy +undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. + $(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - + +##@ Dependencies + +## Location to install dependencies to +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +## Tool Binaries +KUBECTL ?= kubectl +KUSTOMIZE ?= $(LOCALBIN)/kustomize +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen +ENVTEST ?= $(LOCALBIN)/setup-envtest +GOLANGCI_LINT = $(LOCALBIN)/golangci-lint + +## Tool Versions +KUSTOMIZE_VERSION ?= v5.4.3 +CONTROLLER_TOOLS_VERSION ?= v0.16.1 +ENVTEST_VERSION ?= release-0.19 +GOLANGCI_LINT_VERSION ?= v1.59.1 + +.PHONY: kustomize +kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. +$(KUSTOMIZE): $(LOCALBIN) + $(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION)) + +.PHONY: controller-gen +controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. +$(CONTROLLER_GEN): $(LOCALBIN) + $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION)) + +.PHONY: envtest +envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. +$(ENVTEST): $(LOCALBIN) + $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) + +.PHONY: golangci-lint +golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. +$(GOLANGCI_LINT): $(LOCALBIN) + $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,$(GOLANGCI_LINT_VERSION)) + +# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist +# $1 - target path with name of binary +# $2 - package url which can be installed +# $3 - specific version of package +define go-install-tool +@[ -f "$(1)-$(3)" ] || { \ +set -e; \ +package=$(2)@$(3) ;\ +echo "Downloading $${package}" ;\ +rm -f $(1) || true ;\ +GOBIN=$(LOCALBIN) go install $${package} ;\ +mv $(1) $(1)-$(3) ;\ +} ;\ +ln -sf $(1)-$(3) $(1) +endef + +.PHONY: operator-sdk +OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk +operator-sdk: ## Download operator-sdk locally if necessary. +ifeq (,$(wildcard $(OPERATOR_SDK))) +ifeq (, $(shell which operator-sdk 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(OPERATOR_SDK)) ;\ + OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \ + curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_$${OS}_$${ARCH} ;\ + chmod +x $(OPERATOR_SDK) ;\ + } +else +OPERATOR_SDK = $(shell which operator-sdk) +endif +endif + +.PHONY: bundle +bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. + $(OPERATOR_SDK) generate kustomize manifests -q + cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) + $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) + $(OPERATOR_SDK) bundle validate ./bundle + +.PHONY: bundle-build +bundle-build: ## Build the bundle image. + docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . + +.PHONY: bundle-push +bundle-push: ## Push the bundle image. + $(MAKE) docker-push IMG=$(BUNDLE_IMG) + +.PHONY: opm +OPM = $(LOCALBIN)/opm +opm: ## Download opm locally if necessary. +ifeq (,$(wildcard $(OPM))) +ifeq (,$(shell which opm 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(OPM)) ;\ + OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \ + curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$${OS}-$${ARCH}-opm ;\ + chmod +x $(OPM) ;\ + } +else +OPM = $(shell which opm) +endif +endif + +# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0). +# These images MUST exist in a registry and be pull-able. +BUNDLE_IMGS ?= $(BUNDLE_IMG) + +# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0). +CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) + +# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image. +ifneq ($(origin CATALOG_BASE_IMG), undefined) +FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) +endif + +# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'. +# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see: +# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator +.PHONY: catalog-build +catalog-build: opm ## Build a catalog image. + $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) + +# Push the catalog image. +.PHONY: catalog-push +catalog-push: ## Push a catalog image. + $(MAKE) docker-push IMG=$(CATALOG_IMG) diff --git a/operators/focom-operator/PROJECT b/operators/focom-operator/PROJECT new file mode 100644 index 00000000..bacf1f18 --- /dev/null +++ b/operators/focom-operator/PROJECT @@ -0,0 +1,40 @@ +# Code generated by tool. DO NOT EDIT. +# This file is used to track the info used to scaffold your project +# and allow the plugins properly work. +# More info: https://book.kubebuilder.io/reference/project-config.html +domain: nephio.org +layout: +- go.kubebuilder.io/v4 +multigroup: true +plugins: + manifests.sdk.operatorframework.io/v2: {} + scorecard.sdk.operatorframework.io/v2: {} +projectName: focom-operator +repo: github.com/dekstroza/focom-operator +resources: +- api: + crdVersion: v1 + namespaced: true + domain: nephio.org + group: focom + kind: OCloud + path: github.com/dekstroza/focom-operator/api/v1alpha1 + version: v1alpha1 +- api: + crdVersion: v1 + namespaced: true + controller: true + domain: nephio.org + group: focom + kind: FocomProvisioningRequest + path: github.com/dekstroza/focom-operator/api/v1alpha1 + version: v1alpha1 +- api: + crdVersion: v1 + namespaced: true + domain: nephio.org + group: provisioning + kind: TemplateInfo + path: github.com/dekstroza/focom-operator/api/provisioning/v1alpha1 + version: v1alpha1 +version: "3" diff --git a/operators/focom-operator/README.md b/operators/focom-operator/README.md new file mode 100644 index 00000000..5856b676 --- /dev/null +++ b/operators/focom-operator/README.md @@ -0,0 +1,199 @@ +# focom-operator +Starting point implementation of FOCOM operator, which reconciles FOCOM provisioning requests into oran provisioning requests. + +## Description +Reconciling FOCOM provisioning requests into oran provisioning requests, will look for correct TemplateInfo referenced in the request. Current validation only +checks if the referenced TemplateInfo exists, with given name and version. Template parameters are not validated yet, it will be done in the future. +Once the referenced template is validated, reconcile will proceed to find OCloudId referenced in the request and make sure it exists. From the OCloudId it will +read the secret referenced in the OCloud. + +In this early stage, secret contains kubeconfig for the OCloud cluster, which will be used to build client to interact with the remote cluster. Using this client +reconciler will produce Oran provisioning requests on the remote cluster. + +Later, this is planned to be changed to support REST-like interface on the remote cluster, rather then using kubeconfig. Secret in this phase should be endpoint and bearer token, + +Project contains few test samples, using testenv, and there is usual e2e test from the operator-sdk that can validate operator deployment. +This code is at the POC level, and needs more work to be production ready. + +ORAN provisioning request CRD is located inside oran-provisioning-crd folder. +Focom CRDS are generated by operator-sdk/kubebuilder from go structs in the api folder. +Generated yaml files are located in config/crd/bases. + +Current code does not cater for more then one-shot operations, and patching of ORAN provisioning requests is not supported yet. +Validation of the TemplateInfo parameters is not implemented yet, potentially this can be done by validating webhook, making them immutable for a start. + + + +## Getting Started + +To build the code simply run the make command. Makefile provided, contains various targets to build, test and deploy the code. +Building code: + +```sh +make +``` + +To build the docker image, run the following command: + +```sh +make docker-build docker-push IMG=your-docker-repository/focom-operator-poc:2.0.0 +``` + + +Kpt packages are included in the folder kpt-package, focom-operator.yaml file (is generated)/can be generaated by running make, where IMG is the image built previously: + +```sh +make build-k8s-deployment IMG=your-docker-repository/focom-operator-poc:2.0.0 +``` +To deploy the operator on the cluster, run the following command: + +```sh +make deploy IMG=your-docker-repository/focom-operator-poc:2.0.0 +``` + +### Prerequisites +- go version v1.22.0+ +- docker version 17.03+. +- kubectl version v1.11.3+. +- Access to a Kubernetes v1.11.3+ cluster. +- oapi-codegen installed with: go install github.com/deepmap/oapi-codegen/cmd/oapi-codegen@latest +- setup-env test: go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest +- export KUBEBUILDER_ASSETS=$(pwd)/testbin/k8s/1.26.0-darwin-arm64 for the above + +### To run the tests locally + +Set up the setup-envtest from the root folder of the project. +```sh +setup-envtest use 1.31 --bin-dir=./bin +cd internal +go test ./controller/... +``` + + + +### To Deploy on the cluster +**Build and push your image to the location specified by `IMG`:** + +```sh +make docker-build docker-push IMG=/focom-operator:tag +``` + +**NOTE:** This image ought to be published in the personal registry you specified. +And it is required to have access to pull the image from the working environment. +Make sure you have the proper permission to the registry if the above commands don’t work. + +**Install the CRDs into the cluster:** + +```sh +make install +``` + +**Deploy the Manager to the cluster with the image specified by `IMG`:** + +```sh +make deploy IMG=/focom-operator:tag +``` + +> **NOTE**: If you encounter RBAC errors, you may need to grant yourself cluster-admin +privileges or be logged in as admin. + +**Create instances of your solution** +You can apply the samples (examples) from the config/sample: + +```sh +kubectl apply -k config/samples/ +``` + +>**NOTE**: Ensure that the samples has default values to test it out. + +### To Uninstall +**Delete the instances (CRs) from the cluster:** + +```sh +kubectl delete -k config/samples/ +``` + +**Delete the APIs(CRDs) from the cluster:** + +```sh +make uninstall +``` + +**UnDeploy the controller from the cluster:** + +```sh +make undeploy +``` + +## Current reconcilation method + +1. The Reconcile method as is now, reads like a high-level “table of contents”: +``` +fetch → handle deletion → ensure finalizer → validate → build remote → ensure remote. +``` +2.All the details of how finalizers or remote creation works are delegated to smaller helper methods that do one job. +3. Example Reconcile Flow + + Example flow: + ``` + Fetch CR → if not found, done. + If being deleted → handleDeletion(...) → done. + If no finalizer → add finalizer → requeue. + Validate → if invalid, set status → done. + Build remote → if fails, set status → done. + Ensure remote resource (create or poll) → set status → requeue if needed + ``` + +## Notes + - Code needs testcases and better refactoring of certain parts. + - Code needs to ensure that templateParameters are immutable, this could be done with validating webhook. + - Code needs to ensure template validation is performed, not just check for template existence. + - Possibly wrong group for the TemplateInfo? + + +## Project Distribution + +Following are the steps to build the installer and distribute this project to users. + +1. Build the installer for the image built and published in the registry: + +```sh +make build-installer IMG=/focom-operator:tag +``` + +NOTE: The makefile target mentioned above generates an 'install.yaml' +file in the dist directory. This file contains all the resources built +with Kustomize, which are necessary to install this project without +its dependencies. + +2. Using the installer + +Users can just run kubectl apply -f to install the project, i.e.: + +```sh +kubectl apply -f https://raw.githubusercontent.com//focom-operator//dist/install.yaml +``` + +## Contributing +// TODO(user): Add detailed information on how you would like others to contribute to this project + +**NOTE:** Run `make help` for more information on all potential `make` targets + +More information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html) + +## License + +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + diff --git a/operators/focom-operator/api/focom/v1alpha1/focomprovisioningrequest_types.go b/operators/focom-operator/api/focom/v1alpha1/focomprovisioningrequest_types.go new file mode 100644 index 00000000..50ad0a48 --- /dev/null +++ b/operators/focom-operator/api/focom/v1alpha1/focomprovisioningrequest_types.go @@ -0,0 +1,84 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// FocomProvisioningRequestSpec defines the desired state of FocomProvisioningRequest +type FocomProvisioningRequestSpec struct { + // +kubebuilder:validation:Required + OCloudId string `json:"oCloudId"` + + // +kubebuilder:validation:Required + OCloudNamespace string `json:"oCloudNamespace"` + + // +kubebuilder:validation:Optional + Name string `json:"name,omitempty"` + + // +kubebuilder:validation:Optional + Description string `json:"description,omitempty"` + + // +kubebuilder:validation:Required + TemplateName string `json:"templateName"` + + // +kubebuilder:validation:Required + TemplateVersion string `json:"templateVersion"` + + // +kubebuilder:pruning:PreserveUnknownFields + // +kubebuilder:validation:Required + TemplateParameters runtime.RawExtension `json:"templateParameters"` +} + +// FocomProvisioningRequestStatus defines the observed state of FocomProvisioningRequest +type FocomProvisioningRequestStatus struct { + Phase string `json:"phase,omitempty"` + Message string `json:"message,omitempty"` + LastUpdated *metav1.Time `json:"lastUpdated,omitempty"` + // The name of the remote resource in the target cluster + RemoteName string `json:"remoteName,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// FocomProvisioningRequest is the Schema for the focomprovisioningrequests API +type FocomProvisioningRequest struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec FocomProvisioningRequestSpec `json:"spec,omitempty"` + Status FocomProvisioningRequestStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// FocomProvisioningRequestList contains a list of FocomProvisioningRequest +type FocomProvisioningRequestList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []FocomProvisioningRequest `json:"items"` +} + +func init() { + SchemeBuilder.Register(&FocomProvisioningRequest{}, &FocomProvisioningRequestList{}) +} diff --git a/operators/focom-operator/api/focom/v1alpha1/groupversion_info.go b/operators/focom-operator/api/focom/v1alpha1/groupversion_info.go new file mode 100644 index 00000000..b80cb1b0 --- /dev/null +++ b/operators/focom-operator/api/focom/v1alpha1/groupversion_info.go @@ -0,0 +1,36 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1alpha1 contains API Schema definitions for the focom v1alpha1 API group +// +kubebuilder:object:generate=true +// +groupName=focom.nephio.org +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "focom.nephio.org", Version: "v1alpha1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/operators/focom-operator/api/focom/v1alpha1/ocloud_types.go b/operators/focom-operator/api/focom/v1alpha1/ocloud_types.go new file mode 100644 index 00000000..3a5cd6cf --- /dev/null +++ b/operators/focom-operator/api/focom/v1alpha1/ocloud_types.go @@ -0,0 +1,76 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// OCloudSpec defines the desired state of OCloud +type OCloudSpec struct { + // O2imsSecret references a Secret containing endpoint & credentials + // +kubebuilder:validation:Required + O2imsSecret O2imsSecret `json:"o2imsSecret"` +} +type O2imsSecret struct { + // SecretRef points to the Secret with O2IMS credentials + // +kubebuilder:validation:Required + SecretRef SecretRef `json:"secretRef"` +} +type SecretRef struct { + // Name of the Secret + // +kubebuilder:validation:Required + Name string `json:"name"` + + // Namespace of the Secret + // +kubebuilder:validation:Required + Namespace string `json:"namespace"` +} + +// OCloudStatus defines the observed state of OCloud +type OCloudStatus struct { + // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + // Important: Run "make" to regenerate code after modifying this file +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// OCloud is the Schema for the oclouds API +type OCloud struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec OCloudSpec `json:"spec,omitempty"` + Status OCloudStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// OCloudList contains a list of OCloud +type OCloudList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []OCloud `json:"items"` +} + +func init() { + SchemeBuilder.Register(&OCloud{}, &OCloudList{}) +} diff --git a/operators/focom-operator/api/focom/v1alpha1/zz_generated.deepcopy.go b/operators/focom-operator/api/focom/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000..5e10826f --- /dev/null +++ b/operators/focom-operator/api/focom/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,240 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FocomProvisioningRequest) DeepCopyInto(out *FocomProvisioningRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FocomProvisioningRequest. +func (in *FocomProvisioningRequest) DeepCopy() *FocomProvisioningRequest { + if in == nil { + return nil + } + out := new(FocomProvisioningRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *FocomProvisioningRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FocomProvisioningRequestList) DeepCopyInto(out *FocomProvisioningRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]FocomProvisioningRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FocomProvisioningRequestList. +func (in *FocomProvisioningRequestList) DeepCopy() *FocomProvisioningRequestList { + if in == nil { + return nil + } + out := new(FocomProvisioningRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *FocomProvisioningRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FocomProvisioningRequestSpec) DeepCopyInto(out *FocomProvisioningRequestSpec) { + *out = *in + in.TemplateParameters.DeepCopyInto(&out.TemplateParameters) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FocomProvisioningRequestSpec. +func (in *FocomProvisioningRequestSpec) DeepCopy() *FocomProvisioningRequestSpec { + if in == nil { + return nil + } + out := new(FocomProvisioningRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FocomProvisioningRequestStatus) DeepCopyInto(out *FocomProvisioningRequestStatus) { + *out = *in + if in.LastUpdated != nil { + in, out := &in.LastUpdated, &out.LastUpdated + *out = (*in).DeepCopy() + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FocomProvisioningRequestStatus. +func (in *FocomProvisioningRequestStatus) DeepCopy() *FocomProvisioningRequestStatus { + if in == nil { + return nil + } + out := new(FocomProvisioningRequestStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *O2imsSecret) DeepCopyInto(out *O2imsSecret) { + *out = *in + out.SecretRef = in.SecretRef +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new O2imsSecret. +func (in *O2imsSecret) DeepCopy() *O2imsSecret { + if in == nil { + return nil + } + out := new(O2imsSecret) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OCloud) DeepCopyInto(out *OCloud) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OCloud. +func (in *OCloud) DeepCopy() *OCloud { + if in == nil { + return nil + } + out := new(OCloud) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OCloud) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OCloudList) DeepCopyInto(out *OCloudList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]OCloud, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OCloudList. +func (in *OCloudList) DeepCopy() *OCloudList { + if in == nil { + return nil + } + out := new(OCloudList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OCloudList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OCloudSpec) DeepCopyInto(out *OCloudSpec) { + *out = *in + out.O2imsSecret = in.O2imsSecret +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OCloudSpec. +func (in *OCloudSpec) DeepCopy() *OCloudSpec { + if in == nil { + return nil + } + out := new(OCloudSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OCloudStatus) DeepCopyInto(out *OCloudStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OCloudStatus. +func (in *OCloudStatus) DeepCopy() *OCloudStatus { + if in == nil { + return nil + } + out := new(OCloudStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretRef) DeepCopyInto(out *SecretRef) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRef. +func (in *SecretRef) DeepCopy() *SecretRef { + if in == nil { + return nil + } + out := new(SecretRef) + in.DeepCopyInto(out) + return out +} diff --git a/operators/focom-operator/api/provisioning/v1alpha1/groupversion_info.go b/operators/focom-operator/api/provisioning/v1alpha1/groupversion_info.go new file mode 100644 index 00000000..9a345ff8 --- /dev/null +++ b/operators/focom-operator/api/provisioning/v1alpha1/groupversion_info.go @@ -0,0 +1,36 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1alpha1 contains API Schema definitions for the provisioning v1alpha1 API group +// +kubebuilder:object:generate=true +// +groupName=provisioning.oran.org +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "provisioning.oran.org", Version: "v1alpha1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/operators/focom-operator/api/provisioning/v1alpha1/templateinfo_types.go b/operators/focom-operator/api/provisioning/v1alpha1/templateinfo_types.go new file mode 100644 index 00000000..7a02e49c --- /dev/null +++ b/operators/focom-operator/api/provisioning/v1alpha1/templateinfo_types.go @@ -0,0 +1,68 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// TemplateInfoSpec defines the desired state of TemplateInfo +type TemplateInfoSpec struct { + // +kubebuilder:validation:Required + TemplateName string `json:"templateName"` + + // +kubebuilder:validation:Required + TemplateVersion string `json:"templateVersion"` + + // This is a string containing a JSON or YAML-based schema for template parameters + // +kubebuilder:validation:Required + TemplateParameterSchema string `json:"templateParameterSchema"` +} + +// TemplateInfoStatus defines the observed state of TemplateInfo +type TemplateInfoStatus struct { + // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + // Important: Run "make" to regenerate code after modifying this file +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// TemplateInfo is the Schema for the templateinfoes API +type TemplateInfo struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec TemplateInfoSpec `json:"spec,omitempty"` + Status TemplateInfoStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// TemplateInfoList contains a list of TemplateInfo +type TemplateInfoList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []TemplateInfo `json:"items"` +} + +func init() { + SchemeBuilder.Register(&TemplateInfo{}, &TemplateInfoList{}) +} diff --git a/operators/focom-operator/api/provisioning/v1alpha1/zz_generated.deepcopy.go b/operators/focom-operator/api/provisioning/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000..19a01b64 --- /dev/null +++ b/operators/focom-operator/api/provisioning/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,114 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateInfo) DeepCopyInto(out *TemplateInfo) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateInfo. +func (in *TemplateInfo) DeepCopy() *TemplateInfo { + if in == nil { + return nil + } + out := new(TemplateInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TemplateInfo) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateInfoList) DeepCopyInto(out *TemplateInfoList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TemplateInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateInfoList. +func (in *TemplateInfoList) DeepCopy() *TemplateInfoList { + if in == nil { + return nil + } + out := new(TemplateInfoList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TemplateInfoList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateInfoSpec) DeepCopyInto(out *TemplateInfoSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateInfoSpec. +func (in *TemplateInfoSpec) DeepCopy() *TemplateInfoSpec { + if in == nil { + return nil + } + out := new(TemplateInfoSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateInfoStatus) DeepCopyInto(out *TemplateInfoStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateInfoStatus. +func (in *TemplateInfoStatus) DeepCopy() *TemplateInfoStatus { + if in == nil { + return nil + } + out := new(TemplateInfoStatus) + in.DeepCopyInto(out) + return out +} diff --git a/operators/focom-operator/cmd/main.go b/operators/focom-operator/cmd/main.go new file mode 100644 index 00000000..e7513f35 --- /dev/null +++ b/operators/focom-operator/cmd/main.go @@ -0,0 +1,173 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "crypto/tls" + "flag" + focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" + "os" + + // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) + // to ensure that exec-entrypoint and run can make use of them. + _ "k8s.io/client-go/plugin/pkg/client/auth" + + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/healthz" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + "sigs.k8s.io/controller-runtime/pkg/metrics/filters" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + "sigs.k8s.io/controller-runtime/pkg/webhook" + + provisioningv1alpha1 "github.com/dekstroza/focom-operator/api/provisioning/v1alpha1" + "github.com/dekstroza/focom-operator/internal/controller" + // +kubebuilder:scaffold:imports +) + +var ( + scheme = runtime.NewScheme() + setupLog = ctrl.Log.WithName("setup") +) + +func init() { + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + + utilruntime.Must(focomv1alpha1.AddToScheme(scheme)) + utilruntime.Must(provisioningv1alpha1.AddToScheme(scheme)) + // +kubebuilder:scaffold:scheme +} + +func main() { + var metricsAddr string + var enableLeaderElection bool + var probeAddr string + var secureMetrics bool + var enableHTTP2 bool + var tlsOpts []func(*tls.Config) + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metrics endpoint binds to. "+ + "Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.") + flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + flag.BoolVar(&enableLeaderElection, "leader-elect", false, + "Enable leader election for controller manager. "+ + "Enabling this will ensure there is only one active controller manager.") + flag.BoolVar(&secureMetrics, "metrics-secure", true, + "If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.") + flag.BoolVar(&enableHTTP2, "enable-http2", false, + "If set, HTTP/2 will be enabled for the metrics and webhook servers") + opts := zap.Options{ + Development: true, + } + opts.BindFlags(flag.CommandLine) + flag.Parse() + + ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) + + // if the enable-http2 flag is false (the default), http/2 should be disabled + // due to its vulnerabilities. More specifically, disabling http/2 will + // prevent from being vulnerable to the HTTP/2 Stream Cancellation and + // Rapid Reset CVEs. For more information see: + // - https://github.com/advisories/GHSA-qppj-fm5r-hxr3 + // - https://github.com/advisories/GHSA-4374-p667-p6c8 + disableHTTP2 := func(c *tls.Config) { + setupLog.Info("disabling http/2") + c.NextProtos = []string{"http/1.1"} + } + + if !enableHTTP2 { + tlsOpts = append(tlsOpts, disableHTTP2) + } + + webhookServer := webhook.NewServer(webhook.Options{ + TLSOpts: tlsOpts, + }) + + // Metrics endpoint is enabled in 'config/default/kustomization.yaml'. The Metrics options configure the server. + // More info: + // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.0/pkg/metrics/server + // - https://book.kubebuilder.io/reference/metrics.html + metricsServerOptions := metricsserver.Options{ + BindAddress: metricsAddr, + SecureServing: secureMetrics, + // TODO(user): TLSOpts is used to allow configuring the TLS config used for the server. If certificates are + // not provided, self-signed certificates will be generated by default. This option is not recommended for + // production environments as self-signed certificates do not offer the same level of trust and security + // as certificates issued by a trusted Certificate Authority (CA). The primary risk is potentially allowing + // unauthorized access to sensitive metrics data. Consider replacing with CertDir, CertName, and KeyName + // to provide certificates, ensuring the server communicates using trusted and secure certificates. + TLSOpts: tlsOpts, + } + + if secureMetrics { + // FilterProvider is used to protect the metrics endpoint with authn/authz. + // These configurations ensure that only authorized users and service accounts + // can access the metrics endpoint. The RBAC are configured in 'config/rbac/kustomization.yaml'. More info: + // https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.0/pkg/metrics/filters#WithAuthenticationAndAuthorization + metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization + } + + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + Scheme: scheme, + Metrics: metricsServerOptions, + WebhookServer: webhookServer, + HealthProbeBindAddress: probeAddr, + LeaderElection: enableLeaderElection, + LeaderElectionID: "7ad7da43.nephio.org", + // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily + // when the Manager ends. This requires the binary to immediately end when the + // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly + // speeds up voluntary leader transitions as the new leader don't have to wait + // LeaseDuration time first. + // + // In the default scaffold provided, the program ends immediately after + // the manager stops, so would be fine to enable this option. However, + // if you are doing or is intended to do any operation such as perform cleanups + // after the manager stops then its usage might be unsafe. + // LeaderElectionReleaseOnCancel: true, + }) + if err != nil { + setupLog.Error(err, "unable to start manager") + os.Exit(1) + } + + if err = (&controller.FocomProvisioningRequestReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "FocomProvisioningRequest") + os.Exit(1) + } + + // +kubebuilder:scaffold:builder + + if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { + setupLog.Error(err, "unable to set up health check") + os.Exit(1) + } + if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { + setupLog.Error(err, "unable to set up ready check") + os.Exit(1) + } + + setupLog.Info("starting manager") + if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { + setupLog.Error(err, "problem running manager") + os.Exit(1) + } +} diff --git a/operators/focom-operator/config/crd/bases/_.yaml b/operators/focom-operator/config/crd/bases/_.yaml new file mode 100644 index 00000000..6da060af --- /dev/null +++ b/operators/focom-operator/config/crd/bases/_.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 +spec: + group: "" + names: + kind: "" + plural: "" + scope: "" + versions: null diff --git a/operators/focom-operator/config/crd/bases/focom.nephio.org_focomprovisioningrequests.yaml b/operators/focom-operator/config/crd/bases/focom.nephio.org_focomprovisioningrequests.yaml new file mode 100644 index 00000000..8a973efc --- /dev/null +++ b/operators/focom-operator/config/crd/bases/focom.nephio.org_focomprovisioningrequests.yaml @@ -0,0 +1,85 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: focomprovisioningrequests.focom.nephio.org +spec: + group: focom.nephio.org + names: + kind: FocomProvisioningRequest + listKind: FocomProvisioningRequestList + plural: focomprovisioningrequests + singular: focomprovisioningrequest + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FocomProvisioningRequest is the Schema for the focomprovisioningrequests + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FocomProvisioningRequestSpec defines the desired state of + FocomProvisioningRequest + properties: + description: + type: string + name: + type: string + oCloudId: + type: string + oCloudNamespace: + type: string + templateName: + type: string + templateParameters: + type: object + x-kubernetes-preserve-unknown-fields: true + templateVersion: + type: string + required: + - oCloudId + - oCloudNamespace + - templateName + - templateParameters + - templateVersion + type: object + status: + description: FocomProvisioningRequestStatus defines the observed state + of FocomProvisioningRequest + properties: + lastUpdated: + format: date-time + type: string + message: + type: string + phase: + type: string + remoteName: + description: The name of the remote resource in the target cluster + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/focom-operator/config/crd/bases/focom.nephio.org_oclouds.yaml b/operators/focom-operator/config/crd/bases/focom.nephio.org_oclouds.yaml new file mode 100644 index 00000000..cd56fd18 --- /dev/null +++ b/operators/focom-operator/config/crd/bases/focom.nephio.org_oclouds.yaml @@ -0,0 +1,72 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: oclouds.focom.nephio.org +spec: + group: focom.nephio.org + names: + kind: OCloud + listKind: OCloudList + plural: oclouds + singular: ocloud + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OCloud is the Schema for the oclouds API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OCloudSpec defines the desired state of OCloud + properties: + o2imsSecret: + description: O2imsSecret references a Secret containing endpoint & + credentials + properties: + secretRef: + description: SecretRef points to the Secret with O2IMS credentials + properties: + name: + description: Name of the Secret + type: string + namespace: + description: Namespace of the Secret + type: string + required: + - name + - namespace + type: object + required: + - secretRef + type: object + required: + - o2imsSecret + type: object + status: + description: OCloudStatus defines the observed state of OCloud + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/focom-operator/config/crd/bases/provisioning.oran.org_templateinfoes.yaml b/operators/focom-operator/config/crd/bases/provisioning.oran.org_templateinfoes.yaml new file mode 100644 index 00000000..2b097c58 --- /dev/null +++ b/operators/focom-operator/config/crd/bases/provisioning.oran.org_templateinfoes.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: templateinfoes.provisioning.oran.org +spec: + group: provisioning.oran.org + names: + kind: TemplateInfo + listKind: TemplateInfoList + plural: templateinfoes + singular: templateinfo + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: TemplateInfo is the Schema for the templateinfoes API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TemplateInfoSpec defines the desired state of TemplateInfo + properties: + templateName: + type: string + templateParameterSchema: + description: This is a string containing a JSON or YAML-based schema + for template parameters + type: string + templateVersion: + type: string + required: + - templateName + - templateParameterSchema + - templateVersion + type: object + status: + description: TemplateInfoStatus defines the observed state of TemplateInfo + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/focom-operator/config/crd/kustomization.yaml b/operators/focom-operator/config/crd/kustomization.yaml new file mode 100644 index 00000000..e150777f --- /dev/null +++ b/operators/focom-operator/config/crd/kustomization.yaml @@ -0,0 +1,26 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: +- bases/focom.nephio.org_oclouds.yaml +- bases/focom.nephio.org_focomprovisioningrequests.yaml +- bases/provisioning.oran.org_templateinfoes.yaml +# +kubebuilder:scaffold:crdkustomizeresource + +patches: +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. +# patches here are for enabling the conversion webhook for each CRD +# +kubebuilder:scaffold:crdkustomizewebhookpatch + +# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. +# patches here are for enabling the CA injection for each CRD +#- path: patches/cainjection_in_oclouds.yaml +#- path: patches/cainjection_in_focomprovisioningrequests.yaml +#- path: patches/cainjection_in_provisioning_templateinfoes.yaml +# +kubebuilder:scaffold:crdkustomizecainjectionpatch + +# [WEBHOOK] To enable webhook, uncomment the following section +# the following config is for teaching kustomize how to do kustomization for CRDs. + +#configurations: +#- kustomizeconfig.yaml diff --git a/operators/focom-operator/config/crd/kustomizeconfig.yaml b/operators/focom-operator/config/crd/kustomizeconfig.yaml new file mode 100644 index 00000000..ec5c150a --- /dev/null +++ b/operators/focom-operator/config/crd/kustomizeconfig.yaml @@ -0,0 +1,19 @@ +# This file is for teaching kustomize how to substitute name and namespace reference in CRD +nameReference: +- kind: Service + version: v1 + fieldSpecs: + - kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/name + +namespace: +- kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/namespace + create: false + +varReference: +- path: metadata/annotations diff --git a/operators/focom-operator/config/default/kustomization.yaml b/operators/focom-operator/config/default/kustomization.yaml new file mode 100644 index 00000000..95310bef --- /dev/null +++ b/operators/focom-operator/config/default/kustomization.yaml @@ -0,0 +1,151 @@ +# Adds namespace to all resources. +namespace: focom-operator-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: focom-operator- + +# Labels to add to all resources and selectors. +#labels: +#- includeSelectors: true +# pairs: +# someName: someValue + +resources: +- ../crd +- ../rbac +- ../manager +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +#- ../webhook +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. +#- ../certmanager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus +# [METRICS] Expose the controller manager metrics service. +- metrics_service.yaml +# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy. +# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics. +# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will +# be able to communicate with the Webhook Server. +#- ../network-policy + +# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager +patches: +# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443. +# More info: https://book.kubebuilder.io/reference/metrics +- path: manager_metrics_patch.yaml + target: + kind: Deployment + +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +#- path: manager_webhook_patch.yaml + +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. +# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. +# 'CERTMANAGER' needs to be enabled to use ca injection +#- path: webhookcainjection_patch.yaml + +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. +# Uncomment the following replacements to add the cert-manager CA injection annotations +#replacements: +# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldPath: .metadata.namespace # namespace of the certificate CR +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - select: +# kind: CustomResourceDefinition +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - source: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldPath: .metadata.name +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - select: +# kind: CustomResourceDefinition +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - source: # Add cert-manager annotation to the webhook Service +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.name # namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 0 +# create: true +# - source: +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.namespace # namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 1 +# create: true diff --git a/operators/focom-operator/config/default/manager_metrics_patch.yaml b/operators/focom-operator/config/default/manager_metrics_patch.yaml new file mode 100644 index 00000000..2aaef653 --- /dev/null +++ b/operators/focom-operator/config/default/manager_metrics_patch.yaml @@ -0,0 +1,4 @@ +# This patch adds the args to allow exposing the metrics endpoint using HTTPS +- op: add + path: /spec/template/spec/containers/0/args/0 + value: --metrics-bind-address=:8443 diff --git a/operators/focom-operator/config/default/metrics_service.yaml b/operators/focom-operator/config/default/metrics_service.yaml new file mode 100644 index 00000000..aa318b3a --- /dev/null +++ b/operators/focom-operator/config/default/metrics_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + control-plane: controller-manager diff --git a/operators/focom-operator/config/manager/kustomization.yaml b/operators/focom-operator/config/manager/kustomization.yaml new file mode 100644 index 00000000..56423f1c --- /dev/null +++ b/operators/focom-operator/config/manager/kustomization.yaml @@ -0,0 +1,8 @@ +resources: +- manager.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: controller + newName: your-docker-repository/focom-operator-poc + newTag: 2.0.0 diff --git a/operators/focom-operator/config/manager/manager.yaml b/operators/focom-operator/config/manager/manager.yaml new file mode 100644 index 00000000..84765cb0 --- /dev/null +++ b/operators/focom-operator/config/manager/manager.yaml @@ -0,0 +1,95 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + # TODO(user): Uncomment the following code to configure the nodeAffinity expression + # according to the platforms which are supported by your solution. + # It is considered best practice to support multiple architectures. You can + # build your manager image using the makefile target docker-buildx. + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # - arm64 + # - ppc64le + # - s390x + # - key: kubernetes.io/os + # operator: In + # values: + # - linux + securityContext: + runAsNonRoot: true + # TODO(user): For common cases that do not require escalating privileges + # it is recommended to ensure that all your Pods/Containers are restrictive. + # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted + # Please uncomment the following code if your project does NOT have to work on old Kubernetes + # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). + # seccompProfile: + # type: RuntimeDefault + containers: + - command: + - /manager + args: + - --leader-elect + - --health-probe-bind-address=:8081 + image: controller:latest + name: manager + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 diff --git a/operators/focom-operator/config/manifests/kustomization.yaml b/operators/focom-operator/config/manifests/kustomization.yaml new file mode 100644 index 00000000..8aaa20a8 --- /dev/null +++ b/operators/focom-operator/config/manifests/kustomization.yaml @@ -0,0 +1,28 @@ +# These resources constitute the fully configured set of manifests +# used to generate the 'manifests/' directory in a bundle. +resources: +- bases/focom-operator.clusterserviceversion.yaml +- ../default +- ../samples +- ../scorecard + +# [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. +# Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. +# These patches remove the unnecessary "cert" volume and its manager container volumeMount. +#patches: +#- target: +# group: apps +# version: v1 +# kind: Deployment +# name: controller-manager +# namespace: system +# patch: |- +# # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. +# # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. +# - op: remove + +# path: /spec/template/spec/containers/0/volumeMounts/0 +# # Remove the "cert" volume, since OLM will create and mount a set of certs. +# # Update the indices in this path if adding or removing volumes in the manager's Deployment. +# - op: remove +# path: /spec/template/spec/volumes/0 diff --git a/operators/focom-operator/config/network-policy/allow-metrics-traffic.yaml b/operators/focom-operator/config/network-policy/allow-metrics-traffic.yaml new file mode 100644 index 00000000..1865da0a --- /dev/null +++ b/operators/focom-operator/config/network-policy/allow-metrics-traffic.yaml @@ -0,0 +1,26 @@ +# This NetworkPolicy allows ingress traffic +# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those +# namespaces are able to gathering data from the metrics endpoint. +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: allow-metrics-traffic + namespace: system +spec: + podSelector: + matchLabels: + control-plane: controller-manager + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label metrics: enabled + - from: + - namespaceSelector: + matchLabels: + metrics: enabled # Only from namespaces with this label + ports: + - port: 8443 + protocol: TCP diff --git a/operators/focom-operator/config/network-policy/kustomization.yaml b/operators/focom-operator/config/network-policy/kustomization.yaml new file mode 100644 index 00000000..ec0fb5e5 --- /dev/null +++ b/operators/focom-operator/config/network-policy/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- allow-metrics-traffic.yaml diff --git a/operators/focom-operator/config/prometheus/kustomization.yaml b/operators/focom-operator/config/prometheus/kustomization.yaml new file mode 100644 index 00000000..ed137168 --- /dev/null +++ b/operators/focom-operator/config/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/operators/focom-operator/config/prometheus/monitor.yaml b/operators/focom-operator/config/prometheus/monitor.yaml new file mode 100644 index 00000000..df139518 --- /dev/null +++ b/operators/focom-operator/config/prometheus/monitor.yaml @@ -0,0 +1,30 @@ +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https # Ensure this is the name of the port that exposes HTTPS metrics + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables + # certificate verification. This poses a significant security risk by making the system vulnerable to + # man-in-the-middle attacks, where an attacker could intercept and manipulate the communication between + # Prometheus and the monitored services. This could lead to unauthorized access to sensitive metrics data, + # compromising the integrity and confidentiality of the information. + # Please use the following options for secure configurations: + # caFile: /etc/metrics-certs/ca.crt + # certFile: /etc/metrics-certs/tls.crt + # keyFile: /etc/metrics-certs/tls.key + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager diff --git a/operators/focom-operator/config/rbac/focomprovisioningrequest_editor_role.yaml b/operators/focom-operator/config/rbac/focomprovisioningrequest_editor_role.yaml new file mode 100644 index 00000000..475942ae --- /dev/null +++ b/operators/focom-operator/config/rbac/focomprovisioningrequest_editor_role.yaml @@ -0,0 +1,27 @@ +# permissions for end users to edit focomprovisioningrequests. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: focomprovisioningrequest-editor-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/status + verbs: + - get diff --git a/operators/focom-operator/config/rbac/focomprovisioningrequest_viewer_role.yaml b/operators/focom-operator/config/rbac/focomprovisioningrequest_viewer_role.yaml new file mode 100644 index 00000000..223cd0ee --- /dev/null +++ b/operators/focom-operator/config/rbac/focomprovisioningrequest_viewer_role.yaml @@ -0,0 +1,23 @@ +# permissions for end users to view focomprovisioningrequests. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: focomprovisioningrequest-viewer-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests + verbs: + - get + - list + - watch +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/status + verbs: + - get diff --git a/operators/focom-operator/config/rbac/kustomization.yaml b/operators/focom-operator/config/rbac/kustomization.yaml new file mode 100644 index 00000000..dfb39c47 --- /dev/null +++ b/operators/focom-operator/config/rbac/kustomization.yaml @@ -0,0 +1,31 @@ +resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- service_account.yaml +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# The following RBAC configurations are used to protect +# the metrics endpoint with authn/authz. These configurations +# ensure that only authorized users and service accounts +# can access the metrics endpoint. Comment the following +# permissions if you want to disable this protection. +# More info: https://book.kubebuilder.io/reference/metrics.html +- metrics_auth_role.yaml +- metrics_auth_role_binding.yaml +- metrics_reader_role.yaml +# For each CRD, "Editor" and "Viewer" roles are scaffolded by +# default, aiding admins in cluster management. Those roles are +# not used by the Project itself. You can comment the following lines +# if you do not want those helpers be installed with your Project. +- provisioning_templateinfo_editor_role.yaml +- provisioning_templateinfo_viewer_role.yaml +- focomprovisioningrequest_editor_role.yaml +- focomprovisioningrequest_viewer_role.yaml +- ocloud_editor_role.yaml +- ocloud_viewer_role.yaml + diff --git a/operators/focom-operator/config/rbac/leader_election_role.yaml b/operators/focom-operator/config/rbac/leader_election_role.yaml new file mode 100644 index 00000000..73d79388 --- /dev/null +++ b/operators/focom-operator/config/rbac/leader_election_role.yaml @@ -0,0 +1,40 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/operators/focom-operator/config/rbac/leader_election_role_binding.yaml b/operators/focom-operator/config/rbac/leader_election_role_binding.yaml new file mode 100644 index 00000000..8a8138bf --- /dev/null +++ b/operators/focom-operator/config/rbac/leader_election_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/operators/focom-operator/config/rbac/metrics_auth_role.yaml b/operators/focom-operator/config/rbac/metrics_auth_role.yaml new file mode 100644 index 00000000..32d2e4ec --- /dev/null +++ b/operators/focom-operator/config/rbac/metrics_auth_role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/operators/focom-operator/config/rbac/metrics_auth_role_binding.yaml b/operators/focom-operator/config/rbac/metrics_auth_role_binding.yaml new file mode 100644 index 00000000..e775d67f --- /dev/null +++ b/operators/focom-operator/config/rbac/metrics_auth_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metrics-auth-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/operators/focom-operator/config/rbac/metrics_reader_role.yaml b/operators/focom-operator/config/rbac/metrics_reader_role.yaml new file mode 100644 index 00000000..51a75db4 --- /dev/null +++ b/operators/focom-operator/config/rbac/metrics_reader_role.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/operators/focom-operator/config/rbac/ocloud_editor_role.yaml b/operators/focom-operator/config/rbac/ocloud_editor_role.yaml new file mode 100644 index 00000000..ad5a5dd7 --- /dev/null +++ b/operators/focom-operator/config/rbac/ocloud_editor_role.yaml @@ -0,0 +1,27 @@ +# permissions for end users to edit oclouds. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: ocloud-editor-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - oclouds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - focom.nephio.org + resources: + - oclouds/status + verbs: + - get diff --git a/operators/focom-operator/config/rbac/ocloud_viewer_role.yaml b/operators/focom-operator/config/rbac/ocloud_viewer_role.yaml new file mode 100644 index 00000000..c1c4afc5 --- /dev/null +++ b/operators/focom-operator/config/rbac/ocloud_viewer_role.yaml @@ -0,0 +1,23 @@ +# permissions for end users to view oclouds. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: ocloud-viewer-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - oclouds + verbs: + - get + - list + - watch +- apiGroups: + - focom.nephio.org + resources: + - oclouds/status + verbs: + - get diff --git a/operators/focom-operator/config/rbac/provisioning_templateinfo_editor_role.yaml b/operators/focom-operator/config/rbac/provisioning_templateinfo_editor_role.yaml new file mode 100644 index 00000000..c9fd3380 --- /dev/null +++ b/operators/focom-operator/config/rbac/provisioning_templateinfo_editor_role.yaml @@ -0,0 +1,27 @@ +# permissions for end users to edit templateinfoes. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: provisioning-templateinfo-editor-role +rules: +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes/status + verbs: + - get diff --git a/operators/focom-operator/config/rbac/provisioning_templateinfo_viewer_role.yaml b/operators/focom-operator/config/rbac/provisioning_templateinfo_viewer_role.yaml new file mode 100644 index 00000000..9d00cdaf --- /dev/null +++ b/operators/focom-operator/config/rbac/provisioning_templateinfo_viewer_role.yaml @@ -0,0 +1,23 @@ +# permissions for end users to view templateinfoes. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: provisioning-templateinfo-viewer-role +rules: +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes + verbs: + - get + - list + - watch +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes/status + verbs: + - get diff --git a/operators/focom-operator/config/rbac/role.yaml b/operators/focom-operator/config/rbac/role.yaml new file mode 100644 index 00000000..e2868b7d --- /dev/null +++ b/operators/focom-operator/config/rbac/role.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/finalizers + verbs: + - update +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/status + verbs: + - get + - patch + - update +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/operators/focom-operator/config/rbac/role_binding.yaml b/operators/focom-operator/config/rbac/role_binding.yaml new file mode 100644 index 00000000..19af23bb --- /dev/null +++ b/operators/focom-operator/config/rbac/role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/operators/focom-operator/config/rbac/service_account.yaml b/operators/focom-operator/config/rbac/service_account.yaml new file mode 100644 index 00000000..7d202120 --- /dev/null +++ b/operators/focom-operator/config/rbac/service_account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: controller-manager + namespace: system diff --git a/operators/focom-operator/config/samples/focom_v1alpha1_focomprovisioningrequest.yaml b/operators/focom-operator/config/samples/focom_v1alpha1_focomprovisioningrequest.yaml new file mode 100644 index 00000000..604a8e3a --- /dev/null +++ b/operators/focom-operator/config/samples/focom_v1alpha1_focomprovisioningrequest.yaml @@ -0,0 +1,9 @@ +apiVersion: focom.nephio.org/v1alpha1 +kind: FocomProvisioningRequest +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: focomprovisioningrequest-sample +spec: + # TODO(user): Add fields here diff --git a/operators/focom-operator/config/samples/focom_v1alpha1_ocloud.yaml b/operators/focom-operator/config/samples/focom_v1alpha1_ocloud.yaml new file mode 100644 index 00000000..1251402a --- /dev/null +++ b/operators/focom-operator/config/samples/focom_v1alpha1_ocloud.yaml @@ -0,0 +1,9 @@ +apiVersion: focom.nephio.org/v1alpha1 +kind: OCloud +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: ocloud-sample +spec: + # TODO(user): Add fields here diff --git a/operators/focom-operator/config/samples/kustomization.yaml b/operators/focom-operator/config/samples/kustomization.yaml new file mode 100644 index 00000000..d96ee504 --- /dev/null +++ b/operators/focom-operator/config/samples/kustomization.yaml @@ -0,0 +1,6 @@ +## Append samples of your project ## +resources: +- focom_v1alpha1_ocloud.yaml +- focom_v1alpha1_focomprovisioningrequest.yaml +- provisioning_v1alpha1_templateinfo.yaml +# +kubebuilder:scaffold:manifestskustomizesamples diff --git a/operators/focom-operator/config/samples/provisioning_v1alpha1_templateinfo.yaml b/operators/focom-operator/config/samples/provisioning_v1alpha1_templateinfo.yaml new file mode 100644 index 00000000..d4e24c61 --- /dev/null +++ b/operators/focom-operator/config/samples/provisioning_v1alpha1_templateinfo.yaml @@ -0,0 +1,9 @@ +apiVersion: provisioning.nephio.org/v1alpha1 +kind: TemplateInfo +metadata: + labels: + app.kubernetes.io/name: focom-operator + app.kubernetes.io/managed-by: kustomize + name: templateinfo-sample +spec: + # TODO(user): Add fields here diff --git a/operators/focom-operator/config/scorecard/bases/config.yaml b/operators/focom-operator/config/scorecard/bases/config.yaml new file mode 100644 index 00000000..c7704784 --- /dev/null +++ b/operators/focom-operator/config/scorecard/bases/config.yaml @@ -0,0 +1,7 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: [] diff --git a/operators/focom-operator/config/scorecard/kustomization.yaml b/operators/focom-operator/config/scorecard/kustomization.yaml new file mode 100644 index 00000000..54e8aa50 --- /dev/null +++ b/operators/focom-operator/config/scorecard/kustomization.yaml @@ -0,0 +1,18 @@ +resources: +- bases/config.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + kind: Configuration + name: config + version: v1alpha3 +- path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + kind: Configuration + name: config + version: v1alpha3 +# +kubebuilder:scaffold:patches diff --git a/operators/focom-operator/config/scorecard/patches/basic.config.yaml b/operators/focom-operator/config/scorecard/patches/basic.config.yaml new file mode 100644 index 00000000..b9ec7c6c --- /dev/null +++ b/operators/focom-operator/config/scorecard/patches/basic.config.yaml @@ -0,0 +1,10 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.39.1 + labels: + suite: basic + test: basic-check-spec-test diff --git a/operators/focom-operator/config/scorecard/patches/olm.config.yaml b/operators/focom-operator/config/scorecard/patches/olm.config.yaml new file mode 100644 index 00000000..25d83f98 --- /dev/null +++ b/operators/focom-operator/config/scorecard/patches/olm.config.yaml @@ -0,0 +1,50 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.39.1 + labels: + suite: olm + test: olm-bundle-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.39.1 + labels: + suite: olm + test: olm-crds-have-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.39.1 + labels: + suite: olm + test: olm-crds-have-resources-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.39.1 + labels: + suite: olm + test: olm-spec-descriptors-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.39.1 + labels: + suite: olm + test: olm-status-descriptors-test diff --git a/operators/focom-operator/go.sum b/operators/focom-operator/go.sum new file mode 100644 index 00000000..425b2298 --- /dev/null +++ b/operators/focom-operator/go.sum @@ -0,0 +1,247 @@ +cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo= +cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= +github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= +github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= +github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA= +github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/evanphx/json-patch v0.5.2 h1:xVCHIVMUu1wtM/VkR9jVZ45N3FhZfYMMYGorLCR8P3k= +github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= +github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= +github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/cel-go v0.22.0 h1:b3FJZxpiv1vTMo2/5RDUqAHPxkT8mmMfJIrq1llbf7g= +github.com/google/cel-go v0.22.0/go.mod h1:BuznPXXfQDpXKWQ9sPW3TzlAJN5zzFe+i9tIs0yC4s8= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= +github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= +github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= +github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= +gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7 h1:YcyjlL1PRr2Q17/I0dPk2JmYS5CDXfcdb2Z3YRioEbw= +google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 h1:2035KHhUv+EpyB+hWgJnaWKJOdX1E95w2S8Rr4uWKTs= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= +google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= +google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= +google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= +k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= +k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= +k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw= +k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= +k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/apiserver v0.32.0 h1:VJ89ZvQZ8p1sLeiWdRJpRD6oLozNZD2+qVSLi+ft5Qs= +k8s.io/apiserver v0.32.0/go.mod h1:HFh+dM1/BE/Hm4bS4nTXHVfN6Z6tFIZPi649n83b4Ag= +k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8= +k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8= +k8s.io/component-base v0.32.0 h1:d6cWHZkCiiep41ObYQS6IcgzOUQUNpywm39KVYaUqzU= +k8s.io/component-base v0.32.0/go.mod h1:JLG2W5TUxUu5uDyKiH2R/7NnxJo1HlPoRIIbVLkK5eM= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 h1:CPT0ExVicCzcpeN4baWEV2ko2Z/AsiZgEdwgcfwLgMo= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= +sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE= +sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/operators/focom-operator/hack/boilerplate.go.txt b/operators/focom-operator/hack/boilerplate.go.txt new file mode 100644 index 00000000..221dcbe0 --- /dev/null +++ b/operators/focom-operator/hack/boilerplate.go.txt @@ -0,0 +1,15 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ \ No newline at end of file diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go new file mode 100644 index 00000000..c0f98d1b --- /dev/null +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go @@ -0,0 +1,195 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + "fmt" + focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" + "github.com/go-logr/logr" + k8serrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "time" + + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/log" +) + +// FocomProvisioningRequestReconciler reconciles a FocomProvisioningRequest object +type FocomProvisioningRequestReconciler struct { + client.Client + Scheme *runtime.Scheme +} + +// Finalizer used for deleting remote CR +const focomFinalizer = "focom.nephio.org/finalizer" + +// +kubebuilder:rbac:groups=focom.nephio.org,resources=focomprovisioningrequests,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=provisioning.oran.org,resources=templateinfoes,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=focom.nephio.org,resources=focomprovisioningrequests/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=focom.nephio.org,resources=focomprovisioningrequests/finalizers,verbs=update + +// Reconcile is part of the main kubernetes reconciliation loop which aims to +// move the current state of the cluster closer to the desired state. +// For more details, check Reconcile and its Result here: +// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.0/pkg/reconcile +func (r *FocomProvisioningRequestReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + logger := log.FromContext(ctx).WithValues("FocomProvisioningRequest", req.NamespacedName) + + // 1. Fetch the local CR + var fpr focomv1alpha1.FocomProvisioningRequest + if err := r.Get(ctx, req.NamespacedName, &fpr); err != nil { + if k8serrors.IsNotFound(err) { + // CR was deleted before we got here + return ctrl.Result{}, nil + } + return ctrl.Result{}, err + } + + // 2. Check if being deleted + if !fpr.ObjectMeta.DeletionTimestamp.IsZero() { + return r.handleDeletion(ctx, &fpr, logger) + } + + // 3. Ensure finalizer + if requeue, err := r.ensureFinalizer(ctx, &fpr); err != nil { + return ctrl.Result{}, err + } else if requeue { + // we updated the CR (added finalizer), requeue + return ctrl.Result{Requeue: true}, nil + } + + // 4. Validate CR + if err := r.validateTemplateAlignment(ctx, &fpr); err != nil { + logger.Error(err, "Template alignment check failed") + r.updateStatus(&fpr, "failed", err.Error()) + _ = r.Status().Update(ctx, &fpr) + return ctrl.Result{}, nil + } + + // 5. Build remote client from OCloud + remoteCl, err := r.buildRemoteClient(ctx, &fpr) + if err != nil { + logger.Error(err, "Failed to build remote cluster client") + r.updateStatus(&fpr, "failed", err.Error()) + _ = r.Status().Update(ctx, &fpr) + return ctrl.Result{}, nil + } + + // 6. Ensure remote resource + requeueAfter, err := r.ensureRemoteResource(ctx, remoteCl, &fpr, logger) + if err != nil { + // We already set status inside ensureRemoteResource + return ctrl.Result{}, nil + } + return ctrl.Result{RequeueAfter: requeueAfter}, nil +} + +// If the CR is being deleted, handle finalizer cleanup +func (r *FocomProvisioningRequestReconciler) handleDeletion( + ctx context.Context, + fpr *focomv1alpha1.FocomProvisioningRequest, + logger logr.Logger, +) (ctrl.Result, error) { + + if controllerutil.ContainsFinalizer(fpr, focomFinalizer) { + // Attempt to delete remote + if err := r.deleteRemoteResource(ctx, fpr); err != nil { + logger.Error(err, "Failed to delete remote ProvisioningRequest, will requeue") + return ctrl.Result{RequeueAfter: 15 * time.Second}, nil + } + // remove finalizer + controllerutil.RemoveFinalizer(fpr, focomFinalizer) + if err := r.Update(ctx, fpr); err != nil { + return ctrl.Result{}, err + } + } + // done + return ctrl.Result{}, nil +} + +// ensureFinalizer checks/sets the finalizer. Returns (requeueNeeded, error). +func (r *FocomProvisioningRequestReconciler) ensureFinalizer( + ctx context.Context, + fpr *focomv1alpha1.FocomProvisioningRequest, +) (bool, error) { + if !controllerutil.ContainsFinalizer(fpr, focomFinalizer) { + controllerutil.AddFinalizer(fpr, focomFinalizer) + if err := r.Update(ctx, fpr); err != nil { + return false, err + } + return true, nil // we updated the CR, so we should requeue + } + return false, nil // no update needed +} + +func (r *FocomProvisioningRequestReconciler) ensureRemoteResource( + ctx context.Context, + remoteCl client.Client, + fpr *focomv1alpha1.FocomProvisioningRequest, + logger logr.Logger, +) (time.Duration, error) { + + // If no remote resource name, create it + if fpr.Status.RemoteName == "" { + remoteName, err := r.createRemoteProvisioningRequest(ctx, remoteCl, fpr) + if err != nil { + logger.Error(err, "Failed to create remote ProvisioningRequest") + r.updateStatus(fpr, "failed", err.Error()) + _ = r.Status().Update(ctx, fpr) + return 0, err + } + fpr.Status.RemoteName = remoteName + r.updateStatus(fpr, "provisioning", "Remote CR created, waiting for fulfillment") + if uerr := r.Status().Update(ctx, fpr); uerr != nil { + return 0, uerr + } + // requeue to poll + return 20 * time.Second, nil + } + + // Else poll + done, phase, msg, err := r.pollRemoteProvisioningRequest(ctx, remoteCl, fpr) + if err != nil { + logger.Error(err, "Failed to poll remote ProvisioningRequest") + r.updateStatus(fpr, "failed", fmt.Sprintf("poll error: %v", err)) + _ = r.Status().Update(ctx, fpr) + // requeue to keep trying + return 30 * time.Second, err + } + + // Update local status + r.updateStatus(fpr, phase, msg) + if uerr := r.Status().Update(ctx, fpr); uerr != nil { + return 0, uerr + } + + if done { + // no further requeues needed + return 0, nil + } + return 30 * time.Second, nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *FocomProvisioningRequestReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&focomv1alpha1.FocomProvisioningRequest{}). + Complete(r) +} diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go new file mode 100644 index 00000000..2f6a23a8 --- /dev/null +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go @@ -0,0 +1,158 @@ +package controller + +import ( + "context" + "encoding/json" + "fmt" + + focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" + k8serrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/uuid" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +/*********************************************** + HELPER METHODS +***********************************************/ + +func (r *FocomProvisioningRequestReconciler) updateStatus( + f *focomv1alpha1.FocomProvisioningRequest, + phase, msg string, +) { + f.Status.Phase = phase + f.Status.Message = msg + now := metav1.Now() + f.Status.LastUpdated = &now +} + +/********** DELETE REMOTE (UNSTRUCTURED) ***********/ +func (r *FocomProvisioningRequestReconciler) deleteRemoteResource( + ctx context.Context, + fpr *focomv1alpha1.FocomProvisioningRequest, +) error { + if fpr.Status.RemoteName == "" { + return nil + } + + remoteCl, err := r.buildRemoteClient(ctx, fpr) + if err != nil { + return fmt.Errorf("buildRemoteClient error: %w", err) + } + + remoteObj := &unstructured.Unstructured{} + remoteObj.SetAPIVersion("o2ims.provisioning.oran.org/v1alpha1") + remoteObj.SetKind("ProvisioningRequest") + remoteObj.SetName(fpr.Status.RemoteName) + + if err := remoteCl.Delete(ctx, remoteObj); err != nil { + if k8serrors.IsNotFound(err) { + return nil + } + return fmt.Errorf("delete remote CR: %w", err) + } + return nil +} + +/********** DECODE templateParameters ***********/ + +// decodeRawParameters converts the raw JSON in fpr.Spec.TemplateParameters to map[string]interface{}. +// If empty, returns empty map. +func decodeRawParameters(raw runtime.RawExtension) (map[string]interface{}, error) { + if len(raw.Raw) == 0 { + return map[string]interface{}{}, nil + } + var out map[string]interface{} + if err := json.Unmarshal(raw.Raw, &out); err != nil { + return nil, err + } + return out, nil +} + +/********** CREATE REMOTE ***********/ +func (r *FocomProvisioningRequestReconciler) createRemoteProvisioningRequest( + ctx context.Context, + remoteCl client.Client, + fpr *focomv1alpha1.FocomProvisioningRequest, +) (string, error) { + + // If local CR name is empty, generate a unique one + remoteName := fpr.Name + if remoteName == "" { + remoteName = string(uuid.NewUUID()) + } + + // Decode user-provided templateParameters from runtime.RawExtension + templateParams, err := decodeRawParameters(fpr.Spec.TemplateParameters) + if err != nil { + return "", fmt.Errorf("failed to parse templateParameters: %w", err) + } + + // Build an unstructured for the remote ProvisioningRequest + remoteObj := &unstructured.Unstructured{} + remoteObj.SetAPIVersion("o2ims.provisioning.oran.org/v1alpha1") + remoteObj.SetKind("ProvisioningRequest") + remoteObj.SetName(remoteName) // cluster-scoped from your CRD + + // Build the .spec map + spec := map[string]interface{}{ + "name": fpr.Spec.Name, + "description": fpr.Spec.Description, + "templateName": fpr.Spec.TemplateName, + "templateVersion": fpr.Spec.TemplateVersion, + "templateParameters": templateParams, + } + remoteObj.Object["spec"] = spec + + // Create the remote resource + if err := remoteCl.Create(ctx, remoteObj); err != nil { + return "", err + } + return remoteObj.GetName(), nil +} + +/********** POLL REMOTE (UNSTRUCTURED) ***********/ +func (r *FocomProvisioningRequestReconciler) pollRemoteProvisioningRequest( + ctx context.Context, + remoteCl client.Client, + fpr *focomv1alpha1.FocomProvisioningRequest, +) (done bool, phase string, msg string, err error) { + + remoteName := fpr.Status.RemoteName + remoteObj := &unstructured.Unstructured{} + remoteObj.SetAPIVersion("o2ims.provisioning.oran.org/v1alpha1") + remoteObj.SetKind("ProvisioningRequest") + remoteObj.SetName(remoteName) + + if err := remoteCl.Get(ctx, types.NamespacedName{Name: remoteName}, remoteObj); err != nil { + if k8serrors.IsNotFound(err) { + return true, "failed", "Remote resource not found", nil + } + return false, "failed", "", fmt.Errorf("error fetching remote CR: %w", err) + } + + // Extract status.provisioningStatus fields from unstructured + statusMap, _, _ := unstructured.NestedMap(remoteObj.Object, "status", "provisioningStatus") + if statusMap == nil { + // no status yet + return false, "provisioning", "Remote CR has no status yet", nil + } + state, _, _ := unstructured.NestedString(statusMap, "provisioningState") + message, _, _ := unstructured.NestedString(statusMap, "provisioningMessage") + + switch state { + case "fulfilled": + return true, "Fulfilled", message, nil + case "failed": + return true, "Failed", message, nil + case "deleting", "progressing": + // keep requeueing + return false, state, message, nil + default: + // unknown => keep requeueing + return false, "provisioning", fmt.Sprintf("Unknown remote state: %s", state), nil + } +} diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go new file mode 100644 index 00000000..d4f0dbab --- /dev/null +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go @@ -0,0 +1,184 @@ +package controller + +import ( + "context" + "fmt" + "os" + "testing" + + focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" + apiextensionsclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + unstructuredv1 "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" + clientcmdapi "k8s.io/client-go/tools/clientcmd/api" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + "sigs.k8s.io/controller-runtime/pkg/envtest" +) + +// TestIntegrationBuildRemoteClient_CreateProvisioningRequest tests building a remote client +// that attempts discovery on a real ephemeral EnvTest server. +func TestIntegrationBuildRemoteClient_CreateProvisioningRequest(t *testing.T) { + // 1. Start an EnvTest environment for the "remote" cluster + remoteEnv := &envtest.Environment{ + CRDDirectoryPaths: []string{ + // Path(s) to the CRDs for your "remote" cluster + "../../config/crd/bases", + "../../oran-provisioning-crd", + }, + } + + cfgRemote, err := remoteEnv.Start() + require.NoError(t, err, "failed to start remote envtest") + defer func() { + err := remoteEnv.Stop() + require.NoError(t, err, "failed to stop remote envtest") + }() + + // 2. Create a Kubernetes clientset + clientset, err := kubernetes.NewForConfig(cfgRemote) + require.NoError(t, err, "failed to create Kubernetes clientset") + + // 3. Create a ClusterRoleBinding for the system:anonymous user + _, err = clientset.RbacV1().ClusterRoleBindings().Create(context.Background(), &rbacv1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "allow-anonymous-access", + }, + Subjects: []rbacv1.Subject{ + { + Kind: "User", + Name: "system:anonymous", + }, + }, + RoleRef: rbacv1.RoleRef{ + Kind: "ClusterRole", + Name: "cluster-admin", // Grant full access (or use a custom role with specific permissions) + }, + }, metav1.CreateOptions{}) + require.NoError(t, err, "failed to create ClusterRoleBinding for system:anonymous") + + apiextensionsClient, err := apiextensionsclient.NewForConfig(cfgRemote) + require.NoError(t, err, "failed to create API extensions clientset") + crdList, err := apiextensionsClient.ApiextensionsV1().CustomResourceDefinitions().List(context.Background(), metav1.ListOptions{}) + require.NoError(t, err, "failed to list CRDs") + fmt.Println("CRDs installed in remote envtest:") + for _, crd := range crdList.Items { + fmt.Println(crd.Name) + } + + // If your remote CRD is installed as a Go type, also register it to remoteEnv.Scheme here if needed + // e.g. _ = provisioningv1alpha1.AddToScheme(remoteEnv.Scheme) + + // 2. Create a "kubeconfig" from the EnvTest config + remoteKubeconfig, err := kubeconfigFromEnvTestConfig(cfgRemote) + require.NoError(t, err, "failed to build kubeconfig from envtest") + + // 3. We'll set up a local fake client that references that Kubeconfig + localScheme := scheme.Scheme + _ = focomv1alpha1.AddToScheme(localScheme) + + localClient := fake.NewClientBuilder(). + WithScheme(localScheme). + WithObjects( + &focomv1alpha1.OCloud{ + ObjectMeta: metav1.ObjectMeta{ + Name: "ocloud-a", + Namespace: "default", + }, + Spec: focomv1alpha1.OCloudSpec{ + O2imsSecret: focomv1alpha1.O2imsSecret{ + SecretRef: focomv1alpha1.SecretRef{ + Name: "ocloud-cred-a", + Namespace: "default", + }, + }, + }, + }, + &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "ocloud-cred-a", + Namespace: "default", + }, + Data: map[string][]byte{ + "kubeconfig": remoteKubeconfig, + }, + }, + ).Build() + + // 4. Build the Reconciler + r := &FocomProvisioningRequestReconciler{ + Client: localClient, + Scheme: localScheme, + } + + // 5. Create a local FPR referencing OCloud + fpr := &focomv1alpha1.FocomProvisioningRequest{ + Spec: focomv1alpha1.FocomProvisioningRequestSpec{ + OCloudId: "ocloud-a", + OCloudNamespace: "default", + TemplateName: "red-hat-cluster-template", + TemplateVersion: "1.0.0", + }, + } + + // 6. Now call buildRemoteClient -> it will attempt discovery on EnvTest + remoteCl, buildErr := r.buildRemoteClient(context.Background(), fpr) + require.NoError(t, buildErr) + + // 7. Verify we can create a resource in the remote env + // If the remote CRD is installed, let's create an unstructured "ProvisioningRequest" + remoteObj := &unstructuredv1.Unstructured{} + remoteObj.SetAPIVersion("o2ims.provisioning.oran.org/v1alpha1") + remoteObj.SetKind("ProvisioningRequest") + remoteObj.SetName("test-remote") + // ... set more fields if needed + err = remoteCl.Create(context.Background(), remoteObj) + require.NoError(t, err, "should succeed creating the resource in remote envtest cluster") +} + +// kubeconfigFromEnvTestConfig builds a minimal kubeconfig from an EnvTest *rest.Config +func kubeconfigFromEnvTestConfig(cfg *rest.Config) ([]byte, error) { + clusterName := "envtest-remote" + contextName := "default" + userName := "default-user" + + caData := cfg.CAData + if len(caData) == 0 && cfg.CAFile != "" { + raw, err := os.ReadFile(cfg.CAFile) + if err != nil { + return nil, fmt.Errorf("failed to read CA file: %w", err) + } + caData = raw + } + + apiCfg := clientcmdapi.Config{ + APIVersion: "v1", + Kind: "Config", + Clusters: map[string]*clientcmdapi.Cluster{ + clusterName: { + Server: cfg.Host, + CertificateAuthorityData: caData, + InsecureSkipTLSVerify: cfg.Insecure, + }, + }, + AuthInfos: map[string]*clientcmdapi.AuthInfo{ + userName: { + Token: cfg.BearerToken, + }, + }, + Contexts: map[string]*clientcmdapi.Context{ + contextName: { + Cluster: clusterName, + AuthInfo: userName, + }, + }, + CurrentContext: contextName, + } + return clientcmd.Write(apiCfg) +} diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go new file mode 100644 index 00000000..7a5aefa7 --- /dev/null +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go @@ -0,0 +1,85 @@ +package controller + +import ( + "context" + "fmt" + + focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" + corev1 "k8s.io/api/core/v1" + k8serrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/cluster" +) + +// buildConfigFromKubeconfig parses kubeconfig bytes into a *rest.Config +func buildConfigFromKubeconfig(kc []byte) (*rest.Config, error) { + // Use the standard client-go approach + cfg, err := clientcmd.NewClientConfigFromBytes(kc) + if err != nil { + return nil, err + } + return cfg.ClientConfig() +} + +/* +********************************************** + + Building the remote client + +********************************************** +*/ +func (r *FocomProvisioningRequestReconciler) buildRemoteClient( + ctx context.Context, + fpr *focomv1alpha1.FocomProvisioningRequest, +) (client.Client, error) { + + // 1. Get the OCloud resource from fpr.Spec + var oCloud focomv1alpha1.OCloud + if err := r.Get(ctx, types.NamespacedName{ + Name: fpr.Spec.OCloudId, + Namespace: fpr.Spec.OCloudNamespace, + }, &oCloud); err != nil { + if k8serrors.IsNotFound(err) { + return nil, fmt.Errorf("OCloud %s not found in namespace %s", fpr.Spec.OCloudId, fpr.Spec.OCloudNamespace) + } + return nil, fmt.Errorf("failed to fetch OCloud: %w", err) + } + + // The OCloud references a secret for kubeconfig + secretRefName := oCloud.Spec.O2imsSecret.SecretRef.Name + secretRefNs := oCloud.Spec.O2imsSecret.SecretRef.Namespace + if secretRefName == "" || secretRefNs == "" { + return nil, fmt.Errorf("OCloud %s/%s references an empty secretRef", fpr.Spec.OCloudNamespace, fpr.Spec.OCloudId) + } + + // 2. Fetch the secret + var secret corev1.Secret + if err := r.Get(ctx, types.NamespacedName{Name: secretRefName, Namespace: secretRefNs}, &secret); err != nil { + return nil, fmt.Errorf("cannot read secretRef %s/%s: %w", secretRefNs, secretRefName, err) + } + + kubeconfigData := secret.Data["kubeconfig"] + if len(kubeconfigData) == 0 { + return nil, fmt.Errorf("secret %s/%s missing 'kubeconfig' key", secretRefNs, secretRefName) + } + + // 3. Build REST config from the kubeconfig + restConfig, err := buildConfigFromKubeconfig(kubeconfigData) + if err != nil { + return nil, fmt.Errorf("failed to parse kubeconfig from secret %s/%s: %w", secretRefNs, secretRefName, err) + } + + // 4. Create a new cluster.Client + remoteCluster, err := cluster.New(restConfig, func(o *cluster.Options) { + // Use the same scheme as your Reconciler (or a custom one if needed) + o.Scheme = r.Scheme + }) + if err != nil { + return nil, fmt.Errorf("failed to create remote cluster: %w", err) + } + + return remoteCluster.GetClient(), nil +} diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go new file mode 100644 index 00000000..3e0f1163 --- /dev/null +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go @@ -0,0 +1,48 @@ +package controller + +import ( + "context" + "fmt" + + focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" + provisioningv1alpha1 "github.com/dekstroza/focom-operator/api/provisioning/v1alpha1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/types" +) + +// validateTemplateAlignment checks if there's a matching TemplateInfo resource +// for the FocomProvisioningRequest (by templateName, templateVersion). +// Returns nil if alignment is good, or an error with details if not. +func (r *FocomProvisioningRequestReconciler) validateTemplateAlignment( + ctx context.Context, + fpr *focomv1alpha1.FocomProvisioningRequest, +) error { + // Construct the name for TemplateInfo. + // This naming strategy can vary, but commonly: "-" + tplInfoName := fmt.Sprintf("%s-%s", fpr.Spec.TemplateName, fpr.Spec.TemplateVersion) + + // Fetch TemplateInfo from the same namespace as the FPR (or a special "catalog" namespace if that's your design) + var tplInfo provisioningv1alpha1.TemplateInfo + err := r.Get(ctx, types.NamespacedName{ + Name: tplInfoName, + Namespace: fpr.Namespace, + }, &tplInfo) + if err != nil { + if apierrors.IsNotFound(err) { + return fmt.Errorf("TemplateInfo %q not found", tplInfoName) + } + return fmt.Errorf("failed to get TemplateInfo: %v", err) + } + + // Check that the TemplateInfo's spec matches the FPR's spec + if tplInfo.Spec.TemplateName != fpr.Spec.TemplateName || + tplInfo.Spec.TemplateVersion != fpr.Spec.TemplateVersion { + return fmt.Errorf("mismatch: TemplateInfo has (%s/%s), request has (%s/%s)", + tplInfo.Spec.TemplateName, tplInfo.Spec.TemplateVersion, + fpr.Spec.TemplateName, fpr.Spec.TemplateVersion, + ) + } + + // For now, if we got here, the basic alignment is valid. + return nil +} diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go new file mode 100644 index 00000000..048436f2 --- /dev/null +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go @@ -0,0 +1,61 @@ +package controller + +import ( + "context" + "testing" + + focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" + provisioningv1alpha1 "github.com/dekstroza/focom-operator/api/provisioning/v1alpha1" + "github.com/stretchr/testify/require" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/client/fake" +) + +func TestValidateTemplateAlignment(t *testing.T) { + scheme := runtime.NewScheme() + _ = focomv1alpha1.AddToScheme(scheme) + _ = provisioningv1alpha1.AddToScheme(scheme) + + // Create a TemplateInfo matching name: "my-template-1.0" in "default" + tplInfo := provisioningv1alpha1.TemplateInfo{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-template-1.0", + Namespace: "default", + }, + Spec: provisioningv1alpha1.TemplateInfoSpec{ + TemplateName: "my-template", + TemplateVersion: "1.0", + }, + } + + // Create an FPR referencing the same template + fpr := focomv1alpha1.FocomProvisioningRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "sample-fpr", + Namespace: "default", + }, + Spec: focomv1alpha1.FocomProvisioningRequestSpec{ + TemplateName: "my-template", + TemplateVersion: "1.0", + }, + } + + client := fake.NewClientBuilder(). + WithScheme(scheme). + WithObjects(&tplInfo, &fpr). + Build() + + r := &FocomProvisioningRequestReconciler{ + Client: client, + } + + ctx := context.Background() + err := r.validateTemplateAlignment(ctx, &fpr) + require.NoError(t, err, "Expected no error, because templateName/version match") + + // Now modify the FPR to mismatch + fpr.Spec.TemplateVersion = "2.0" + err = r.validateTemplateAlignment(ctx, &fpr) + require.Error(t, err, "Expected error, because mismatch with TemplateInfo") +} diff --git a/operators/focom-operator/internal/controller/suite_test.go b/operators/focom-operator/internal/controller/suite_test.go new file mode 100644 index 00000000..7275afdb --- /dev/null +++ b/operators/focom-operator/internal/controller/suite_test.go @@ -0,0 +1,95 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + "fmt" + focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" + "path/filepath" + "runtime" + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/rest" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/envtest" + logf "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + // +kubebuilder:scaffold:imports +) + +// These tests use Ginkgo (BDD-style Go testing framework). Refer to +// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. + +var cfg *rest.Config +var k8sClient client.Client +var testEnv *envtest.Environment +var ctx context.Context +var cancel context.CancelFunc + +func TestControllers(t *testing.T) { + RegisterFailHandler(Fail) + + RunSpecs(t, "Controller Suite") +} + +var _ = BeforeSuite(func() { + logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) + + ctx, cancel = context.WithCancel(context.TODO()) + + By("bootstrapping test environment") + testEnv = &envtest.Environment{ + CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, + ErrorIfCRDPathMissing: true, + + // The BinaryAssetsDirectory is only required if you want to run the tests directly + // without call the makefile target test. If not informed it will look for the + // default path defined in controller-runtime which is /usr/local/kubebuilder/. + // Note that you must have the required binaries setup under the bin directory to perform + // the tests directly. When we run make test it will be setup and used automatically. + BinaryAssetsDirectory: filepath.Join("..", "..", "bin", "k8s", + fmt.Sprintf("1.31.0-%s-%s", runtime.GOOS, runtime.GOARCH)), + } + + var err error + // cfg is defined in this file globally. + cfg, err = testEnv.Start() + Expect(err).NotTo(HaveOccurred()) + Expect(cfg).NotTo(BeNil()) + + err = focomv1alpha1.AddToScheme(scheme.Scheme) + Expect(err).NotTo(HaveOccurred()) + + // +kubebuilder:scaffold:scheme + + k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) + Expect(err).NotTo(HaveOccurred()) + Expect(k8sClient).NotTo(BeNil()) + +}) + +var _ = AfterSuite(func() { + By("tearing down the test environment") + cancel() + err := testEnv.Stop() + Expect(err).NotTo(HaveOccurred()) +}) diff --git a/operators/focom-operator/kpt-package/Kptfile b/operators/focom-operator/kpt-package/Kptfile new file mode 100644 index 00000000..07533565 --- /dev/null +++ b/operators/focom-operator/kpt-package/Kptfile @@ -0,0 +1,8 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: focom-operator + annotations: + config.kubernetes.io/local-config: "true" +info: + description: FOCOM Operator for Nephio diff --git a/operators/focom-operator/kpt-package/focom-operator.yaml b/operators/focom-operator/kpt-package/focom-operator.yaml new file mode 100644 index 00000000..fa3deccd --- /dev/null +++ b/operators/focom-operator/kpt-package/focom-operator.yaml @@ -0,0 +1,622 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + control-plane: controller-manager + name: focom-operator-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: focomprovisioningrequests.focom.nephio.org +spec: + group: focom.nephio.org + names: + kind: FocomProvisioningRequest + listKind: FocomProvisioningRequestList + plural: focomprovisioningrequests + singular: focomprovisioningrequest + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FocomProvisioningRequest is the Schema for the focomprovisioningrequests + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FocomProvisioningRequestSpec defines the desired state of + FocomProvisioningRequest + properties: + description: + type: string + name: + type: string + oCloudId: + type: string + oCloudNamespace: + type: string + templateName: + type: string + templateParameters: + type: object + x-kubernetes-preserve-unknown-fields: true + templateVersion: + type: string + required: + - oCloudId + - oCloudNamespace + - templateName + - templateParameters + - templateVersion + type: object + status: + description: FocomProvisioningRequestStatus defines the observed state + of FocomProvisioningRequest + properties: + lastUpdated: + format: date-time + type: string + message: + type: string + phase: + type: string + remoteName: + description: The name of the remote resource in the target cluster + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: oclouds.focom.nephio.org +spec: + group: focom.nephio.org + names: + kind: OCloud + listKind: OCloudList + plural: oclouds + singular: ocloud + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OCloud is the Schema for the oclouds API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OCloudSpec defines the desired state of OCloud + properties: + o2imsSecret: + description: O2imsSecret references a Secret containing endpoint & + credentials + properties: + secretRef: + description: SecretRef points to the Secret with O2IMS credentials + properties: + name: + description: Name of the Secret + type: string + namespace: + description: Namespace of the Secret + type: string + required: + - name + - namespace + type: object + required: + - secretRef + type: object + required: + - o2imsSecret + type: object + status: + description: OCloudStatus defines the observed state of OCloud + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: templateinfoes.provisioning.oran.org +spec: + group: provisioning.oran.org + names: + kind: TemplateInfo + listKind: TemplateInfoList + plural: templateinfoes + singular: templateinfo + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: TemplateInfo is the Schema for the templateinfoes API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TemplateInfoSpec defines the desired state of TemplateInfo + properties: + templateName: + type: string + templateParameterSchema: + description: This is a string containing a JSON or YAML-based schema + for template parameters + type: string + templateVersion: + type: string + required: + - templateName + - templateParameterSchema + - templateVersion + type: object + status: + description: TemplateInfoStatus defines the observed state of TemplateInfo + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-controller-manager + namespace: focom-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-leader-election-role + namespace: focom-operator-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-focomprovisioningrequest-editor-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-focomprovisioningrequest-viewer-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests + verbs: + - get + - list + - watch +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: focom-operator-manager-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/finalizers + verbs: + - update +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/status + verbs: + - get + - patch + - update +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: focom-operator-metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: focom-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-ocloud-editor-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - oclouds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - focom.nephio.org + resources: + - oclouds/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-ocloud-viewer-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - oclouds + verbs: + - get + - list + - watch +- apiGroups: + - focom.nephio.org + resources: + - oclouds/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-provisioning-templateinfo-editor-role +rules: +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-provisioning-templateinfo-viewer-role +rules: +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes + verbs: + - get + - list + - watch +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-leader-election-rolebinding + namespace: focom-operator-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: focom-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: focom-operator-controller-manager + namespace: focom-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: focom-operator-manager-role +subjects: +- kind: ServiceAccount + name: focom-operator-controller-manager + namespace: focom-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: focom-operator-metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: focom-operator-metrics-auth-role +subjects: +- kind: ServiceAccount + name: focom-operator-controller-manager + namespace: focom-operator-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + control-plane: controller-manager + name: focom-operator-controller-manager-metrics-service + namespace: focom-operator-system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + control-plane: controller-manager + name: focom-operator-controller-manager + namespace: focom-operator-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-bind-address=:8443 + - --leader-elect + - --health-probe-bind-address=:8081 + command: + - /manager + image: your-docker-repository/focom-operator-poc:2.0.0 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: focom-operator-controller-manager + terminationGracePeriodSeconds: 10 diff --git a/operators/focom-operator/kpt-package/package-context.yaml b/operators/focom-operator/kpt-package/package-context.yaml new file mode 100644 index 00000000..6c33d9e4 --- /dev/null +++ b/operators/focom-operator/kpt-package/package-context.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kptfile.kpt.dev + annotations: + config.kubernetes.io/local-config: "true" +data: + name: example diff --git a/operators/focom-operator/oran-provisioning-crd/provisioning-request-crd.yaml b/operators/focom-operator/oran-provisioning-crd/provisioning-request-crd.yaml new file mode 100644 index 00000000..5f9cccfd --- /dev/null +++ b/operators/focom-operator/oran-provisioning-crd/provisioning-request-crd.yaml @@ -0,0 +1,133 @@ +# provisioning-request-crd.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: provisioningrequests.o2ims.provisioning.oran.org +spec: + group: o2ims.provisioning.oran.org + names: + kind: ProvisioningRequest + listKind: ProvisioningRequestList + plural: provisioningrequests + singular: provisioningrequest + scope: Cluster + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + The current apiVersion of this api is v1alpha1 + kind: + type: string + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + The kind value for this api is ProvisioningRequest + metadata: + type: object + properties: + name: + type: string + description: | + The name of the ProvisioningRequest custom resource instance contains the provisioningItemId. + The provisioningItemId is the unique SMO provided identifier that the SMO will use to + identify all resources provisioned by this provisioning request in interactions + with the O-Cloud. + spec: + type: object + properties: + name: + type: string + description: | + the name in this spec section is a human readable name intended for descriptive + purposes, this name is not required to be unique and does not identify a provisioning + request or any provisioned resources. + description: + type: string + description: | + A description of this provisioning request. + templateName: + type: string + description: | + templateName is the name of the template that the SMO wants to use to provision + resources + templateVersion: + type: string + description: | + templateVersion is the version of the template that the SMO wants to use to provision + resources. templateName and templateVersion together uniquely identify the template + instance that the SMO wants to use in the provisioning request. + templateParameters: + type: object + x-kubernetes-preserve-unknown-fields: true + description: | + templateParams carries the parameters required to provision resources using this template. + The type is object as actual parameters are defined by the template. + The template parameter schema itself is not defined here as it is template specific. + The themplate parameter schema must be published by the template provider so that FOCOM can + learn about required parameters and validate the same. + The template parameter schema language must be standardized by O-RAN. + required: + - templateName + - templateVersion + - templateParameters + status: + type: object + description: ProvisioningRequestStatus defines the observed state of ProvisioningRequest + properties: + provisionedResources: + description: | + The resources that have been successfully provisioned as part of the provisioning process. + properties: + oCloudNodeClusterId: + description: | + The identifier of the provisioned oCloud NodeCluster. + type: string + oCloudInfrastructureResourceIds: + description: | + The list of provisioned infrastructure resource ids. + type: array + items: + type: string + description: | + The provisioned infrastructure resource id. + type: object + provisioningStatus: + properties: + provisioningUpdateTime: + description: | + The last update time of the provisioning status. + format: date-time + type: string + provisioningMessage: + description: | + The details about the current state of the provisioning process. + type: string + provisioningState: + description: The current state of the provisioning process. + enum: + - progressing + - fulfilled + - failed + - deleting + type: string + type: object + extensions: + description: |- + Extensions contain extra details about the resources and the configuration used for/by + the ProvisioningRequest. + type: object + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} diff --git a/operators/focom-operator/test-data/focom-provisioning-request-rh.yaml b/operators/focom-operator/test-data/focom-provisioning-request-rh.yaml new file mode 100644 index 00000000..614d0965 --- /dev/null +++ b/operators/focom-operator/test-data/focom-provisioning-request-rh.yaml @@ -0,0 +1,27 @@ +apiVersion: focom.nephio.org/v1alpha1 +kind: FocomProvisioningRequest +metadata: + name: cluster1 + namespace: eolm-focom # Optional but strongly recommended. If not specified, K8S deploys it into the "default" ns. + # Also we can set the ns in the Kustomization, but then it's gitops engine dependent. +spec: + name: "my cluster 1 provisioning request" + description: | + some longer description of this + provisioning reuest + oCloudId: "ocloud-1" + oCloudNamespace: eolm-focom + templateName: "red-hat-cluster-template" + templateVersion: "1.0.0" + templateParameters: + oCloudSiteId: "location1" + tags: + - "vendor=a" + - "location=location1" + inputData: + hw: + hwConfigParams: "some params" + caas: + siteConfigParams: "some params" + policyTemplateParams: "some params" + diff --git a/operators/focom-operator/test-data/o2ims-provisioning-role.yaml b/operators/focom-operator/test-data/o2ims-provisioning-role.yaml new file mode 100644 index 00000000..11a40cce --- /dev/null +++ b/operators/focom-operator/test-data/o2ims-provisioning-role.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: provisioningrequest-access +rules: +- apiGroups: ["o2ims.provisioning.oran.org"] + resources: ["provisioningrequests"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: provisioningrequest-access-binding +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system +roleRef: + kind: ClusterRole + name: provisioningrequest-access + apiGroup: rbac.authorization.k8s.io + diff --git a/operators/focom-operator/test-data/ocloud-1.yaml b/operators/focom-operator/test-data/ocloud-1.yaml new file mode 100644 index 00000000..a73c9b1c --- /dev/null +++ b/operators/focom-operator/test-data/ocloud-1.yaml @@ -0,0 +1,13 @@ +apiVersion: focom.nephio.org/v1alpha1 +kind: OCloud +metadata: + name: ocloud-1 + namespace: eolm-focom # Optional but strongly recommended. If not specified, K8S deploys it into the "default" ns. + # Also we can set the ns in the Kustomization, but then it's gitops engine dependent. + +spec: + o2imsSecret: + secretRef: # a pattern from Flux and cluster reg. + name: ocloud-1-o2ims-endpoint + namespace: eolm-focom # Optional, defaults to the same namespace + diff --git a/operators/focom-operator/test-data/provisioning-request-crd.yaml b/operators/focom-operator/test-data/provisioning-request-crd.yaml new file mode 100644 index 00000000..5f9cccfd --- /dev/null +++ b/operators/focom-operator/test-data/provisioning-request-crd.yaml @@ -0,0 +1,133 @@ +# provisioning-request-crd.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: provisioningrequests.o2ims.provisioning.oran.org +spec: + group: o2ims.provisioning.oran.org + names: + kind: ProvisioningRequest + listKind: ProvisioningRequestList + plural: provisioningrequests + singular: provisioningrequest + scope: Cluster + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + The current apiVersion of this api is v1alpha1 + kind: + type: string + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + The kind value for this api is ProvisioningRequest + metadata: + type: object + properties: + name: + type: string + description: | + The name of the ProvisioningRequest custom resource instance contains the provisioningItemId. + The provisioningItemId is the unique SMO provided identifier that the SMO will use to + identify all resources provisioned by this provisioning request in interactions + with the O-Cloud. + spec: + type: object + properties: + name: + type: string + description: | + the name in this spec section is a human readable name intended for descriptive + purposes, this name is not required to be unique and does not identify a provisioning + request or any provisioned resources. + description: + type: string + description: | + A description of this provisioning request. + templateName: + type: string + description: | + templateName is the name of the template that the SMO wants to use to provision + resources + templateVersion: + type: string + description: | + templateVersion is the version of the template that the SMO wants to use to provision + resources. templateName and templateVersion together uniquely identify the template + instance that the SMO wants to use in the provisioning request. + templateParameters: + type: object + x-kubernetes-preserve-unknown-fields: true + description: | + templateParams carries the parameters required to provision resources using this template. + The type is object as actual parameters are defined by the template. + The template parameter schema itself is not defined here as it is template specific. + The themplate parameter schema must be published by the template provider so that FOCOM can + learn about required parameters and validate the same. + The template parameter schema language must be standardized by O-RAN. + required: + - templateName + - templateVersion + - templateParameters + status: + type: object + description: ProvisioningRequestStatus defines the observed state of ProvisioningRequest + properties: + provisionedResources: + description: | + The resources that have been successfully provisioned as part of the provisioning process. + properties: + oCloudNodeClusterId: + description: | + The identifier of the provisioned oCloud NodeCluster. + type: string + oCloudInfrastructureResourceIds: + description: | + The list of provisioned infrastructure resource ids. + type: array + items: + type: string + description: | + The provisioned infrastructure resource id. + type: object + provisioningStatus: + properties: + provisioningUpdateTime: + description: | + The last update time of the provisioning status. + format: date-time + type: string + provisioningMessage: + description: | + The details about the current state of the provisioning process. + type: string + provisioningState: + description: The current state of the provisioning process. + enum: + - progressing + - fulfilled + - failed + - deleting + type: string + type: object + extensions: + description: |- + Extensions contain extra details about the resources and the configuration used for/by + the ProvisioningRequest. + type: object + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} diff --git a/operators/focom-operator/test-data/red-hat-cluster-template.yaml b/operators/focom-operator/test-data/red-hat-cluster-template.yaml new file mode 100644 index 00000000..110366c8 --- /dev/null +++ b/operators/focom-operator/test-data/red-hat-cluster-template.yaml @@ -0,0 +1,23 @@ +# magic-template-schema.yaml +apiVersion: provisioning.oran.org/v1alpha1 +kind: TemplateInfo +metadata: + name: red-hat-cluster-template-1.0.0 + namespace: eolm-focom +spec: + templateName: "red-hat-cluster-template" + templateVersion: "1.0.0" + templateParameterSchema: | + { + "type": "object", + "infra": { + "param1": { + "type": "string" + }, + "params": { + "type": "integer" + } + }, + "required": ["param1"] + } + diff --git a/operators/focom-operator/test-data/super-rbac.yaml b/operators/focom-operator/test-data/super-rbac.yaml new file mode 100644 index 00000000..2a1e676d --- /dev/null +++ b/operators/focom-operator/test-data/super-rbac.yaml @@ -0,0 +1,27 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: access-clusterrolebindings +rules: +- apiGroups: ["provisioning.nephio.org"] # Specify the API group + resources: ["templateinfoes"] # Specify the resource + verbs: ["list", "get", "watch"] # Grant necessary permissions +- apiGroups: ["*"] # Optionally keep access to all API groups + resources: ["*"] # All resources + verbs: ["*"] # Full access +- nonResourceURLs: ["*"] # Grants access to non-resource endpoints. Use with caution. + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: access-clusterrolebindings-binding +subjects: +- kind: ServiceAccount + name: focom-operator-controller-manager + namespace: focom-operator-system # Ensure the namespace matches your setup +roleRef: + kind: ClusterRole + name: access-clusterrolebindings + apiGroup: rbac.authorization.k8s.io + diff --git a/operators/focom-operator/test/e2e/e2e_suite_test.go b/operators/focom-operator/test/e2e/e2e_suite_test.go new file mode 100644 index 00000000..7b0b2015 --- /dev/null +++ b/operators/focom-operator/test/e2e/e2e_suite_test.go @@ -0,0 +1,32 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2e + +import ( + "fmt" + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +// Run e2e tests using the Ginkgo runner. +func TestE2E(t *testing.T) { + RegisterFailHandler(Fail) + _, _ = fmt.Fprintf(GinkgoWriter, "Starting focom-operator suite\n") + RunSpecs(t, "e2e suite") +} diff --git a/operators/focom-operator/test/e2e/e2e_test.go b/operators/focom-operator/test/e2e/e2e_test.go new file mode 100644 index 00000000..136b819f --- /dev/null +++ b/operators/focom-operator/test/e2e/e2e_test.go @@ -0,0 +1,122 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2e + +import ( + "fmt" + "os/exec" + "time" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "github.com/dekstroza/focom-operator/test/utils" +) + +const namespace = "focom-operator-system" + +var _ = Describe("controller", Ordered, func() { + BeforeAll(func() { + By("installing prometheus operator") + Expect(utils.InstallPrometheusOperator()).To(Succeed()) + + By("installing the cert-manager") + Expect(utils.InstallCertManager()).To(Succeed()) + + By("creating manager namespace") + cmd := exec.Command("kubectl", "create", "ns", namespace) + _, _ = utils.Run(cmd) + }) + + AfterAll(func() { + By("uninstalling the Prometheus manager bundle") + utils.UninstallPrometheusOperator() + + By("uninstalling the cert-manager bundle") + utils.UninstallCertManager() + + By("removing manager namespace") + cmd := exec.Command("kubectl", "delete", "ns", namespace) + _, _ = utils.Run(cmd) + }) + + Context("Operator", func() { + It("should run successfully", func() { + var controllerPodName string + var err error + + // projectimage stores the name of the image used in the example + var projectimage = "example.com/focom-operator:v0.0.1" + + By("building the manager(Operator) image") + cmd := exec.Command("make", "docker-build", fmt.Sprintf("IMG=%s", projectimage)) + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("loading the the manager(Operator) image on Kind") + err = utils.LoadImageToKindClusterWithName(projectimage) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("installing CRDs") + cmd = exec.Command("make", "install") + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("deploying the controller-manager") + cmd = exec.Command("make", "deploy", fmt.Sprintf("IMG=%s", projectimage)) + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("validating that the controller-manager pod is running as expected") + verifyControllerUp := func() error { + // Get pod name + + cmd = exec.Command("kubectl", "get", + "pods", "-l", "control-plane=controller-manager", + "-o", "go-template={{ range .items }}"+ + "{{ if not .metadata.deletionTimestamp }}"+ + "{{ .metadata.name }}"+ + "{{ \"\\n\" }}{{ end }}{{ end }}", + "-n", namespace, + ) + + podOutput, err := utils.Run(cmd) + ExpectWithOffset(2, err).NotTo(HaveOccurred()) + podNames := utils.GetNonEmptyLines(string(podOutput)) + if len(podNames) != 1 { + return fmt.Errorf("expect 1 controller pods running, but got %d", len(podNames)) + } + controllerPodName = podNames[0] + ExpectWithOffset(2, controllerPodName).Should(ContainSubstring("controller-manager")) + + // Validate pod status + cmd = exec.Command("kubectl", "get", + "pods", controllerPodName, "-o", "jsonpath={.status.phase}", + "-n", namespace, + ) + status, err := utils.Run(cmd) + ExpectWithOffset(2, err).NotTo(HaveOccurred()) + if string(status) != "Running" { + return fmt.Errorf("controller pod in %s status", status) + } + return nil + } + EventuallyWithOffset(1, verifyControllerUp, time.Minute, time.Second).Should(Succeed()) + + }) + }) +}) diff --git a/operators/focom-operator/test/utils/utils.go b/operators/focom-operator/test/utils/utils.go new file mode 100644 index 00000000..87db8781 --- /dev/null +++ b/operators/focom-operator/test/utils/utils.go @@ -0,0 +1,140 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package utils + +import ( + "fmt" + "os" + "os/exec" + "strings" + + . "github.com/onsi/ginkgo/v2" //nolint:golint,revive +) + +const ( + prometheusOperatorVersion = "v0.72.0" + prometheusOperatorURL = "https://github.com/prometheus-operator/prometheus-operator/" + + "releases/download/%s/bundle.yaml" + + certmanagerVersion = "v1.14.4" + certmanagerURLTmpl = "https://github.com/jetstack/cert-manager/releases/download/%s/cert-manager.yaml" +) + +func warnError(err error) { + _, _ = fmt.Fprintf(GinkgoWriter, "warning: %v\n", err) +} + +// InstallPrometheusOperator installs the prometheus Operator to be used to export the enabled metrics. +func InstallPrometheusOperator() error { + url := fmt.Sprintf(prometheusOperatorURL, prometheusOperatorVersion) + cmd := exec.Command("kubectl", "create", "-f", url) + _, err := Run(cmd) + return err +} + +// Run executes the provided command within this context +func Run(cmd *exec.Cmd) ([]byte, error) { + dir, _ := GetProjectDir() + cmd.Dir = dir + + if err := os.Chdir(cmd.Dir); err != nil { + _, _ = fmt.Fprintf(GinkgoWriter, "chdir dir: %s\n", err) + } + + cmd.Env = append(os.Environ(), "GO111MODULE=on") + command := strings.Join(cmd.Args, " ") + _, _ = fmt.Fprintf(GinkgoWriter, "running: %s\n", command) + output, err := cmd.CombinedOutput() + if err != nil { + return output, fmt.Errorf("%s failed with error: (%v) %s", command, err, string(output)) + } + + return output, nil +} + +// UninstallPrometheusOperator uninstalls the prometheus +func UninstallPrometheusOperator() { + url := fmt.Sprintf(prometheusOperatorURL, prometheusOperatorVersion) + cmd := exec.Command("kubectl", "delete", "-f", url) + if _, err := Run(cmd); err != nil { + warnError(err) + } +} + +// UninstallCertManager uninstalls the cert manager +func UninstallCertManager() { + url := fmt.Sprintf(certmanagerURLTmpl, certmanagerVersion) + cmd := exec.Command("kubectl", "delete", "-f", url) + if _, err := Run(cmd); err != nil { + warnError(err) + } +} + +// InstallCertManager installs the cert manager bundle. +func InstallCertManager() error { + url := fmt.Sprintf(certmanagerURLTmpl, certmanagerVersion) + cmd := exec.Command("kubectl", "apply", "-f", url) + if _, err := Run(cmd); err != nil { + return err + } + // Wait for cert-manager-webhook to be ready, which can take time if cert-manager + // was re-installed after uninstalling on a cluster. + cmd = exec.Command("kubectl", "wait", "deployment.apps/cert-manager-webhook", + "--for", "condition=Available", + "--namespace", "cert-manager", + "--timeout", "5m", + ) + + _, err := Run(cmd) + return err +} + +// LoadImageToKindClusterWithName loads a local docker image to the kind cluster +func LoadImageToKindClusterWithName(name string) error { + cluster := "kind" + if v, ok := os.LookupEnv("KIND_CLUSTER"); ok { + cluster = v + } + kindOptions := []string{"load", "docker-image", name, "--name", cluster} + cmd := exec.Command("kind", kindOptions...) + _, err := Run(cmd) + return err +} + +// GetNonEmptyLines converts given command output string into individual objects +// according to line breakers, and ignores the empty elements in it. +func GetNonEmptyLines(output string) []string { + var res []string + elements := strings.Split(output, "\n") + for _, element := range elements { + if element != "" { + res = append(res, element) + } + } + + return res +} + +// GetProjectDir will return the directory where the project is +func GetProjectDir() (string, error) { + wd, err := os.Getwd() + if err != nil { + return wd, err + } + wd = strings.Replace(wd, "/test/e2e", "", -1) + return wd, nil +} From 57e8f7f3186f19e7e6a10811173c67438d95873a Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 11:14:53 +0000 Subject: [PATCH 02/29] Add go.mod Co-authored-by: Fiachra Corcoran Signed-off-by: Fiachra Corcoran --- operators/focom-operator/go.mod | 102 ++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 operators/focom-operator/go.mod diff --git a/operators/focom-operator/go.mod b/operators/focom-operator/go.mod new file mode 100644 index 00000000..48381284 --- /dev/null +++ b/operators/focom-operator/go.mod @@ -0,0 +1,102 @@ +module github.com/dekstroza/focom-operator + +go 1.23.0 + +toolchain go1.23.5 + +require ( + github.com/go-logr/logr v1.4.2 + github.com/onsi/ginkgo/v2 v2.21.0 + github.com/onsi/gomega v1.35.1 + github.com/stretchr/testify v1.9.0 + k8s.io/api v0.32.0 + k8s.io/apiextensions-apiserver v0.32.0 + k8s.io/apimachinery v0.32.0 + k8s.io/client-go v0.32.0 + sigs.k8s.io/controller-runtime v0.20.1 +) + +require ( + cel.dev/expr v0.18.0 // indirect + github.com/antlr4-go/antlr/v4 v4.13.0 // indirect + github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/blang/semver/v4 v4.0.0 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/evanphx/json-patch/v5 v5.9.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/go-logr/zapr v1.3.0 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-task/slim-sprig/v3 v3.0.0 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/btree v1.1.3 // indirect + github.com/google/cel-go v0.22.0 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + github.com/spf13/cobra v1.8.1 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/stoewer/go-strcase v1.3.0 // indirect + github.com/x448/float16 v0.8.4 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect + go.opentelemetry.io/otel v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/sdk v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.28.0 // indirect + go.opentelemetry.io/proto/otlp v1.3.1 // indirect + go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect + golang.org/x/net v0.30.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/text v0.19.0 // indirect + golang.org/x/time v0.7.0 // indirect + golang.org/x/tools v0.26.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect + google.golang.org/grpc v1.65.0 // indirect + google.golang.org/protobuf v1.35.1 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/apiserver v0.32.0 // indirect + k8s.io/component-base v0.32.0 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect +) From 6533314c548b1a7af0c1a6f6c44b827a6929949c Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 11:14:53 +0000 Subject: [PATCH 03/29] Add go.mod Co-authored-by: Dejan Kitic Co-authored-by: Fiachra Corcoran Signed-off-by: Dejan Kitic --- operators/focom-operator/README.md | 1 + operators/focom-operator/go.mod | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/operators/focom-operator/README.md b/operators/focom-operator/README.md index 5856b676..e91a5396 100644 --- a/operators/focom-operator/README.md +++ b/operators/focom-operator/README.md @@ -51,6 +51,7 @@ To deploy the operator on the cluster, run the following command: make deploy IMG=your-docker-repository/focom-operator-poc:2.0.0 ``` + ### Prerequisites - go version v1.22.0+ - docker version 17.03+. diff --git a/operators/focom-operator/go.mod b/operators/focom-operator/go.mod index 48381284..52e5039f 100644 --- a/operators/focom-operator/go.mod +++ b/operators/focom-operator/go.mod @@ -1,4 +1,4 @@ -module github.com/dekstroza/focom-operator +module github.com/nephio-project/nephio/operators/focom-operator go 1.23.0 From 83b892ae3d945dc9e4a75a34452d57c6a883fa08 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 12:02:38 +0000 Subject: [PATCH 04/29] Update focom-op IMG tag --- operators/focom-operator/Makefile | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/operators/focom-operator/Makefile b/operators/focom-operator/Makefile index 5e78a740..447d855d 100644 --- a/operators/focom-operator/Makefile +++ b/operators/focom-operator/Makefile @@ -28,8 +28,8 @@ BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) # This variable is used to construct full image tags for bundle and catalog images. # # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both -# nephio.org/focom-operator-bundle:$VERSION and nephio.org/focom-operator-catalog:$VERSION. -IMAGE_TAG_BASE ?= nephio.org/focom-operator +# nephio/focom-operator-bundle:$VERSION and nephio/focom-operator-catalog:$VERSION. +IMAGE_TAG_BASE ?= nephio/focom-operator # BUNDLE_IMG defines the image:tag used for the bundle. # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) @@ -49,8 +49,13 @@ endif # Set the Operator SDK version to use. By default, what is installed on the system is used. # This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit. OPERATOR_SDK_VERSION ?= v1.39.1 + +VERSION ?= latest +REGISTRY ?= docker.io/nephio +PROJECT ?= focom # Image URL to use all building/pushing image targets -IMG ?= controller:latest +IMG ?= $(REGISTRY)/${PROJECT}-operator:$(VERSION) + # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION = 1.31.0 From 5d42364eebc3d799c1b64cc7ad3efb97c045847f Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 12:03:19 +0000 Subject: [PATCH 05/29] Update import paths to nephio --- operators/focom-operator/PROJECT | 8 ++++---- operators/focom-operator/cmd/main.go | 6 +++--- .../controller/focomprovisioningrequest_controller.go | 5 +++-- .../controller/focomprovisioningrequest_helpers.go | 2 +- .../controller/focomprovisioningrequest_helpers_test.go | 2 +- .../controller/focomprovisioningrequest_kubeconfig.go | 2 +- .../controller/focomprovisioningrequest_validation.go | 4 ++-- .../focomprovisioningrequest_validation_test.go | 4 ++-- .../focom-operator/internal/controller/suite_test.go | 3 ++- operators/focom-operator/test/e2e/e2e_test.go | 2 +- 10 files changed, 20 insertions(+), 18 deletions(-) diff --git a/operators/focom-operator/PROJECT b/operators/focom-operator/PROJECT index bacf1f18..3fc03ed1 100644 --- a/operators/focom-operator/PROJECT +++ b/operators/focom-operator/PROJECT @@ -10,7 +10,7 @@ plugins: manifests.sdk.operatorframework.io/v2: {} scorecard.sdk.operatorframework.io/v2: {} projectName: focom-operator -repo: github.com/dekstroza/focom-operator +repo: github.com/nephio-project/nephio/operators/focom-operator resources: - api: crdVersion: v1 @@ -18,7 +18,7 @@ resources: domain: nephio.org group: focom kind: OCloud - path: github.com/dekstroza/focom-operator/api/v1alpha1 + path: github.com/nephio-project/nephio/operators/focom-operator/api/v1alpha1 version: v1alpha1 - api: crdVersion: v1 @@ -27,7 +27,7 @@ resources: domain: nephio.org group: focom kind: FocomProvisioningRequest - path: github.com/dekstroza/focom-operator/api/v1alpha1 + path: github.com/nephio-project/nephio/operators/focom-operator/api/v1alpha1 version: v1alpha1 - api: crdVersion: v1 @@ -35,6 +35,6 @@ resources: domain: nephio.org group: provisioning kind: TemplateInfo - path: github.com/dekstroza/focom-operator/api/provisioning/v1alpha1 + path: github.com/nephio-project/nephio/operators/focom-operator/api/provisioning/v1alpha1 version: v1alpha1 version: "3" diff --git a/operators/focom-operator/cmd/main.go b/operators/focom-operator/cmd/main.go index e7513f35..36cc4265 100644 --- a/operators/focom-operator/cmd/main.go +++ b/operators/focom-operator/cmd/main.go @@ -19,7 +19,7 @@ package main import ( "crypto/tls" "flag" - focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" + focomv1alpha1 "github.com/nephio-project/nephio/operators/focom-operator/api/focom/v1alpha1" "os" // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) @@ -36,8 +36,8 @@ import ( metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" "sigs.k8s.io/controller-runtime/pkg/webhook" - provisioningv1alpha1 "github.com/dekstroza/focom-operator/api/provisioning/v1alpha1" - "github.com/dekstroza/focom-operator/internal/controller" + provisioningv1alpha1 "github.com/nephio-project/nephio/operators/focom-operator/api/provisioning/v1alpha1" + "github.com/nephio-project/nephio/operators/focom-operator/internal/controller" // +kubebuilder:scaffold:imports ) diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go index c0f98d1b..62ffff32 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go @@ -19,12 +19,13 @@ package controller import ( "context" "fmt" - focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" + "time" + "github.com/go-logr/logr" + focomv1alpha1 "github.com/nephio-project/nephio/operators/focom-operator/api/focom/v1alpha1" k8serrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - "time" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go index 2f6a23a8..d3247826 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go @@ -5,7 +5,7 @@ import ( "encoding/json" "fmt" - focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" + focomv1alpha1 "github.com/nephio-project/nephio/operators/focom-operator/api/focom/v1alpha1" k8serrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go index d4f0dbab..691ac920 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go @@ -6,7 +6,7 @@ import ( "os" "testing" - focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" + focomv1alpha1 "github.com/nephio-project/nephio/operators/focom-operator/api/focom/v1alpha1" "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go index 7a5aefa7..b1830edc 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" + focomv1alpha1 "github.com/nephio-project/nephio/operators/focom-operator/api/focom/v1alpha1" corev1 "k8s.io/api/core/v1" k8serrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/types" diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go index 3e0f1163..7420704c 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go @@ -4,8 +4,8 @@ import ( "context" "fmt" - focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" - provisioningv1alpha1 "github.com/dekstroza/focom-operator/api/provisioning/v1alpha1" + focomv1alpha1 "github.com/nephio-project/nephio/operators/focom-operator/api/focom/v1alpha1" + provisioningv1alpha1 "github.com/nephio-project/nephio/operators/focom-operator/api/provisioning/v1alpha1" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/types" ) diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go index 048436f2..117c3a6b 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go @@ -4,8 +4,8 @@ import ( "context" "testing" - focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" - provisioningv1alpha1 "github.com/dekstroza/focom-operator/api/provisioning/v1alpha1" + focomv1alpha1 "github.com/nephio-project/nephio/operators/focom-operator/api/focom/v1alpha1" + provisioningv1alpha1 "github.com/nephio-project/nephio/operators/focom-operator/api/provisioning/v1alpha1" "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" diff --git a/operators/focom-operator/internal/controller/suite_test.go b/operators/focom-operator/internal/controller/suite_test.go index 7275afdb..a8930c8e 100644 --- a/operators/focom-operator/internal/controller/suite_test.go +++ b/operators/focom-operator/internal/controller/suite_test.go @@ -19,11 +19,12 @@ package controller import ( "context" "fmt" - focomv1alpha1 "github.com/dekstroza/focom-operator/api/focom/v1alpha1" "path/filepath" "runtime" "testing" + focomv1alpha1 "github.com/nephio-project/nephio/operators/focom-operator/api/focom/v1alpha1" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" diff --git a/operators/focom-operator/test/e2e/e2e_test.go b/operators/focom-operator/test/e2e/e2e_test.go index 136b819f..3f7017c4 100644 --- a/operators/focom-operator/test/e2e/e2e_test.go +++ b/operators/focom-operator/test/e2e/e2e_test.go @@ -24,7 +24,7 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - "github.com/dekstroza/focom-operator/test/utils" + "github.com/nephio-project/nephio/operators/focom-operator/test/utils" ) const namespace = "focom-operator-system" From 92496b64cc564ddd96d64e5edd707a17da857523 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 12:26:42 +0000 Subject: [PATCH 06/29] Refactor operator example kpt pkg --- ....nephio.org_focomprovisioningrequests.yaml | 84 +++ .../crds/focom.nephio.org_oclouds.yaml | 71 +++ .../provisioning.oran.org_templateinfoes.yaml | 61 ++ .../kpt-package/focom-operator.yaml | 539 +----------------- operators/focom-operator/kpt-package/rbac | 317 ++++++++++ 5 files changed, 534 insertions(+), 538 deletions(-) create mode 100644 operators/focom-operator/kpt-package/crds/focom.nephio.org_focomprovisioningrequests.yaml create mode 100644 operators/focom-operator/kpt-package/crds/focom.nephio.org_oclouds.yaml create mode 100644 operators/focom-operator/kpt-package/crds/provisioning.oran.org_templateinfoes.yaml create mode 100644 operators/focom-operator/kpt-package/rbac diff --git a/operators/focom-operator/kpt-package/crds/focom.nephio.org_focomprovisioningrequests.yaml b/operators/focom-operator/kpt-package/crds/focom.nephio.org_focomprovisioningrequests.yaml new file mode 100644 index 00000000..feaa09f8 --- /dev/null +++ b/operators/focom-operator/kpt-package/crds/focom.nephio.org_focomprovisioningrequests.yaml @@ -0,0 +1,84 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: focomprovisioningrequests.focom.nephio.org +spec: + group: focom.nephio.org + names: + kind: FocomProvisioningRequest + listKind: FocomProvisioningRequestList + plural: focomprovisioningrequests + singular: focomprovisioningrequest + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FocomProvisioningRequest is the Schema for the focomprovisioningrequests + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FocomProvisioningRequestSpec defines the desired state of + FocomProvisioningRequest + properties: + description: + type: string + name: + type: string + oCloudId: + type: string + oCloudNamespace: + type: string + templateName: + type: string + templateParameters: + type: object + x-kubernetes-preserve-unknown-fields: true + templateVersion: + type: string + required: + - oCloudId + - oCloudNamespace + - templateName + - templateParameters + - templateVersion + type: object + status: + description: FocomProvisioningRequestStatus defines the observed state + of FocomProvisioningRequest + properties: + lastUpdated: + format: date-time + type: string + message: + type: string + phase: + type: string + remoteName: + description: The name of the remote resource in the target cluster + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/focom-operator/kpt-package/crds/focom.nephio.org_oclouds.yaml b/operators/focom-operator/kpt-package/crds/focom.nephio.org_oclouds.yaml new file mode 100644 index 00000000..5f10038c --- /dev/null +++ b/operators/focom-operator/kpt-package/crds/focom.nephio.org_oclouds.yaml @@ -0,0 +1,71 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: oclouds.focom.nephio.org +spec: + group: focom.nephio.org + names: + kind: OCloud + listKind: OCloudList + plural: oclouds + singular: ocloud + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OCloud is the Schema for the oclouds API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OCloudSpec defines the desired state of OCloud + properties: + o2imsSecret: + description: O2imsSecret references a Secret containing endpoint & + credentials + properties: + secretRef: + description: SecretRef points to the Secret with O2IMS credentials + properties: + name: + description: Name of the Secret + type: string + namespace: + description: Namespace of the Secret + type: string + required: + - name + - namespace + type: object + required: + - secretRef + type: object + required: + - o2imsSecret + type: object + status: + description: OCloudStatus defines the observed state of OCloud + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/focom-operator/kpt-package/crds/provisioning.oran.org_templateinfoes.yaml b/operators/focom-operator/kpt-package/crds/provisioning.oran.org_templateinfoes.yaml new file mode 100644 index 00000000..62972ad2 --- /dev/null +++ b/operators/focom-operator/kpt-package/crds/provisioning.oran.org_templateinfoes.yaml @@ -0,0 +1,61 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: templateinfoes.provisioning.oran.org +spec: + group: provisioning.oran.org + names: + kind: TemplateInfo + listKind: TemplateInfoList + plural: templateinfoes + singular: templateinfo + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: TemplateInfo is the Schema for the templateinfoes API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TemplateInfoSpec defines the desired state of TemplateInfo + properties: + templateName: + type: string + templateParameterSchema: + description: This is a string containing a JSON or YAML-based schema + for template parameters + type: string + templateVersion: + type: string + required: + - templateName + - templateParameterSchema + - templateVersion + type: object + status: + description: TemplateInfoStatus defines the observed state of TemplateInfo + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/focom-operator/kpt-package/focom-operator.yaml b/operators/focom-operator/kpt-package/focom-operator.yaml index fa3deccd..1db7de01 100644 --- a/operators/focom-operator/kpt-package/focom-operator.yaml +++ b/operators/focom-operator/kpt-package/focom-operator.yaml @@ -7,543 +7,6 @@ metadata: control-plane: controller-manager name: focom-operator-system --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.1 - name: focomprovisioningrequests.focom.nephio.org -spec: - group: focom.nephio.org - names: - kind: FocomProvisioningRequest - listKind: FocomProvisioningRequestList - plural: focomprovisioningrequests - singular: focomprovisioningrequest - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: FocomProvisioningRequest is the Schema for the focomprovisioningrequests - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: FocomProvisioningRequestSpec defines the desired state of - FocomProvisioningRequest - properties: - description: - type: string - name: - type: string - oCloudId: - type: string - oCloudNamespace: - type: string - templateName: - type: string - templateParameters: - type: object - x-kubernetes-preserve-unknown-fields: true - templateVersion: - type: string - required: - - oCloudId - - oCloudNamespace - - templateName - - templateParameters - - templateVersion - type: object - status: - description: FocomProvisioningRequestStatus defines the observed state - of FocomProvisioningRequest - properties: - lastUpdated: - format: date-time - type: string - message: - type: string - phase: - type: string - remoteName: - description: The name of the remote resource in the target cluster - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.1 - name: oclouds.focom.nephio.org -spec: - group: focom.nephio.org - names: - kind: OCloud - listKind: OCloudList - plural: oclouds - singular: ocloud - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: OCloud is the Schema for the oclouds API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OCloudSpec defines the desired state of OCloud - properties: - o2imsSecret: - description: O2imsSecret references a Secret containing endpoint & - credentials - properties: - secretRef: - description: SecretRef points to the Secret with O2IMS credentials - properties: - name: - description: Name of the Secret - type: string - namespace: - description: Namespace of the Secret - type: string - required: - - name - - namespace - type: object - required: - - secretRef - type: object - required: - - o2imsSecret - type: object - status: - description: OCloudStatus defines the observed state of OCloud - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.1 - name: templateinfoes.provisioning.oran.org -spec: - group: provisioning.oran.org - names: - kind: TemplateInfo - listKind: TemplateInfoList - plural: templateinfoes - singular: templateinfo - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: TemplateInfo is the Schema for the templateinfoes API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: TemplateInfoSpec defines the desired state of TemplateInfo - properties: - templateName: - type: string - templateParameterSchema: - description: This is a string containing a JSON or YAML-based schema - for template parameters - type: string - templateVersion: - type: string - required: - - templateName - - templateParameterSchema - - templateVersion - type: object - status: - description: TemplateInfoStatus defines the observed state of TemplateInfo - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-controller-manager - namespace: focom-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-leader-election-role - namespace: focom-operator-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-focomprovisioningrequest-editor-role -rules: -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-focomprovisioningrequest-viewer-role -rules: -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests - verbs: - - get - - list - - watch -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: focom-operator-manager-role -rules: -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests/finalizers - verbs: - - update -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests/status - verbs: - - get - - patch - - update -- apiGroups: - - provisioning.oran.org - resources: - - templateinfoes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: focom-operator-metrics-auth-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: focom-operator-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-ocloud-editor-role -rules: -- apiGroups: - - focom.nephio.org - resources: - - oclouds - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - focom.nephio.org - resources: - - oclouds/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-ocloud-viewer-role -rules: -- apiGroups: - - focom.nephio.org - resources: - - oclouds - verbs: - - get - - list - - watch -- apiGroups: - - focom.nephio.org - resources: - - oclouds/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-provisioning-templateinfo-editor-role -rules: -- apiGroups: - - provisioning.oran.org - resources: - - templateinfoes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - provisioning.oran.org - resources: - - templateinfoes/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-provisioning-templateinfo-viewer-role -rules: -- apiGroups: - - provisioning.oran.org - resources: - - templateinfoes - verbs: - - get - - list - - watch -- apiGroups: - - provisioning.oran.org - resources: - - templateinfoes/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-leader-election-rolebinding - namespace: focom-operator-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: focom-operator-leader-election-role -subjects: -- kind: ServiceAccount - name: focom-operator-controller-manager - namespace: focom-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: focom-operator-manager-role -subjects: -- kind: ServiceAccount - name: focom-operator-controller-manager - namespace: focom-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: focom-operator-metrics-auth-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: focom-operator-metrics-auth-role -subjects: -- kind: ServiceAccount - name: focom-operator-controller-manager - namespace: focom-operator-system ---- apiVersion: v1 kind: Service metadata: @@ -590,7 +53,7 @@ spec: - --health-probe-bind-address=:8081 command: - /manager - image: your-docker-repository/focom-operator-poc:2.0.0 + image: docker.io/nephio/focom-operator:latest livenessProbe: httpGet: path: /healthz diff --git a/operators/focom-operator/kpt-package/rbac b/operators/focom-operator/kpt-package/rbac new file mode 100644 index 00000000..195bfec3 --- /dev/null +++ b/operators/focom-operator/kpt-package/rbac @@ -0,0 +1,317 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-controller-manager + namespace: focom-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-leader-election-role + namespace: focom-operator-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-focomprovisioningrequest-editor-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-focomprovisioningrequest-viewer-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests + verbs: + - get + - list + - watch +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: focom-operator-manager-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/finalizers + verbs: + - update +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/status + verbs: + - get + - patch + - update +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: focom-operator-metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: focom-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-ocloud-editor-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - oclouds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - focom.nephio.org + resources: + - oclouds/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-ocloud-viewer-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - oclouds + verbs: + - get + - list + - watch +- apiGroups: + - focom.nephio.org + resources: + - oclouds/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-provisioning-templateinfo-editor-role +rules: +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-provisioning-templateinfo-viewer-role +rules: +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes + verbs: + - get + - list + - watch +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-leader-election-rolebinding + namespace: focom-operator-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: focom-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: focom-operator-controller-manager + namespace: focom-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: focom-operator-manager-role +subjects: +- kind: ServiceAccount + name: focom-operator-controller-manager + namespace: focom-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: focom-operator-metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: focom-operator-metrics-auth-role +subjects: +- kind: ServiceAccount + name: focom-operator-controller-manager + namespace: focom-operator-system From 134bfbc6054fcef61ab383171b1ccee8fe11d5b0 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 12:46:56 +0000 Subject: [PATCH 07/29] Add/Update copyright headers --- operators/focom-operator/Dockerfile | 14 ++++++++++++++ .../v1alpha1/focomprovisioningrequest_types.go | 2 +- .../api/focom/v1alpha1/groupversion_info.go | 2 +- .../api/focom/v1alpha1/ocloud_types.go | 2 +- .../api/focom/v1alpha1/zz_generated.deepcopy.go | 2 +- .../provisioning/v1alpha1/groupversion_info.go | 2 +- .../provisioning/v1alpha1/templateinfo_types.go | 2 +- .../v1alpha1/zz_generated.deepcopy.go | 2 +- operators/focom-operator/cmd/main.go | 2 +- operators/focom-operator/hack/boilerplate.go.txt | 2 +- .../focomprovisioningrequest_controller.go | 2 +- .../focomprovisioningrequest_helpers.go | 15 +++++++++++++++ .../focomprovisioningrequest_helpers_test.go | 15 +++++++++++++++ .../focomprovisioningrequest_kubeconfig.go | 15 +++++++++++++++ .../focomprovisioningrequest_validation.go | 15 +++++++++++++++ .../focomprovisioningrequest_validation_test.go | 15 +++++++++++++++ .../internal/controller/suite_test.go | 2 +- .../focom-operator/test/e2e/e2e_suite_test.go | 2 +- operators/focom-operator/test/e2e/e2e_test.go | 4 ++-- operators/focom-operator/test/utils/utils.go | 2 +- 20 files changed, 104 insertions(+), 15 deletions(-) diff --git a/operators/focom-operator/Dockerfile b/operators/focom-operator/Dockerfile index 3110e057..845159aa 100644 --- a/operators/focom-operator/Dockerfile +++ b/operators/focom-operator/Dockerfile @@ -1,3 +1,17 @@ +# Copyright 2025 The Nephio Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + # Build the manager binary FROM golang:1.23 AS builder ARG TARGETOS diff --git a/operators/focom-operator/api/focom/v1alpha1/focomprovisioningrequest_types.go b/operators/focom-operator/api/focom/v1alpha1/focomprovisioningrequest_types.go index 50ad0a48..6546952f 100644 --- a/operators/focom-operator/api/focom/v1alpha1/focomprovisioningrequest_types.go +++ b/operators/focom-operator/api/focom/v1alpha1/focomprovisioningrequest_types.go @@ -1,5 +1,5 @@ /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/operators/focom-operator/api/focom/v1alpha1/groupversion_info.go b/operators/focom-operator/api/focom/v1alpha1/groupversion_info.go index b80cb1b0..3cc0f62e 100644 --- a/operators/focom-operator/api/focom/v1alpha1/groupversion_info.go +++ b/operators/focom-operator/api/focom/v1alpha1/groupversion_info.go @@ -1,5 +1,5 @@ /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/operators/focom-operator/api/focom/v1alpha1/ocloud_types.go b/operators/focom-operator/api/focom/v1alpha1/ocloud_types.go index 3a5cd6cf..33d5742c 100644 --- a/operators/focom-operator/api/focom/v1alpha1/ocloud_types.go +++ b/operators/focom-operator/api/focom/v1alpha1/ocloud_types.go @@ -1,5 +1,5 @@ /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/operators/focom-operator/api/focom/v1alpha1/zz_generated.deepcopy.go b/operators/focom-operator/api/focom/v1alpha1/zz_generated.deepcopy.go index 5e10826f..0ba5beb8 100644 --- a/operators/focom-operator/api/focom/v1alpha1/zz_generated.deepcopy.go +++ b/operators/focom-operator/api/focom/v1alpha1/zz_generated.deepcopy.go @@ -1,7 +1,7 @@ //go:build !ignore_autogenerated /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/operators/focom-operator/api/provisioning/v1alpha1/groupversion_info.go b/operators/focom-operator/api/provisioning/v1alpha1/groupversion_info.go index 9a345ff8..232de11c 100644 --- a/operators/focom-operator/api/provisioning/v1alpha1/groupversion_info.go +++ b/operators/focom-operator/api/provisioning/v1alpha1/groupversion_info.go @@ -1,5 +1,5 @@ /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/operators/focom-operator/api/provisioning/v1alpha1/templateinfo_types.go b/operators/focom-operator/api/provisioning/v1alpha1/templateinfo_types.go index 7a02e49c..4d9eacf3 100644 --- a/operators/focom-operator/api/provisioning/v1alpha1/templateinfo_types.go +++ b/operators/focom-operator/api/provisioning/v1alpha1/templateinfo_types.go @@ -1,5 +1,5 @@ /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/operators/focom-operator/api/provisioning/v1alpha1/zz_generated.deepcopy.go b/operators/focom-operator/api/provisioning/v1alpha1/zz_generated.deepcopy.go index 19a01b64..0437b64a 100644 --- a/operators/focom-operator/api/provisioning/v1alpha1/zz_generated.deepcopy.go +++ b/operators/focom-operator/api/provisioning/v1alpha1/zz_generated.deepcopy.go @@ -1,7 +1,7 @@ //go:build !ignore_autogenerated /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/operators/focom-operator/cmd/main.go b/operators/focom-operator/cmd/main.go index 36cc4265..6a1d9fc1 100644 --- a/operators/focom-operator/cmd/main.go +++ b/operators/focom-operator/cmd/main.go @@ -1,5 +1,5 @@ /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/operators/focom-operator/hack/boilerplate.go.txt b/operators/focom-operator/hack/boilerplate.go.txt index 221dcbe0..f2b52651 100644 --- a/operators/focom-operator/hack/boilerplate.go.txt +++ b/operators/focom-operator/hack/boilerplate.go.txt @@ -1,5 +1,5 @@ /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go index 62ffff32..ff295cc2 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go @@ -1,5 +1,5 @@ /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go index d3247826..0484d928 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go @@ -1,3 +1,18 @@ +/* +Copyright 2025 The Nephio Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ package controller import ( diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go index 691ac920..93bdc4af 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go @@ -1,3 +1,18 @@ +/* +Copyright 2025 The Nephio Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ package controller import ( diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go index b1830edc..712e3d3c 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go @@ -1,3 +1,18 @@ +/* +Copyright 2025 The Nephio Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ package controller import ( diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go index 7420704c..677ecfd1 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go @@ -1,3 +1,18 @@ +/* +Copyright 2025 The Nephio Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ package controller import ( diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go index 117c3a6b..078a5da9 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go @@ -1,3 +1,18 @@ +/* +Copyright 2025 The Nephio Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ package controller import ( diff --git a/operators/focom-operator/internal/controller/suite_test.go b/operators/focom-operator/internal/controller/suite_test.go index a8930c8e..fff3a38a 100644 --- a/operators/focom-operator/internal/controller/suite_test.go +++ b/operators/focom-operator/internal/controller/suite_test.go @@ -1,5 +1,5 @@ /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/operators/focom-operator/test/e2e/e2e_suite_test.go b/operators/focom-operator/test/e2e/e2e_suite_test.go index 7b0b2015..1d3a8b7c 100644 --- a/operators/focom-operator/test/e2e/e2e_suite_test.go +++ b/operators/focom-operator/test/e2e/e2e_suite_test.go @@ -1,5 +1,5 @@ /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/operators/focom-operator/test/e2e/e2e_test.go b/operators/focom-operator/test/e2e/e2e_test.go index 3f7017c4..f73105a8 100644 --- a/operators/focom-operator/test/e2e/e2e_test.go +++ b/operators/focom-operator/test/e2e/e2e_test.go @@ -1,5 +1,5 @@ /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -60,7 +60,7 @@ var _ = Describe("controller", Ordered, func() { var err error // projectimage stores the name of the image used in the example - var projectimage = "example.com/focom-operator:v0.0.1" + var projectimage = "nephio/focom-operator:e2e" By("building the manager(Operator) image") cmd := exec.Command("make", "docker-build", fmt.Sprintf("IMG=%s", projectimage)) diff --git a/operators/focom-operator/test/utils/utils.go b/operators/focom-operator/test/utils/utils.go index 87db8781..c315bd58 100644 --- a/operators/focom-operator/test/utils/utils.go +++ b/operators/focom-operator/test/utils/utils.go @@ -1,5 +1,5 @@ /* -Copyright 2025. +Copyright 2025 The Nephio Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. From 800e6a2b467298af6bf69acc141418906f34f261 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 12:48:22 +0000 Subject: [PATCH 08/29] Rename yaml file --- operators/focom-operator/kpt-package/{rbac => rbac.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename operators/focom-operator/kpt-package/{rbac => rbac.yaml} (100%) diff --git a/operators/focom-operator/kpt-package/rbac b/operators/focom-operator/kpt-package/rbac.yaml similarity index 100% rename from operators/focom-operator/kpt-package/rbac rename to operators/focom-operator/kpt-package/rbac.yaml From 46609761a74a2a13bf0b838b50077367d259a29d Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 13:08:40 +0000 Subject: [PATCH 09/29] Commit header change after make --- .../internal/controller/focomprovisioningrequest_helpers.go | 2 +- .../controller/focomprovisioningrequest_helpers_test.go | 2 +- .../internal/controller/focomprovisioningrequest_kubeconfig.go | 2 +- .../internal/controller/focomprovisioningrequest_validation.go | 2 +- .../controller/focomprovisioningrequest_validation_test.go | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go index 0484d928..c3d14336 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers.go @@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go index 93bdc4af..67bf97dd 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go @@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go index 712e3d3c..96aa0586 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_kubeconfig.go @@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go index 677ecfd1..e3cda4c0 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation.go @@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go index 078a5da9..f9175115 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_validation_test.go @@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, From ff125a29fdf92f87d1026a7c7adcf6fad5272ac3 Mon Sep 17 00:00:00 2001 From: Dejan Kitic Date: Wed, 5 Feb 2025 13:15:11 +0000 Subject: [PATCH 10/29] Update readme file with information on e2e test and testenv --- operators/focom-operator/README.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/operators/focom-operator/README.md b/operators/focom-operator/README.md index e91a5396..cc87933e 100644 --- a/operators/focom-operator/README.md +++ b/operators/focom-operator/README.md @@ -59,17 +59,23 @@ make deploy IMG=your-docker-repository/focom-operator-poc:2.0.0 - Access to a Kubernetes v1.11.3+ cluster. - oapi-codegen installed with: go install github.com/deepmap/oapi-codegen/cmd/oapi-codegen@latest - setup-env test: go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest -- export KUBEBUILDER_ASSETS=$(pwd)/testbin/k8s/1.26.0-darwin-arm64 for the above ### To run the tests locally Set up the setup-envtest from the root folder of the project. ```sh -setup-envtest use 1.31 --bin-dir=./bin -cd internal -go test ./controller/... +# For example, to use envtest 1.31 on macOS with an ARM processor, run: +setup-envtest use 1.31 --bin-dir=./testbin +export KUBEBUILDER_ASSETS="$(pwd)/testbin/k8s/1.31.0-darwin-arm64" +go test -v ./internal/controller/... ``` +To run e2e tests inside the test folder, set up a kind cluster, for example: + +```sh +kind create cluster +make test-e2e +``` ### To Deploy on the cluster From f55203ce4ba290e51dfdf820d1a4972cbbff31a9 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 13:26:16 +0000 Subject: [PATCH 11/29] Update image tag in e2e suite --- operators/focom-operator/config/manager/kustomization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/operators/focom-operator/config/manager/kustomization.yaml b/operators/focom-operator/config/manager/kustomization.yaml index 56423f1c..32131dc0 100644 --- a/operators/focom-operator/config/manager/kustomization.yaml +++ b/operators/focom-operator/config/manager/kustomization.yaml @@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: your-docker-repository/focom-operator-poc - newTag: 2.0.0 + newName: nephio/focom-operator + newTag: e2e From 9bf513364ab662f61782c8a9f1b83d73543bf6b9 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 17:04:06 +0000 Subject: [PATCH 12/29] Fix failing presumit unit test --- operators/focom-operator/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/operators/focom-operator/Makefile b/operators/focom-operator/Makefile index 447d855d..2718e1db 100644 --- a/operators/focom-operator/Makefile +++ b/operators/focom-operator/Makefile @@ -119,6 +119,9 @@ vet: ## Run go vet against code. test: manifests generate fmt vet envtest ## Run tests. KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $$(go list ./... | grep -v /e2e) -coverprofile cover.out +.PHONY: unit +unit: test + # Utilize Kind or modify the e2e tests to load the image locally, enabling compatibility with other vendors. .PHONY: test-e2e # Run the e2e tests against a Kind k8s instance that is spun up. test-e2e: From 36d36958ad92f226062c1981071161d5b8a1f3f6 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 18:02:15 +0000 Subject: [PATCH 13/29] Fix failing gosec runs --- default-gosec.mk | 2 +- operators/focom-operator/Makefile | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/default-gosec.mk b/default-gosec.mk index 316c96e3..a71246b2 100644 --- a/default-gosec.mk +++ b/default-gosec.mk @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -GOSEC_VER ?= 2.15.0 +GOSEC_VER ?= 2.22.0 GIT_ROOT_DIR ?= $(dir $(lastword $(MAKEFILE_LIST))) include $(GIT_ROOT_DIR)/detect-container-runtime.mk diff --git a/operators/focom-operator/Makefile b/operators/focom-operator/Makefile index 2718e1db..bbcf17b0 100644 --- a/operators/focom-operator/Makefile +++ b/operators/focom-operator/Makefile @@ -1,3 +1,7 @@ +# This includes the following default targets: +# gosec, +include ../../default-gosec.mk + # VERSION defines the project version for the bundle. # Update this value when you upgrade the version of your project. # To re-generate a bundle for another specific version without changing the standard setup, you can: From 88437f8a9e5e329b245f78f68f37922e6ae67fbf Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 19:03:17 +0000 Subject: [PATCH 14/29] Exclude test and generated files from gosec --- default-gosec.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/default-gosec.mk b/default-gosec.mk index a71246b2..97118da2 100644 --- a/default-gosec.mk +++ b/default-gosec.mk @@ -20,7 +20,7 @@ include $(GIT_ROOT_DIR)/detect-container-runtime.mk .PHONY: gosec gosec: ## Inspect the source code for security problems by scanning the Go Abstract Syntax Tree ifeq ($(CONTAINER_RUNNABLE), 0) - $(RUN_CONTAINER_COMMAND) docker.io/securego/gosec:${GOSEC_VER} ./... + $(RUN_CONTAINER_COMMAND) docker.io/securego/gosec:${GOSEC_VER} -exclude-dir=test -exclude-generated ./... else - gosec ./... + gosec -exclude-dir=test -exclude-generated ./... endif From 57308ec878fa4c2cb6929b715efcac4caee9ecd4 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 19:26:38 +0000 Subject: [PATCH 15/29] Fix golangci-lint failing jobs --- .golangci.yml | 1 + default-go-lint.mk | 9 +++++---- operators/focom-operator/Makefile | 9 ++++++--- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 0bb921be..67173d3b 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -4,6 +4,7 @@ run: issues: exclude-dirs: - "vendor" + - "test" exclude-files: - ".*\\_test.go$" diff --git a/default-go-lint.mk b/default-go-lint.mk index 1f82342a..66851b1c 100644 --- a/default-go-lint.mk +++ b/default-go-lint.mk @@ -1,4 +1,4 @@ -# Copyright 2023 The Nephio Authors. +# Copyright 2023-2025 The Nephio Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,7 +13,8 @@ # limitations under the License. -GOLANG_CI_VER ?= v1.57 +GOLANG_CI_VER ?= v1.62.2 +GO_VERSION ?= 1.22.0 GIT_ROOT_DIR ?= $(dir $(lastword $(MAKEFILE_LIST))) include $(GIT_ROOT_DIR)/detect-container-runtime.mk @@ -22,7 +23,7 @@ include $(GIT_ROOT_DIR)/detect-container-runtime.mk lint: ## Run Go linter against the codebase ifeq ($(CONTAINER_RUNNABLE), 0) $(RUN_CONTAINER_COMMAND) docker.io/golangci/golangci-lint:${GOLANG_CI_VER}-alpine \ - golangci-lint run ./... -v + golangci-lint run ./... -v --go=${GO_VERSION} --exclude-generated=true else - golangci-lint run ./... -v + golangci-lint run ./... -v --go=${GO_VERSION} --exclude-generated=true endif diff --git a/operators/focom-operator/Makefile b/operators/focom-operator/Makefile index bbcf17b0..f4c788d0 100644 --- a/operators/focom-operator/Makefile +++ b/operators/focom-operator/Makefile @@ -1,6 +1,9 @@ # This includes the following default targets: -# gosec, +# gosec, golangci-lint include ../../default-gosec.mk +include ../../default-go-lint.mk + +GO_VERSION = 1.23.5 # VERSION defines the project version for the bundle. # Update this value when you upgrade the version of your project. @@ -131,8 +134,8 @@ unit: test test-e2e: go test ./test/e2e/ -v -ginkgo.v -.PHONY: lint -lint: golangci-lint ## Run golangci-lint linter +.PHONY: lint-local +lint-local: golangci-lint ## Run golangci-lint linter $(GOLANGCI_LINT) run .PHONY: lint-fix From caa97d0a303d4691609d5f27a4186786b15d8dee Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 19:29:36 +0000 Subject: [PATCH 16/29] Remove unknown golint flag --- default-go-lint.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/default-go-lint.mk b/default-go-lint.mk index 66851b1c..f04ae20e 100644 --- a/default-go-lint.mk +++ b/default-go-lint.mk @@ -23,7 +23,7 @@ include $(GIT_ROOT_DIR)/detect-container-runtime.mk lint: ## Run Go linter against the codebase ifeq ($(CONTAINER_RUNNABLE), 0) $(RUN_CONTAINER_COMMAND) docker.io/golangci/golangci-lint:${GOLANG_CI_VER}-alpine \ - golangci-lint run ./... -v --go=${GO_VERSION} --exclude-generated=true + golangci-lint run ./... -v --go=${GO_VERSION} else - golangci-lint run ./... -v --go=${GO_VERSION} --exclude-generated=true + golangci-lint run ./... -v --go=${GO_VERSION} endif From da6e22bf1ac8e002db184fbc981ab9aa69f0ed06 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 19:48:29 +0000 Subject: [PATCH 17/29] Use lates gotests infra image for test --- .prow.yaml | 2 +- default-go-test.mk | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.prow.yaml b/.prow.yaml index c4342944..41cca371 100644 --- a/.prow.yaml +++ b/.prow.yaml @@ -4,7 +4,7 @@ presubmits: always_run: true spec: containers: - - image: nephio/gotests:1817817865340850176 + - image: nephio/gotests:1885274380137664512 command: - make args: diff --git a/default-go-test.mk b/default-go-test.mk index 832dfc84..85d1f896 100644 --- a/default-go-test.mk +++ b/default-go-test.mk @@ -12,8 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. - -GO_VERSION ?= 1.22.2 TEST_COVERAGE_FILE=lcov.info TEST_COVERAGE_HTML_FILE=coverage_unit.html TEST_COVERAGE_FUNC_FILE=func_coverage.out @@ -28,7 +26,7 @@ unit: test .PHONY: test test: ## Run unit tests (go test) ifeq ($(CONTAINER_RUNNABLE), 0) - $(RUN_CONTAINER_COMMAND) docker.io/library/golang:${GO_VERSION}-alpine3.19 \ + $(RUN_CONTAINER_COMMAND) docker.io/nephio/gotests:1885274380137664512 \ sh -e -c "go test ./... -v -coverprofile ${TEST_COVERAGE_FILE}; \ go tool cover -html=${TEST_COVERAGE_FILE} -o ${TEST_COVERAGE_HTML_FILE}; \ go tool cover -func=${TEST_COVERAGE_FILE} -o ${TEST_COVERAGE_FUNC_FILE}" From cee0183aa9340da9f9969035ddeb9f1b2592ff5b Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 19:49:01 +0000 Subject: [PATCH 18/29] Use top level go-misc make targets --- operators/focom-operator/Makefile | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/operators/focom-operator/Makefile b/operators/focom-operator/Makefile index f4c788d0..ecaf898c 100644 --- a/operators/focom-operator/Makefile +++ b/operators/focom-operator/Makefile @@ -1,8 +1,11 @@ -# This includes the following default targets: -# gosec, golangci-lint +# These includes get the following targets +# from the top level Make files: +# gosec, golangci-lint, fmt, vet include ../../default-gosec.mk include ../../default-go-lint.mk +include ../../default-go-misc.mk +# Override golangci-lint target version GO_VERSION = 1.23.5 # VERSION defines the project version for the bundle. @@ -114,14 +117,6 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." -.PHONY: fmt -fmt: ## Run go fmt against code. - go fmt ./... - -.PHONY: vet -vet: ## Run go vet against code. - go vet ./... - .PHONY: test test: manifests generate fmt vet envtest ## Run tests. KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $$(go list ./... | grep -v /e2e) -coverprofile cover.out From c8a82938741276cafa7fba3a53f6b7d25c1b3791 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 20:10:36 +0000 Subject: [PATCH 19/29] Use latest gotests for make gosec target --- .prow.yaml | 2 +- default-gosec.mk | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.prow.yaml b/.prow.yaml index 41cca371..d9dd53e9 100644 --- a/.prow.yaml +++ b/.prow.yaml @@ -24,7 +24,7 @@ presubmits: always_run: true spec: containers: - - image: nephio/gotests:1817817865340850176 + - image: nephio/gotests:1885274380137664512 command: - make args: diff --git a/default-gosec.mk b/default-gosec.mk index 97118da2..d8c7c602 100644 --- a/default-gosec.mk +++ b/default-gosec.mk @@ -12,7 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -GOSEC_VER ?= 2.22.0 GIT_ROOT_DIR ?= $(dir $(lastword $(MAKEFILE_LIST))) include $(GIT_ROOT_DIR)/detect-container-runtime.mk @@ -20,7 +19,8 @@ include $(GIT_ROOT_DIR)/detect-container-runtime.mk .PHONY: gosec gosec: ## Inspect the source code for security problems by scanning the Go Abstract Syntax Tree ifeq ($(CONTAINER_RUNNABLE), 0) - $(RUN_CONTAINER_COMMAND) docker.io/securego/gosec:${GOSEC_VER} -exclude-dir=test -exclude-generated ./... + $(RUN_CONTAINER_COMMAND) docker.io/nephio/gotests:1885274380137664512 gosec -fmt=html -out=gosec-results.html \ + -stdout -verbose=text -exclude-dir=test -exclude-generated ./... else - gosec -exclude-dir=test -exclude-generated ./... + gosec -fmt=html -out=gosec-results.html -stdout -verbose=text -exclude-dir=test -exclude-generated ./... endif From b70368997d1408a2e357d099aa3c47b2c2a0fd33 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 20:11:47 +0000 Subject: [PATCH 20/29] Ignore gosec results files --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 6bdb446a..f170c638 100644 --- a/.gitignore +++ b/.gitignore @@ -24,4 +24,7 @@ vendor go.work go.work.sum lcov.info + +# go tools artifacts coverage_unit.html +*-results.html From b293a9d00a554449701bf0d4b91dcb91bfd0cdba Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 21:10:07 +0000 Subject: [PATCH 21/29] Fix golangci-lint job --- .golangci.yml | 2 ++ default-go-lint.mk | 8 +++----- operators/focom-operator/Makefile | 3 --- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 67173d3b..3ec69865 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,4 +1,6 @@ run: + build-tags: + - "-buildvcs=false" timeout: 10m issues: diff --git a/default-go-lint.mk b/default-go-lint.mk index f04ae20e..5bde084a 100644 --- a/default-go-lint.mk +++ b/default-go-lint.mk @@ -12,9 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. - -GOLANG_CI_VER ?= v1.62.2 -GO_VERSION ?= 1.22.0 +GOLANG_CI_VER ?= v1.63.4 GIT_ROOT_DIR ?= $(dir $(lastword $(MAKEFILE_LIST))) include $(GIT_ROOT_DIR)/detect-container-runtime.mk @@ -23,7 +21,7 @@ include $(GIT_ROOT_DIR)/detect-container-runtime.mk lint: ## Run Go linter against the codebase ifeq ($(CONTAINER_RUNNABLE), 0) $(RUN_CONTAINER_COMMAND) docker.io/golangci/golangci-lint:${GOLANG_CI_VER}-alpine \ - golangci-lint run ./... -v --go=${GO_VERSION} + golangci-lint run ./... -v else - golangci-lint run ./... -v --go=${GO_VERSION} + golangci-lint run ./... -v endif diff --git a/operators/focom-operator/Makefile b/operators/focom-operator/Makefile index ecaf898c..258a87c6 100644 --- a/operators/focom-operator/Makefile +++ b/operators/focom-operator/Makefile @@ -5,9 +5,6 @@ include ../../default-gosec.mk include ../../default-go-lint.mk include ../../default-go-misc.mk -# Override golangci-lint target version -GO_VERSION = 1.23.5 - # VERSION defines the project version for the bundle. # Update this value when you upgrade the version of your project. # To re-generate a bundle for another specific version without changing the standard setup, you can: From a0079d9909403ecfaab4066e0b3de2aebd1607bb Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 21:24:24 +0000 Subject: [PATCH 22/29] Use latest gotests for golangci-lint --- .prow.yaml | 2 +- default-go-lint.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.prow.yaml b/.prow.yaml index d9dd53e9..1e9ee33d 100644 --- a/.prow.yaml +++ b/.prow.yaml @@ -14,7 +14,7 @@ presubmits: always_run: true spec: containers: - - image: nephio/gotests:1817817865340850176 + - image: nephio/gotests:1885274380137664512 command: - make args: diff --git a/default-go-lint.mk b/default-go-lint.mk index 5bde084a..2730fb4d 100644 --- a/default-go-lint.mk +++ b/default-go-lint.mk @@ -21,7 +21,7 @@ include $(GIT_ROOT_DIR)/detect-container-runtime.mk lint: ## Run Go linter against the codebase ifeq ($(CONTAINER_RUNNABLE), 0) $(RUN_CONTAINER_COMMAND) docker.io/golangci/golangci-lint:${GOLANG_CI_VER}-alpine \ - golangci-lint run ./... -v + golangci-lint run ./... -v else golangci-lint run ./... -v endif From b265b9e43535a4f240e022272cddabfedd891775 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 22:12:51 +0000 Subject: [PATCH 23/29] Fix krm-func lib linting errors --- krm-functions/lib/condkptsdk/sdk.go | 9 +++++---- krm-functions/lib/nad/v1/nad.go | 12 ++++++------ 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/krm-functions/lib/condkptsdk/sdk.go b/krm-functions/lib/condkptsdk/sdk.go index ec856a1d..859603eb 100644 --- a/krm-functions/lib/condkptsdk/sdk.go +++ b/krm-functions/lib/condkptsdk/sdk.go @@ -17,8 +17,8 @@ limitations under the License. package condkptsdk import ( + "errors" "fmt" - "github.com/GoogleContainerTools/kpt-functions-sdk/go/fn" kptfilelibv1 "github.com/nephio-project/nephio/krm-functions/lib/kptfile/v1" corev1 "k8s.io/api/core/v1" @@ -100,9 +100,10 @@ func (r *sdk) Run() (bool, error) { kfko := r.rl.Items.GetRootKptfile() if kfko == nil { msg := "mandatory Kptfile is missing from the package" - fn.Log(msg) - r.rl.Results.Errorf(msg) - return false, fmt.Errorf(msg) + err := errors.New(msg) + fn.Logf("%s, error: %s\n", msg, err.Error()) + r.rl.Results.Errorf("%s, error: %s\n", msg, err.Error()) + return false, fmt.Errorf(err.Error(), msg) } r.kptfile = kptfilelibv1.KptFile{Kptfile: kfko} diff --git a/krm-functions/lib/nad/v1/nad.go b/krm-functions/lib/nad/v1/nad.go index 4f10a967..ce1688bb 100644 --- a/krm-functions/lib/nad/v1/nad.go +++ b/krm-functions/lib/nad/v1/nad.go @@ -146,7 +146,7 @@ func (r *NadStruct) getNadConfig() (NadConfig, error) { case VlanClaimOnly: return nadConfigStruct, nil case IpVlanType: - if nadConfigStruct.Plugins == nil || len(nadConfigStruct.Plugins) == 0 { + if len(nadConfigStruct.Plugins) == 0 { nadConfigStruct.Plugins = []PluginCniType{ { Capabilities: Capabilities{Ips: true}, @@ -159,7 +159,7 @@ func (r *NadStruct) getNadConfig() (NadConfig, error) { } return nadConfigStruct, nil case MacVlanType: - if nadConfigStruct.Plugins == nil || len(nadConfigStruct.Plugins) == 0 { + if len(nadConfigStruct.Plugins) == 0 { nadConfigStruct.Plugins = []PluginCniType{ { Capabilities: Capabilities{Ips: true}, @@ -178,7 +178,7 @@ func (r *NadStruct) getNadConfig() (NadConfig, error) { } return nadConfigStruct, nil case SriovType: - if nadConfigStruct.Plugins == nil || len(nadConfigStruct.Plugins) == 0 { + if len(nadConfigStruct.Plugins) == 0 { nadConfigStruct.Plugins = []PluginCniType{ { Capabilities: Capabilities{ @@ -193,7 +193,7 @@ func (r *NadStruct) getNadConfig() (NadConfig, error) { } return nadConfigStruct, nil case VlanType: - if nadConfigStruct.Plugins == nil || len(nadConfigStruct.Plugins) == 0 { + if len(nadConfigStruct.Plugins) == 0 { nadConfigStruct.Plugins = []PluginCniType{ { Ipam: Ipam{ @@ -204,7 +204,7 @@ func (r *NadStruct) getNadConfig() (NadConfig, error) { } return nadConfigStruct, nil case BridgeType: - if nadConfigStruct.Plugins == nil || len(nadConfigStruct.Plugins) == 0 { + if len(nadConfigStruct.Plugins) == 0 { nadConfigStruct.Plugins = []PluginCniType{ { Ipam: Ipam{ @@ -215,7 +215,7 @@ func (r *NadStruct) getNadConfig() (NadConfig, error) { } return nadConfigStruct, nil case OtherType: - if nadConfigStruct.Plugins == nil || len(nadConfigStruct.Plugins) == 0 { + if len(nadConfigStruct.Plugins) == 0 { nadConfigStruct.Plugins = []PluginCniType{ { Capabilities: Capabilities{ From 3f31406662048de14ca77af846e887955c13e628 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 5 Feb 2025 22:30:05 +0000 Subject: [PATCH 24/29] Update prow to use lates gotests image --- .prow.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.prow.yaml b/.prow.yaml index 1e9ee33d..0d25074f 100644 --- a/.prow.yaml +++ b/.prow.yaml @@ -34,7 +34,7 @@ presubmits: always_run: true spec: containers: - - image: nephio/gotests:1817817865340850176 + - image: nephio/gotests:1885274380137664512 command: - "/bin/sh" - "-c" @@ -74,7 +74,7 @@ presubmits: always_run: true spec: containers: - - image: nephio/gotests:1817817865340850176 + - image: nephio/gotests:1885274380137664512 command: - "/usr/local/bin/lichen.sh" From 59cf850cfa02db48d98de112f080e72e871aee99 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Thu, 6 Feb 2025 09:26:35 +0000 Subject: [PATCH 25/29] Update default-go-lint.mk Co-authored-by: Liam Fallon <35595825+liamfallon@users.noreply.github.com> --- default-go-lint.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default-go-lint.mk b/default-go-lint.mk index 2730fb4d..08867faf 100644 --- a/default-go-lint.mk +++ b/default-go-lint.mk @@ -1,4 +1,4 @@ -# Copyright 2023-2025 The Nephio Authors. +# Copyright 2023,2025 The Nephio Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. From 77d2a411eced91f3246475571f7d0e23587aa8bc Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Mon, 10 Feb 2025 14:58:27 +0000 Subject: [PATCH 26/29] Remove hardcoding of o2ims CRD --- .../focomprovisioningrequest_helpers_test.go | 37 ++++- .../provisioning-request-crd.yaml | 133 ------------------ .../test-data/provisioning-request-crd.yaml | 133 ------------------ 3 files changed, 35 insertions(+), 268 deletions(-) delete mode 100644 operators/focom-operator/oran-provisioning-crd/provisioning-request-crd.yaml delete mode 100644 operators/focom-operator/test-data/provisioning-request-crd.yaml diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go index 67bf97dd..fa8dc27d 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go @@ -19,6 +19,7 @@ import ( "context" "fmt" "os" + "os/exec" "testing" focomv1alpha1 "github.com/nephio-project/nephio/operators/focom-operator/api/focom/v1alpha1" @@ -37,15 +38,25 @@ import ( "sigs.k8s.io/controller-runtime/pkg/envtest" ) +const ( + ORAN_PROV_REQ_CRD_PATH = "../../test-data/" + ORAN_PROV_REQ_CRD_FILE = "o2ims.provisioning.oran.org_provisioningrequests.yaml" +) + // TestIntegrationBuildRemoteClient_CreateProvisioningRequest tests building a remote client // that attempts discovery on a real ephemeral EnvTest server. -func TestIntegrationBuildRemoteClient_CreateProvisioningRequest(t *testing.T) { +func TestIntegrationBuildRemoteClientCreateProvisioningRequest(t *testing.T) { + + // get the o2ims provrequest CRD + err := fetchCRDFromRepo() + require.NoError(t, err, "failed to fetch o2ims.provrequest CRD") + // 1. Start an EnvTest environment for the "remote" cluster remoteEnv := &envtest.Environment{ CRDDirectoryPaths: []string{ // Path(s) to the CRDs for your "remote" cluster "../../config/crd/bases", - "../../oran-provisioning-crd", + ORAN_PROV_REQ_CRD_PATH, }, } @@ -155,6 +166,9 @@ func TestIntegrationBuildRemoteClient_CreateProvisioningRequest(t *testing.T) { // ... set more fields if needed err = remoteCl.Create(context.Background(), remoteObj) require.NoError(t, err, "should succeed creating the resource in remote envtest cluster") + + removeCRDsFromLocal() + require.NoError(t, err, "failed to clen up afetr test") } // kubeconfigFromEnvTestConfig builds a minimal kubeconfig from an EnvTest *rest.Config @@ -197,3 +211,22 @@ func kubeconfigFromEnvTestConfig(cfg *rest.Config) ([]byte, error) { } return clientcmd.Write(apiCfg) } + +// A function to pull CRDs from another repo (e.g., a remote GitHub repository) +func fetchCRDFromRepo() error { + // Get the CRD from github + cmd := exec.Command("curl", "-o", ORAN_PROV_REQ_CRD_PATH + ORAN_PROV_REQ_CRD_FILE, + "https://raw.githubusercontent.com/nephio-project/api/main/config/crd/bases/" + ORAN_PROV_REQ_CRD_FILE) + if err := cmd.Run(); err != nil { + return fmt.Errorf("failed to fetch CRD from GitHub: %w", err) + } + return nil +} + +func removeCRDsFromLocal() error { + cmd := exec.Command("rm", "-f", ORAN_PROV_REQ_CRD_PATH + ORAN_PROV_REQ_CRD_FILE) + if err := cmd.Run(); err != nil { + return fmt.Errorf("failed to remove CRD from local: %w", err) + } + return nil +} \ No newline at end of file diff --git a/operators/focom-operator/oran-provisioning-crd/provisioning-request-crd.yaml b/operators/focom-operator/oran-provisioning-crd/provisioning-request-crd.yaml deleted file mode 100644 index 5f9cccfd..00000000 --- a/operators/focom-operator/oran-provisioning-crd/provisioning-request-crd.yaml +++ /dev/null @@ -1,133 +0,0 @@ -# provisioning-request-crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: provisioningrequests.o2ims.provisioning.oran.org -spec: - group: o2ims.provisioning.oran.org - names: - kind: ProvisioningRequest - listKind: ProvisioningRequestList - plural: provisioningrequests - singular: provisioningrequest - scope: Cluster - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - apiVersion: - type: string - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - The current apiVersion of this api is v1alpha1 - kind: - type: string - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - The kind value for this api is ProvisioningRequest - metadata: - type: object - properties: - name: - type: string - description: | - The name of the ProvisioningRequest custom resource instance contains the provisioningItemId. - The provisioningItemId is the unique SMO provided identifier that the SMO will use to - identify all resources provisioned by this provisioning request in interactions - with the O-Cloud. - spec: - type: object - properties: - name: - type: string - description: | - the name in this spec section is a human readable name intended for descriptive - purposes, this name is not required to be unique and does not identify a provisioning - request or any provisioned resources. - description: - type: string - description: | - A description of this provisioning request. - templateName: - type: string - description: | - templateName is the name of the template that the SMO wants to use to provision - resources - templateVersion: - type: string - description: | - templateVersion is the version of the template that the SMO wants to use to provision - resources. templateName and templateVersion together uniquely identify the template - instance that the SMO wants to use in the provisioning request. - templateParameters: - type: object - x-kubernetes-preserve-unknown-fields: true - description: | - templateParams carries the parameters required to provision resources using this template. - The type is object as actual parameters are defined by the template. - The template parameter schema itself is not defined here as it is template specific. - The themplate parameter schema must be published by the template provider so that FOCOM can - learn about required parameters and validate the same. - The template parameter schema language must be standardized by O-RAN. - required: - - templateName - - templateVersion - - templateParameters - status: - type: object - description: ProvisioningRequestStatus defines the observed state of ProvisioningRequest - properties: - provisionedResources: - description: | - The resources that have been successfully provisioned as part of the provisioning process. - properties: - oCloudNodeClusterId: - description: | - The identifier of the provisioned oCloud NodeCluster. - type: string - oCloudInfrastructureResourceIds: - description: | - The list of provisioned infrastructure resource ids. - type: array - items: - type: string - description: | - The provisioned infrastructure resource id. - type: object - provisioningStatus: - properties: - provisioningUpdateTime: - description: | - The last update time of the provisioning status. - format: date-time - type: string - provisioningMessage: - description: | - The details about the current state of the provisioning process. - type: string - provisioningState: - description: The current state of the provisioning process. - enum: - - progressing - - fulfilled - - failed - - deleting - type: string - type: object - extensions: - description: |- - Extensions contain extra details about the resources and the configuration used for/by - the ProvisioningRequest. - type: object - x-kubernetes-preserve-unknown-fields: true - subresources: - status: {} diff --git a/operators/focom-operator/test-data/provisioning-request-crd.yaml b/operators/focom-operator/test-data/provisioning-request-crd.yaml deleted file mode 100644 index 5f9cccfd..00000000 --- a/operators/focom-operator/test-data/provisioning-request-crd.yaml +++ /dev/null @@ -1,133 +0,0 @@ -# provisioning-request-crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: provisioningrequests.o2ims.provisioning.oran.org -spec: - group: o2ims.provisioning.oran.org - names: - kind: ProvisioningRequest - listKind: ProvisioningRequestList - plural: provisioningrequests - singular: provisioningrequest - scope: Cluster - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - apiVersion: - type: string - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - The current apiVersion of this api is v1alpha1 - kind: - type: string - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - The kind value for this api is ProvisioningRequest - metadata: - type: object - properties: - name: - type: string - description: | - The name of the ProvisioningRequest custom resource instance contains the provisioningItemId. - The provisioningItemId is the unique SMO provided identifier that the SMO will use to - identify all resources provisioned by this provisioning request in interactions - with the O-Cloud. - spec: - type: object - properties: - name: - type: string - description: | - the name in this spec section is a human readable name intended for descriptive - purposes, this name is not required to be unique and does not identify a provisioning - request or any provisioned resources. - description: - type: string - description: | - A description of this provisioning request. - templateName: - type: string - description: | - templateName is the name of the template that the SMO wants to use to provision - resources - templateVersion: - type: string - description: | - templateVersion is the version of the template that the SMO wants to use to provision - resources. templateName and templateVersion together uniquely identify the template - instance that the SMO wants to use in the provisioning request. - templateParameters: - type: object - x-kubernetes-preserve-unknown-fields: true - description: | - templateParams carries the parameters required to provision resources using this template. - The type is object as actual parameters are defined by the template. - The template parameter schema itself is not defined here as it is template specific. - The themplate parameter schema must be published by the template provider so that FOCOM can - learn about required parameters and validate the same. - The template parameter schema language must be standardized by O-RAN. - required: - - templateName - - templateVersion - - templateParameters - status: - type: object - description: ProvisioningRequestStatus defines the observed state of ProvisioningRequest - properties: - provisionedResources: - description: | - The resources that have been successfully provisioned as part of the provisioning process. - properties: - oCloudNodeClusterId: - description: | - The identifier of the provisioned oCloud NodeCluster. - type: string - oCloudInfrastructureResourceIds: - description: | - The list of provisioned infrastructure resource ids. - type: array - items: - type: string - description: | - The provisioned infrastructure resource id. - type: object - provisioningStatus: - properties: - provisioningUpdateTime: - description: | - The last update time of the provisioning status. - format: date-time - type: string - provisioningMessage: - description: | - The details about the current state of the provisioning process. - type: string - provisioningState: - description: The current state of the provisioning process. - enum: - - progressing - - fulfilled - - failed - - deleting - type: string - type: object - extensions: - description: |- - Extensions contain extra details about the resources and the configuration used for/by - the ProvisioningRequest. - type: object - x-kubernetes-preserve-unknown-fields: true - subresources: - status: {} From 5b2595204c274e80c1cb1d7117ae52ded40a6ee1 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Tue, 11 Feb 2025 07:46:30 +0000 Subject: [PATCH 27/29] Remove unused CR --- .../test-data/red-hat-cluster-template.yaml | 23 ------------------- 1 file changed, 23 deletions(-) delete mode 100644 operators/focom-operator/test-data/red-hat-cluster-template.yaml diff --git a/operators/focom-operator/test-data/red-hat-cluster-template.yaml b/operators/focom-operator/test-data/red-hat-cluster-template.yaml deleted file mode 100644 index 110366c8..00000000 --- a/operators/focom-operator/test-data/red-hat-cluster-template.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# magic-template-schema.yaml -apiVersion: provisioning.oran.org/v1alpha1 -kind: TemplateInfo -metadata: - name: red-hat-cluster-template-1.0.0 - namespace: eolm-focom -spec: - templateName: "red-hat-cluster-template" - templateVersion: "1.0.0" - templateParameterSchema: | - { - "type": "object", - "infra": { - "param1": { - "type": "string" - }, - "params": { - "type": "integer" - } - }, - "required": ["param1"] - } - From 9ffbec5c1b5f67f19ed10e3574a4122a31b49eeb Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 12 Feb 2025 11:37:39 +0000 Subject: [PATCH 28/29] Add missing rbac roles --- operators/focom-operator/Makefile | 2 +- .../config/manager/kustomization.yaml | 4 +- .../focom-operator/config/rbac/role.yaml | 16 + .../focomprovisioningrequest_controller.go | 2 + ....nephio.org_focomprovisioningrequests.yaml | 84 --- .../crds/focom.nephio.org_oclouds.yaml | 71 -- .../provisioning.oran.org_templateinfoes.yaml | 61 -- .../kpt-package/focom-operator-bundle.yaml | 638 ++++++++++++++++++ .../kpt-package/focom-operator.yaml | 85 --- .../focom-operator/kpt-package/rbac.yaml | 317 --------- 10 files changed, 659 insertions(+), 621 deletions(-) delete mode 100644 operators/focom-operator/kpt-package/crds/focom.nephio.org_focomprovisioningrequests.yaml delete mode 100644 operators/focom-operator/kpt-package/crds/focom.nephio.org_oclouds.yaml delete mode 100644 operators/focom-operator/kpt-package/crds/provisioning.oran.org_templateinfoes.yaml create mode 100644 operators/focom-operator/kpt-package/focom-operator-bundle.yaml delete mode 100644 operators/focom-operator/kpt-package/focom-operator.yaml delete mode 100644 operators/focom-operator/kpt-package/rbac.yaml diff --git a/operators/focom-operator/Makefile b/operators/focom-operator/Makefile index 258a87c6..64c5a8dd 100644 --- a/operators/focom-operator/Makefile +++ b/operators/focom-operator/Makefile @@ -200,7 +200,7 @@ deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in .PHONY: build-k8s-deployment build-k8s-deployment: manifests kustomize cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} - $(KUSTOMIZE) build config/default > kpt-package/focom-operator.yaml + $(KUSTOMIZE) build config/default > kpt-package/focom-operator-bundle.yaml .PHONY: undeploy diff --git a/operators/focom-operator/config/manager/kustomization.yaml b/operators/focom-operator/config/manager/kustomization.yaml index 32131dc0..664a6311 100644 --- a/operators/focom-operator/config/manager/kustomization.yaml +++ b/operators/focom-operator/config/manager/kustomization.yaml @@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: nephio/focom-operator - newTag: e2e + newName: docker.io/nephio/focom-operator + newTag: 0.0.1 diff --git a/operators/focom-operator/config/rbac/role.yaml b/operators/focom-operator/config/rbac/role.yaml index e2868b7d..8d37c2b5 100644 --- a/operators/focom-operator/config/rbac/role.yaml +++ b/operators/focom-operator/config/rbac/role.yaml @@ -4,6 +4,14 @@ kind: ClusterRole metadata: name: manager-role rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch - apiGroups: - focom.nephio.org resources: @@ -30,6 +38,14 @@ rules: - get - patch - update +- apiGroups: + - focom.nephio.org + resources: + - oclouds + verbs: + - get + - list + - watch - apiGroups: - provisioning.oran.org resources: diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go index ff295cc2..5907be58 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_controller.go @@ -41,10 +41,12 @@ type FocomProvisioningRequestReconciler struct { // Finalizer used for deleting remote CR const focomFinalizer = "focom.nephio.org/finalizer" +// +kubebuilder:rbac:groups=focom.nephio.org,resources=oclouds,verbs=get;list;watch // +kubebuilder:rbac:groups=focom.nephio.org,resources=focomprovisioningrequests,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=provisioning.oran.org,resources=templateinfoes,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=focom.nephio.org,resources=focomprovisioningrequests/status,verbs=get;update;patch // +kubebuilder:rbac:groups=focom.nephio.org,resources=focomprovisioningrequests/finalizers,verbs=update +// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. diff --git a/operators/focom-operator/kpt-package/crds/focom.nephio.org_focomprovisioningrequests.yaml b/operators/focom-operator/kpt-package/crds/focom.nephio.org_focomprovisioningrequests.yaml deleted file mode 100644 index feaa09f8..00000000 --- a/operators/focom-operator/kpt-package/crds/focom.nephio.org_focomprovisioningrequests.yaml +++ /dev/null @@ -1,84 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.1 - name: focomprovisioningrequests.focom.nephio.org -spec: - group: focom.nephio.org - names: - kind: FocomProvisioningRequest - listKind: FocomProvisioningRequestList - plural: focomprovisioningrequests - singular: focomprovisioningrequest - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: FocomProvisioningRequest is the Schema for the focomprovisioningrequests - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: FocomProvisioningRequestSpec defines the desired state of - FocomProvisioningRequest - properties: - description: - type: string - name: - type: string - oCloudId: - type: string - oCloudNamespace: - type: string - templateName: - type: string - templateParameters: - type: object - x-kubernetes-preserve-unknown-fields: true - templateVersion: - type: string - required: - - oCloudId - - oCloudNamespace - - templateName - - templateParameters - - templateVersion - type: object - status: - description: FocomProvisioningRequestStatus defines the observed state - of FocomProvisioningRequest - properties: - lastUpdated: - format: date-time - type: string - message: - type: string - phase: - type: string - remoteName: - description: The name of the remote resource in the target cluster - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/operators/focom-operator/kpt-package/crds/focom.nephio.org_oclouds.yaml b/operators/focom-operator/kpt-package/crds/focom.nephio.org_oclouds.yaml deleted file mode 100644 index 5f10038c..00000000 --- a/operators/focom-operator/kpt-package/crds/focom.nephio.org_oclouds.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.1 - name: oclouds.focom.nephio.org -spec: - group: focom.nephio.org - names: - kind: OCloud - listKind: OCloudList - plural: oclouds - singular: ocloud - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: OCloud is the Schema for the oclouds API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OCloudSpec defines the desired state of OCloud - properties: - o2imsSecret: - description: O2imsSecret references a Secret containing endpoint & - credentials - properties: - secretRef: - description: SecretRef points to the Secret with O2IMS credentials - properties: - name: - description: Name of the Secret - type: string - namespace: - description: Namespace of the Secret - type: string - required: - - name - - namespace - type: object - required: - - secretRef - type: object - required: - - o2imsSecret - type: object - status: - description: OCloudStatus defines the observed state of OCloud - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/operators/focom-operator/kpt-package/crds/provisioning.oran.org_templateinfoes.yaml b/operators/focom-operator/kpt-package/crds/provisioning.oran.org_templateinfoes.yaml deleted file mode 100644 index 62972ad2..00000000 --- a/operators/focom-operator/kpt-package/crds/provisioning.oran.org_templateinfoes.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.1 - name: templateinfoes.provisioning.oran.org -spec: - group: provisioning.oran.org - names: - kind: TemplateInfo - listKind: TemplateInfoList - plural: templateinfoes - singular: templateinfo - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: TemplateInfo is the Schema for the templateinfoes API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: TemplateInfoSpec defines the desired state of TemplateInfo - properties: - templateName: - type: string - templateParameterSchema: - description: This is a string containing a JSON or YAML-based schema - for template parameters - type: string - templateVersion: - type: string - required: - - templateName - - templateParameterSchema - - templateVersion - type: object - status: - description: TemplateInfoStatus defines the observed state of TemplateInfo - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/operators/focom-operator/kpt-package/focom-operator-bundle.yaml b/operators/focom-operator/kpt-package/focom-operator-bundle.yaml new file mode 100644 index 00000000..2ff4e6e1 --- /dev/null +++ b/operators/focom-operator/kpt-package/focom-operator-bundle.yaml @@ -0,0 +1,638 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + control-plane: controller-manager + name: focom-operator-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: focomprovisioningrequests.focom.nephio.org +spec: + group: focom.nephio.org + names: + kind: FocomProvisioningRequest + listKind: FocomProvisioningRequestList + plural: focomprovisioningrequests + singular: focomprovisioningrequest + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FocomProvisioningRequest is the Schema for the focomprovisioningrequests + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FocomProvisioningRequestSpec defines the desired state of + FocomProvisioningRequest + properties: + description: + type: string + name: + type: string + oCloudId: + type: string + oCloudNamespace: + type: string + templateName: + type: string + templateParameters: + type: object + x-kubernetes-preserve-unknown-fields: true + templateVersion: + type: string + required: + - oCloudId + - oCloudNamespace + - templateName + - templateParameters + - templateVersion + type: object + status: + description: FocomProvisioningRequestStatus defines the observed state + of FocomProvisioningRequest + properties: + lastUpdated: + format: date-time + type: string + message: + type: string + phase: + type: string + remoteName: + description: The name of the remote resource in the target cluster + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: oclouds.focom.nephio.org +spec: + group: focom.nephio.org + names: + kind: OCloud + listKind: OCloudList + plural: oclouds + singular: ocloud + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OCloud is the Schema for the oclouds API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OCloudSpec defines the desired state of OCloud + properties: + o2imsSecret: + description: O2imsSecret references a Secret containing endpoint & + credentials + properties: + secretRef: + description: SecretRef points to the Secret with O2IMS credentials + properties: + name: + description: Name of the Secret + type: string + namespace: + description: Namespace of the Secret + type: string + required: + - name + - namespace + type: object + required: + - secretRef + type: object + required: + - o2imsSecret + type: object + status: + description: OCloudStatus defines the observed state of OCloud + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: templateinfoes.provisioning.oran.org +spec: + group: provisioning.oran.org + names: + kind: TemplateInfo + listKind: TemplateInfoList + plural: templateinfoes + singular: templateinfo + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: TemplateInfo is the Schema for the templateinfoes API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TemplateInfoSpec defines the desired state of TemplateInfo + properties: + templateName: + type: string + templateParameterSchema: + description: This is a string containing a JSON or YAML-based schema + for template parameters + type: string + templateVersion: + type: string + required: + - templateName + - templateParameterSchema + - templateVersion + type: object + status: + description: TemplateInfoStatus defines the observed state of TemplateInfo + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-controller-manager + namespace: focom-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-leader-election-role + namespace: focom-operator-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-focomprovisioningrequest-editor-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-focomprovisioningrequest-viewer-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests + verbs: + - get + - list + - watch +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: focom-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/finalizers + verbs: + - update +- apiGroups: + - focom.nephio.org + resources: + - focomprovisioningrequests/status + verbs: + - get + - patch + - update +- apiGroups: + - focom.nephio.org + resources: + - oclouds + verbs: + - get + - list + - watch +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: focom-operator-metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: focom-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-ocloud-editor-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - oclouds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - focom.nephio.org + resources: + - oclouds/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-ocloud-viewer-role +rules: +- apiGroups: + - focom.nephio.org + resources: + - oclouds + verbs: + - get + - list + - watch +- apiGroups: + - focom.nephio.org + resources: + - oclouds/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-provisioning-templateinfo-editor-role +rules: +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-provisioning-templateinfo-viewer-role +rules: +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes + verbs: + - get + - list + - watch +- apiGroups: + - provisioning.oran.org + resources: + - templateinfoes/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-leader-election-rolebinding + namespace: focom-operator-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: focom-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: focom-operator-controller-manager + namespace: focom-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + name: focom-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: focom-operator-manager-role +subjects: +- kind: ServiceAccount + name: focom-operator-controller-manager + namespace: focom-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: focom-operator-metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: focom-operator-metrics-auth-role +subjects: +- kind: ServiceAccount + name: focom-operator-controller-manager + namespace: focom-operator-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + control-plane: controller-manager + name: focom-operator-controller-manager-metrics-service + namespace: focom-operator-system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: focom-operator + control-plane: controller-manager + name: focom-operator-controller-manager + namespace: focom-operator-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-bind-address=:8443 + - --leader-elect + - --health-probe-bind-address=:8081 + command: + - /manager + image: docker.io/nephio/focom-operator:0.0.1 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: focom-operator-controller-manager + terminationGracePeriodSeconds: 10 diff --git a/operators/focom-operator/kpt-package/focom-operator.yaml b/operators/focom-operator/kpt-package/focom-operator.yaml deleted file mode 100644 index 1db7de01..00000000 --- a/operators/focom-operator/kpt-package/focom-operator.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - control-plane: controller-manager - name: focom-operator-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - control-plane: controller-manager - name: focom-operator-controller-manager-metrics-service - namespace: focom-operator-system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - control-plane: controller-manager ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - control-plane: controller-manager - name: focom-operator-controller-manager - namespace: focom-operator-system -spec: - replicas: 1 - selector: - matchLabels: - control-plane: controller-manager - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: controller-manager - spec: - containers: - - args: - - --metrics-bind-address=:8443 - - --leader-elect - - --health-probe-bind-address=:8081 - command: - - /manager - image: docker.io/nephio/focom-operator:latest - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - securityContext: - runAsNonRoot: true - serviceAccountName: focom-operator-controller-manager - terminationGracePeriodSeconds: 10 diff --git a/operators/focom-operator/kpt-package/rbac.yaml b/operators/focom-operator/kpt-package/rbac.yaml deleted file mode 100644 index 195bfec3..00000000 --- a/operators/focom-operator/kpt-package/rbac.yaml +++ /dev/null @@ -1,317 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-controller-manager - namespace: focom-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-leader-election-role - namespace: focom-operator-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-focomprovisioningrequest-editor-role -rules: -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-focomprovisioningrequest-viewer-role -rules: -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests - verbs: - - get - - list - - watch -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: focom-operator-manager-role -rules: -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests/finalizers - verbs: - - update -- apiGroups: - - focom.nephio.org - resources: - - focomprovisioningrequests/status - verbs: - - get - - patch - - update -- apiGroups: - - provisioning.oran.org - resources: - - templateinfoes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: focom-operator-metrics-auth-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: focom-operator-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-ocloud-editor-role -rules: -- apiGroups: - - focom.nephio.org - resources: - - oclouds - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - focom.nephio.org - resources: - - oclouds/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-ocloud-viewer-role -rules: -- apiGroups: - - focom.nephio.org - resources: - - oclouds - verbs: - - get - - list - - watch -- apiGroups: - - focom.nephio.org - resources: - - oclouds/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-provisioning-templateinfo-editor-role -rules: -- apiGroups: - - provisioning.oran.org - resources: - - templateinfoes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - provisioning.oran.org - resources: - - templateinfoes/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-provisioning-templateinfo-viewer-role -rules: -- apiGroups: - - provisioning.oran.org - resources: - - templateinfoes - verbs: - - get - - list - - watch -- apiGroups: - - provisioning.oran.org - resources: - - templateinfoes/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-leader-election-rolebinding - namespace: focom-operator-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: focom-operator-leader-election-role -subjects: -- kind: ServiceAccount - name: focom-operator-controller-manager - namespace: focom-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: focom-operator - name: focom-operator-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: focom-operator-manager-role -subjects: -- kind: ServiceAccount - name: focom-operator-controller-manager - namespace: focom-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: focom-operator-metrics-auth-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: focom-operator-metrics-auth-role -subjects: -- kind: ServiceAccount - name: focom-operator-controller-manager - namespace: focom-operator-system From de62d5060b6f510747414ef71d9e1dc9a3d000f7 Mon Sep 17 00:00:00 2001 From: Fiachra Corcoran Date: Wed, 12 Feb 2025 12:46:11 +0000 Subject: [PATCH 29/29] Run make fmt --- .../focomprovisioningrequest_helpers_test.go | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go index fa8dc27d..03756c9a 100644 --- a/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go +++ b/operators/focom-operator/internal/controller/focomprovisioningrequest_helpers_test.go @@ -48,7 +48,7 @@ const ( func TestIntegrationBuildRemoteClientCreateProvisioningRequest(t *testing.T) { // get the o2ims provrequest CRD - err := fetchCRDFromRepo() + err := fetchCRDFromRepo() require.NoError(t, err, "failed to fetch o2ims.provrequest CRD") // 1. Start an EnvTest environment for the "remote" cluster @@ -214,19 +214,19 @@ func kubeconfigFromEnvTestConfig(cfg *rest.Config) ([]byte, error) { // A function to pull CRDs from another repo (e.g., a remote GitHub repository) func fetchCRDFromRepo() error { - // Get the CRD from github - cmd := exec.Command("curl", "-o", ORAN_PROV_REQ_CRD_PATH + ORAN_PROV_REQ_CRD_FILE, - "https://raw.githubusercontent.com/nephio-project/api/main/config/crd/bases/" + ORAN_PROV_REQ_CRD_FILE) - if err := cmd.Run(); err != nil { - return fmt.Errorf("failed to fetch CRD from GitHub: %w", err) - } - return nil + // Get the CRD from github + cmd := exec.Command("curl", "-o", ORAN_PROV_REQ_CRD_PATH+ORAN_PROV_REQ_CRD_FILE, + "https://raw.githubusercontent.com/nephio-project/api/main/config/crd/bases/"+ORAN_PROV_REQ_CRD_FILE) + if err := cmd.Run(); err != nil { + return fmt.Errorf("failed to fetch CRD from GitHub: %w", err) + } + return nil } func removeCRDsFromLocal() error { - cmd := exec.Command("rm", "-f", ORAN_PROV_REQ_CRD_PATH + ORAN_PROV_REQ_CRD_FILE) - if err := cmd.Run(); err != nil { - return fmt.Errorf("failed to remove CRD from local: %w", err) - } - return nil -} \ No newline at end of file + cmd := exec.Command("rm", "-f", ORAN_PROV_REQ_CRD_PATH+ORAN_PROV_REQ_CRD_FILE) + if err := cmd.Run(); err != nil { + return fmt.Errorf("failed to remove CRD from local: %w", err) + } + return nil +}