Nephio operator for focom to oran-provisioning requests

.gitignore

@@ -24,4 +24,7 @@ vendor
 go.work
 go.work.sum
 lcov.info
+
+# go tools artifacts
 coverage_unit.html
+*-results.html

.golangci.yml

@@ -1,9 +1,12 @@
 run:
+  build-tags:
+    - "-buildvcs=false"
   timeout: 10m
 
 issues:
   exclude-dirs:
     - "vendor"
+    - "test"
 
   exclude-files:
     - ".*\\_test.go$"

.prow.yaml

@@ -4,7 +4,7 @@ presubmits:
     always_run: true
     spec:
       containers:
-      - image: nephio/gotests:1817817865340850176
+      - image: nephio/gotests:1885274380137664512
         command:
         - make
         args:
@@ -14,7 +14,7 @@ presubmits:
     always_run: true
     spec:
       containers:
-      - image: nephio/gotests:1817817865340850176
+      - image: nephio/gotests:1885274380137664512
         command:
         - make
         args:
@@ -24,7 +24,7 @@ presubmits:
     always_run: true
     spec:
       containers:
-      - image: nephio/gotests:1817817865340850176
+      - image: nephio/gotests:1885274380137664512
         command:
         - make
         args:
@@ -34,7 +34,7 @@ presubmits:
     always_run: true
     spec:
       containers:
-      - image: nephio/gotests:1817817865340850176
+      - image: nephio/gotests:1885274380137664512
         command:
         - "/bin/sh"
         - "-c"
@@ -74,7 +74,7 @@ presubmits:
     always_run: true
     spec:
       containers:
-      - image: nephio/gotests:1817817865340850176
+      - image: nephio/gotests:1885274380137664512
         command:
         - "/usr/local/bin/lichen.sh"
 

default-go-lint.mk

@@ -1,4 +1,4 @@
-#  Copyright 2023 The Nephio Authors.
+#  Copyright 2023,2025 The Nephio Authors.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -12,8 +12,7 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
-
-GOLANG_CI_VER ?= v1.57
+GOLANG_CI_VER ?= v1.63.4
 GIT_ROOT_DIR ?= $(dir $(lastword $(MAKEFILE_LIST)))
 include $(GIT_ROOT_DIR)/detect-container-runtime.mk
 
@@ -22,7 +21,7 @@ include $(GIT_ROOT_DIR)/detect-container-runtime.mk
 lint: ## Run Go linter against the codebase
 ifeq ($(CONTAINER_RUNNABLE), 0)
 	$(RUN_CONTAINER_COMMAND) docker.io/golangci/golangci-lint:${GOLANG_CI_VER}-alpine \
-	 golangci-lint run ./... -v
+	golangci-lint run ./... -v
 else
 	golangci-lint run ./... -v
 endif

default-go-test.mk

@@ -12,8 +12,6 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
-
-GO_VERSION ?= 1.22.2
 TEST_COVERAGE_FILE=lcov.info
 TEST_COVERAGE_HTML_FILE=coverage_unit.html
 TEST_COVERAGE_FUNC_FILE=func_coverage.out
@@ -28,7 +26,7 @@ unit: test
 .PHONY: test
 test: ## Run unit tests (go test)
 ifeq ($(CONTAINER_RUNNABLE), 0)
-		$(RUN_CONTAINER_COMMAND) docker.io/library/golang:${GO_VERSION}-alpine3.19 \
+		$(RUN_CONTAINER_COMMAND) docker.io/nephio/gotests:1885274380137664512 \
          sh -e -c "go test ./... -v -coverprofile ${TEST_COVERAGE_FILE}; \
          go tool cover -html=${TEST_COVERAGE_FILE} -o ${TEST_COVERAGE_HTML_FILE}; \
          go tool cover -func=${TEST_COVERAGE_FILE} -o ${TEST_COVERAGE_FUNC_FILE}"

default-gosec.mk

@@ -12,15 +12,15 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
-GOSEC_VER ?= 2.15.0
 GIT_ROOT_DIR ?= $(dir $(lastword $(MAKEFILE_LIST)))
 include $(GIT_ROOT_DIR)/detect-container-runtime.mk
 
 # Install link at https://github.com/securego/gosec#install if not running inside a container
 .PHONY: gosec
 gosec: ## Inspect the source code for security problems by scanning the Go Abstract Syntax Tree
 ifeq ($(CONTAINER_RUNNABLE), 0)
-		$(RUN_CONTAINER_COMMAND) docker.io/securego/gosec:${GOSEC_VER} ./...
+		$(RUN_CONTAINER_COMMAND) docker.io/nephio/gotests:1885274380137664512 gosec -fmt=html -out=gosec-results.html \
+		-stdout -verbose=text -exclude-dir=test -exclude-generated ./...
 else
-		gosec ./...
+		gosec -fmt=html -out=gosec-results.html -stdout -verbose=text -exclude-dir=test -exclude-generated ./...
 endif

krm-functions/lib/condkptsdk/sdk.go

@@ -17,8 +17,8 @@ limitations under the License.
 package condkptsdk
 
 import (
+	"errors"
 	"fmt"
-
 	"github.com/GoogleContainerTools/kpt-functions-sdk/go/fn"
 	kptfilelibv1 "github.com/nephio-project/nephio/krm-functions/lib/kptfile/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -100,9 +100,10 @@ func (r *sdk) Run() (bool, error) {
 	kfko := r.rl.Items.GetRootKptfile()
 	if kfko == nil {
 		msg := "mandatory Kptfile is missing from the package"
-		fn.Log(msg)
-		r.rl.Results.Errorf(msg)
-		return false, fmt.Errorf(msg)
+		err := errors.New(msg)
+		fn.Logf("%s, error: %s\n", msg, err.Error())
+		r.rl.Results.Errorf("%s, error: %s\n", msg, err.Error())
+		return false, fmt.Errorf(err.Error(), msg)
 	}
 	r.kptfile = kptfilelibv1.KptFile{Kptfile: kfko}
 

krm-functions/lib/nad/v1/nad.go

@@ -146,7 +146,7 @@ func (r *NadStruct) getNadConfig() (NadConfig, error) {
 	case VlanClaimOnly:
 		return nadConfigStruct, nil
 	case IpVlanType:
-		if nadConfigStruct.Plugins == nil || len(nadConfigStruct.Plugins) == 0 {
+		if len(nadConfigStruct.Plugins) == 0 {
 			nadConfigStruct.Plugins = []PluginCniType{
 				{
 					Capabilities: Capabilities{Ips: true},
@@ -159,7 +159,7 @@ func (r *NadStruct) getNadConfig() (NadConfig, error) {
 		}
 		return nadConfigStruct, nil
 	case MacVlanType:
-		if nadConfigStruct.Plugins == nil || len(nadConfigStruct.Plugins) == 0 {
+		if len(nadConfigStruct.Plugins) == 0 {
 			nadConfigStruct.Plugins = []PluginCniType{
 				{
 					Capabilities: Capabilities{Ips: true},
@@ -178,7 +178,7 @@ func (r *NadStruct) getNadConfig() (NadConfig, error) {
 		}
 		return nadConfigStruct, nil
 	case SriovType:
-		if nadConfigStruct.Plugins == nil || len(nadConfigStruct.Plugins) == 0 {
+		if len(nadConfigStruct.Plugins) == 0 {
 			nadConfigStruct.Plugins = []PluginCniType{
 				{
 					Capabilities: Capabilities{
@@ -193,7 +193,7 @@ func (r *NadStruct) getNadConfig() (NadConfig, error) {
 		}
 		return nadConfigStruct, nil
 	case VlanType:
-		if nadConfigStruct.Plugins == nil || len(nadConfigStruct.Plugins) == 0 {
+		if len(nadConfigStruct.Plugins) == 0 {
 			nadConfigStruct.Plugins = []PluginCniType{
 				{
 					Ipam: Ipam{
@@ -204,7 +204,7 @@ func (r *NadStruct) getNadConfig() (NadConfig, error) {
 		}
 		return nadConfigStruct, nil
 	case BridgeType:
-		if nadConfigStruct.Plugins == nil || len(nadConfigStruct.Plugins) == 0 {
+		if len(nadConfigStruct.Plugins) == 0 {
 			nadConfigStruct.Plugins = []PluginCniType{
 				{
 					Ipam: Ipam{
@@ -215,7 +215,7 @@ func (r *NadStruct) getNadConfig() (NadConfig, error) {
 		}
 		return nadConfigStruct, nil
 	case OtherType:
-		if nadConfigStruct.Plugins == nil || len(nadConfigStruct.Plugins) == 0 {
+		if len(nadConfigStruct.Plugins) == 0 {
 			nadConfigStruct.Plugins = []PluginCniType{
 				{
 					Capabilities: Capabilities{

operators/focom-operator/.dockerignore

@@ -0,0 +1,3 @@
+# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Ignore build and test binaries.
+bin/

operators/focom-operator/.gitignore

@@ -0,0 +1,28 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+bin/*
+Dockerfile.cross
+
+# Test binary, built with `go test -c`
+*.test
+test-data/create-secret.sh
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Go workspace file
+go.work
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+!vendor/**/zz_generated.*
+bin/*
+testbin/*
+# editor and IDE paraphernalia
+.idea
+.vscode
+*.swp
+*.swo
+*~

operators/focom-operator/Dockerfile

@@ -0,0 +1,47 @@
+#  Copyright 2025 The Nephio Authors.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+# Build the manager binary
+FROM golang:1.23 AS builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY cmd/main.go cmd/main.go
+COPY api/ api/
+COPY internal/controller/ internal/controller/
+
+# Build
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/manager .
+USER 65532:65532
+
+ENTRYPOINT ["/manager"]