issue-522,implementation for OpenSearch Egress Rules lifecycle workfl…

…ow on APIv2
instaclustr · Aug 22, 2023 · 93f3c74 · 93f3c74
1 parent 1fd8cfd
commit 93f3c74
Show file tree

Hide file tree

Showing 10 changed files with 512 additions and 0 deletions.
diff --git a/apis/clusterresources/v1beta1/opensearchegressrules_types.go b/apis/clusterresources/v1beta1/opensearchegressrules_types.go
@@ -0,0 +1,54 @@
+package v1beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/instaclustr/operator/pkg/models"
+)
+
+type OpenSearchEgressRulesSpec struct {
+	ClusterID           string `json:"clusterId"`
+	Name                string `json:"name"`
+	OpenSearchBindingId string `json:"openSearchBindingId"`
+	Source              string `json:"source"`
+	Type                string `json:"type"`
+}
+
+type OpenSearchEgressRulesStatus struct {
+	ID     string `json:"id,omitempty"`
+	Status string `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+type OpenSearchEgressRule struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   OpenSearchEgressRulesSpec   `json:"spec,omitempty"`
+	Status OpenSearchEgressRulesStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+type OpenSearchEgressRuleList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []OpenSearchEgressRule `json:"items"`
+}
+
+func (er *OpenSearchEgressRule) GetJobID(jobName string) string {
+	return client.ObjectKeyFromObject(er).String() + "/" + jobName
+}
+
+func (er *OpenSearchEgressRule) NewPatch() client.Patch {
+	old := er.DeepCopy()
+	old.Annotations[models.ResourceStateAnnotation] = ""
+	return client.MergeFrom(old)
+}
+
+func init() {
+	SchemeBuilder.Register(&OpenSearchEgressRule{}, &OpenSearchEgressRuleList{})
+}
diff --git a/apis/clusterresources/v1beta1/opensearchegressrules_webhook.go b/apis/clusterresources/v1beta1/opensearchegressrules_webhook.go
@@ -0,0 +1,68 @@
+package v1beta1
+
+import (
+	"fmt"
+	"regexp"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+
+	"github.com/instaclustr/operator/pkg/models"
+)
+
+var opensearchEgressRulesJog = logf.Log.WithName("opensearchegressrules-resource")
+var openSearchBindingIDPattern, _ = regexp.Compile(`[\w-]+`)
+var egressRulesIDPattern, _ = regexp.Compile(`[a-zA-Z\d-]+~\w+~[\w-]+`)
+
+func (r *OpenSearchEgressRule) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(r).
+		Complete()
+}
+
+//+kubebuilder:webhook:path=/validate-clusterresources-instaclustr-com-v1beta1-opensearchuser,mutating=false,failurePolicy=fail,sideEffects=None,groups=clusterresources.instaclustr.com,resources=opensearchusers,verbs=create;update,versions=v1beta1,name=vopensearchuser.kb.io,admissionReviewVersions=v1
+
+var _ webhook.Validator = &OpenSearchEgressRule{}
+
+// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
+func (r *OpenSearchEgressRule) ValidateCreate() error {
+	opensearchEgressRulesJog.Info("validate create", "name", r.Name)
+
+	if r.Spec.ClusterID == "" || r.Spec.OpenSearchBindingId == "" || r.Spec.Source == "" {
+		return fmt.Errorf("spec.ClusterID, spec.OpenSearchBindingId, spec.Source must be filled")
+	}
+
+	if !openSearchBindingIDPattern.MatchString(r.Spec.OpenSearchBindingId) {
+		return fmt.Errorf("mismatching openSearchBindingID to [\\w-]+ pattern")
+	}
+
+	return nil
+}
+
+// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
+func (r *OpenSearchEgressRule) ValidateUpdate(old runtime.Object) error {
+	opensearchEgressRulesJog.Info("validate update", "name", r.Name)
+
+	oldRules := old.(*OpenSearchEgressRule)
+
+	if r.Status.ID == "" {
+		return r.ValidateCreate()
+	}
+
+	if r.Spec != oldRules.Spec {
+		return models.ErrImmutableSpec
+	}
+
+	return nil
+}
+
+// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
+func (r *OpenSearchEgressRule) ValidateDelete() error {
+	if !openSearchBindingIDPattern.MatchString(r.Spec.OpenSearchBindingId) {
+		return fmt.Errorf("mismatching openSearchBindingID to [a-zA-Z\\d-]+~\\w+~[\\w-]+ pattern")
+	}
+
+	return nil
+}
diff --git a/apis/clusterresources/v1beta1/zz_generated.deepcopy.go b/apis/clusterresources/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/clusterresources.instaclustr.com_opensearchegressrules.yaml b/config/crd/bases/clusterresources.instaclustr.com_opensearchegressrules.yaml
@@ -0,0 +1,64 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.9.2
+  creationTimestamp: null
+  name: opensearchegressrules.clusterresources.instaclustr.com
+spec:
+  group: clusterresources.instaclustr.com
+  names:
+    kind: OpenSearchEgressRule
+    listKind: OpenSearchEgressRuleList
+    plural: opensearchegressrules
+    singular: opensearchegressrule
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              clusterId:
+                type: string
+              name:
+                type: string
+              openSearchBindingId:
+                type: string
+              source:
+                type: string
+              type:
+                type: string
+            required:
+            - clusterId
+            - name
+            - openSearchBindingId
+            - source
+            - type
+            type: object
+          status:
+            properties:
+              id:
+                type: string
+              status:
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml
@@ -572,6 +572,26 @@ webhooks:
     resources:
     - opensearchusers
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-clusterresources-instaclustr-com-v1beta1-opensearchuser
+  failurePolicy: Fail
+  name: vopensearchuser.kb.io
+  rules:
+  - apiGroups:
+    - clusterresources.instaclustr.com
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - opensearchusers
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   clientConfig: