diff --git a/Makefile b/Makefile index e89ca90f5..6b08ced79 100644 --- a/Makefile +++ b/Makefile @@ -333,7 +333,7 @@ bin/$(PLATFORM)/yq: Makefile hack/install-yq.sh v4.31.2 bin/$(PLATFORM)/golangci-lint: Makefile - hack/golangci-lint.sh -b "bin/$(PLATFORM)" v1.59.1 + hack/golangci-lint.sh -b "bin/$(PLATFORM)" v1.61.0 bin/$(PLATFORM)/operator-sdk: Makefile hack/install-operator-sdk.sh v1.34.1 diff --git a/api/k8s.io/policy/v1beta1/register.go b/api/k8s.io/policy/v1beta1/register.go new file mode 100644 index 000000000..2730bb7c9 --- /dev/null +++ b/api/k8s.io/policy/v1beta1/register.go @@ -0,0 +1,32 @@ +// Unless explicitly stated otherwise all files in this repository are licensed +// under the Apache License Version 2.0. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2024-present Datadog, Inc. + +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "policy", Version: "v1beta1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind +func Kind(kind string) schema.GroupKind { + return GroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return GroupVersion.WithResource(resource).GroupResource() +} diff --git a/api/k8s.io/policy/v1beta1/types.go b/api/k8s.io/policy/v1beta1/types.go index a3693a365..8db8f6aca 100644 --- a/api/k8s.io/policy/v1beta1/types.go +++ b/api/k8s.io/policy/v1beta1/types.go @@ -390,3 +390,7 @@ type PodSecurityPolicyList struct { // items is a list of schema objects. Items []PodSecurityPolicy `json:"items" protobuf:"bytes,2,rep,name=items"` } + +func init() { + SchemeBuilder.Register(&PodSecurityPolicy{}, &PodSecurityPolicyList{}) +} diff --git a/cmd/main.go b/cmd/main.go index d551e3ece..f604e0893 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -36,6 +36,7 @@ import ( datadoghqv1alpha1 "github.com/DataDog/datadog-operator/api/datadoghq/v1alpha1" datadoghqv2alpha1 "github.com/DataDog/datadog-operator/api/datadoghq/v2alpha1" + psppolicyv1beta1 "github.com/DataDog/datadog-operator/api/k8s.io/policy/v1beta1" "github.com/DataDog/datadog-operator/internal/controller" "github.com/DataDog/datadog-operator/internal/controller/metrics" @@ -65,6 +66,7 @@ func init() { utilruntime.Must(datadoghqv1alpha1.AddToScheme(scheme)) utilruntime.Must(edsdatadoghqv1alpha1.AddToScheme(scheme)) utilruntime.Must(datadoghqv2alpha1.AddToScheme(scheme)) + utilruntime.Must(psppolicyv1beta1.AddToScheme(scheme)) // +kubebuilder:scaffold:scheme } diff --git a/config/crd/bases/v1/datadoghq.com_datadogagents.yaml b/config/crd/bases/v1/datadoghq.com_datadogagents.yaml index dca1e15b2..12e81214f 100644 --- a/config/crd/bases/v1/datadoghq.com_datadogagents.yaml +++ b/config/crd/bases/v1/datadoghq.com_datadogagents.yaml @@ -2157,6 +2157,9 @@ spec: type: string type: array x-kubernetes-list-type: set + required: + - namespace + - secrets type: object type: array x-kubernetes-list-type: atomic @@ -4139,10 +4142,13 @@ spec: description: The ConfigMap to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be defined @@ -4156,10 +4162,13 @@ spec: description: The Secret to select from properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined diff --git a/internal/controller/datadogagent/controller_reconcile_agent_test.go b/internal/controller/datadogagent/controller_reconcile_agent_test.go index 08cd603d7..9a28fdbcb 100644 --- a/internal/controller/datadogagent/controller_reconcile_agent_test.go +++ b/internal/controller/datadogagent/controller_reconcile_agent_test.go @@ -280,10 +280,6 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { providerList: map[string]struct{}{}, profiles: []v1alpha1.DatadogAgentProfile{}, wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, Items: []appsv1.DaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -297,12 +293,7 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, }, - wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, - }, + wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{}, }, { name: "no unused eds, introspection disabled, profiles disabled", @@ -323,17 +314,8 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { edsEnabled: true, providerList: map[string]struct{}{}, profiles: []v1alpha1.DatadogAgentProfile{}, - wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, - }, + wantDS: &appsv1.DaemonSetList{}, wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, Items: []edsdatadoghqv1alpha1.ExtendedDaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -379,10 +361,6 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, Items: []appsv1.DaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -398,12 +376,7 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, }, - wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, - }, + wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{}, }, { name: "no unused eds, introspection enabled, profiles enabled", @@ -435,17 +408,8 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, }, - wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, - }, + wantDS: &appsv1.DaemonSetList{}, wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, Items: []edsdatadoghqv1alpha1.ExtendedDaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -512,10 +476,6 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, Items: []appsv1.DaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -531,12 +491,7 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, }, - wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, - }, + wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{}, }, { name: "multiple unused eds, introspection enabled, profiles enabled", @@ -611,10 +566,6 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, Items: []appsv1.DaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -631,10 +582,6 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, Items: []edsdatadoghqv1alpha1.ExtendedDaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -711,10 +658,6 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, Items: []appsv1.DaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -730,12 +673,7 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, }, - wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, - }, + wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{}, }, { name: "multiple unused eds, introspection enabled, profiles disabled", @@ -810,17 +748,9 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, Items: []appsv1.DaemonSet{}, }, wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, Items: []edsdatadoghqv1alpha1.ExtendedDaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -893,10 +823,6 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, Items: []appsv1.DaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -922,12 +848,7 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, }, - wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, - }, + wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{}, }, { name: "multiple unused eds, introspection disabled, profiles enabled", @@ -1018,10 +939,6 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, Items: []appsv1.DaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -1037,10 +954,6 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, Items: []edsdatadoghqv1alpha1.ExtendedDaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -1107,10 +1020,6 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, Items: []appsv1.DaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -1142,12 +1051,7 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, }, - wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, - }, + wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{}, }, { name: "EDSs are not created by the operator (do not have the expected labels) and should not be removed", @@ -1229,10 +1133,6 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, Items: []appsv1.DaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -1258,10 +1158,6 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, Items: []edsdatadoghqv1alpha1.ExtendedDaemonSet{ { ObjectMeta: metav1.ObjectMeta{ @@ -1323,18 +1219,8 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, }, - wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, - }, - wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, - }, + wantDS: &appsv1.DaemonSetList{}, + wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{}, }, { name: "no existing eds, introspection enabled, profiles enabled", @@ -1354,18 +1240,8 @@ func Test_cleanupExtraneousDaemonSets(t *testing.T) { }, }, }, - wantDS: &appsv1.DaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "DaemonSetList", - APIVersion: "apps/v1", - }, - }, - wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{ - TypeMeta: metav1.TypeMeta{ - Kind: "ExtendedDaemonSetList", - APIVersion: "datadoghq.com/v1alpha1", - }, - }, + wantDS: &appsv1.DaemonSetList{}, + wantEDS: &edsdatadoghqv1alpha1.ExtendedDaemonSetList{}, }, } diff --git a/internal/controller/datadogagent/controller_reconcile_v2_test.go b/internal/controller/datadogagent/controller_reconcile_v2_test.go index 32b5e706a..fb70d4119 100644 --- a/internal/controller/datadogagent/controller_reconcile_v2_test.go +++ b/internal/controller/datadogagent/controller_reconcile_v2_test.go @@ -9,6 +9,7 @@ import ( "github.com/DataDog/datadog-operator/api/datadoghq/common" "github.com/DataDog/datadog-operator/api/datadoghq/v1alpha1" "github.com/DataDog/datadog-operator/api/datadoghq/v2alpha1" + policyv1beta1 "github.com/DataDog/datadog-operator/api/k8s.io/policy/v1beta1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -35,6 +36,7 @@ func Test_profilesToApply(t *testing.T) { sch := runtime.NewScheme() _ = scheme.AddToScheme(sch) _ = v1alpha1.AddToScheme(sch) + _ = policyv1beta1.AddToScheme(sch) ctx := context.Background() testCases := []struct { diff --git a/internal/controller/datadogagent/store/store_test.go b/internal/controller/datadogagent/store/store_test.go index 8665c8956..447beac7e 100644 --- a/internal/controller/datadogagent/store/store_test.go +++ b/internal/controller/datadogagent/store/store_test.go @@ -11,6 +11,7 @@ import ( "testing" "github.com/DataDog/datadog-operator/api/datadoghq/v2alpha1" + policyv1beta1 "github.com/DataDog/datadog-operator/api/k8s.io/policy/v1beta1" testutils "github.com/DataDog/datadog-operator/internal/controller/datadogagent/testutils" "github.com/DataDog/datadog-operator/pkg/kubernetes" assert "github.com/stretchr/testify/require" @@ -413,6 +414,7 @@ func TestStore_Cleanup(t *testing.T) { s := scheme.Scheme s.AddKnownTypes(apiregistrationv1.SchemeGroupVersion, &apiregistrationv1.APIService{}) s.AddKnownTypes(apiregistrationv1.SchemeGroupVersion, &apiregistrationv1.APIServiceList{}) + s.AddKnownTypes(policyv1beta1.GroupVersion, &policyv1beta1.PodSecurityPolicy{}, &policyv1beta1.PodSecurityPolicyList{}) type fields struct { deps map[kubernetes.ObjectKind]map[string]client.Object diff --git a/internal/controller/datadogagent/testutils/client_utils.go b/internal/controller/datadogagent/testutils/client_utils.go index f6b94794c..6775ba6eb 100644 --- a/internal/controller/datadogagent/testutils/client_utils.go +++ b/internal/controller/datadogagent/testutils/client_utils.go @@ -8,6 +8,7 @@ package testutils_test import ( "github.com/DataDog/datadog-operator/api/datadoghq/v1alpha1" "github.com/DataDog/datadog-operator/api/datadoghq/v2alpha1" + psppolicyv1beta1 "github.com/DataDog/datadog-operator/api/k8s.io/policy/v1beta1" edsdatadoghqv1alpha1 "github.com/DataDog/extendeddaemonset/api/v1alpha1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -36,6 +37,8 @@ func TestScheme() *runtime.Scheme { s.AddKnownTypes(rbacv1.SchemeGroupVersion, &rbacv1.Role{}) s.AddKnownTypes(rbacv1.SchemeGroupVersion, &rbacv1.RoleBinding{}) s.AddKnownTypes(policyv1.SchemeGroupVersion, &policyv1.PodDisruptionBudget{}) + s.AddKnownTypes(psppolicyv1beta1.GroupVersion, &psppolicyv1beta1.PodSecurityPolicy{}) + s.AddKnownTypes(psppolicyv1beta1.GroupVersion, &psppolicyv1beta1.PodSecurityPolicyList{}) s.AddKnownTypes(apiregistrationv1.SchemeGroupVersion, &apiregistrationv1.APIServiceList{}) s.AddKnownTypes(apiregistrationv1.SchemeGroupVersion, &apiregistrationv1.APIService{}) s.AddKnownTypes(networkingv1.SchemeGroupVersion, &networkingv1.NetworkPolicy{})