add direct controller for compute firewall policy rule

gemmahou · Oct 7, 2024 · f40da67 · f40da67
1 parent a3581a7
commit f40da67
Show file tree

Hide file tree

Showing 8 changed files with 1,261 additions and 0 deletions.
diff --git a/apis/compute/v1beta1/computefirewallpolicyrule_types.go b/apis/compute/v1beta1/computefirewallpolicyrule_types.go
@@ -20,6 +20,15 @@ import (
 	refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1"
 	commonv1alpha1 "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/common/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+var (
+	ComputeFirewallPolicyRuleGVK = schema.GroupVersionKind{
+		Group:   SchemeGroupVersion.Group,
+		Version: SchemeGroupVersion.Version,
+		Kind:    "ComputeFirewallPolicyRule",
+	}
 )
 
 // +kcc:proto=google.cloud.compute.v1.FirewallPolicyRuleMatcherLayer4Config

diff --git a/pkg/controller/direct/compute/firewallpolicyrule/client.go b/pkg/controller/direct/compute/firewallpolicyrule/client.go
@@ -0,0 +1,88 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package firewallpolicyrule
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	api "cloud.google.com/go/compute/apiv1"
+	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/config"
+	"google.golang.org/api/option"
+)
+
+type gcpClient struct {
+	config config.ControllerConfig
+}
+
+func newGCPClient(ctx context.Context, config *config.ControllerConfig) (*gcpClient, error) {
+	gcpClient := &gcpClient{
+		config: *config,
+	}
+	return gcpClient, nil
+}
+
+func (m *gcpClient) options() ([]option.ClientOption, error) {
+	var opts []option.ClientOption
+	if m.config.UserAgent != "" {
+		opts = append(opts, option.WithUserAgent(m.config.UserAgent))
+	}
+	if m.config.HTTPClient != nil {
+		// TODO: Set UserAgent in this scenario (error is: WithHTTPClient is incompatible with gRPC dial options)
+
+		httpClient := &http.Client{}
+		*httpClient = *m.config.HTTPClient
+		httpClient.Transport = &optionsRoundTripper{
+			config: m.config,
+			inner:  m.config.HTTPClient.Transport,
+		}
+		opts = append(opts, option.WithHTTPClient(httpClient))
+	}
+	if m.config.UserProjectOverride && m.config.BillingProject != "" {
+		opts = append(opts, option.WithQuotaProject(m.config.BillingProject))
+	}
+
+	// TODO: support endpoints?
+	// if m.config.Endpoint != "" {
+	// 	opts = append(opts, option.WithEndpoint(m.config.Endpoint))
+	// }
+
+	return opts, nil
+}
+
+type optionsRoundTripper struct {
+	config config.ControllerConfig
+	inner  http.RoundTripper
+}
+
+func (m *optionsRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	if m.config.UserAgent != "" {
+		req.Header.Set("User-Agent", m.config.UserAgent)
+	}
+	return m.inner.RoundTrip(req)
+}
+
+func (m *gcpClient) firewallPoliciesClient(ctx context.Context) (*api.FirewallPoliciesClient, error) {
+	opts, err := m.options()
+	if err != nil {
+		return nil, err
+	}
+	client, err := api.NewFirewallPoliciesRESTClient(ctx, opts...)
+	if err != nil {
+		return nil, fmt.Errorf("building FirewallPolicy client: %w", err)
+	}
+	return client, err
+}