Merge pull request #4 from giantswarm/change-crd-spec

Change CRD spec for GiantSwarm Policy and rework controllers

PROJECT

@@ -7,4 +7,13 @@ layout:
 - go.kubebuilder.io/v4
 projectName: kyverno-policy-operator
 repo: github.com/giantswarm/kyverno-policy-operator
+resources:
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: giantswarm.io
+  group: policy
+  kind: PolicyException
+  path: github.com/giantswarm/kyverno-policy-operator/api/v1alpha1
+  version: v1alpha1
 version: "3"

api/v1alpha1/groupversion_info.go

@@ -0,0 +1,36 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the policy.giantswarm.io v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=policy.giantswarm.io
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "policy.giantswarm.io", Version: "v1alpha1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)

api/v1alpha1/policyexception_types.go

@@ -0,0 +1,62 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// PolicyExceptionSpec defines the desired state of PolicyException
+type PolicyExceptionSpec struct {
+	// Policies defines the list of policies to be excluded
+	Policies []string `json:"policies"`
+
+	// Targes defines the list of target workloads where the exceptions will be applied
+	Targets []Target `json:"targets"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:resource:shortName=gspolex
+//+kubebuilder:subresource:status
+
+// PolicyException is the Schema for the policyexceptions API
+type PolicyException struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec PolicyExceptionSpec `json:"spec,omitempty"`
+}
+
+// Target defines a resource to which a PolicyException applies
+type Target struct {
+	Namespaces []string `json:"namespaces"`
+	Names      []string `json:"names"`
+	Kind       string   `json:"kind"`
+}
+
+//+kubebuilder:object:root=true
+
+// PolicyExceptionList contains a list of PolicyException
+type PolicyExceptionList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []PolicyException `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&PolicyException{}, &PolicyExceptionList{})
+}

config/crd/bases/policy.giantswarm.io_policyexceptions.yaml

@@ -0,0 +1,75 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  name: policyexceptions.policy.giantswarm.io
+spec:
+  group: policy.giantswarm.io
+  names:
+    kind: PolicyException
+    listKind: PolicyExceptionList
+    plural: policyexceptions
+    shortNames:
+    - gspolex
+    singular: policyexception
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: PolicyException is the Schema for the policyexceptions API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: PolicyExceptionSpec defines the desired state of PolicyException
+            properties:
+              policies:
+                description: Policies defines the list of policies to be excluded
+                items:
+                  type: string
+                type: array
+              targets:
+                description: Targes defines the list of target workloads where the
+                  exceptions will be applied
+                items:
+                  description: Target defines a resource to which a PolicyException
+                    applies
+                  properties:
+                    kind:
+                      type: string
+                    names:
+                      items:
+                        type: string
+                      type: array
+                    namespaces:
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - kind
+                  - names
+                  - namespaces
+                  type: object
+                type: array
+            required:
+            - policies
+            - targets
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}