kartverket · martinhny · Aug 30, 2024 · Aug 29, 2024 · Aug 30, 2024
@@ -29,6 +29,7 @@ type ApplicationList struct {
 // +kubebuilder:subresource:status
 // +kubebuilder:resource:shortName="app"
 // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.summary.status`
+// +kubebuilder:printcolumn:name="AccessPolicies",type=string,JSONPath=`.status.accessPolicies`
 type Application struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

@@ -16,7 +16,6 @@ var (
 	DefaultBackoffLimit            = int32(6)
 
 	DefaultSuspend           = false
-	JobCreatedCondition      = "SKIPJobCreated"
 	ConditionRunning         = "Running"
 	ConditionFinished        = "Finished"
 	ConditionFailed          = "Failed"
@@ -35,6 +34,7 @@ type SKIPJobStatus struct {
 // +kubebuilder:subresource:status
 // +kubebuilder:object:generate=true
 // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.summary.status`
+// +kubebuilder:printcolumn:name="AccessPolicies",type=string,JSONPath=`.status.accessPolicies`
 //
 // SKIPJob is the Schema for the skipjobs API
 type SKIPJob struct {

@@ -13,6 +13,8 @@ type SkiperatorStatus struct {
 	Summary      Status             `json:"summary"`
 	SubResources map[string]Status  `json:"subresources"`
 	Conditions   []metav1.Condition `json:"conditions"`
+	// Indicates if access policies are valid
+	AccessPolicies StatusNames `json:"accessPolicies"`
 }
 
 // Status
@@ -30,10 +32,12 @@ type Status struct {
 type StatusNames string
 
 const (
-	SYNCED      StatusNames = "Synced"
-	PROGRESSING StatusNames = "Progressing"
-	ERROR       StatusNames = "Error"
-	PENDING     StatusNames = "Pending"
+	SYNCED        StatusNames = "Synced"
+	PROGRESSING   StatusNames = "Progressing"
+	ERROR         StatusNames = "Error"
+	PENDING       StatusNames = "Pending"
+	READY         StatusNames = "Ready"
+	INVALIDCONFIG StatusNames = "InvalidConfig"
 )
 
 func (s *SkiperatorStatus) SetSummaryPending() {
@@ -62,6 +66,7 @@ func (s *SkiperatorStatus) SetSummaryProgressing() {
 		s.Conditions = make([]metav1.Condition, 0)
 	}
 	s.SubResources = make(map[string]Status)
+	s.AccessPolicies = PENDING
 }
 
 func (s *SkiperatorStatus) SetSummaryError(errorMsg string) {

@@ -20,6 +20,9 @@ spec:
     - jsonPath: .status.summary.status
       name: Status
       type: string
+    - jsonPath: .status.accessPolicies
+      name: AccessPolicies
+      type: string
     name: v1alpha1
     schema:
       openAPIV3Schema:
@@ -1099,6 +1102,9 @@ spec:
 
               A status field shown on a Skiperator resource which contains information regarding deployment of the resource.
             properties:
+              accessPolicies:
+                description: Indicates if access policies are valid
+                type: string
               conditions:
                 items:
                   description: Condition contains details for one aspect of the current
@@ -1192,6 +1198,7 @@ spec:
                 - timestamp
                 type: object
             required:
+            - accessPolicies
             - conditions
             - subresources
             - summary

@@ -76,6 +76,9 @@ spec:
 
               A status field shown on a Skiperator resource which contains information regarding deployment of the resource.
             properties:
+              accessPolicies:
+                description: Indicates if access policies are valid
+                type: string
               conditions:
                 items:
                   description: Condition contains details for one aspect of the current
@@ -169,6 +172,7 @@ spec:
                 - timestamp
                 type: object
             required:
+            - accessPolicies
             - conditions
             - subresources
             - summary

@@ -18,6 +18,9 @@ spec:
     - jsonPath: .status.summary.status
       name: Status
       type: string
+    - jsonPath: .status.accessPolicies
+      name: AccessPolicies
+      type: string
     name: v1alpha1
     schema:
       openAPIV3Schema:
@@ -853,6 +856,9 @@ spec:
 
               A status field shown on a Skiperator resource which contains information regarding deployment of the resource.
             properties:
+              accessPolicies:
+                description: Indicates if access policies are valid
+                type: string
               conditions:
                 items:
                   description: Condition contains details for one aspect of the current
@@ -946,6 +952,7 @@ spec:
                 - timestamp
                 type: object
             required:
+            - accessPolicies
             - conditions
             - subresources
             - summary

@@ -112,7 +112,7 @@ func (r *ApplicationReconciler) Reconcile(ctx context.Context, req reconcile.Req
 		panic("Cluster is not ready, missing servicemonitors.monitoring.coreos.com most likely")
 	}
 
-	application, err := r.getApplication(req, ctx)
+	application, err := r.getApplication(ctx, req)
 	if application == nil {
 		rLog.Info("Application not found, cleaning up watched resources", "application", req.Name)
 		if errs := r.cleanUpWatchedResources(ctx, req.NamespacedName); len(errs) > 0 {
@@ -243,13 +243,15 @@ func (r *ApplicationReconciler) updateConditions(app *skiperatorv1alpha1.Applica
 	accessPolicy := app.Spec.AccessPolicy
 	if accessPolicy != nil && !common.IsInternalRulesValid(accessPolicy) {
 		conditions = append(conditions, common.GetInternalRulesCondition(app, metav1.ConditionFalse))
+		app.Status.AccessPolicies = skiperatorv1alpha1.INVALIDCONFIG
 	} else {
 		conditions = append(conditions, common.GetInternalRulesCondition(app, metav1.ConditionTrue))
+		app.Status.AccessPolicies = skiperatorv1alpha1.READY
 	}
 	app.Status.Conditions = conditions
 }
 
-func (r *ApplicationReconciler) getApplication(req reconcile.Request, ctx context.Context) (*skiperatorv1alpha1.Application, error) {
+func (r *ApplicationReconciler) getApplication(ctx context.Context, req reconcile.Request) (*skiperatorv1alpha1.Application, error) {
 	application := &skiperatorv1alpha1.Application{}
 	if err := r.GetClient().Get(ctx, req.NamespacedName, application); err != nil {
 		if errors.IsNotFound(err) {

@@ -326,8 +326,10 @@ func (r *SKIPJobReconciler) updateConditions(ctx context.Context, skipJob *skipe
 	accessPolicy := skipJob.Spec.Container.AccessPolicy
 	if accessPolicy != nil && !common.IsInternalRulesValid(accessPolicy) {
 		skipJob.Status.Conditions = append(skipJob.Status.Conditions, common.GetInternalRulesCondition(skipJob, v1.ConditionFalse))
+		skipJob.Status.AccessPolicies = skiperatorv1alpha1.INVALIDCONFIG
 	} else {
 		skipJob.Status.Conditions = append(skipJob.Status.Conditions, common.GetInternalRulesCondition(skipJob, v1.ConditionTrue))
+		skipJob.Status.AccessPolicies = skiperatorv1alpha1.READY
 	}
 
 	return nil

@@ -124,6 +124,7 @@ spec:
         - application: access-policy-other
           namespace: access-policy-other
 status:
+  accessPolicies: Ready
   conditions:
     - type: InternalRulesValid
       status: "True"
@@ -10,6 +10,7 @@ spec:
       rules:
         - application: doesnt-exist
 status:
+  accessPolicies: InvalidConfig
   conditions:
     - type: InternalRulesValid
       status: "False"

@@ -12,4 +12,6 @@ metadata:
   namespace: access-policy-other
 spec:
   image: image
-  port: 8080
+  port: 8080
+status:
+  accessPolicies: Ready
@@ -5,6 +5,8 @@ metadata:
 spec:
   image: image
   port: 8080
+status:
+  accessPolicies: Ready
 ---
 apiVersion: v1
 kind: Service

@@ -91,6 +91,7 @@ spec:
         rules:
           - application: minimal-application
 status:
+  accessPolicies: Ready
   conditions:
     - type: Failed
       status: "False"

@@ -3,6 +3,7 @@ kind: SKIPJob
 metadata:
   name: condition-finish
 status:
+  accessPolicies: Ready
   conditions:
     - type: Failed
       status: "False"
@@ -18,6 +19,7 @@ kind: SKIPJob
 metadata:
   name: condition-running
 status:
+  accessPolicies: Ready
   conditions:
     - type: Failed
       status: "False"
@@ -33,6 +35,7 @@ kind: SKIPJob
 metadata:
   name: condition-fail
 status:
+  accessPolicies: InvalidConfig
   conditions:
     - type: Failed
       status: "True"