feat: Promote mutation to v1 (#2305)

Promote mutation to v1 Signed-off-by: Max Smythe <smythe@google.com> Signed-off-by: Max Smythe <smythe@google.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
open-policy-agent · Sep 30, 2022 · 35b9cbd · 35b9cbd
1 parent 9a56db9
commit 35b9cbd
Show file tree

Hide file tree

Showing 29 changed files with 4,056 additions and 90 deletions.
diff --git a/Makefile b/Makefile
@@ -272,7 +272,7 @@ generate: __conversion-gen __controller-gen
 	$(CONTROLLER_GEN) object:headerFile=./hack/boilerplate.go.txt paths="./apis/..." paths="./pkg/..."
 	$(CONVERSION_GEN) \
 		--output-base=/gatekeeper \
-		--input-dirs=./apis/mutations/v1beta1,./apis/mutations/v1alpha1,./apis/expansion/v1alpha1 \
+		--input-dirs=./apis/mutations/v1,./apis/mutations/v1beta1,./apis/mutations/v1alpha1,./apis/expansion/v1alpha1 \
 		--go-header-file=./hack/boilerplate.go.txt \
 		--output-file-base=zz_generated.conversion
 

diff --git a/apis/addtoscheme_mutations_v1.go b/apis/addtoscheme_mutations_v1.go
@@ -0,0 +1,25 @@
+/*
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package apis
+
+import (
+	v1 "github.com/open-policy-agent/gatekeeper/apis/mutations/v1"
+)
+
+func init() {
+	// Register the types with the Scheme so the components can map objects to GroupVersionKinds and back
+	AddToSchemes = append(AddToSchemes, v1.AddToScheme)
+}
diff --git a/apis/mutations/v1/assign_types.go b/apis/mutations/v1/assign_types.go
@@ -0,0 +1,109 @@
+/*
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	"github.com/open-policy-agent/gatekeeper/apis/status/v1beta1"
+	"github.com/open-policy-agent/gatekeeper/pkg/mutation/match"
+	"github.com/open-policy-agent/gatekeeper/pkg/mutation/path/tester"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// AssignSpec defines the desired state of Assign.
+type AssignSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// ApplyTo lists the specific groups, versions and kinds a mutation will be applied to.
+	// This is necessary because every mutation implies part of an object schema and object
+	// schemas are associated with specific GVKs.
+	ApplyTo []match.ApplyTo `json:"applyTo,omitempty"`
+
+	// Match allows the user to limit which resources get mutated.
+	// Individual match criteria are AND-ed together. An undefined
+	// match criteria matches everything.
+	Match match.Match `json:"match,omitempty"`
+
+	// Location describes the path to be mutated, for example: `spec.containers[name: main]`.
+	Location string `json:"location,omitempty"`
+
+	// Parameters define the behavior of the mutator.
+	Parameters Parameters `json:"parameters,omitempty"`
+}
+
+type Parameters struct {
+	PathTests []PathTest `json:"pathTests,omitempty"`
+
+	// TODO(maxsmythe): Now that https://github.com/kubernetes-sigs/controller-tools/pull/528
+	// is merged, we can use an actual object for `Assign`
+
+	// Assign.value holds the value to be assigned
+	Assign AssignField `json:"assign,omitempty"`
+}
+
+// PathTest allows the user to customize how the mutation works if parent
+// paths are missing. It traverses the list in order. All sub paths are
+// tested against the provided condition, if the test fails, the mutation is
+// not applied. All `subPath` entries must be a prefix of `location`. Any
+// glob characters will take on the same value as was used to
+// expand the matching glob in `location`.
+//
+// Available Tests:
+// * MustExist    - the path must exist or do not mutate
+// * MustNotExist - the path must not exist or do not mutate.
+type PathTest struct {
+	SubPath   string           `json:"subPath,omitempty"`
+	Condition tester.Condition `json:"condition,omitempty"`
+}
+
+// AssignStatus defines the observed state of Assign.
+type AssignStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	ByPod []v1beta1.MutatorPodStatusStatus `json:"byPod,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path="assign"
+// +kubebuilder:resource:scope="Cluster"
+// +kubebuilder:subresource:status
+// +kubebuilder:storageversion
+
+// Assign is the Schema for the assign API.
+type Assign struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   AssignSpec   `json:"spec,omitempty"`
+	Status AssignStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// AssignList contains a list of Assign.
+type AssignList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Assign `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&Assign{}, &AssignList{})
+}
diff --git a/apis/mutations/v1/assignmetadata_types.go b/apis/mutations/v1/assignmetadata_types.go
@@ -0,0 +1,71 @@
+/*
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	"github.com/open-policy-agent/gatekeeper/apis/status/v1beta1"
+	"github.com/open-policy-agent/gatekeeper/pkg/mutation/match"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// AssignMetadataSpec defines the desired state of AssignMetadata.
+type AssignMetadataSpec struct {
+	Match      match.Match        `json:"match,omitempty"`
+	Location   string             `json:"location,omitempty"`
+	Parameters MetadataParameters `json:"parameters,omitempty"`
+}
+
+type MetadataParameters struct {
+	// Assign.value holds the value to be assigned
+	Assign AssignField `json:"assign,omitempty"`
+}
+
+// AssignMetadataStatus defines the observed state of AssignMetadata.
+type AssignMetadataStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+	ByPod []v1beta1.MutatorPodStatusStatus `json:"byPod,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:scope="Cluster"
+// +kubebuilder:subresource:status
+// +kubebuilder:storageversion
+
+// AssignMetadata is the Schema for the assignmetadata API.
+type AssignMetadata struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   AssignMetadataSpec   `json:"spec,omitempty"`
+	Status AssignMetadataStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// AssignMetadataList contains a list of AssignMetadata.
+type AssignMetadataList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []AssignMetadata `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&AssignMetadata{}, &AssignMetadataList{})
+}
diff --git a/apis/mutations/v1/doc.go b/apis/mutations/v1/doc.go
@@ -0,0 +1,5 @@
+// Package v1 includes v1 mutators
+
+// +k8s:conversion-gen=github.com/open-policy-agent/gatekeeper/apis/mutations/unversioned
+// -external-types=github.com/open-policy-agent/gatekeeper/apis/mutations/v1beta1
+package v1
diff --git a/apis/mutations/v1/externaldata_types.go b/apis/mutations/v1/externaldata_types.go
@@ -0,0 +1,26 @@
+package v1
+
+import (
+	"github.com/open-policy-agent/gatekeeper/pkg/mutation/types"
+)
+
+// ExternalData describes the external data source to use for the mutation.
+type ExternalData struct {
+	// Provider is the name of the external data provider.
+	// +kubebuilder:validation:Required
+	Provider string `json:"provider,omitempty"`
+
+	// DataSource specifies where to extract the data that will be sent
+	// to the external data provider as parameters.
+	// +kubebuilder:default="ValueAtLocation"
+	DataSource types.ExternalDataSource `json:"dataSource,omitempty"`
+
+	// FailurePolicy specifies the policy to apply when the external data
+	// provider returns an error.
+	// +kubebuilder:default="Fail"
+	FailurePolicy types.ExternalDataFailurePolicy `json:"failurePolicy,omitempty"`
+
+	// Default specifies the default value to use when the external data
+	// provider returns an error and the failure policy is set to "UseDefault".
+	Default string `json:"default,omitempty"`
+}
diff --git a/apis/mutations/v1/groupversion_info.go b/apis/mutations/v1/groupversion_info.go
@@ -0,0 +1,38 @@
+/*
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the mutations v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=mutations.gatekeeper.sh
+package v1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects.
+	GroupVersion = schema.GroupVersion{Group: "mutations.gatekeeper.sh", Version: "v1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	localSchemeBuilder = runtime.NewSchemeBuilder(SchemeBuilder.AddToScheme)
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = localSchemeBuilder.AddToScheme
+)