ContainerSolutions · gusfcarvalho · Jul 15, 2023 · Jul 6, 2023 · Jul 7, 2023 · Jul 7, 2023
diff --git a/.gitignore b/.gitignore
@@ -9,6 +9,10 @@ bin
 testbin/*
 Dockerfile.cross
 
+# Terraform
+.terraform
+terraform.tfstate
+terraform.tfstate.backup
 # Test binary, build with `go test -c`
 *.test
 

diff --git a/operator/Makefile b/operator/Makefile
@@ -52,11 +52,11 @@ help: ## Display this help.
 ##@ Development
 
 .PHONY: manifests
-manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomComponentDefinition objects.
 	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
 .PHONY: generate
-generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method Assessments.
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
 .PHONY: fmt
@@ -124,7 +124,7 @@ install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~
 	$(KUSTOMIZE) build config/crd | kubectl apply -f -
 
 .PHONY: uninstall
-uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore Component not found errors during deletion.
 	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
 
 .PHONY: deploy
@@ -133,7 +133,7 @@ deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in
 	$(KUSTOMIZE) build config/default | kubectl apply -f -
 
 .PHONY: undeploy
-undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore Component not found errors during deletion.
 	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
 
 ##@ Build Dependencies

diff --git a/operator/PROJECT b/operator/PROJECT
@@ -7,7 +7,7 @@ layout:
 - go.kubebuilder.io/v4
 projectName: operator
 repo: github.com/ContainerSolutions/argus/operator
-resources:
+Components:
 - api:
     crdVersion: v1
     namespaced: true
@@ -21,47 +21,47 @@ resources:
     namespaced: true
   controller: true
   domain: argus.io
-  kind: Implementation
+  kind: Assessment
   path: github.com/ContainerSolutions/argus/operator/api/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
     namespaced: true
   controller: true
   domain: argus.io
-  kind: Requirement
+  kind: Control
   path: github.com/ContainerSolutions/argus/operator/api/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
     namespaced: true
   controller: true
   domain: argus.io
-  kind: Resource
+  kind: Component
   path: github.com/ContainerSolutions/argus/operator/api/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
     namespaced: true
   controller: true
   domain: argus.io
-  kind: ResourceRequirement
+  kind: ComponentControl
   path: github.com/ContainerSolutions/argus/operator/api/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
     namespaced: true
   controller: true
   domain: argus.io
-  kind: ResourceAttestation
+  kind: ComponentAttestation
   path: github.com/ContainerSolutions/argus/operator/api/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
     namespaced: true
   controller: true
   domain: argus.io
-  kind: ResourceImplementation
+  kind: ComponentAssessment
   path: github.com/ContainerSolutions/argus/operator/api/v1alpha1
   version: v1alpha1
 - api:

diff --git a/operator/README.md b/operator/README.md
@@ -44,7 +44,7 @@ make undeploy
 This project aims to follow the Kubernetes [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/).
 
 It uses [Controllers](https://kubernetes.io/docs/concepts/architecture/controller/),
-which provide a reconcile function responsible for synchronizing resources until the desired state is reached on the cluster.
+which provide a reconcile function responsible for synchronizing Components until the desired state is reached on the cluster.
 
 ### Test It Out
 1. Install the CRDs into the cluster:

diff --git a/...ator/api/v1alpha1/implementation_types.go → operator/api/v1alpha1/assessment_types.go b/...ator/api/v1alpha1/implementation_types.go → operator/api/v1alpha1/assessment_types.go
@@ -20,24 +20,24 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// ImplementationSpec defines the desired state of Implementation
-type ImplementationSpec struct {
+// AssessmentSpec defines the desired state of Assessment
+type AssessmentSpec struct {
 	Class string `json:"class"`
 	//+default="Cascade"
-	CascadePolicy  ImplementationCascadePolicy         `json:"cascadePolicy"`
-	RequirementRef ImplementationRequirementDefinition `json:"requirementRef"`
-	ResourceRef    []NamespacedName                    `json:"resourceRef"`
+	CascadePolicy AssessmentCascadePolicy     `json:"cascadePolicy"`
+	ControlRef    AssessmentControlDefinition `json:"controlRef"`
+	ComponentRef  []NamespacedName            `json:"componentRef"`
 }
 
-type ImplementationCascadePolicy string
+type AssessmentCascadePolicy string
 
 const (
-	CascadingPolicyCascade ImplementationCascadePolicy = "Cascade"
-	CascadingPolicyNone    ImplementationCascadePolicy = "None"
+	CascadingPolicyCascade AssessmentCascadePolicy = "Cascade"
+	CascadingPolicyNone    AssessmentCascadePolicy = "None"
 )
 
-// ImplementationStatus defines the observed state of Implementation
-type ImplementationStatus struct {
+// AssessmentStatus defines the observed state of Assessment
+type AssessmentStatus struct {
 	//+optional
 	Children []NamespacedName `json:"children,omitempty"`
 	//+optional
@@ -47,24 +47,24 @@ type ImplementationStatus struct {
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
 
-// Implementation is the Schema for the implementations API
-type Implementation struct {
+// Assessment is the Schema for the Assessments API
+type Assessment struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec   ImplementationSpec   `json:"spec,omitempty"`
-	Status ImplementationStatus `json:"status,omitempty"`
+	Spec   AssessmentSpec   `json:"spec,omitempty"`
+	Status AssessmentStatus `json:"status,omitempty"`
 }
 
 //+kubebuilder:object:root=true
 
-// ImplementationList contains a list of Implementation
-type ImplementationList struct {
+// AssessmentList contains a list of Assessment
+type AssessmentList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []Implementation `json:"items"`
+	Items           []Assessment `json:"items"`
 }
 
 func init() {
-	SchemeBuilder.Register(&Implementation{}, &ImplementationList{})
+	SchemeBuilder.Register(&Assessment{}, &AssessmentList{})
 }
diff --git a/operator/api/v1alpha1/attestation_types.go b/operator/api/v1alpha1/attestation_types.go
@@ -22,8 +22,8 @@ import (
 
 // AttestationSpec defines the desired state of Attestation
 type AttestationSpec struct {
-	ImplementationRef string                 `json:"implementationRef"`
-	ProviderRef       AttestationProviderRef `json:"providerRef"`
+	AssessmentRef string                 `json:"assessmentRef"`
+	ProviderRef   AttestationProviderRef `json:"providerRef"`
 }
 
 type AttestationProviderRef struct {

diff --git a/operator/api/v1alpha1/resource_types.go → operator/api/v1alpha1/component_types.go b/operator/api/v1alpha1/resource_types.go → operator/api/v1alpha1/component_types.go
@@ -20,23 +20,23 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// ResourceSpec defines the desired state of Resource
-type ResourceSpec struct {
+// ComponentSpec defines the desired state of Component
+type ComponentSpec struct {
 	Type    string   `json:"type"`
 	Classes []string `json:"classes"`
 	Parents []string `json:"parents"`
 }
 
-// ResourceStatus defines the observed state of Resource
-type ResourceStatus struct {
+// ComponentStatus defines the observed state of Component
+type ComponentStatus struct {
 	//+kubebuilder:default=0
-	TotalRequirements int `json:"totalRequirements"`
+	TotalControls int `json:"totalControls"`
 	//+kubebuilder:default=0
-	ImplementedRequirements int `json:"implementedRequirements"`
+	ImplementedControls int `json:"implementedControls"`
 	//+optional
-	Children map[string]ResourceChild `json:"children,omitempty"`
+	Children map[string]ComponentChild `json:"children,omitempty"`
 	//+optional
-	Requirements map[string]*ResourceRequirementCompliance `json:"requirements,omitempty"`
+	Controls map[string]*ComponentControlCompliance `json:"Controls,omitempty"`
 	//+kubebuilder:default=0
 	TotalChildren int `json:"totalChildren"`
 	//+kubebuilder:default=0
@@ -45,42 +45,42 @@ type ResourceStatus struct {
 	RunAt metav1.Time `json:"runAt,omitempty"`
 }
 
-type ResourceRequirementCompliance struct {
+type ComponentControlCompliance struct {
 	Implemented bool `json:"implemented"`
 }
 
 // All parent relationship is flattened. TODO - maybe we want to have the whole hierarchy here?
-// TODO - If the child has a requirement the parent does not have (and it is non compliant to that requirement)
+// TODO - If the child has a Control the parent does not have (and it is non compliant to that Control)
 // Should the parent be marked as non compliant? Or rather just as having Non compliant Children?
-// TODO - Need a way to check compliance based on requirement Classes
-type ResourceChild struct {
+// TODO - Need a way to check compliance based on Control Classes
+type ComponentChild struct {
 	Compliant bool `json:"compliant"`
 }
 
-// Resource is the Schema for the resources API
+// Component is the Schema for the Components API
 
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
-// +kubebuilder:printcolumn:name="Total Requirements",type=integer,JSONPath=`.status.totalRequirements`
-// +kubebuilder:printcolumn:name="Implemented Requirements",type=integer,JSONPath=`.status.implementedRequirements`
+// +kubebuilder:printcolumn:name="Total Controls",type=integer,JSONPath=`.status.totalControls`
+// +kubebuilder:printcolumn:name="Implemented Controls",type=integer,JSONPath=`.status.implementedControls`
 // +kubebuilder:printcolumn:name="Last Run",type=string,JSONPath=`.status.runAt`
-type Resource struct {
+type Component struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec   ResourceSpec   `json:"spec,omitempty"`
-	Status ResourceStatus `json:"status,omitempty"`
+	Spec   ComponentSpec   `json:"spec,omitempty"`
+	Status ComponentStatus `json:"status,omitempty"`
 }
 
 //+kubebuilder:object:root=true
 
-// ResourceList contains a list of Resource
-type ResourceList struct {
+// ComponentList contains a list of Component
+type ComponentList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []Resource `json:"items"`
+	Items           []Component `json:"items"`
 }
 
 func init() {
-	SchemeBuilder.Register(&Resource{}, &ResourceList{})
+	SchemeBuilder.Register(&Component{}, &ComponentList{})
 }
diff --git a/.../v1alpha1/resourceimplementation_types.go → ...api/v1alpha1/componentassessment_types.go b/.../v1alpha1/resourceimplementation_types.go → ...api/v1alpha1/componentassessment_types.go
@@ -20,21 +20,21 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// ResourceImplementationSpec defines the desired state of ResourceImplementation
-type ResourceImplementationSpec struct {
-	Class          string                              `json:"class"`
-	RequirementRef ImplementationRequirementDefinition `json:"requirementRef"`
+// ComponentAssessmentSpec defines the desired state of ComponentAssessment
+type ComponentAssessmentSpec struct {
+	Class      string                      `json:"class"`
+	ControlRef AssessmentControlDefinition `json:"ControlRef"`
 }
 
-type ImplementationRequirementDefinition struct {
+type AssessmentControlDefinition struct {
 	Code    string `json:"code"`
 	Version string `json:"version"`
 }
 
-// ResourceImplementationStatus defines the observed state of ResourceImplementation
-type ResourceImplementationStatus struct {
+// ComponentAssessmentStatus defines the observed state of ComponentAssessment
+type ComponentAssessmentStatus struct {
 	//+optional
-	ResourceAttestations []NamespacedName `json:"resourceAttestations,omitempty"`
+	ComponentAttestations []NamespacedName `json:"ComponentAttestations,omitempty"`
 	//+kubebuilder:default=0
 	TotalAttestations int `json:"totalAttestations"`
 	//+kubebuilder:default=0
@@ -43,29 +43,29 @@ type ResourceImplementationStatus struct {
 	RunAt metav1.Time `json:"runAt,omitempty"`
 }
 
-// ResourceImplementation is the Schema for the resourceimplementations API
+// ComponentAssessment is the Schema for the ComponentAssessments API
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
 // +kubebuilder:printcolumn:name="Total Attestations",type=integer,JSONPath=`.status.totalAttestations`
 // +kubebuilder:printcolumn:name="Passed Attestations",type=integer,JSONPath=`.status.passedAttestations`
 // +kubebuilder:printcolumn:name="Last Run",type=string,JSONPath=`.status.runAt`
-type ResourceImplementation struct {
+type ComponentAssessment struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec   ResourceImplementationSpec   `json:"spec,omitempty"`
-	Status ResourceImplementationStatus `json:"status,omitempty"`
+	Spec   ComponentAssessmentSpec   `json:"spec,omitempty"`
+	Status ComponentAssessmentStatus `json:"status,omitempty"`
 }
 
 //+kubebuilder:object:root=true
 
-// ResourceImplementationList contains a list of ResourceImplementation
-type ResourceImplementationList struct {
+// ComponentAssessmentList contains a list of ComponentAssessment
+type ComponentAssessmentList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []ResourceImplementation `json:"items"`
+	Items           []ComponentAssessment `json:"items"`
 }
 
 func init() {
-	SchemeBuilder.Register(&ResourceImplementation{}, &ResourceImplementationList{})
+	SchemeBuilder.Register(&ComponentAssessment{}, &ComponentAssessmentList{})
 }