diff --git a/api/configuration/v1alpha1/kongcredential_hmac_types.go b/api/configuration/v1alpha1/kongcredential_hmac_types.go new file mode 100644 index 0000000..7b9d6b8 --- /dev/null +++ b/api/configuration/v1alpha1/kongcredential_hmac_types.go @@ -0,0 +1,97 @@ +/* +Copyright 2024 Kong, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + konnectv1alpha1 "github.com/kong/kubernetes-configuration/api/konnect/v1alpha1" +) + +// KongCredentialHMAC is the schema for HMAC credentials API which defines a HMAC credential for consumers. +// +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:scope=Namespaced +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Programmed",description="The Resource is Programmed on Konnect",type=string,JSONPath=`.status.conditions[?(@.type=='Programmed')].status` +// +kubebuilder:validation:XValidation:rule="(!self.status.conditions.exists(c, c.type == 'Programmed' && c.status == 'True')) ? true : oldSelf.spec.consumerRef == self.spec.consumerRef",message="spec.consumerRef is immutable when an entity is already Programmed" +type KongCredentialHMAC struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec contains the HMAC credential specification. + Spec KongCredentialHMACSpec `json:"spec"` + + // Status contains the HMAC credential status. + // + // +kubebuilder:default={conditions: {{type: "Programmed", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"}}} + Status KongCredentialHMACStatus `json:"status,omitempty"` +} + +// KongCredentialHMACSpec defines specification of a Kong Route. +type KongCredentialHMACSpec struct { + // ConsumerRef is a reference to a Consumer this KongCredentialHMAC is associated with. + // + // +kubebuilder:validation:Required + ConsumerRef corev1.LocalObjectReference `json:"consumerRef"` + + KongCredentialHMACAPISpec `json:",inline"` +} + +// KongCredentialHMACAPISpec defines specification of an HMAC credential. +type KongCredentialHMACAPISpec struct { + // ID is the unique identifier for the HMAC credential. + ID *string `json:"id,omitempty"` + // Secret is the secret for the HMAC credential. + Secret *string `json:"secret,omitempty"` + // Tags is a list of tags for the HMAC credential. + Tags []string `json:"tags,omitempty"` + // Username is the username for the HMAC credential. + // +kubernetes:validation:Required + Username *string `json:"username"` +} + +// KongCredentialHMACStatus represents the current status of the HMAC credential resource. +type KongCredentialHMACStatus struct { + // Konnect contains the Konnect entity status. + // +optional + Konnect *konnectv1alpha1.KonnectEntityStatusWithControlPlaneAndConsumerRefs `json:"konnect,omitempty"` + + // Conditions describe the status of the Konnect entity. + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=8 + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// +kubebuilder:object:root=true + +// KongCredentialHMACList contains a list of HMAC credentials. +type KongCredentialHMACList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []KongCredentialHMAC `json:"items"` +} + +func init() { + SchemeBuilder.Register(&KongCredentialHMAC{}, &KongCredentialHMACList{}) +} diff --git a/api/configuration/v1alpha1/zz_generated.deepcopy.go b/api/configuration/v1alpha1/zz_generated.deepcopy.go index 8017176..f11279e 100644 --- a/api/configuration/v1alpha1/zz_generated.deepcopy.go +++ b/api/configuration/v1alpha1/zz_generated.deepcopy.go @@ -818,6 +818,144 @@ func (in *KongCredentialBasicAuthStatus) DeepCopy() *KongCredentialBasicAuthStat return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KongCredentialHMAC) DeepCopyInto(out *KongCredentialHMAC) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KongCredentialHMAC. +func (in *KongCredentialHMAC) DeepCopy() *KongCredentialHMAC { + if in == nil { + return nil + } + out := new(KongCredentialHMAC) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KongCredentialHMAC) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KongCredentialHMACAPISpec) DeepCopyInto(out *KongCredentialHMACAPISpec) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Secret != nil { + in, out := &in.Secret, &out.Secret + *out = new(string) + **out = **in + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Username != nil { + in, out := &in.Username, &out.Username + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KongCredentialHMACAPISpec. +func (in *KongCredentialHMACAPISpec) DeepCopy() *KongCredentialHMACAPISpec { + if in == nil { + return nil + } + out := new(KongCredentialHMACAPISpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KongCredentialHMACList) DeepCopyInto(out *KongCredentialHMACList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]KongCredentialHMAC, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KongCredentialHMACList. +func (in *KongCredentialHMACList) DeepCopy() *KongCredentialHMACList { + if in == nil { + return nil + } + out := new(KongCredentialHMACList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KongCredentialHMACList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KongCredentialHMACSpec) DeepCopyInto(out *KongCredentialHMACSpec) { + *out = *in + out.ConsumerRef = in.ConsumerRef + in.KongCredentialHMACAPISpec.DeepCopyInto(&out.KongCredentialHMACAPISpec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KongCredentialHMACSpec. +func (in *KongCredentialHMACSpec) DeepCopy() *KongCredentialHMACSpec { + if in == nil { + return nil + } + out := new(KongCredentialHMACSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KongCredentialHMACStatus) DeepCopyInto(out *KongCredentialHMACStatus) { + *out = *in + if in.Konnect != nil { + in, out := &in.Konnect, &out.Konnect + *out = new(konnectv1alpha1.KonnectEntityStatusWithControlPlaneAndConsumerRefs) + **out = **in + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KongCredentialHMACStatus. +func (in *KongCredentialHMACStatus) DeepCopy() *KongCredentialHMACStatus { + if in == nil { + return nil + } + out := new(KongCredentialHMACStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KongCredentialJWT) DeepCopyInto(out *KongCredentialJWT) { *out = *in diff --git a/api/configuration/v1alpha1/zz_generated_konnect_funcs.go b/api/configuration/v1alpha1/zz_generated_konnect_funcs.go index aed6960..0e866e0 100644 --- a/api/configuration/v1alpha1/zz_generated_konnect_funcs.go +++ b/api/configuration/v1alpha1/zz_generated_konnect_funcs.go @@ -368,6 +368,66 @@ func (obj *KongCredentialACL) SetControlPlaneID(id string) { obj.Status.Konnect.ControlPlaneID = id } +func (obj *KongCredentialHMAC) initKonnectStatus() { + obj.Status.Konnect = &konnectv1alpha1.KonnectEntityStatusWithControlPlaneAndConsumerRefs{} +} + +// GetKonnectStatus returns the Konnect status contained in the KongCredentialHMAC status. +func (obj *KongCredentialHMAC) GetKonnectStatus() *konnectv1alpha1.KonnectEntityStatus { + if obj.Status.Konnect == nil { + return nil + } + return &obj.Status.Konnect.KonnectEntityStatus +} + +// GetKonnectID returns the Konnect ID in the KongCredentialHMAC status. +func (obj *KongCredentialHMAC) GetKonnectID() string { + if obj.Status.Konnect == nil { + return "" + } + return obj.Status.Konnect.ID +} + +// SetKonnectID sets the Konnect ID in the KongCredentialHMAC status. +func (obj *KongCredentialHMAC) SetKonnectID(id string) { + if obj.Status.Konnect == nil { + obj.initKonnectStatus() + } + obj.Status.Konnect.ID = id +} + + +// GetTypeName returns the KongCredentialHMAC Kind name +func (obj KongCredentialHMAC) GetTypeName() string { + return "KongCredentialHMAC" +} + +// GetConditions returns the Status Conditions +func (obj *KongCredentialHMAC) GetConditions() []metav1.Condition { + return obj.Status.Conditions +} + +// SetConditions sets the Status Conditions +func (obj *KongCredentialHMAC) SetConditions(conditions []metav1.Condition) { + obj.Status.Conditions = conditions +} + +// GetControlPlaneID returns the ControlPlane ID in the KongCredentialHMAC status. +func (obj *KongCredentialHMAC) GetControlPlaneID() string { + if obj.Status.Konnect == nil { + return "" + } + return obj.Status.Konnect.ControlPlaneID +} + +// SetControlPlaneID sets the ControlPlane ID in the KongCredentialHMAC status. +func (obj *KongCredentialHMAC) SetControlPlaneID(id string) { + if obj.Status.Konnect == nil { + obj.initKonnectStatus() + } + obj.Status.Konnect.ControlPlaneID = id +} + func (obj *KongCACertificate) initKonnectStatus() { obj.Status.Konnect = &konnectv1alpha1.KonnectEntityStatusWithControlPlaneRef{} } diff --git a/config/crd/bases/configuration.konghq.com_kongcredentialhmacs.yaml b/config/crd/bases/configuration.konghq.com_kongcredentialhmacs.yaml new file mode 100644 index 0000000..298c412 --- /dev/null +++ b/config/crd/bases/configuration.konghq.com_kongcredentialhmacs.yaml @@ -0,0 +1,189 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: kongcredentialhmacs.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + kind: KongCredentialHMAC + listKind: KongCredentialHMACList + plural: kongcredentialhmacs + singular: kongcredentialhmac + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The Resource is Programmed on Konnect + jsonPath: .status.conditions[?(@.type=='Programmed')].status + name: Programmed + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: KongCredentialHMAC is the schema for HMAC credentials API which + defines a HMAC credential for consumers. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec contains the HMAC credential specification. + properties: + consumerRef: + description: ConsumerRef is a reference to a Consumer this KongCredentialHMAC + is associated with. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + id: + description: ID is the unique identifier for the HMAC credential. + type: string + secret: + description: Secret is the secret for the HMAC credential. + type: string + tags: + description: Tags is a list of tags for the HMAC credential. + items: + type: string + type: array + username: + description: Username is the username for the HMAC credential. + type: string + required: + - consumerRef + - username + type: object + status: + default: + conditions: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: Status contains the HMAC credential status. + properties: + conditions: + description: Conditions describe the status of the Konnect entity. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + konnect: + description: Konnect contains the Konnect entity status. + properties: + consumerID: + description: ConsumerID is the Konnect ID of the Consumer this + entity is associated with. + type: string + controlPlaneID: + description: ControlPlaneID is the Konnect ID of the ControlPlane + this Route is associated with. + type: string + id: + description: |- + ID is the unique identifier of the Konnect entity as assigned by Konnect API. + If it's unset (empty string), it means the Konnect entity hasn't been created yet. + type: string + organizationID: + description: OrgID is ID of Konnect Org that this entity has been + created in. + type: string + serverURL: + description: ServerURL is the URL of the Konnect server in which + the entity exists. + type: string + type: object + type: object + required: + - spec + type: object + x-kubernetes-validations: + - message: spec.consumerRef is immutable when an entity is already Programmed + rule: '(!self.status.conditions.exists(c, c.type == ''Programmed'' && c.status + == ''True'')) ? true : oldSelf.spec.consumerRef == self.spec.consumerRef' + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 2575174..3eaa839 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -26,6 +26,7 @@ resources: - bases/configuration.konghq.com_kongcredentialapikeys.yaml - bases/configuration.konghq.com_kongcredentialacls.yaml - bases/configuration.konghq.com_kongcredentialjwts.yaml +- bases/configuration.konghq.com_kongcredentialhmacs.yaml - bases/configuration.konghq.com_kongcertificates.yaml - bases/configuration.konghq.com_kongsnis.yaml - bases/configuration.konghq.com_kongdataplanecertificates.yaml diff --git a/docs/api-reference.md b/docs/api-reference.md index 2612f02..f8beb68 100644 --- a/docs/api-reference.md +++ b/docs/api-reference.md @@ -334,6 +334,7 @@ Package v1alpha1 contains API Schema definitions for the configuration.konghq.co - [KongCredentialACL](#kongcredentialacl) - [KongCredentialAPIKey](#kongcredentialapikey) - [KongCredentialBasicAuth](#kongcredentialbasicauth) +- [KongCredentialHMAC](#kongcredentialhmac) - [KongCredentialJWT](#kongcredentialjwt) - [KongCustomEntity](#kongcustomentity) - [KongDataplaneCertificate](#kongdataplanecertificate) @@ -443,6 +444,22 @@ KongCredentialBasicAuth is the schema for BasicAuth credentials API which define +### KongCredentialHMAC + + +KongCredentialHMAC is the schema for HMAC credentials API which defines a HMAC credential for consumers. + + + +| Field | Description | +| --- | --- | +| `apiVersion` _string_ | `configuration.konghq.com/v1alpha1` +| `kind` _string_ | `KongCredentialHMAC` +| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | +| `spec` _[KongCredentialHMACSpec](#kongcredentialhmacspec)_ | Spec contains the HMAC credential specification. | + + + ### KongCredentialJWT @@ -973,6 +990,45 @@ _Appears in:_ +#### KongCredentialHMACAPISpec + + +KongCredentialHMACAPISpec defines specification of an HMAC credential. + + + +| Field | Description | +| --- | --- | +| `id` _string_ | ID is the unique identifier for the HMAC credential. | +| `secret` _string_ | Secret is the secret for the HMAC credential. | +| `tags` _string array_ | Tags is a list of tags for the HMAC credential. | +| `username` _string_ | Username is the username for the HMAC credential. | + + +_Appears in:_ +- [KongCredentialHMACSpec](#kongcredentialhmacspec) + +#### KongCredentialHMACSpec + + +KongCredentialHMACSpec defines specification of a Kong Route. + + + +| Field | Description | +| --- | --- | +| `consumerRef` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#localobjectreference-v1-core)_ | ConsumerRef is a reference to a Consumer this KongCredentialHMAC is associated with. | +| `id` _string_ | ID is the unique identifier for the HMAC credential. | +| `secret` _string_ | Secret is the secret for the HMAC credential. | +| `tags` _string array_ | Tags is a list of tags for the HMAC credential. | +| `username` _string_ | Username is the username for the HMAC credential. | + + +_Appears in:_ +- [KongCredentialHMAC](#kongcredentialhmac) + + + #### KongCredentialJWTAPISpec diff --git a/pkg/clientset/typed/configuration/v1alpha1/configuration_client.go b/pkg/clientset/typed/configuration/v1alpha1/configuration_client.go index 8eda3bf..0771e10 100644 --- a/pkg/clientset/typed/configuration/v1alpha1/configuration_client.go +++ b/pkg/clientset/typed/configuration/v1alpha1/configuration_client.go @@ -34,6 +34,7 @@ type ConfigurationV1alpha1Interface interface { KongCredentialACLsGetter KongCredentialAPIKeysGetter KongCredentialBasicAuthsGetter + KongCredentialHMACsGetter KongCredentialJWTsGetter KongCustomEntitiesGetter KongDataplaneCertificatesGetter @@ -78,6 +79,10 @@ func (c *ConfigurationV1alpha1Client) KongCredentialBasicAuths(namespace string) return newKongCredentialBasicAuths(c, namespace) } +func (c *ConfigurationV1alpha1Client) KongCredentialHMACs(namespace string) KongCredentialHMACInterface { + return newKongCredentialHMACs(c, namespace) +} + func (c *ConfigurationV1alpha1Client) KongCredentialJWTs(namespace string) KongCredentialJWTInterface { return newKongCredentialJWTs(c, namespace) } diff --git a/pkg/clientset/typed/configuration/v1alpha1/fake/fake_configuration_client.go b/pkg/clientset/typed/configuration/v1alpha1/fake/fake_configuration_client.go index 21e87ee..ffc2433 100644 --- a/pkg/clientset/typed/configuration/v1alpha1/fake/fake_configuration_client.go +++ b/pkg/clientset/typed/configuration/v1alpha1/fake/fake_configuration_client.go @@ -52,6 +52,10 @@ func (c *FakeConfigurationV1alpha1) KongCredentialBasicAuths(namespace string) v return &FakeKongCredentialBasicAuths{c, namespace} } +func (c *FakeConfigurationV1alpha1) KongCredentialHMACs(namespace string) v1alpha1.KongCredentialHMACInterface { + return &FakeKongCredentialHMACs{c, namespace} +} + func (c *FakeConfigurationV1alpha1) KongCredentialJWTs(namespace string) v1alpha1.KongCredentialJWTInterface { return &FakeKongCredentialJWTs{c, namespace} } diff --git a/pkg/clientset/typed/configuration/v1alpha1/fake/fake_kongcredentialhmac.go b/pkg/clientset/typed/configuration/v1alpha1/fake/fake_kongcredentialhmac.go new file mode 100644 index 0000000..64cf18b --- /dev/null +++ b/pkg/clientset/typed/configuration/v1alpha1/fake/fake_kongcredentialhmac.go @@ -0,0 +1,147 @@ +/* +Copyright 2021 Kong, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeKongCredentialHMACs implements KongCredentialHMACInterface +type FakeKongCredentialHMACs struct { + Fake *FakeConfigurationV1alpha1 + ns string +} + +var kongcredentialhmacsResource = v1alpha1.SchemeGroupVersion.WithResource("kongcredentialhmacs") + +var kongcredentialhmacsKind = v1alpha1.SchemeGroupVersion.WithKind("KongCredentialHMAC") + +// Get takes name of the kongCredentialHMAC, and returns the corresponding kongCredentialHMAC object, and an error if there is any. +func (c *FakeKongCredentialHMACs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.KongCredentialHMAC, err error) { + emptyResult := &v1alpha1.KongCredentialHMAC{} + obj, err := c.Fake. + Invokes(testing.NewGetActionWithOptions(kongcredentialhmacsResource, c.ns, name, options), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.KongCredentialHMAC), err +} + +// List takes label and field selectors, and returns the list of KongCredentialHMACs that match those selectors. +func (c *FakeKongCredentialHMACs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.KongCredentialHMACList, err error) { + emptyResult := &v1alpha1.KongCredentialHMACList{} + obj, err := c.Fake. + Invokes(testing.NewListActionWithOptions(kongcredentialhmacsResource, kongcredentialhmacsKind, c.ns, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.KongCredentialHMACList{ListMeta: obj.(*v1alpha1.KongCredentialHMACList).ListMeta} + for _, item := range obj.(*v1alpha1.KongCredentialHMACList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested kongCredentialHMACs. +func (c *FakeKongCredentialHMACs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchActionWithOptions(kongcredentialhmacsResource, c.ns, opts)) + +} + +// Create takes the representation of a kongCredentialHMAC and creates it. Returns the server's representation of the kongCredentialHMAC, and an error, if there is any. +func (c *FakeKongCredentialHMACs) Create(ctx context.Context, kongCredentialHMAC *v1alpha1.KongCredentialHMAC, opts v1.CreateOptions) (result *v1alpha1.KongCredentialHMAC, err error) { + emptyResult := &v1alpha1.KongCredentialHMAC{} + obj, err := c.Fake. + Invokes(testing.NewCreateActionWithOptions(kongcredentialhmacsResource, c.ns, kongCredentialHMAC, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.KongCredentialHMAC), err +} + +// Update takes the representation of a kongCredentialHMAC and updates it. Returns the server's representation of the kongCredentialHMAC, and an error, if there is any. +func (c *FakeKongCredentialHMACs) Update(ctx context.Context, kongCredentialHMAC *v1alpha1.KongCredentialHMAC, opts v1.UpdateOptions) (result *v1alpha1.KongCredentialHMAC, err error) { + emptyResult := &v1alpha1.KongCredentialHMAC{} + obj, err := c.Fake. + Invokes(testing.NewUpdateActionWithOptions(kongcredentialhmacsResource, c.ns, kongCredentialHMAC, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.KongCredentialHMAC), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeKongCredentialHMACs) UpdateStatus(ctx context.Context, kongCredentialHMAC *v1alpha1.KongCredentialHMAC, opts v1.UpdateOptions) (result *v1alpha1.KongCredentialHMAC, err error) { + emptyResult := &v1alpha1.KongCredentialHMAC{} + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceActionWithOptions(kongcredentialhmacsResource, "status", c.ns, kongCredentialHMAC, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.KongCredentialHMAC), err +} + +// Delete takes name of the kongCredentialHMAC and deletes it. Returns an error if one occurs. +func (c *FakeKongCredentialHMACs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(kongcredentialhmacsResource, c.ns, name, opts), &v1alpha1.KongCredentialHMAC{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeKongCredentialHMACs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionActionWithOptions(kongcredentialhmacsResource, c.ns, opts, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.KongCredentialHMACList{}) + return err +} + +// Patch applies the patch and returns the patched kongCredentialHMAC. +func (c *FakeKongCredentialHMACs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.KongCredentialHMAC, err error) { + emptyResult := &v1alpha1.KongCredentialHMAC{} + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceActionWithOptions(kongcredentialhmacsResource, c.ns, name, pt, data, opts, subresources...), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.KongCredentialHMAC), err +} diff --git a/pkg/clientset/typed/configuration/v1alpha1/generated_expansion.go b/pkg/clientset/typed/configuration/v1alpha1/generated_expansion.go index 09479cb..0f98958 100644 --- a/pkg/clientset/typed/configuration/v1alpha1/generated_expansion.go +++ b/pkg/clientset/typed/configuration/v1alpha1/generated_expansion.go @@ -30,6 +30,8 @@ type KongCredentialAPIKeyExpansion interface{} type KongCredentialBasicAuthExpansion interface{} +type KongCredentialHMACExpansion interface{} + type KongCredentialJWTExpansion interface{} type KongCustomEntityExpansion interface{} diff --git a/pkg/clientset/typed/configuration/v1alpha1/kongcredentialhmac.go b/pkg/clientset/typed/configuration/v1alpha1/kongcredentialhmac.go new file mode 100644 index 0000000..312fe3a --- /dev/null +++ b/pkg/clientset/typed/configuration/v1alpha1/kongcredentialhmac.go @@ -0,0 +1,69 @@ +/* +Copyright 2021 Kong, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + + v1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" + scheme "github.com/kong/kubernetes-configuration/pkg/clientset/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// KongCredentialHMACsGetter has a method to return a KongCredentialHMACInterface. +// A group's client should implement this interface. +type KongCredentialHMACsGetter interface { + KongCredentialHMACs(namespace string) KongCredentialHMACInterface +} + +// KongCredentialHMACInterface has methods to work with KongCredentialHMAC resources. +type KongCredentialHMACInterface interface { + Create(ctx context.Context, kongCredentialHMAC *v1alpha1.KongCredentialHMAC, opts v1.CreateOptions) (*v1alpha1.KongCredentialHMAC, error) + Update(ctx context.Context, kongCredentialHMAC *v1alpha1.KongCredentialHMAC, opts v1.UpdateOptions) (*v1alpha1.KongCredentialHMAC, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + UpdateStatus(ctx context.Context, kongCredentialHMAC *v1alpha1.KongCredentialHMAC, opts v1.UpdateOptions) (*v1alpha1.KongCredentialHMAC, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.KongCredentialHMAC, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.KongCredentialHMACList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.KongCredentialHMAC, err error) + KongCredentialHMACExpansion +} + +// kongCredentialHMACs implements KongCredentialHMACInterface +type kongCredentialHMACs struct { + *gentype.ClientWithList[*v1alpha1.KongCredentialHMAC, *v1alpha1.KongCredentialHMACList] +} + +// newKongCredentialHMACs returns a KongCredentialHMACs +func newKongCredentialHMACs(c *ConfigurationV1alpha1Client, namespace string) *kongCredentialHMACs { + return &kongCredentialHMACs{ + gentype.NewClientWithList[*v1alpha1.KongCredentialHMAC, *v1alpha1.KongCredentialHMACList]( + "kongcredentialhmacs", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.KongCredentialHMAC { return &v1alpha1.KongCredentialHMAC{} }, + func() *v1alpha1.KongCredentialHMACList { return &v1alpha1.KongCredentialHMACList{} }), + } +} diff --git a/scripts/konnect-funcs/supportedtypes.go b/scripts/konnect-funcs/supportedtypes.go index 74086ef..e900c34 100644 --- a/scripts/konnect-funcs/supportedtypes.go +++ b/scripts/konnect-funcs/supportedtypes.go @@ -46,6 +46,10 @@ var supportedTypesControlPlaneConfig = []supportedTypesT{ Type: "KongCredentialACL", KonnectStatusType: "konnectv1alpha1.KonnectEntityStatusWithControlPlaneAndConsumerRefs", }, + { + Type: "KongCredentialHMAC", + KonnectStatusType: "konnectv1alpha1.KonnectEntityStatusWithControlPlaneAndConsumerRefs", + }, { Type: "KongCACertificate", KonnectStatusType: "konnectv1alpha1.KonnectEntityStatusWithControlPlaneRef", diff --git a/test/crdsvalidation/kongcredentialhmac/kongcredentialhmac_test.go b/test/crdsvalidation/kongcredentialhmac/kongcredentialhmac_test.go new file mode 100644 index 0000000..5a1fcde --- /dev/null +++ b/test/crdsvalidation/kongcredentialhmac/kongcredentialhmac_test.go @@ -0,0 +1,65 @@ +package kongcredentialhmac + +import ( + "context" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/config" + + configurationv1alpha1client "github.com/kong/kubernetes-configuration/pkg/clientset/typed/configuration/v1alpha1" + "github.com/kong/kubernetes-configuration/test/crdsvalidation/kongcredentialhmac/testcases" +) + +func TestCredentialHMAC(t *testing.T) { + ctx := context.Background() + cfg, err := config.GetConfig() + require.NoError(t, err, "error loading Kubernetes config") + cl, err := configurationv1alpha1client.NewForConfig(cfg) + require.NoError(t, err, "error creating configurationv1alpha1 client") + + for _, tcsGroup := range testcases.TestCases { + t.Run(tcsGroup.Name, func(t *testing.T) { + for _, tc := range tcsGroup.TestCases { + t.Run(tc.Name, func(t *testing.T) { + cl := cl.KongCredentialHMACs(tc.KongCredentialHMAC.Namespace) + entity, err := cl.Create(ctx, &tc.KongCredentialHMAC, metav1.CreateOptions{}) + if err == nil { + t.Cleanup(func() { + assert.NoError(t, client.IgnoreNotFound(cl.Delete(ctx, entity.Name, metav1.DeleteOptions{}))) + }) + } + + if tc.ExpectedErrorMessage == nil { + assert.NoError(t, err) + + // if the status has to be updated, update it. + if tc.KongCredentialHMACStatus != nil { + entity.Status = *tc.KongCredentialHMACStatus + entity, err = cl.UpdateStatus(ctx, entity, metav1.UpdateOptions{}) + assert.NoError(t, err) + } + + // Update the object and check if the update is allowed. + if tc.Update != nil { + tc.Update(entity) + _, err := cl.Update(ctx, entity, metav1.UpdateOptions{}) + if tc.ExpectedUpdateErrorMessage != nil { + require.NotNil(t, err) + assert.Contains(t, err.Error(), *tc.ExpectedUpdateErrorMessage) + } else { + assert.NoError(t, err) + } + } + } else { + require.NotNil(t, err) + assert.Contains(t, err.Error(), *tc.ExpectedErrorMessage) + } + }) + } + }) + } +} diff --git a/test/crdsvalidation/kongcredentialhmac/testcases/common.go b/test/crdsvalidation/kongcredentialhmac/testcases/common.go new file mode 100644 index 0000000..2ea03cc --- /dev/null +++ b/test/crdsvalidation/kongcredentialhmac/testcases/common.go @@ -0,0 +1,39 @@ +package testcases + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" +) + +// testCase is a test case related to KongCredentialHMAC validation. +type testCase struct { + Name string + KongCredentialHMAC configurationv1alpha1.KongCredentialHMAC + KongCredentialHMACStatus *configurationv1alpha1.KongCredentialHMACStatus + Update func(*configurationv1alpha1.KongCredentialHMAC) + ExpectedErrorMessage *string + ExpectedUpdateErrorMessage *string +} + +// testCasesGroup is a group of test cases related to KongCredentialHMAC validation. +// The grouping is done by a common name. +type testCasesGroup struct { + Name string + TestCases []testCase +} + +// TestCases is a collection of all test cases groups related to KongCredentialHMAC validation. +var TestCases = []testCasesGroup{} + +func init() { + TestCases = append(TestCases, + updatesNotAllowedForStatus, + fieldsValidation, + ) +} + +var commonObjectMeta = metav1.ObjectMeta{ + GenerateName: "test-kongcredential-hmac-", + Namespace: "default", +} diff --git a/test/crdsvalidation/kongcredentialhmac/testcases/consumerref-update-not-allowed-for-status.go b/test/crdsvalidation/kongcredentialhmac/testcases/consumerref-update-not-allowed-for-status.go new file mode 100644 index 0000000..519645b --- /dev/null +++ b/test/crdsvalidation/kongcredentialhmac/testcases/consumerref-update-not-allowed-for-status.go @@ -0,0 +1,77 @@ +package testcases + +import ( + "github.com/samber/lo" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" + konnectv1alpha1 "github.com/kong/kubernetes-configuration/api/konnect/v1alpha1" +) + +// updatesNotAllowedForStatus are test cases checking if updates to consumerRef +// are indeed blocked for some status conditions. +var updatesNotAllowedForStatus = testCasesGroup{ + Name: "updates not allowed for status conditions", + TestCases: []testCase{ + { + Name: "consumerRef change is not allowed for Programmed=True", + KongCredentialHMAC: configurationv1alpha1.KongCredentialHMAC{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongCredentialHMACSpec{ + ConsumerRef: corev1.LocalObjectReference{ + Name: "test-kong-consumer", + }, + KongCredentialHMACAPISpec: configurationv1alpha1.KongCredentialHMACAPISpec{ + Secret: lo.ToPtr("secret"), + Username: lo.ToPtr("test-username"), + }, + }, + }, + KongCredentialHMACStatus: &configurationv1alpha1.KongCredentialHMACStatus{ + Konnect: &konnectv1alpha1.KonnectEntityStatusWithControlPlaneAndConsumerRefs{}, + Conditions: []metav1.Condition{ + { + Type: "Programmed", + Status: metav1.ConditionTrue, + Reason: "Valid", + LastTransitionTime: metav1.Now(), + }, + }, + }, + Update: func(c *configurationv1alpha1.KongCredentialHMAC) { + c.Spec.ConsumerRef.Name = "new-consumer" + }, + ExpectedUpdateErrorMessage: lo.ToPtr("spec.consumerRef is immutable when an entity is already Programmed"), + }, + { + Name: "consumerRef change is allowed when consumer is not Programmed=True nor APIAuthValid=True", + KongCredentialHMAC: configurationv1alpha1.KongCredentialHMAC{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongCredentialHMACSpec{ + ConsumerRef: corev1.LocalObjectReference{ + Name: "test-kong-consumer", + }, + KongCredentialHMACAPISpec: configurationv1alpha1.KongCredentialHMACAPISpec{ + Secret: lo.ToPtr("secret"), + Username: lo.ToPtr("test-username"), + }, + }, + }, + KongCredentialHMACStatus: &configurationv1alpha1.KongCredentialHMACStatus{ + Konnect: &konnectv1alpha1.KonnectEntityStatusWithControlPlaneAndConsumerRefs{}, + Conditions: []metav1.Condition{ + { + Type: "Programmed", + Status: metav1.ConditionFalse, + Reason: "Invalid", + LastTransitionTime: metav1.Now(), + }, + }, + }, + Update: func(c *configurationv1alpha1.KongCredentialHMAC) { + c.Spec.ConsumerRef.Name = "new-consumer" + }, + }, + }, +} diff --git a/test/crdsvalidation/kongcredentialhmac/testcases/fieldsvalidation.go b/test/crdsvalidation/kongcredentialhmac/testcases/fieldsvalidation.go new file mode 100644 index 0000000..feaa09e --- /dev/null +++ b/test/crdsvalidation/kongcredentialhmac/testcases/fieldsvalidation.go @@ -0,0 +1,44 @@ +package testcases + +import ( + "github.com/samber/lo" + corev1 "k8s.io/api/core/v1" + + configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" +) + +var fieldsValidation = testCasesGroup{ + Name: "fields validation", + TestCases: []testCase{ + { + Name: "username is required", + KongCredentialHMAC: configurationv1alpha1.KongCredentialHMAC{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongCredentialHMACSpec{ + ConsumerRef: corev1.LocalObjectReference{ + Name: "test-kong-consumer", + }, + KongCredentialHMACAPISpec: configurationv1alpha1.KongCredentialHMACAPISpec{ + Secret: lo.ToPtr("secret"), + }, + }, + }, + ExpectedErrorMessage: lo.ToPtr("spec.username: Required value"), + }, + { + Name: "username is required and no error is expected when it is set", + KongCredentialHMAC: configurationv1alpha1.KongCredentialHMAC{ + ObjectMeta: commonObjectMeta, + Spec: configurationv1alpha1.KongCredentialHMACSpec{ + ConsumerRef: corev1.LocalObjectReference{ + Name: "test-kong-consumer", + }, + KongCredentialHMACAPISpec: configurationv1alpha1.KongCredentialHMACAPISpec{ + Secret: lo.ToPtr("secret"), + Username: lo.ToPtr("test-username"), + }, + }, + }, + }, + }, +} diff --git a/test/unit/konnect_funcs_test.go b/test/unit/konnect_funcs_test.go index d4aa116..bd23694 100644 --- a/test/unit/konnect_funcs_test.go +++ b/test/unit/konnect_funcs_test.go @@ -80,6 +80,10 @@ func TestKonnectFuncs(t *testing.T) { typeName: "KongCredentialJWT", object: &configurationv1alpha1.KongCredentialJWT{}, }, + { + typeName: "KongCredentialHMAC", + object: &configurationv1alpha1.KongCredentialHMAC{}, + }, } for _, tc := range testcases {