Added generated target code

Author: J12934

operator/PROJECT

@@ -13,4 +13,7 @@ resources:
 - group: scans
   kind: PersistenceProvider
   version: v1
+- group: scans
+  kind: Target
+  version: v1
 version: "2"

operator/api/v1/target_types.go

@@ -0,0 +1,63 @@
+/*
+
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// TargetSpec defines the desired state of Target
+type TargetSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Foo is an example field of Target. Edit Target_types.go to remove/update
+	Foo string `json:"foo,omitempty"`
+}
+
+// TargetStatus defines the observed state of Target
+type TargetStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+// +kubebuilder:object:root=true
+
+// Target is the Schema for the targets API
+type Target struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   TargetSpec   `json:"spec,omitempty"`
+	Status TargetStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// TargetList contains a list of Target
+type TargetList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Target `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&Target{}, &TargetList{})
+}

operator/api/v1/zz_generated.deepcopy.go

@@ -6,6 +6,7 @@ resources:
 - bases/scans.experimental.securecodebox.io_scantemplates.yaml
 - bases/scans.experimental.securecodebox.io_parsedefinitions.yaml
 - bases/scans.experimental.securecodebox.io_persistenceproviders.yaml
+- bases/scans.experimental.securecodebox.io_targets.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -15,6 +16,7 @@ patchesStrategicMerge:
 #- patches/webhook_in_scantemplates.yaml
 #- patches/webhook_in_parsedefinitions.yaml
 #- patches/webhook_in_persistenceproviders.yaml
+#- patches/webhook_in_targets.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
@@ -23,6 +25,7 @@ patchesStrategicMerge:
 #- patches/cainjection_in_scantemplates.yaml
 #- patches/cainjection_in_parsedefinitions.yaml
 #- patches/cainjection_in_persistenceproviders.yaml
+#- patches/cainjection_in_targets.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

operator/config/crd/kustomization.yaml

@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: targets.scans.experimental.securecodebox.io

operator/config/crd/patches/cainjection_in_targets.yaml

@@ -0,0 +1,17 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: targets.scans.experimental.securecodebox.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert

operator/config/crd/patches/webhook_in_targets.yaml

@@ -0,0 +1,26 @@
+# permissions to do edit targets.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: target-editor-role
+rules:
+- apiGroups:
+  - scans.experimental.securecodebox.io
+  resources:
+  - targets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - scans.experimental.securecodebox.io
+  resources:
+  - targets/status
+  verbs:
+  - get
+  - patch
+  - update

operator/config/rbac/target_editor_role.yaml

@@ -0,0 +1,20 @@
+# permissions to do viewer targets.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: target-viewer-role
+rules:
+- apiGroups:
+  - scans.experimental.securecodebox.io
+  resources:
+  - targets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - scans.experimental.securecodebox.io
+  resources:
+  - targets/status
+  verbs:
+  - get

operator/config/rbac/target_viewer_role.yaml

@@ -0,0 +1,7 @@
+apiVersion: scans.experimental.securecodebox.io/v1
+kind: Target
+metadata:
+  name: target-sample
+spec:
+  # Add fields here
+  foo: bar

operator/config/samples/scans_v1_target.yaml

@@ -65,6 +65,9 @@ var _ = BeforeSuite(func(done Done) {
 	err = scansv1.AddToScheme(scheme.Scheme)
 	Expect(err).NotTo(HaveOccurred())
 
+	err = scansv1.AddToScheme(scheme.Scheme)
+	Expect(err).NotTo(HaveOccurred())
+
 	// +kubebuilder:scaffold:scheme
 
 	k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme})