wip

Signed-off-by: Fabrizio Sestito <[email protected]>
rancher-sandbox · Oct 18, 2024 · e90b1ef · e90b1ef
1 parent 2188055
commit e90b1ef
Show file tree

Hide file tree

Showing 31 changed files with 1,503 additions and 65 deletions.
diff --git a/Makefile b/Makefile
@@ -51,8 +51,12 @@ generate-controller: manifests  ## Generate code containing DeepCopy, DeepCopyIn
 manifests: ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
 	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./api/v1alpha1"  paths="./internal/controller" output:crd:artifacts:config=helm/templates/crd output:rbac:artifacts:config=helm/templates/controller
 
+.PHONY: generate-storage-test-crd
+generate-storage-test-crd: ## Generate CRD used by the controller tests to access the storage resources. This is needed since storage does not provide CRD, being an API server extension.
+	$(CONTROLLER_GEN) crd paths="./api/storage/..." output:crd:artifacts:config=test/crd
+
 .PHONY: generate-storage
-generate-storage: ## Generate storage  code in pkg/generated and DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+generate-storage: generate-storage-test-crd ## Generate storage  code in pkg/generated and DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 	API_KNOWN_VIOLATIONS_DIR=. UPDATE_API_KNOWN_VIOLATIONS=true ./hack/update-codegen.sh
 
 .PHONY: generate-mocks

diff --git a/PROJECT b/PROJECT
@@ -26,4 +26,9 @@ resources:
   kind: Image
   path: github.com/rancher/sbombastic/api/v1alpha1
   version: v1alpha1
+- controller: true
+  domain: sbombastic.rancher.io
+  group: storage.sbombastic.rancher.io
+  kind: SBOM
+  version: v1alpha1
 version: "3"
diff --git a/api/storage/v1alpha1/register.go b/api/storage/v1alpha1/register.go
@@ -17,6 +17,7 @@ limitations under the License.
 package v1alpha1
 
 import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
@@ -49,6 +50,11 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&ScanResult{},
 		&ScanResultList{},
+		&SBOM{},
+		&SBOMList{},
+		&metav1.GetOptions{},
+		&metav1.CreateOptions{},
+		&metav1.ListOptions{},
 	)
 	return nil
 }
diff --git a/api/storage/v1alpha1/sbom_types.go b/api/storage/v1alpha1/sbom_types.go
@@ -0,0 +1,54 @@
+/*
+Copyright 2024.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// SBOMList contains a list of Software Bill of Materials
+type SBOMList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ScanResult `json:"items"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// SBOM represents a Software Bill of Materials of an OCI artifact
+type SBOM struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   SBOMSpec   `json:"spec,omitempty"`
+	Status SBOMStatus `json:"status,omitempty"`
+}
+
+// SBOMSpec defines the desired state of a SBOM
+type SBOMSpec struct {
+	Data runtime.RawExtension `json:"data"`
+}
+
+// SBOMStatus defines the observed state of a SBOM
+type SBOMStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
diff --git a/api/storage/v1alpha1/storage_types.go → api/storage/v1alpha1/scanresult_types.go b/api/storage/v1alpha1/storage_types.go → api/storage/v1alpha1/scanresult_types.go
diff --git a/api/storage/v1alpha1/zz_generated.deepcopy.go b/api/storage/v1alpha1/zz_generated.deepcopy.go
diff --git a/cmd/controller/main.go b/cmd/controller/main.go
@@ -35,6 +35,7 @@ import (
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
+	storagev1alpha1 "github.com/rancher/sbombastic/api/storage/v1alpha1"
 	"github.com/rancher/sbombastic/api/v1alpha1"
 	"github.com/rancher/sbombastic/internal/controller"
 	"github.com/rancher/sbombastic/internal/messaging"
@@ -48,8 +49,9 @@ var (
 
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
-
 	utilruntime.Must(v1alpha1.AddToScheme(scheme))
+	utilruntime.Must(storagev1alpha1.AddToScheme(scheme))
+
 	// +kubebuilder:scaffold:scheme
 }
 
@@ -167,6 +169,24 @@ func main() {
 		setupLog.Error(err, "unable to create controller", "controller", "Registry")
 		os.Exit(1)
 	}
+
+	if err = (&controller.ImageReconciler{
+		Client:    mgr.GetClient(),
+		Scheme:    mgr.GetScheme(),
+		Publisher: publisher,
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "Image")
+		os.Exit(1)
+	}
+
+	if err = (&controller.SBOMReconciler{
+		Client: mgr.GetClient(),
+		Scheme: mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "SBOM")
+		os.Exit(1)
+	}
+
 	// +kubebuilder:scaffold:builder
 
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {

diff --git a/go.mod b/go.mod
@@ -5,6 +5,7 @@ go 1.23.0
 godebug default=go1.23
 
 require (
+	github.com/google/uuid v1.6.0
 	github.com/nats-io/nats-server/v2 v2.10.21
 	github.com/nats-io/nats.go v1.37.0
 	github.com/onsi/ginkgo/v2 v2.20.2
@@ -57,7 +58,6 @@ require (
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect
-	github.com/google/uuid v1.6.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect

diff --git a/helm/templates/controller/role.yaml b/helm/templates/controller/role.yaml
@@ -56,3 +56,29 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - storage.sbombastic.rancher.io.sbombastic.rancher.io
+  resources:
+  - sboms
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - storage.sbombastic.rancher.io.sbombastic.rancher.io
+  resources:
+  - sboms/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - storage.sbombastic.rancher.io.sbombastic.rancher.io
+  resources:
+  - sboms/status
+  verbs:
+  - get
+  - patch
+  - update
diff --git a/internal/controller/image_controller.go b/internal/controller/image_controller.go
@@ -18,45 +18,71 @@ package controller
 
 import (
 	"context"
+	"fmt"
 
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
-	sbombasticv1alpha1 "github.com/rancher/sbombastic/api/v1alpha1"
+	storagev1alpha1 "github.com/rancher/sbombastic/api/storage/v1alpha1"
+	"github.com/rancher/sbombastic/api/v1alpha1"
+	"github.com/rancher/sbombastic/internal/messaging"
 )
 
 // ImageReconciler reconciles a Image object
 type ImageReconciler struct {
 	client.Client
-	Scheme *runtime.Scheme
+	Scheme    *runtime.Scheme
+	Publisher messaging.Publisher
 }
 
 // +kubebuilder:rbac:groups=sbombastic.sbombastic.rancher.io,resources=images,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=sbombastic.sbombastic.rancher.io,resources=images/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=sbombastic.sbombastic.rancher.io,resources=images/finalizers,verbs=update
 
-// Reconcile is part of the main kubernetes reconciliation loop which aims to
-// move the current state of the cluster closer to the desired state.
-// TODO(user): Modify the Reconcile function to compare the state specified by
-// the Image object against the actual cluster state, and then
-// perform operations to make the cluster state reflect the state specified by
-// the user.
-//
-// For more details, check Reconcile and its Result here:
-// - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/reconcile
 func (r *ImageReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
-	_ = log.FromContext(ctx)
+	log := log.FromContext(ctx)
 
-	// TODO(user): your logic here
+	var image v1alpha1.Image
+	if err := r.Get(ctx, req.NamespacedName, &image); err != nil {
+		if !apierrors.IsNotFound(err) {
+			return ctrl.Result{}, fmt.Errorf("unable to fetch Image: %w", err)
+		}
+
+		return ctrl.Result{}, nil
+	}
+
+	var sbom storagev1alpha1.SBOM
+	if err := r.Get(ctx, req.NamespacedName, &sbom); err != nil {
+		if apierrors.IsNotFound(err) {
+			log.Info("Creating SBOM of Image", "name", image.Name, "namespace", image.Namespace)
+
+			msg := messaging.CreateSBOM{
+				ImageName:      image.Name,
+				ImageNamespace: image.Namespace,
+			}
+
+			if err := r.Publisher.Publish(&msg); err != nil {
+				return ctrl.Result{}, fmt.Errorf("unable to publish CreateSBOM message: %w", err)
+			}
+		} else {
+			return ctrl.Result{}, fmt.Errorf("unable to fetch SBOM: %w", err)
+		}
+	}
 
 	return ctrl.Result{}, nil
 }
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *ImageReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewControllerManagedBy(mgr).
-		For(&sbombasticv1alpha1.Image{}).
+	err := ctrl.NewControllerManagedBy(mgr).
+		For(&v1alpha1.Image{}).
 		Complete(r)
+	if err != nil {
+		return fmt.Errorf("failed to create Image controller: %w", err)
+	}
+
+	return nil
 }