Add common config custom resource

PROJECT

@@ -9,6 +9,9 @@ resources:
 - group: samba-operator
   kind: SmbSecurityConfig
   version: v1alpha1
+- group: samba-operator
+  kind: SmbCommonConfig
+  version: v1alpha1
 version: 3-alpha
 plugins:
   go.sdk.operatorframework.io/v2-alpha: {}

api/v1alpha1/smbcommonconfig_types.go

@@ -0,0 +1,77 @@
+/*
+
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// SmbCommonConfigSpec values act as a template for properties of the services
+// that will host shares.
+type SmbCommonConfigSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Network specifies what kind of networking shares associated with
+	// this config will use.
+	// +kubebuilder:validation:Required
+	Network SmbCommonNetworkSpec `json:"network,omitempty"`
+}
+
+// SmbCommonNetworkSpec values define networking properties for the services
+// that will host shares.
+type SmbCommonNetworkSpec struct {
+	// Publish broadly specifies what kind of networking shares associated with
+	// this config are expected to use.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Enum:=cluster;external
+	Publish string `json:"publish,omitempty"`
+}
+
+// SmbCommonConfigStatus defines the observed state of SmbCommonConfig
+type SmbCommonConfigStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// SmbCommonConfig is the Schema for the smbcommonconfigs API
+type SmbCommonConfig struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   SmbCommonConfigSpec   `json:"spec,omitempty"`
+	Status SmbCommonConfigStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// SmbCommonConfigList contains a list of SmbCommonConfig
+type SmbCommonConfigList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []SmbCommonConfig `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&SmbCommonConfig{}, &SmbCommonConfigList{})
+}

api/v1alpha1/smbshare_types.go

@@ -55,6 +55,13 @@ type SmbShareSpec struct {
 	// +kubebuilder:validation:MinLength:=1
 	// +optional
 	SecurityConfig string `json:"securityConfig,omitempty"`
+
+	// CommonConfig specifies which SmbCommonConfig CR is to be used
+	// for this share. If left blank, the operator's default will be
+	// used.
+	// +kubebuilder:validation:MinLength:=1
+	// +optional
+	CommonConfig string `json:"commonConfig,omitempty"`
 }
 
 // SmbShareStorageSpec defines how storage is associated with a share.

config/crd/bases/samba-operator.samba.org_smbcommonconfigs.yaml

@@ -0,0 +1,66 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.3.0
+  creationTimestamp: null
+  name: smbcommonconfigs.samba-operator.samba.org
+spec:
+  group: samba-operator.samba.org
+  names:
+    kind: SmbCommonConfig
+    listKind: SmbCommonConfigList
+    plural: smbcommonconfigs
+    singular: smbcommonconfig
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: SmbCommonConfig is the Schema for the smbcommonconfigs API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: SmbCommonConfigSpec values act as a template for properties
+              of the services that will host shares.
+            properties:
+              network:
+                description: Network specifies what kind of networking shares associated
+                  with this config will use.
+                properties:
+                  publish:
+                    description: Publish broadly specifies what kind of networking
+                      shares associated with this config are expected to use.
+                    enum:
+                    - cluster
+                    - external
+                    type: string
+                type: object
+            type: object
+          status:
+            description: SmbCommonConfigStatus defines the observed state of SmbCommonConfig
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/crd/bases/samba-operator.samba.org_smbshares.yaml

@@ -41,6 +41,12 @@ spec:
                 description: Browseable controls if the share will be browseable.
                   A browseable share is visible in listings.
                 type: boolean
+              commonConfig:
+                description: CommonConfig specifies which SmbCommonConfig CR is to
+                  be used for this share. If left blank, the operator's default will
+                  be used.
+                minLength: 1
+                type: string
               readOnly:
                 default: false
                 description: ReadOnly controls if this share is to be read-only or

config/crd/kustomization.yaml

@@ -4,17 +4,20 @@
 resources:
 - bases/samba-operator.samba.org_smbshares.yaml
 - bases/samba-operator.samba.org_smbsecurityconfigs.yaml
+- bases/samba-operator.samba.org_smbcommonconfigs.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- patches/webhook_in_smbshares.yaml
+#- patches/webhook_in_smbcommonconfigs.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- patches/cainjection_in_smbshares.yaml
+#- patches/cainjection_in_smbcommonconfigs.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

config/crd/patches/cainjection_in_smbcommonconfigs.yaml

@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: smbcommonconfigs.samba-operator.samba.org

config/crd/patches/webhook_in_smbcommonconfigs.yaml

@@ -0,0 +1,17 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: smbcommonconfigs.samba-operator.samba.org
+spec:
+  conversion:
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert

config/rbac/role.yaml

@@ -67,6 +67,26 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - samba-operator.samba.org
+  resources:
+  - smbcommonconfigs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - samba-operator.samba.org
+  resources:
+  - smbcommonconfigs/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - samba-operator.samba.org
   resources:

config/rbac/smbcommonconfig_editor_role.yaml

@@ -0,0 +1,24 @@
+# permissions for end users to edit smbcommonconfigs.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: smbcommonconfig-editor-role
+rules:
+- apiGroups:
+  - samba-operator.samba.org
+  resources:
+  - smbcommonconfigs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - samba-operator.samba.org
+  resources:
+  - smbcommonconfigs/status
+  verbs:
+  - get