From: Le Yao Date: Wed, 23 Jun 2021 08:03:14 +0000 (+0000) Subject: Integrate the latest cnf and crd code change X-Git-Tag: 21-12-01~7 X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=24ee83ce1c0ae4cf12cbc1774ba3d7a924e8b8d4;p=icn%2Fsdwan.git Integrate the latest cnf and crd code change Enhance the crd controller and sdewan cnf Signed-off-by: Le Yao Change-Id: I05f4da221e923638520d89704d85acd029d9bf97 --- diff --git a/platform/cnf/README.md b/platform/cnf-openwrt/README.md similarity index 75% rename from platform/cnf/README.md rename to platform/cnf-openwrt/README.md index f312fc4..dd33d77 100644 --- a/platform/cnf/README.md +++ b/platform/cnf-openwrt/README.md @@ -1,6 +1,11 @@ -# cnf +``` +SPDX-License-Identifier: Apache-2.0 +Copyright (c) 2021 Intel Corporation +``` -sdewan cnf docker image for Akraino ICN SDEWAN solution +# cnf-openwrt + +sdewan cnf docker image for SDEWAN solution # folder structure diff --git a/platform/cnf-openwrt/doc/README.md b/platform/cnf-openwrt/doc/README.md new file mode 100644 index 0000000..650e72c --- /dev/null +++ b/platform/cnf-openwrt/doc/README.md @@ -0,0 +1,6 @@ +``` +SPDX-License-Identifier: Apache-2.0 +Copyright (c) 2021 Intel Corporation +``` + +# SDEWAN CNF documents diff --git a/platform/cnf-openwrt/examples/README.md b/platform/cnf-openwrt/examples/README.md new file mode 100644 index 0000000..697353c --- /dev/null +++ b/platform/cnf-openwrt/examples/README.md @@ -0,0 +1,6 @@ +``` +SPDX-License-Identifier: Apache-2.0 +Copyright (c) 2021 Intel Corporation +``` + +# SDEWAN CNF examples diff --git a/platform/cnf/src/10-default.conf b/platform/cnf-openwrt/src/10-default.conf similarity index 100% rename from platform/cnf/src/10-default.conf rename to platform/cnf-openwrt/src/10-default.conf diff --git a/platform/cnf/src/Dockerfile_1806_mwan3_noproxy.tpl b/platform/cnf-openwrt/src/Dockerfile_1806_mwan3.tpl similarity index 70% rename from platform/cnf/src/Dockerfile_1806_mwan3_noproxy.tpl rename to platform/cnf-openwrt/src/Dockerfile_1806_mwan3.tpl index e576650..407f0e3 100644 --- a/platform/cnf/src/Dockerfile_1806_mwan3_noproxy.tpl +++ b/platform/cnf-openwrt/src/Dockerfile_1806_mwan3.tpl @@ -1,14 +1,21 @@ -FROM openwrt-1806-4-base +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation +FROM openwrt-1806-4-base:v0.1 #EXPOSE 80 +ENV http_proxy={docker_proxy} +ENV https_proxy={docker_proxy} +ENV no_proxy=localhost,120.0.0.1,192.168.* RUN mkdir /var/lock && \ opkg update && \ + opkg install shadow-chpasswd && \ + opkg install luci-ssl && \ opkg install uhttpd-mod-lua && \ uci set uhttpd.main.interpreter='.lua=/usr/bin/lua' && \ uci commit uhttpd && \ opkg install shadow-useradd shadow-groupadd shadow-usermod sudo && \ - opkg install mwan3 jq bash && \ + opkg install mwan3 jq bash conntrack && \ opkg install strongswan-default luasocket && \ opkg install luci-app-mwan3; exit 0 @@ -21,10 +28,15 @@ COPY sdewan.user /etc/sdewan.user COPY sdewan_svc.info /etc/sdewan_svc.info COPY app_cr.info /etc/app_cr.info COPY route_cr.info /etc/route_cr.info +COPY rule_cr.info /etc/rule_cr.info COPY default_firewall /etc/config/firewall COPY rest_v1 /usr/lib/lua/luci/controller/rest_v1 COPY 10-default.conf /etc/sysctl.d/10-default.conf +ENV http_proxy="" +ENV https_proxy="" +ENV no_proxy="" + RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers RUN groupadd --system sudo && useradd wrt RUN usermod -a -G sudo wrt diff --git a/platform/cnf/src/Dockerfile_1806_mwan3.tpl b/platform/cnf-openwrt/src/Dockerfile_1806_mwan3_noproxy.tpl similarity index 79% rename from platform/cnf/src/Dockerfile_1806_mwan3.tpl rename to platform/cnf-openwrt/src/Dockerfile_1806_mwan3_noproxy.tpl index 6c7b326..7c15553 100644 --- a/platform/cnf/src/Dockerfile_1806_mwan3.tpl +++ b/platform/cnf-openwrt/src/Dockerfile_1806_mwan3_noproxy.tpl @@ -1,17 +1,19 @@ -FROM openwrt-1806-4-base +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation + +FROM openwrt-1806-4-base:v0.1 #EXPOSE 80 -ENV http_proxy={docker_proxy} -ENV https_proxy={docker_proxy} -ENV no_proxy=localhost,120.0.0.1,192.168.* RUN mkdir /var/lock && \ opkg update && \ + opkg install shadow-chpasswd && \ + opkg install luci-ssl && \ opkg install uhttpd-mod-lua && \ uci set uhttpd.main.interpreter='.lua=/usr/bin/lua' && \ uci commit uhttpd && \ opkg install shadow-useradd shadow-groupadd shadow-usermod sudo && \ - opkg install mwan3 jq bash && \ + opkg install mwan3 jq bash conntrack && \ opkg install strongswan-default luasocket && \ opkg install luci-app-mwan3; exit 0 @@ -24,14 +26,11 @@ COPY sdewan.user /etc/sdewan.user COPY sdewan_svc.info /etc/sdewan_svc.info COPY app_cr.info /etc/app_cr.info COPY route_cr.info /etc/route_cr.info +COPY rule_cr.info /etc/rule_cr.info COPY default_firewall /etc/config/firewall COPY rest_v1 /usr/lib/lua/luci/controller/rest_v1 COPY 10-default.conf /etc/sysctl.d/10-default.conf -ENV http_proxy= -ENV https_proxy= -ENV no_proxy= - RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers RUN groupadd --system sudo && useradd wrt RUN usermod -a -G sudo wrt diff --git a/platform/cnf/src/app_cr.info b/platform/cnf-openwrt/src/app_cr.info similarity index 100% rename from platform/cnf/src/app_cr.info rename to platform/cnf-openwrt/src/app_cr.info diff --git a/platform/cnf/src/build_image.sh b/platform/cnf-openwrt/src/build_image.sh similarity index 80% rename from platform/cnf/src/build_image.sh rename to platform/cnf-openwrt/src/build_image.sh index 7ff6e20..dd5dc08 100644 --- a/platform/cnf/src/build_image.sh +++ b/platform/cnf-openwrt/src/build_image.sh @@ -1,15 +1,18 @@ #!/bin/bash +#SPDX-License-Identifier: Apache-2.0 +#Copyright (c) 2021 Intel Corporation + # usage: build_images.sh set -ex -base_image_tag=openwrt-1806-4-base +base_image_tag=openwrt-1806-4-base:v0.1 docker_file=Dockerfile_1806_mwan3 -image_tag=openwrt-1806-mwan3 +image_tag=openwrt-1806-mwan3:v0.1 package=openwrt-18.06.4-x86-64-generic-rootfs # build openwrt base docker images -base_image=`docker images | grep $base_image_tag | awk '{print $1}'` +base_image=$(docker images | grep $base_image_tag | awk '{print $1}') if [ -z "$base_image" ]; then # download driver source package if [ ! -e /tmp/$package.tar.gz ]; then diff --git a/platform/cnf/src/default_firewall b/platform/cnf-openwrt/src/default_firewall similarity index 100% rename from platform/cnf/src/default_firewall rename to platform/cnf-openwrt/src/default_firewall diff --git a/platform/cnf/src/ipsec b/platform/cnf-openwrt/src/ipsec similarity index 100% rename from platform/cnf/src/ipsec rename to platform/cnf-openwrt/src/ipsec diff --git a/platform/cnf/src/ipsec_exec b/platform/cnf-openwrt/src/ipsec_exec similarity index 97% rename from platform/cnf/src/ipsec_exec rename to platform/cnf-openwrt/src/ipsec_exec index 7897af3..d2d455f 100755 --- a/platform/cnf/src/ipsec_exec +++ b/platform/cnf-openwrt/src/ipsec_exec @@ -1,4 +1,6 @@ #!/bin/sh /etc/rc.common +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation START=90 STOP=10 @@ -304,10 +306,10 @@ config_ipsec() { secret_xappend "# generated by /etc/init.d/ipsec" config_get debug "$1" debug 0 - config_get_bool rtinstall_enabled "$1" rtinstall_enabled 0 - config_get_bool vip_enabled "$1" vip_enabled 0 + config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1 + config_get_bool vip_enabled "$1" vip_enabled 1 [ $rtinstall_enabled -eq 1 ] && install_routes=yes || install_routes=no - [ $vip_enabled -eq 1] && install_virtual_ip=yes || install_virtual_ip=no + [ $vip_enabled -eq 1 ] && install_virtual_ip=yes || install_virtual_ip=no # prepare extra charon config option ignore_routing_tables for routing_table in $(config_get "$1" "ignore_routing_tables"); do diff --git a/platform/cnf/src/rest_v1/app_rest.lua b/platform/cnf-openwrt/src/rest_v1/app_rest.lua similarity index 98% rename from platform/cnf/src/rest_v1/app_rest.lua rename to platform/cnf-openwrt/src/rest_v1/app_rest.lua index 29e9b4d..f4c0d64 100644 --- a/platform/cnf/src/rest_v1/app_rest.lua +++ b/platform/cnf-openwrt/src/rest_v1/app_rest.lua @@ -1,5 +1,5 @@ --- Copyright 2020 Intel Corporation, Inc --- Licensed to the public under the Apache License 2.0. +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation module("luci.controller.rest_v1.app_rest", package.seeall) diff --git a/platform/cnf/src/rest_v1/firewall_rest.lua b/platform/cnf-openwrt/src/rest_v1/firewall_rest.lua similarity index 99% rename from platform/cnf/src/rest_v1/firewall_rest.lua rename to platform/cnf-openwrt/src/rest_v1/firewall_rest.lua index 2ed4e6a..caa2a3e 100644 --- a/platform/cnf/src/rest_v1/firewall_rest.lua +++ b/platform/cnf-openwrt/src/rest_v1/firewall_rest.lua @@ -1,5 +1,5 @@ --- Copyright 2020 Intel Corporation, Inc --- Licensed to the public under the Apache License 2.0. +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation module("luci.controller.rest_v1.firewall_rest", package.seeall) diff --git a/platform/cnf/src/rest_v1/index.lua b/platform/cnf-openwrt/src/rest_v1/index.lua similarity index 82% rename from platform/cnf/src/rest_v1/index.lua rename to platform/cnf-openwrt/src/rest_v1/index.lua index 86786d1..4d700d3 100644 --- a/platform/cnf/src/rest_v1/index.lua +++ b/platform/cnf-openwrt/src/rest_v1/index.lua @@ -1,5 +1,5 @@ --- Copyright 2020 Intel Corporation, Inc --- Licensed to the public under the Apache License 2.0. +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation module("luci.controller.rest_v1.index", package.seeall) @@ -12,6 +12,7 @@ function index() entry({"sdewan", "service", ver}, call("help")).dependent = false entry({"sdewan", "application", ver}, call("help")).dependent = false entry({"sdewan", "route", ver}, call("help")).dependent = false + entry({"sdewan", "rule", ver}, call("help")).dependent = false end diff --git a/platform/cnf/src/rest_v1/ipsec_rest.lua b/platform/cnf-openwrt/src/rest_v1/ipsec_rest.lua similarity index 95% rename from platform/cnf/src/rest_v1/ipsec_rest.lua rename to platform/cnf-openwrt/src/rest_v1/ipsec_rest.lua index c996754..2f0be5e 100644 --- a/platform/cnf/src/rest_v1/ipsec_rest.lua +++ b/platform/cnf-openwrt/src/rest_v1/ipsec_rest.lua @@ -1,5 +1,5 @@ --- Copyright 2020 Intel Corporation, Inc. --- Licensed to the public under the Apache License 2.0. +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation module("luci.controller.rest_v1.ipsec_rest", package.seeall) @@ -49,7 +49,7 @@ remote_validator = { config_type="remote", object_validator=function(value) return check_auth_method(value) end, {name="name"}, - {name="type"}, + {name="type", save_func=function(value) return is_vti_enabled(value) end}, {name="gateway", required=true}, {name="enabled", default="1"}, {name="authentication_method", required=true, validator=function(value) return utils.in_array(value, {"psk", "pubkey"}) end}, @@ -129,6 +129,20 @@ function handle_request() end end +function is_vti_enabled(value) + local mode = value["type"] + if mode == "VTI-based" then + uci:set(uci_conf, "@ipsec[0]", "rtinstall_enabled", 0) + uci:set(uci_conf, "@ipsec[0]", "vip_enabled", 0) + else + uci:set(uci_conf, "@ipsec[0]", "rtinstall_enabled", 1) + uci:set(uci_conf, "@ipsec[0]", "vip_enabled", 1) + end + uci:save(uci_conf) + uci:commit(uci_conf) + return true, value +end + function save_cert(content, path) local file = io.open(path, "w") if file == nil then diff --git a/platform/cnf-openwrt/src/rest_v1/modules/conntrack.lua b/platform/cnf-openwrt/src/rest_v1/modules/conntrack.lua new file mode 100644 index 0000000..0e36a16 --- /dev/null +++ b/platform/cnf-openwrt/src/rest_v1/modules/conntrack.lua @@ -0,0 +1,110 @@ +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation + +module("luci.controller.rest_v1.modules.conntrack", package.seeall) + +NX = require("nixio") +sys = require "luci.sys" +util = require "luci.util" +utils = require "luci.controller.rest_v1.utils" + +tcp_table = { + {field="protocol", key=function(data) return split(data, ' ')[1] end}, + {field="request", key=function(data) return get_info(data, 5) end}, + {field="response", key=function(data) return get_info(data, 9) end}, + {field="mark", key="mark"}, + {field="state", key=function(data) return split(data, ' ')[4] end}, +} + +udp_table = { + {field="protocol", key=function(data) return split(data, ' ')[1] end}, + {field="request", key=function(data) return get_info(data, 4) end}, + {field="response", key=function(data) return get_info(data, 8) end}, + {field="mark", key="mark"}, +} + +function register() + return "conntrack", _M["get_conn_info"] +end + +function get_info(data, index) + local ret = {} + local message = split(data, ' ') + if string.find(message[index], 'src') == nil then + index = index + 1 + end + local src = split(message[index], '=')[2] + local dst = split(message[index+1], '=')[2] + local sport = split(message[index+2], '=')[2] + local dport = split(message[index+3], '=')[2] + if src == nil then + util.perror("Invalid request or response source") + return nil + end + ret["src"] = src..':'..sport + ret["dst"] = dst..':'..dport + return ret +end + +function get_field(data, key) + if type(key) == "function" then + return key(data) + end + + local reg = { + key .. " [^%s]+[%s]", + } + + local ret = nil + for index=1, #reg do + for item in string.gmatch(data, reg[index]) do + local value = nil + local i,j = string.find(item, key .. " ") + if i ~= nil then + value = string.sub(item, j+1, string.len(item)-1) + end + if value ~= nil then + ret = value + break + end + end + end + return ret +end + +function get_conn(conn) + local ret = {} + local protocol = split(conn, ' ')[1] + if protocol == "tcp" then + fields_table = tcp_table + elseif protocol == "udp" then + fields_table = udp_table + else + return ret + end + for i,v in pairs(fields_table) do + local value = get_field(conn, v["key"]) + if value ~= nil then + ret[v["field"]] = value + end + end + return ret +end + +function get_conn_info() + local ret = {} + local index = 1 + for conn in util.execi("conntrack -L") do + ret[index] = get_conn(conn) + index = index + 1 + end + return ret +end + +function split(str,reps) + local arr = {} + string.gsub(str,'[^'..reps..']+',function(w) + table.insert(arr, w) + end) + return arr +end diff --git a/platform/cnf/src/rest_v1/modules/interface.lua b/platform/cnf-openwrt/src/rest_v1/modules/interface.lua similarity index 96% rename from platform/cnf/src/rest_v1/modules/interface.lua rename to platform/cnf-openwrt/src/rest_v1/modules/interface.lua index e59311b..529ec09 100644 --- a/platform/cnf/src/rest_v1/modules/interface.lua +++ b/platform/cnf-openwrt/src/rest_v1/modules/interface.lua @@ -1,5 +1,5 @@ --- Copyright 2020 Intel Corporation, Inc --- Licensed to the public under the Apache License 2.0. +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation module("luci.controller.rest_v1.modules.interface", package.seeall) diff --git a/platform/cnf-openwrt/src/rest_v1/modules/ipsec.lua b/platform/cnf-openwrt/src/rest_v1/modules/ipsec.lua new file mode 100644 index 0000000..31e7c33 --- /dev/null +++ b/platform/cnf-openwrt/src/rest_v1/modules/ipsec.lua @@ -0,0 +1,121 @@ +-- Copyright 2021 Intel Corporation, Inc +-- Licensed to the public under the Apache License 2.0. + +module("luci.controller.rest_v1.modules.ipsec", package.seeall) + +util = require "luci.util" +utils = require "luci.controller.rest_v1.utils" +uci = require "luci.model.uci" +json = require "luci.jsonc" + +uci_conf = "ipsec" +fields_table = { + {field="connecting", key="connecting"}, + {field="up", key="up"}, + {field="connection", key="==="} +} + +function register() + return "ipsec", _M["get_ipsec_info"] +end + +function get_field(data, key, field_type) + if type(key) == "function" then + return key(data) + end + + local reg = { + "%d+%s" .. key, + "%w+%p%w+%p%w+%p%w+%p%w+%s" .. key .. "%s%w+%p%w+%p%w+%p%w+%p%w+" + } + + local ret = nil + + if (key == "===") then + index = 2 + else + index = 1 + end + + for item in string.gmatch(data, reg[index]) do + local value = nil + local i,j = string.find(item, " " .. key) + if i ~= nil then + if (key == "===") then + value = item + else + value = string.sub(item, 1, i-1) + end + end + if value ~= nil + then + ret = value + break + end + end + return ret +end + +function get_ipsec_detail(stat) + local ret = nil + for i,v in pairs(fields_table) do + local value = get_field(stat, v["key"], v["type"]) + if value ~= nil then + if ret == nil then + ret = {} + end + ret[v["field"]] = value + end + end + return ret +end + +function getTunnelCounts(configuration) + local c = 0 + uci:foreach(configuration, "remote", + function(session) + print(json.stringify(session)) + local t = session["tunnel"] + if t ~= nil and #t > 0 then + c = c + #t + end + t = session["transport"] + if t ~= nil and #t > 0 then + c = c + #t + end + end + ) + return c +end + +function get_ipsec_info() + local ret = {} + local index = 1 + local stats = "InitConnection" + local upi + local connecti + local total = getTunnelCounts(uci_conf) + ret[stats] = "success" + ret["details"] = {} + for stat in util.execi("ipsec status") do + local res = get_ipsec_detail(stat) + if res ~= nil then + for k, v in pairs(res) do + if (k == "up") then + upi = tonumber(v) + elseif (k == "connecting") then + connecti = tonumber(v) + else + break + end + end + if (upi + connecti < total) then + util.perror("Finding connection failed ...") + ret[stats] = "fail" + end + ret["details"][index] = res + index = index + 1 + end + end + return ret +end diff --git a/platform/cnf-openwrt/src/rest_v1/modules/route.lua b/platform/cnf-openwrt/src/rest_v1/modules/route.lua new file mode 100644 index 0000000..7cdc5cf --- /dev/null +++ b/platform/cnf-openwrt/src/rest_v1/modules/route.lua @@ -0,0 +1,86 @@ +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation + +module("luci.controller.rest_v1.modules.route", package.seeall) + +NX = require("nixio") +sys = require "luci.sys" +util = require "luci.util" +utils = require "luci.controller.rest_v1.utils" + +fields_table = { + {field="gateway", key="via"}, + {field="device", key="dev"}, + {field="destination", key=function(data) return split(data, ' ')[1] end}, + {field="scope", key="scope"}, + {field="proto", key="proto"}, + {field="metric", key="metric"}, + {field="src", key="src"}, +} + +function register() + return "route", _M["get_route_info"] +end + +function get_field(data, key, field_type) + if type(key) == "function" then + return key(data) + end + + local reg = { + key .. " [^%s]+[%s]", + } + + local ret = nil + for index=1, #reg do + for item in string.gmatch(data, reg[index]) do + local value = nil + local i,j = string.find(item, key .. " ") + if i ~= nil then + value = string.sub(item, j+1, string.len(item)-1) + end + if value ~= nil then + ret = value + break + end + end + end + return ret +end + +function get_route(route) + local ret = {} + for i,v in pairs(fields_table) do + local value = get_field(route, v["key"], v["type"]) + if value ~= nil then + ret[v["field"]] = value + end + end + return ret +end + +function get_route_info() + local ret = {} + for table in util.execi("ip rule | awk '{print $NF}' | sort | uniq") do + if table == "main" or table == "local" or table == "default" or utils.is_integer_and_in_range(table, 0) then + local cont = {} + local index = 1 + local data = {} + for route in util.execi("ip route show table " .. table) do + data[index] = get_route(route) + index = index + 1 + end + cont["item"] = data + ret[table] = cont + end + end + return ret +end + +function split(str,reps) + local arr = {} + string.gsub(str,'[^'..reps..']+',function(w) + table.insert(arr, w) + end) + return arr +end diff --git a/platform/cnf-openwrt/src/rest_v1/modules/rule.lua b/platform/cnf-openwrt/src/rest_v1/modules/rule.lua new file mode 100644 index 0000000..c4ca2ed --- /dev/null +++ b/platform/cnf-openwrt/src/rest_v1/modules/rule.lua @@ -0,0 +1,77 @@ +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation + +module("luci.controller.rest_v1.modules.rule", package.seeall) + +NX = require("nixio") +sys = require "luci.sys" +util = require "luci.util" +utils = require "luci.controller.rest_v1.utils" + +fields_table = { + {field="src", key="from"}, + {field="dst", key="to"}, + {field="prio", key=function(data) return split(data, ':')[1] end}, + {field="fwmark", key="fwmark"}, + {field="table", key="lookup"}, + {field="not", key=function(data) if string.match(data, "[%s]not[%s]") ~= nil then return "true" else return "false" end end}, +} + +function register() + return "rule", _M["get_rule_info"] +end + +function get_field(data, key, field_type) + if type(key) == "function" then + return key(data) + end + + local reg = { + key .. " [^%s]+[%s]", + } + + local ret = nil + for index=1, #reg do + for item in string.gmatch(data, reg[index]) do + local value = nil + local i,j = string.find(item, key .. " ") + if i ~= nil then + value = string.sub(item, j+1, string.len(item)-1) + end + if value ~= nil then + ret = value + break + end + end + end + return ret +end + +function get_rule(rule) + local ret = {} + for i,v in pairs(fields_table) do + local value = get_field(rule, v["key"], v["type"]) + if value ~= nil then + ret[v["field"]] = value + end + end + return ret +end + +function get_rule_info() + local ret = {} + local index = 1 + for rule in util.execi("ip rule") do + ret[index] = get_rule(rule) + index = index + 1 + end + return ret +end + +function split(str,reps) + local arr = {} + string.gsub(str,'[^'..reps..']+',function(w) + table.insert(arr, w) + end) + return arr +end diff --git a/platform/cnf/src/rest_v1/modules/wan.lua b/platform/cnf-openwrt/src/rest_v1/modules/wan.lua similarity index 68% rename from platform/cnf/src/rest_v1/modules/wan.lua rename to platform/cnf-openwrt/src/rest_v1/modules/wan.lua index 548de7a..5230310 100644 --- a/platform/cnf/src/rest_v1/modules/wan.lua +++ b/platform/cnf-openwrt/src/rest_v1/modules/wan.lua @@ -1,5 +1,5 @@ --- Copyright 2020 Intel Corporation, Inc --- Licensed to the public under the Apache License 2.0. +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation module("luci.controller.rest_v1.modules.wan", package.seeall) diff --git a/platform/cnf/src/rest_v1/mwan3_rest.lua b/platform/cnf-openwrt/src/rest_v1/mwan3_rest.lua similarity index 98% rename from platform/cnf/src/rest_v1/mwan3_rest.lua rename to platform/cnf-openwrt/src/rest_v1/mwan3_rest.lua index 2efe6b9..0598a28 100644 --- a/platform/cnf/src/rest_v1/mwan3_rest.lua +++ b/platform/cnf-openwrt/src/rest_v1/mwan3_rest.lua @@ -1,5 +1,5 @@ --- Copyright 2020 Intel Corporation, Inc --- Licensed to the public under the Apache License 2.0. +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation module("luci.controller.rest_v1.mwan3_rest", package.seeall) diff --git a/platform/cnf/src/rest_v1/route_rest.lua b/platform/cnf-openwrt/src/rest_v1/route_rest.lua similarity index 98% rename from platform/cnf/src/rest_v1/route_rest.lua rename to platform/cnf-openwrt/src/rest_v1/route_rest.lua index 25f1f59..df79eae 100644 --- a/platform/cnf/src/rest_v1/route_rest.lua +++ b/platform/cnf-openwrt/src/rest_v1/route_rest.lua @@ -1,5 +1,5 @@ --- Copyright 2020 Intel Corporation, Inc --- Licensed to the public under the Apache License 2.0. +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation module("luci.controller.rest_v1.route_rest", package.seeall) diff --git a/platform/cnf-openwrt/src/rest_v1/rule_rest.lua b/platform/cnf-openwrt/src/rest_v1/rule_rest.lua new file mode 100644 index 0000000..7458935 --- /dev/null +++ b/platform/cnf-openwrt/src/rest_v1/rule_rest.lua @@ -0,0 +1,326 @@ +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation + +module("luci.controller.rest_v1.rule_rest", package.seeall) + +local uci = require "luci.model.uci" + +json = require "luci.jsonc" +io = require "io" +sys = require "luci.sys" +utils = require "luci.controller.rest_v1.utils" + +function index() + ver = "v1" + configuration = "rule" + entry({"sdewan", configuration, ver, "rules"}, call("handle_request")).leaf = true +end + +-- Request Handler +function handle_request() + local method = utils.get_req_method() + if method == "PUT" then + return update_rule() + elseif method == "POST" then + return create_rule() + elseif method == "DELETE" then + return delete_rule() + elseif method == "GET" then + return get_rule() + else + utils.response_error(405, "Method Not Allowed") + end +end + +-- Post +function create_rule() + local obj = utils.get_request_body_object() + if obj == nil then + utils.response_error(400, "No Rule Data") + return + end + if is_duplicated(obj.name, obj.src, obj.dst) then + utils.response_error(409, "Duplicated Rule Configuration") + return + end + if not is_valid_format(obj.src, obj.dst, obj.prio, obj.table, obj.fwmark) then + utils.response_error(400, "Invalid rule format") + return + end + + local comm = "ip rule add " + comm = rule_gen(comm, obj.src, obj.dst, obj.prio, obj.table, obj.fwmark, obj.flag) + os.execute(comm) + + local file = io.open("/etc/rule_cr.info", "a+") + local rule_str = input_format(obj.name, obj.src, obj.dst, obj.prio, obj.table, obj.fwmark, obj.flag) + file:write(rule_str, "\n") + file:close() + luci.http.prepare_content("application/json") + luci.http.write_json(obj) +end + +-- Delete +function delete_rule() + local uri_list = utils.get_URI_list(7) + if uri_list == nil then + return + end + local name = uri_list[#uri_list] + local file = io.open("/etc/rule_cr.info", "r") + local content = {} + for line in file:lines() do + local message = split(line, ',') + if name ~= message[1] then + content[#content+1] = line + else + local comm = "ip rule del " + comm = rule_gen(comm, message[2], message[3], message[4], message[5], message[6], message[7]) + os.execute(comm) + end + end + file:close() + local file = io.open("/etc/rule_cr.info", "w+") + for i = 1, #content do + file:write(content[i], "\n") + end + file:close() +end + +-- Update +function update_rule() + local uri_list = utils.get_URI_list(7) + if uri_list == nil then + return + end + local name = uri_list[#uri_list] + local obj = utils.get_request_body_object() + if obj == nil then + utils.response_error(400, "Rule CR not found") + return + end + if obj.name ~= name then + utils.response_error(400, "Rule CR name mismatch") + return + end + if not is_valid_format(obj.src, obj.dst, obj.prio, obj.table, obj.fwmark) then + utils.response_error(400, "Invalid rule format") + return + end + + local file = io.open("/etc/rule_cr.info", "r") + local content = {} + local is_found = false + for line in file:lines() do + local message = split(line, ',') + if name ~= message[1] then + content[#content+1] = line + else + is_found = true + local pre_comm = "ip rule del " + pre_comm = rule_gen(pre_comm, message[2], message[3], message[4], message[5], message[6], message[7]) + os.execute(pre_comm) + local post_comm = "ip rule add " + post_comm = rule_gen(post_comm, obj.src, obj.dst, obj.prio, obj.table, obj.fwmark, obj.flag) + os.execute(post_comm) + content[#content+1] = input_format(obj.name, obj.src, obj.dst, obj.prio, obj.table, obj.fwmark, obj.flag) + end + end + file:close() + + if not is_found then + utils.response_error(404, "Cannot find ".."Rule ".."[".. name.."]".." to update." ) + return + end + + local file = io.open("/etc/rule_cr.info", "w+") + for i = 1, #content do + file:write(content[i], "\n") + end + file:close() + luci.http.prepare_content("application/json") + luci.http.write_json(obj) +end + +-- Get +function get_rule() + local uri_list = utils.get_URI_list() + local file = io.open("/etc/rule_cr.info", "r") + if #uri_list == 6 then + local objs = {} + objs["rules"] = {} + for line in file:lines() do + local message = split(line, ',') + local obj = {} + obj["name"] = message[1] + obj["src"] = message[2] + obj["dst"] = message[3] + obj["prio"] = message[4] + obj["table"] = message[5] + obj["fwmark"] = message[6] + if message[7] == "false" then + obj["flag"] = false + else + obj["flag"] = true + end + table.insert(objs["rules"], obj) + end + luci.http.prepare_content("application/json") + luci.http.write_json(objs) + elseif #uri_list == 7 then + local name = uri_list[#uri_list] + local no = true + for line in file:lines() do + local message = split(line, ',') + if name == message[1] then + no = false + local obj = {} + obj["name"] = message[1] + obj["src"] = message[2] + obj["dst"] = message[3] + obj["prio"] = message[4] + obj["table"] = message[5] + obj["fwmark"] = message[6] + if message[7] == "false" then + obj["flag"] = false + else + obj["flag"] = true + end + luci.http.prepare_content("application/json") + luci.http.write_json(obj) + break + end + end + if no then + utils.response_error(404, "Cannot find ".."Rule CR ".."[".. name.."]" ) + end + else + utils.response_error(400, "Bad request URI") + end + file:close() +end + +-- Sync and validate +function split(str,reps) + local arr = {} + string.gsub(str,'[^'..reps..']+',function(w) + table.insert(arr, w) + end) + return arr +end + +function is_duplicated(name, src, dst) + local file = io.open("/etc/rule_cr.info", "r") + local judge = false + for line in file:lines() do + local message = split(line, ',') + if name == message[1] then + judge = true + break + end + if src == "" then + src = "NULL" + end + if dst == "" then + dst = "NULL" + end + if src == message[2] and dst == message[3] then + judge = true + break + end + end + file:close() + return judge +end + +function is_valid_format(src, dst, prio, table, fwmark) + local judge = true + if src == "" and dst == "" then + judge = false + elseif src == "" then + judge = utils.is_valid_ip(dst) + elseif dst == "" then + judge = utils.is_valid_ip(src) + else + judge = utils.is_valid_ip(dst) and utils.is_valid_ip(src) + end + + if prio ~= "" then + judge = judge and utils.is_integer_and_in_range(prio, 0) + end + + if fwmark ~= "" then + local num = tonumber(fwmark, 16) + if not num then + judge = false + elseif string.len(fwmark) > 10 then + judge = false + end + end + + if table == "main" or table == "local" or table == "default" or table == "" then + return judge + else + table_id = get_table_id(table) + judge = judge and utils.is_integer_and_in_range(table_id, 0) + return judge + end +end + +function rule_gen(comm, src, dst, prio, table, fwmark, flag) + if tostring(flag) == "true" then + comm = comm.."not " + end + if prio ~= "" and prio ~= "NULL" then + comm = comm.."prio "..prio.." " + end + if src == "" or src == "NULL" then + comm = comm.."to "..dst.." " + elseif dst == "" or dst == "NULL" then + comm = comm.."from "..src.." " + else + comm = comm.."from "..src.." to "..dst.." " + end + local table_id = get_table_id(table) + comm = comm.."lookup "..table_id + if fwmark ~= "" and fwmark ~= "NULL" then + comm = comm.." fwmark "..fwmark + end + return comm +end + +function get_table_id(table) + --TODO + local table_id = table + if table == "" then + table_id = "main" + end + return table_id +end + +function input_format(name, src, dst, prio, table, fwmark, flag) + local str = name + if src == "" then + str = str..",".."NULL" + else + str = str..","..src + end + if dst == "" then + str = str..",".."NULL" + else + str = str..","..dst + end + if prio == "" then + str = str..",".."NULL" + else + str = str..","..prio + end + str = str..","..get_table_id(table) + if fwmark == "" then + str = str..",".."NULL" + else + str = str..","..fwmark + end + str = str..","..tostring(flag) + return str +end diff --git a/platform/cnf/src/rest_v1/service.lua b/platform/cnf-openwrt/src/rest_v1/service.lua similarity index 95% rename from platform/cnf/src/rest_v1/service.lua rename to platform/cnf-openwrt/src/rest_v1/service.lua index b2de70c..8797558 100644 --- a/platform/cnf/src/rest_v1/service.lua +++ b/platform/cnf-openwrt/src/rest_v1/service.lua @@ -1,5 +1,5 @@ --- Copyright 2020 Intel Corporation, Inc --- Licensed to the public under the Apache License 2.0. +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation module("luci.controller.rest_v1.service", package.seeall) diff --git a/platform/cnf/src/rest_v1/status_rest.lua b/platform/cnf-openwrt/src/rest_v1/status_rest.lua similarity index 96% rename from platform/cnf/src/rest_v1/status_rest.lua rename to platform/cnf-openwrt/src/rest_v1/status_rest.lua index c05001a..a641688 100644 --- a/platform/cnf/src/rest_v1/status_rest.lua +++ b/platform/cnf-openwrt/src/rest_v1/status_rest.lua @@ -1,5 +1,5 @@ --- Copyright 2020 Intel Corporation, Inc --- Licensed to the public under the Apache License 2.0. +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation module("luci.controller.rest_v1.status_rest", package.seeall) diff --git a/platform/cnf/src/rest_v1/svc_rest.lua b/platform/cnf-openwrt/src/rest_v1/svc_rest.lua similarity index 98% rename from platform/cnf/src/rest_v1/svc_rest.lua rename to platform/cnf-openwrt/src/rest_v1/svc_rest.lua index d6b4ad8..2bf515b 100644 --- a/platform/cnf/src/rest_v1/svc_rest.lua +++ b/platform/cnf-openwrt/src/rest_v1/svc_rest.lua @@ -1,5 +1,5 @@ --- Copyright 2020 Intel Corporation, Inc --- Licensed to the public under the Apache License 2.0. +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation module("luci.controller.rest_v1.svc_rest", package.seeall) diff --git a/platform/cnf/src/rest_v1/utils.lua b/platform/cnf-openwrt/src/rest_v1/utils.lua similarity index 99% rename from platform/cnf/src/rest_v1/utils.lua rename to platform/cnf-openwrt/src/rest_v1/utils.lua index 1e4b488..99cb307 100644 --- a/platform/cnf/src/rest_v1/utils.lua +++ b/platform/cnf-openwrt/src/rest_v1/utils.lua @@ -1,5 +1,5 @@ --- Copyright 2020 Intel Corporation, Inc --- Licensed to the public under the Apache License 2.0. +--- SPDX-License-Identifier: Apache-2.0 +--- Copyright (c) 2021 Intel Corporation module("luci.controller.rest_v1.utils", package.seeall) diff --git a/platform/cnf/src/route_cr.info b/platform/cnf-openwrt/src/route_cr.info similarity index 100% rename from platform/cnf/src/route_cr.info rename to platform/cnf-openwrt/src/route_cr.info diff --git a/platform/cnf-openwrt/src/rule_cr.info b/platform/cnf-openwrt/src/rule_cr.info new file mode 100644 index 0000000..e69de29 diff --git a/platform/cnf/src/sdewan.user b/platform/cnf-openwrt/src/sdewan.user similarity index 100% rename from platform/cnf/src/sdewan.user rename to platform/cnf-openwrt/src/sdewan.user diff --git a/platform/cnf/src/sdewan_svc.info b/platform/cnf-openwrt/src/sdewan_svc.info similarity index 100% rename from platform/cnf/src/sdewan_svc.info rename to platform/cnf-openwrt/src/sdewan_svc.info diff --git a/platform/cnf-openwrt/src/set_proxy b/platform/cnf-openwrt/src/set_proxy new file mode 100644 index 0000000..11a595d --- /dev/null +++ b/platform/cnf-openwrt/src/set_proxy @@ -0,0 +1,4 @@ +#SPDX-License-Identifier: Apache-2.0 +#Copyright (c) 2021 Intel Corporation +# set docker proxy with below line +#docker_proxy= diff --git a/platform/cnf/src/system b/platform/cnf-openwrt/src/system similarity index 100% rename from platform/cnf/src/system rename to platform/cnf-openwrt/src/system diff --git a/platform/cnf/src/updown b/platform/cnf-openwrt/src/updown similarity index 58% rename from platform/cnf/src/updown rename to platform/cnf-openwrt/src/updown index 2ca547e..85dde1f 100755 --- a/platform/cnf/src/updown +++ b/platform/cnf-openwrt/src/updown @@ -1,16 +1,19 @@ #!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # set charon.install_virtual_ip = no to prevent the daemon from also installing the VIP set -o nounset set -o errexit -MARK=`echo ${PLUTO_MARK_IN} | cut -d'/' -f1` -VTI_IF="vti${MARK}" +NET_IF=`ip a | grep ${PLUTO_ME} | grep inet | cut -d' ' -f 11` +VTI_IF="vti_${NET_IF}" case "${PLUTO_VERB}" in up-host) - ip tunnel add "${VTI_IF}" local "${PLUTO_ME}" remote "${PLUTO_PEER}" mode vti \ + #ip tunnel add "${VTI_IF}" local "${PLUTO_ME}" remote "${PLUTO_PEER}" mode vti \ + ip tunnel add "${VTI_IF}" local "${PLUTO_ME}" remote 0.0.0.0 mode vti \ key "${PLUTO_MARK_OUT%%/*}" ip link set "${VTI_IF}" up ip route add "${PLUTO_PEER_SOURCEIP}" dev "${VTI_IF}" src "${PLUTO_ME}" diff --git a/platform/cnf/src/updown_oip b/platform/cnf-openwrt/src/updown_oip similarity index 84% rename from platform/cnf/src/updown_oip rename to platform/cnf-openwrt/src/updown_oip index 82cb40f..4ab6148 100755 --- a/platform/cnf/src/updown_oip +++ b/platform/cnf-openwrt/src/updown_oip @@ -1,12 +1,14 @@ #!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # set charon.install_virtual_ip = no to prevent the daemon from also installing the VIP set -o nounset set -o errexit -MARK=`echo ${PLUTO_MARK_IN} | cut -d'/' -f1` -VTI_IF="vti${MARK}" +NET_IF=`ip a | grep ${PLUTO_ME} | grep inet | cut -d' ' -f 11` +VTI_IF="vti_${NET_IF}" case "${PLUTO_VERB}" in up-client) diff --git a/platform/cnf/doc/README.md b/platform/cnf/doc/README.md deleted file mode 100644 index 1a66960..0000000 --- a/platform/cnf/doc/README.md +++ /dev/null @@ -1 +0,0 @@ -# SDEWAN CNF documents diff --git a/platform/cnf/examples/README.md b/platform/cnf/examples/README.md deleted file mode 100644 index bd2f498..0000000 --- a/platform/cnf/examples/README.md +++ /dev/null @@ -1 +0,0 @@ -# SDEWAN CNF examples diff --git a/platform/cnf/src/set_proxy b/platform/cnf/src/set_proxy deleted file mode 100644 index 1ad2350..0000000 --- a/platform/cnf/src/set_proxy +++ /dev/null @@ -1,2 +0,0 @@ -# set docker proxy with below line -#docker_proxy= diff --git a/platform/crd-ctrlr/README.md b/platform/crd-ctrlr/README.md index 51013e9..7e92170 100644 --- a/platform/crd-ctrlr/README.md +++ b/platform/crd-ctrlr/README.md @@ -1,3 +1,8 @@ +``` +SPDX-License-Identifier: Apache-2.0 +Copyright (c) 2021 Intel Corporation +``` + # Sdewan operator The sdewan operator is developed under kubebuilder framework @@ -14,7 +19,7 @@ After clone the repo, please change into directory `platform/crd-ctrlr`. We are going to run command from this directory in the deployment guide. The installation steps for Sdewan operator: -1. kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.11.0/cert-manager.yaml --validate=false +1. kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml 2. kubectl apply -f examples/sdewan-controller.yaml Sample deployment of CNF: @@ -118,6 +123,11 @@ make gen-yaml IMG="integratedcloudnative/sdewan-controller:dev" - IpsecProposal - IpsecHost - IpsecSite + - SdewanApplication + - CNFService + - CNFRoute + - CNFRouteRule + - CNFStatus ### NOTEs diff --git a/platform/crd-ctrlr/doc/README.md b/platform/crd-ctrlr/doc/README.md index 3029688..7a9091d 100644 --- a/platform/crd-ctrlr/doc/README.md +++ b/platform/crd-ctrlr/doc/README.md @@ -1 +1,6 @@ +``` +SPDX-License-Identifier: Apache-2.0 +Copyright (c) 2021 Intel Corporation +``` + # SDEWAN crd-ctrlr document diff --git a/platform/crd-ctrlr/examples/README.md b/platform/crd-ctrlr/examples/README.md index b21f456..c20e7aa 100644 --- a/platform/crd-ctrlr/examples/README.md +++ b/platform/crd-ctrlr/examples/README.md @@ -1,3 +1,8 @@ +``` +SPDX-License-Identifier: Apache-2.0 +Copyright (c) 2021 Intel Corporation +``` + # SDEWAN crd-ctrlr examples ## To deploy an example CNF diff --git a/platform/crd-ctrlr/examples/attach-network-ovn.yaml b/platform/crd-ctrlr/examples/attach-network-ovn.yaml index cb1102a..f0753d2 100644 --- a/platform/crd-ctrlr/examples/attach-network-ovn.yaml +++ b/platform/crd-ctrlr/examples/attach-network-ovn.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition diff --git a/platform/crd-ctrlr/examples/clusterrole-allow-intent.yaml b/platform/crd-ctrlr/examples/clusterrole-allow-intent.yaml index 102f2dd..6e9efef 100644 --- a/platform/crd-ctrlr/examples/clusterrole-allow-intent.yaml +++ b/platform/crd-ctrlr/examples/clusterrole-allow-intent.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/platform/crd-ctrlr/examples/clusterrolebinding-allow-sa-intent.yaml b/platform/crd-ctrlr/examples/clusterrolebinding-allow-sa-intent.yaml index 5b5ebd1..8f7bc55 100644 --- a/platform/crd-ctrlr/examples/clusterrolebinding-allow-sa-intent.yaml +++ b/platform/crd-ctrlr/examples/clusterrolebinding-allow-sa-intent.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: rbac.authorization.k8s.io/v1 # This role binding allows "jane" to read pods in the "default" namespace. # You need to already have a Role named "pod-reader" in that namespace. diff --git a/platform/crd-ctrlr/examples/cnf-deployment-older-than-1.16.yaml b/platform/crd-ctrlr/examples/cnf-deployment-older-than-1.16.yaml index 3e07b4e..b16c7af 100644 --- a/platform/crd-ctrlr/examples/cnf-deployment-older-than-1.16.yaml +++ b/platform/crd-ctrlr/examples/cnf-deployment-older-than-1.16.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: v1 data: diff --git a/platform/crd-ctrlr/examples/cnf-deployment.yaml b/platform/crd-ctrlr/examples/cnf-deployment.yaml index 6d5a01a..8b72fb5 100644 --- a/platform/crd-ctrlr/examples/cnf-deployment.yaml +++ b/platform/crd-ctrlr/examples/cnf-deployment.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: v1 data: diff --git a/platform/crd-ctrlr/examples/create_serviceaccount.sh b/platform/crd-ctrlr/examples/create_serviceaccount.sh index 3b1f6b1..0cb0bb3 100755 --- a/platform/crd-ctrlr/examples/create_serviceaccount.sh +++ b/platform/crd-ctrlr/examples/create_serviceaccount.sh @@ -1,9 +1,13 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation + NAME=test kubectl create serviceaccount $NAME -SECRET_NAME=`kubectl get sa $NAME -o jsonpath='{.secrets[0].name}'` -TOKEN=`kubectl get secret $SECRET_NAME -o jsonpath='{.data.token}' | base64 -d` +SECRET_NAME=$(kubectl get sa $NAME -o jsonpath='{.secrets[0].name}') +TOKEN=$(kubectl get secret "$SECRET_NAME" -o jsonpath='{.data.token}' | base64 -d) kubectl config view --raw > ~/$NAME.conf -kubectl --kubeconfig ~/$NAME.conf config rename-context `kubectl --kubeconfig ~/$NAME.conf config current-context` $NAME -kubectl --kubeconfig ~/$NAME.conf config set-credentials sa-$NAME --token $TOKEN +kubectl --kubeconfig ~/$NAME.conf config rename-context "$(kubectl --kubeconfig ~/$NAME.conf config current-context)" $NAME +kubectl --kubeconfig ~/$NAME.conf config set-credentials sa-$NAME --token "$TOKEN" kubectl --kubeconfig ~/$NAME.conf config set-context $NAME --user sa-$NAME diff --git a/platform/crd-ctrlr/examples/ovn-net1.yaml b/platform/crd-ctrlr/examples/ovn-net1.yaml index b9a49df..dcfc913 100644 --- a/platform/crd-ctrlr/examples/ovn-net1.yaml +++ b/platform/crd-ctrlr/examples/ovn-net1.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: k8s.plugin.opnfv.org/v1alpha1 kind: Network metadata: diff --git a/platform/crd-ctrlr/examples/ovn-net2.yaml b/platform/crd-ctrlr/examples/ovn-net2.yaml index 7585b50..a41ad5e 100644 --- a/platform/crd-ctrlr/examples/ovn-net2.yaml +++ b/platform/crd-ctrlr/examples/ovn-net2.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: k8s.plugin.opnfv.org/v1alpha1 kind: Network metadata: diff --git a/platform/crd-ctrlr/examples/ovn-provnet.yaml b/platform/crd-ctrlr/examples/ovn-provnet.yaml index e8793c6..d9e1f4c 100644 --- a/platform/crd-ctrlr/examples/ovn-provnet.yaml +++ b/platform/crd-ctrlr/examples/ovn-provnet.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: k8s.plugin.opnfv.org/v1alpha1 kind: ProviderNetwork metadata: diff --git a/platform/crd-ctrlr/examples/role-allow-intent-in-default-namespace.yaml b/platform/crd-ctrlr/examples/role-allow-intent-in-default-namespace.yaml index ce58dd5..bdba21a 100644 --- a/platform/crd-ctrlr/examples/role-allow-intent-in-default-namespace.yaml +++ b/platform/crd-ctrlr/examples/role-allow-intent-in-default-namespace.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/platform/crd-ctrlr/examples/rolebinding-allow-sa-intent-in-default-namespace.yaml b/platform/crd-ctrlr/examples/rolebinding-allow-sa-intent-in-default-namespace.yaml index de53311..3fe257f 100644 --- a/platform/crd-ctrlr/examples/rolebinding-allow-sa-intent-in-default-namespace.yaml +++ b/platform/crd-ctrlr/examples/rolebinding-allow-sa-intent-in-default-namespace.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: rbac.authorization.k8s.io/v1 # This role binding allows "jane" to read pods in the "default" namespace. # You need to already have a Role named "pod-reader" in that namespace. diff --git a/platform/crd-ctrlr/src/Dockerfile b/platform/crd-ctrlr/src/Dockerfile index 2775e84..c4190a7 100644 --- a/platform/crd-ctrlr/src/Dockerfile +++ b/platform/crd-ctrlr/src/Dockerfile @@ -1,5 +1,7 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # Build the manager binary -FROM golang:1.13 as builder +FROM golang:1.16 as builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/platform/crd-ctrlr/src/Makefile b/platform/crd-ctrlr/src/Makefile index 23bfa7b..ec0974d 100644 --- a/platform/crd-ctrlr/src/Makefile +++ b/platform/crd-ctrlr/src/Makefile @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # Image URL to use all building/pushing image targets IMG ?= integratedcloudnative/sdewan-controller:dev @@ -28,13 +30,13 @@ run: generate fmt vet manifests # Install CRDs into a cluster install: manifests kustomize build config/crd | kubectl apply -f - - kubectl apply -f config/local/webhook_config.yaml - cp -r ../examples/tmp/k8s-webhook-server /tmp/ +# kubectl apply -f config/local/webhook_config.yaml +# cp -r ../examples/tmp/k8s-webhook-server /tmp/ # Uninstall CRDs from a cluster uninstall: manifests kustomize build config/crd | kubectl delete -f - - kubectl delete -f config/local/webhook_config.yaml +# kubectl delete -f config/local/webhook_config.yaml # Deploy controller in the configured Kubernetes cluster in ~/.kube/config deploy: manifests uninstall @@ -58,6 +60,10 @@ fmt: vet: go vet ./... +# Run go race against code +race: + go build -race -o bin/manager_race main.go + # Generate code generate: controller-gen $(CONTROLLER_GEN) object:headerFile=./hack/boilerplate.go.txt paths="./..." diff --git a/platform/crd-ctrlr/src/PROJECT b/platform/crd-ctrlr/src/PROJECT index eee5715..efe9328 100644 --- a/platform/crd-ctrlr/src/PROJECT +++ b/platform/crd-ctrlr/src/PROJECT @@ -43,4 +43,7 @@ resources: - group: batch kind: CNFRoute version: v1alpha1 +- group: batch + kind: CNFRouteRule + version: v1alpha1 version: "2" diff --git a/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go b/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go index aeff1f4..bfee6ac 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( @@ -30,7 +17,7 @@ import ( "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - logf "sigs.k8s.io/controller-runtime/pkg/runtime/log" + logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -45,7 +32,7 @@ func SetupBucketPermissionWebhookWithManager(mgr ctrl.Manager) error { return nil } -// +kubebuilder:webhook:path=/validate-sdewan-bucket-permission,mutating=false,failurePolicy=fail,groups="batch.sdewan.akraino.org",resources=mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfservice;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=create;update;delete,versions=v1alpha1,name=validate-sdewan-bucket.akraino.org +// +kubebuilder:webhook:path=/validate-sdewan-bucket-permission,mutating=false,failurePolicy=fail,groups="batch.sdewan.akraino.org",resources=mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfservice;cnfstatuses;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=create;update;delete,versions=v1alpha1,name=validate-sdewan-bucket.akraino.org // bucketPermissionValidator validates Pods type bucketPermissionValidator struct { @@ -105,12 +92,14 @@ func (v *bucketPermissionValidator) Handle(ctx context.Context, req admission.Re obj = &IpsecSite{} case "CNFService": obj = &CNFService{} + case "CNFStatus": + obj = &CNFStatus{} case "SdewanApplication": obj = &SdewanApplication{} default: return admission.Errored( http.StatusBadRequest, - errors.New(fmt.Sprintf("Kind is not supported: %v", req.Kind))) + fmt.Errorf("Kind is not supported: %v", req.Kind)) } if req.Operation == "CREATE" || req.Operation == "UPDATE" { diff --git a/platform/crd-ctrlr/src/api/v1alpha1/cnfroute_types.go b/platform/crd-ctrlr/src/api/v1alpha1/cnfroute_types.go index 8cceaa9..6616139 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/cnfroute_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/cnfroute_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( diff --git a/platform/crd-ctrlr/src/api/v1alpha1/cnfrouterule_types.go b/platform/crd-ctrlr/src/api/v1alpha1/cnfrouterule_types.go new file mode 100644 index 0000000..5011ef1 --- /dev/null +++ b/platform/crd-ctrlr/src/api/v1alpha1/cnfrouterule_types.go @@ -0,0 +1,51 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// CNFRouteRuleSpec defines the desired state of CNFRouteRule +type CNFRouteRuleSpec struct { + // +kubebuilder:validation:Default:="" + Src string `json:"src,omitempty"` + // +kubebuilder:validation:Default:="" + Dst string `json:"dst,omitempty"` + // +kubebuilder:validation:Default:=false + Not bool `json:"not,omitempty"` + // +kubebuilder:validation:Default:="" + Prio string `json:"prio,omitempty"` + // +kubebuilder:validation:Default:="" + Fwmark string `json:"fwmark,omitempty"` + // +kubebuilder:validation:Default:="" + Table string `json:"table,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// CNFRouteRule is the Schema for the cnfrouterules API +type CNFRouteRule struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec CNFRouteRuleSpec `json:"spec,omitempty"` + Status SdewanStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// CNFRouteRuleList contains a list of CNFRouteRule +type CNFRouteRuleList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []CNFRouteRule `json:"items"` +} + +func init() { + SchemeBuilder.Register(&CNFRouteRule{}, &CNFRouteRuleList{}) +} diff --git a/platform/crd-ctrlr/src/api/v1alpha1/cnfservice_types.go b/platform/crd-ctrlr/src/api/v1alpha1/cnfservice_types.go index 10660c1..7f90bec 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/cnfservice_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/cnfservice_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( diff --git a/platform/crd-ctrlr/src/api/v1alpha1/cnfstatus_types.go b/platform/crd-ctrlr/src/api/v1alpha1/cnfstatus_types.go index 927b527..12c2796 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/cnfstatus_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/cnfstatus_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( @@ -28,7 +15,7 @@ type CNFStatusSpec struct { // Important: Run "make" to regenerate code after modifying this file } -// CNFStatusInformation defines the runtime information of a CMF +// CNFStatusInformation defines the runtime information of a CNF type CNFStatusInformation struct { Name string `json:"name"` NameSpace string `json:"namespace,omitempty"` diff --git a/platform/crd-ctrlr/src/api/v1alpha1/common_types.go b/platform/crd-ctrlr/src/api/v1alpha1/common_types.go index 7c646a2..0250fb7 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/common_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/common_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( @@ -23,10 +10,10 @@ type SdewanState string const ( InSync SdewanState = "In Sync" - Idle = "Idle" - Applying = "Trying to apply" - Deleting = "Being delete" - Unknown = "Unknown status" + Idle SdewanState = "Idle" + Applying SdewanState = "Trying to apply" + Deleting SdewanState = "Being delete" + Unknown SdewanState = "Unknown status" ) // status subsource used for Sdewan rule CRDs diff --git a/platform/crd-ctrlr/src/api/v1alpha1/firewalldnat_types.go b/platform/crd-ctrlr/src/api/v1alpha1/firewalldnat_types.go index 099d892..30002f0 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/firewalldnat_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/firewalldnat_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( diff --git a/platform/crd-ctrlr/src/api/v1alpha1/firewallforwarding_types.go b/platform/crd-ctrlr/src/api/v1alpha1/firewallforwarding_types.go index 2f1e264..d01ff18 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/firewallforwarding_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/firewallforwarding_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( diff --git a/platform/crd-ctrlr/src/api/v1alpha1/firewallrule_types.go b/platform/crd-ctrlr/src/api/v1alpha1/firewallrule_types.go index a2ddd53..f9ad729 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/firewallrule_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/firewallrule_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( diff --git a/platform/crd-ctrlr/src/api/v1alpha1/firewallsnat_types.go b/platform/crd-ctrlr/src/api/v1alpha1/firewallsnat_types.go index 4969fb8..e56307e 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/firewallsnat_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/firewallsnat_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( diff --git a/platform/crd-ctrlr/src/api/v1alpha1/firewallzone_types.go b/platform/crd-ctrlr/src/api/v1alpha1/firewallzone_types.go index e08a17e..5058745 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/firewallzone_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/firewallzone_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( diff --git a/platform/crd-ctrlr/src/api/v1alpha1/groupversion_info.go b/platform/crd-ctrlr/src/api/v1alpha1/groupversion_info.go index 2d9b3fe..e9309fc 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/groupversion_info.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/groupversion_info.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation // Package v1alpha1 contains API Schema definitions for the batch v1alpha1 API group // +kubebuilder:object:generate=true // +groupName=batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/api/v1alpha1/ipsechost_types.go b/platform/crd-ctrlr/src/api/v1alpha1/ipsechost_types.go index a51d685..af00a53 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/ipsechost_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/ipsechost_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( diff --git a/platform/crd-ctrlr/src/api/v1alpha1/ipsecproposal_types.go b/platform/crd-ctrlr/src/api/v1alpha1/ipsecproposal_types.go index cb39ea6..c92e205 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/ipsecproposal_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/ipsecproposal_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( diff --git a/platform/crd-ctrlr/src/api/v1alpha1/ipsecsite_types.go b/platform/crd-ctrlr/src/api/v1alpha1/ipsecsite_types.go index f0ef2fb..50dada9 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/ipsecsite_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/ipsecsite_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( diff --git a/platform/crd-ctrlr/src/api/v1alpha1/label_validate_webhook.go b/platform/crd-ctrlr/src/api/v1alpha1/label_validate_webhook.go index ac388d9..ac97f94 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/label_validate_webhook.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/label_validate_webhook.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( @@ -27,13 +14,13 @@ import ( "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - logf "sigs.k8s.io/controller-runtime/pkg/runtime/log" + //logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) // log is for logging in this package. -var label_check_log = logf.Log.WithName("label-validator") +//var label_check_log = logf.Log.WithName("label-validator") func SetupLabelValidateWebhookWithManager(mgr ctrl.Manager) error { mgr.GetWebhookServer().Register( @@ -42,7 +29,7 @@ func SetupLabelValidateWebhookWithManager(mgr ctrl.Manager) error { return nil } -// +kubebuilder:webhook:path=/validate-label,mutating=false,failurePolicy=fail,groups=apps;batch.sdewan.akraino.org,resources=deployments;mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfservice;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=update,versions=v1;v1alpha1,name=validate-label.akraino.org +// +kubebuilder:webhook:path=/validate-label,mutating=false,failurePolicy=fail,groups=apps;batch.sdewan.akraino.org,resources=deployments;mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfservice;cnfstatuses;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=update,versions=v1;v1alpha1,name=validate-label.akraino.org type labelValidator struct { Client client.Client @@ -76,12 +63,14 @@ func (v *labelValidator) Handle(ctx context.Context, req admission.Request) admi obj = &IpsecSite{} case "CNFService": obj = &CNFService{} + case "CNFStatus": + obj = &CNFStatus{} case "SdewanApplication": obj = &SdewanApplication{} default: return admission.Errored( http.StatusBadRequest, - errors.New(fmt.Sprintf("Kind is not supported: %v", req.Kind))) + fmt.Errorf("Kind is not supported: %v", req.Kind)) } if req.Operation != "UPDATE" { @@ -96,7 +85,7 @@ func (v *labelValidator) Handle(ctx context.Context, req admission.Request) admi return admission.Errored(http.StatusBadRequest, errors.New("object Decode error")) } if old_value != new_value { - return admission.Denied(fmt.Sprintf("Label 'sdewanPurpose' is immutable")) + return admission.Denied("Label 'sdewanPurpose' is immutable") } return admission.Allowed("") } diff --git a/platform/crd-ctrlr/src/api/v1alpha1/mwan3policy_types.go b/platform/crd-ctrlr/src/api/v1alpha1/mwan3policy_types.go index 836e478..aab00c0 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/mwan3policy_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/mwan3policy_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( diff --git a/platform/crd-ctrlr/src/api/v1alpha1/mwan3rule_types.go b/platform/crd-ctrlr/src/api/v1alpha1/mwan3rule_types.go index 327d925..7eda8d8 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/mwan3rule_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/mwan3rule_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( diff --git a/platform/crd-ctrlr/src/api/v1alpha1/sdewanapplication_types.go b/platform/crd-ctrlr/src/api/v1alpha1/sdewanapplication_types.go index 1a70918..01f6b5a 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/sdewanapplication_types.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/sdewanapplication_types.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package v1alpha1 import ( diff --git a/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go b/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go index cf75319..685a559 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go @@ -1,19 +1,7 @@ // +build !ignore_autogenerated -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation // Code generated by controller-gen. DO NOT EDIT. @@ -127,6 +115,80 @@ func (in *CNFRouteList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CNFRouteRule) DeepCopyInto(out *CNFRouteRule) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNFRouteRule. +func (in *CNFRouteRule) DeepCopy() *CNFRouteRule { + if in == nil { + return nil + } + out := new(CNFRouteRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CNFRouteRule) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CNFRouteRuleList) DeepCopyInto(out *CNFRouteRuleList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CNFRouteRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNFRouteRuleList. +func (in *CNFRouteRuleList) DeepCopy() *CNFRouteRuleList { + if in == nil { + return nil + } + out := new(CNFRouteRuleList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CNFRouteRuleList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CNFRouteRuleSpec) DeepCopyInto(out *CNFRouteRuleSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNFRouteRuleSpec. +func (in *CNFRouteRuleSpec) DeepCopy() *CNFRouteRuleSpec { + if in == nil { + return nil + } + out := new(CNFRouteRuleSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CNFRouteSpec) DeepCopyInto(out *CNFRouteSpec) { *out = *in diff --git a/platform/crd-ctrlr/src/basehandler/isdewanhandler.go b/platform/crd-ctrlr/src/basehandler/isdewanhandler.go index 04529e4..21fa80b 100644 --- a/platform/crd-ctrlr/src/basehandler/isdewanhandler.go +++ b/platform/crd-ctrlr/src/basehandler/isdewanhandler.go @@ -1,18 +1,5 @@ -/* - * Copyright 2020 Intel Corporation, Inc - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package basehandler diff --git a/platform/crd-ctrlr/src/cnfprovider/openprovider.go b/platform/crd-ctrlr/src/cnfprovider/openprovider.go index 69401b3..9147948 100644 --- a/platform/crd-ctrlr/src/cnfprovider/openprovider.go +++ b/platform/crd-ctrlr/src/cnfprovider/openprovider.go @@ -1,18 +1,5 @@ -/* - * Copyright 2020 Intel Corporation, Inc - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package cnfprovider @@ -27,6 +14,7 @@ import ( "sdewan.akraino.org/sdewan/openwrt" "sigs.k8s.io/controller-runtime/pkg/client" logf "sigs.k8s.io/controller-runtime/pkg/log" + "strings" ) var log = logf.Log.WithName("OpenWrtProvider") @@ -38,6 +26,43 @@ type OpenWrtProvider struct { K8sClient client.Client } +func getDataFromSecret(r client.Client, ns string, name string, key string) []byte { + instance := &corev1.Secret{} + err := r.Get(context.Background(), client.ObjectKey{ + Namespace: ns, + Name: name, + }, instance) + + if err != nil { + log.Error(err, "Get Data from secret") + return []byte{} + } + + return instance.Data[key] +} + +func CreateOpenwrtClient(pod corev1.Pod, r client.Client) *openwrt.OpenwrtClientInfo { + user := "root" + pass := "" + ip := pod.Status.PodIP + cert := []byte{} + if account_secret, ok := pod.ObjectMeta.Labels["cnf-account-secret"]; ok { + pass = string(getDataFromSecret(r, pod.ObjectMeta.Namespace, account_secret, "password")) + } + + if cert_secret, ok := pod.ObjectMeta.Labels["cnf-cert-secret"]; ok { + ip = strings.Replace(ip, ".", "-", -1) + "." + pod.ObjectMeta.Namespace + ".pod.cluster.local" + cert = getDataFromSecret(r, pod.ObjectMeta.Namespace, cert_secret, "ca.crt") + } + + return &openwrt.OpenwrtClientInfo{ + Ip: ip, + User: user, + Password: string(pass), + RootCA: cert, + } +} + func NewOpenWrt(namespace string, sdewanPurpose string, k8sClient client.Client) (*OpenWrtProvider, error) { ctx := context.Background() deployments := &appsv1.DeploymentList{} @@ -64,7 +89,7 @@ func (p *OpenWrtProvider) AddOrUpdateObject(handler basehandler.ISdewanHandler, return false, err } if len(ReplicaSetList.Items) != 1 { - return false, errors.New(fmt.Sprintf("More than one of repicaset exist with label: sdewanPurpose=%s", p.SdewanPurpose)) + return false, fmt.Errorf("More than one of repicaset exist with label: sdewanPurpose=%s", p.SdewanPurpose) } podList := &corev1.PodList{} err = p.K8sClient.List(ctx, podList, client.MatchingFields{"OwnBy": ReplicaSetList.Items[0].ObjectMeta.Name}) @@ -80,7 +105,7 @@ func (p *OpenWrtProvider) AddOrUpdateObject(handler basehandler.ISdewanHandler, if pod.Status.PodIP == "" { return false, errors.New("The target pod doesn't have an IP address") } - clientInfo := &openwrt.OpenwrtClientInfo{Ip: pod.Status.PodIP, User: "root", Password: ""} + clientInfo := CreateOpenwrtClient(pod, p.K8sClient) runtime_instance, err := handler.GetObject(clientInfo, new_instance.GetName()) changed := false @@ -127,7 +152,7 @@ func (p *OpenWrtProvider) DeleteObject(handler basehandler.ISdewanHandler, insta } cnfChanged := false for _, pod := range podList.Items { - clientInfo := &openwrt.OpenwrtClientInfo{Ip: pod.Status.PodIP, User: "root", Password: ""} + clientInfo := CreateOpenwrtClient(pod, p.K8sClient) runtime_instance, err := handler.GetObject(clientInfo, handler.GetName(instance)) if err != nil { err2, ok := err.(*openwrt.OpenwrtError) diff --git a/platform/crd-ctrlr/src/config/certmanager/certificate.yaml b/platform/crd-ctrlr/src/config/certmanager/certificate.yaml index 237c937..8954094 100644 --- a/platform/crd-ctrlr/src/config/certmanager/certificate.yaml +++ b/platform/crd-ctrlr/src/config/certmanager/certificate.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following manifests contain a self-signed issuer CR and a certificate CR. # More document can be found at https://docs.cert-manager.io # WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for breaking changes diff --git a/platform/crd-ctrlr/src/config/certmanager/kustomization.yaml b/platform/crd-ctrlr/src/config/certmanager/kustomization.yaml index bebea5a..b95b262 100644 --- a/platform/crd-ctrlr/src/config/certmanager/kustomization.yaml +++ b/platform/crd-ctrlr/src/config/certmanager/kustomization.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation resources: - certificate.yaml diff --git a/platform/crd-ctrlr/src/config/certmanager/kustomizeconfig.yaml b/platform/crd-ctrlr/src/config/certmanager/kustomizeconfig.yaml index 90d7c31..7cdd613 100644 --- a/platform/crd-ctrlr/src/config/certmanager/kustomizeconfig.yaml +++ b/platform/crd-ctrlr/src/config/certmanager/kustomizeconfig.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # This configuration is for teaching kustomize how to update name ref and var substitution nameReference: - kind: Issuer diff --git a/platform/crd-ctrlr/src/config/crd/kustomization.yaml b/platform/crd-ctrlr/src/config/crd/kustomization.yaml index d43e045..2d220f4 100644 --- a/platform/crd-ctrlr/src/config/crd/kustomization.yaml +++ b/platform/crd-ctrlr/src/config/crd/kustomization.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # This kustomization.yaml is not intended to be run by itself, # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default @@ -16,6 +18,7 @@ resources: - bases/batch.sdewan.akraino.org_sdewanapplications.yaml - bases/batch.sdewan.akraino.org_cnfstatuses.yaml - bases/batch.sdewan.akraino.org_cnfroutes.yaml +- bases/batch.sdewan.akraino.org_cnfrouterules.yaml # +kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: @@ -35,6 +38,7 @@ patchesStrategicMerge: #- patches/webhook_in_sdewanapplications.yaml #- patches/webhook_in_cnfstatuses.yaml #- patches/webhook_in_cnfroutes.yaml +#- patches/webhook_in_cnfrouterules.yaml # +kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. @@ -53,6 +57,7 @@ patchesStrategicMerge: #- patches/cainjection_in_sdewanapplications.yaml #- patches/cainjection_in_cnfstatuses.yaml #- patches/cainjection_in_cnfroutes.yaml +#- patches/cainjection_in_cnfrouterules.yaml # +kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. diff --git a/platform/crd-ctrlr/src/config/crd/kustomizeconfig.yaml b/platform/crd-ctrlr/src/config/crd/kustomizeconfig.yaml index 6f83d9a..7dfa00d 100644 --- a/platform/crd-ctrlr/src/config/crd/kustomizeconfig.yaml +++ b/platform/crd-ctrlr/src/config/crd/kustomizeconfig.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # This file is for teaching kustomize how to substitute name and namespace reference in CRD nameReference: - kind: Service diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfrouterules.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfrouterules.yaml new file mode 100644 index 0000000..6a455c0 --- /dev/null +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfrouterules.yaml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: cnfrouterules.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfroutes.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfroutes.yaml index 84c0120..2f27183 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfroutes.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfroutes.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfservices.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfservices.yaml index 187fa8f..c205a2e 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfservices.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfservices.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfstatuses.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfstatuses.yaml index 5a10441..a588221 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfstatuses.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfstatuses.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewalldnats.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewalldnats.yaml index 9e7458b..6e3b7f9 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewalldnats.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewalldnats.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallforwardings.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallforwardings.yaml index 2717d7f..3839a25 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallforwardings.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallforwardings.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallrules.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallrules.yaml index 8f157fb..f048624 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallrules.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallrules.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallsnats.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallsnats.yaml index f51dd82..79ac1c6 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallsnats.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallsnats.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallzones.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallzones.yaml index cd5db2a..a83c6bb 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallzones.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallzones.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsechosts.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsechosts.yaml index e2f2a8d..1dd8a16 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsechosts.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsechosts.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecproposals.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecproposals.yaml index 15ad96e..7acf5c8 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecproposals.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecproposals.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecsites.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecsites.yaml index c7633b0..15291aa 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecsites.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecsites.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3policies.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3policies.yaml index 2ba4595..2c1bc72 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3policies.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3policies.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3rules.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3rules.yaml index d55b6dd..7dc6059 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3rules.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3rules.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_sdewanapplications.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_sdewanapplications.yaml index 1107664..672441b 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_sdewanapplications.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_sdewanapplications.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfrouterules.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfrouterules.yaml new file mode 100644 index 0000000..ee82129 --- /dev/null +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfrouterules.yaml @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: cnfrouterules.batch.sdewan.akraino.org +spec: + conversion: + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfroutes.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfroutes.yaml index 504e81c..d8f96d2 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfroutes.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfroutes.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfservices.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfservices.yaml index 92ef89d..608d1e4 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfservices.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfservices.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfstatuses.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfstatuses.yaml index ba8d604..82f2da2 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfstatuses.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfstatuses.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewalldnats.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewalldnats.yaml index 1752b89..aeed473 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewalldnats.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewalldnats.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallforwardings.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallforwardings.yaml index 6258c81..3034564 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallforwardings.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallforwardings.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallrules.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallrules.yaml index d9d9bc8..0aa15f7 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallrules.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallrules.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallsnats.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallsnats.yaml index 9f649b6..067f38e 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallsnats.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallsnats.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallzones.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallzones.yaml index 2f48797..f988613 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallzones.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallzones.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsechosts.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsechosts.yaml index b5d2c56..4c9adaf 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsechosts.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsechosts.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecproposals.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecproposals.yaml index 833a759..f5d32a3 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecproposals.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecproposals.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecsites.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecsites.yaml index 8eab6c3..48ae67a 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecsites.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecsites.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3policies.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3policies.yaml index 3cd0686..c6ce45e 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3policies.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3policies.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3rules.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3rules.yaml index ba59503..128768f 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3rules.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3rules.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_sdewanapplications.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_sdewanapplications.yaml index 898c876..9d062fb 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_sdewanapplications.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_sdewanapplications.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/default/kustomization.yaml b/platform/crd-ctrlr/src/config/default/kustomization.yaml index c0a7ded..0068a7f 100644 --- a/platform/crd-ctrlr/src/config/default/kustomization.yaml +++ b/platform/crd-ctrlr/src/config/default/kustomization.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # Adds namespace to all resources. namespace: sdewan-system diff --git a/platform/crd-ctrlr/src/config/default/manager_auth_proxy_patch.yaml b/platform/crd-ctrlr/src/config/default/manager_auth_proxy_patch.yaml index 61cb5e7..638bbee 100644 --- a/platform/crd-ctrlr/src/config/default/manager_auth_proxy_patch.yaml +++ b/platform/crd-ctrlr/src/config/default/manager_auth_proxy_patch.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # This patch inject a sidecar container which is a HTTP proxy for the controller manager, # it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. apiVersion: apps/v1 diff --git a/platform/crd-ctrlr/src/config/default/manager_webhook_patch.yaml b/platform/crd-ctrlr/src/config/default/manager_webhook_patch.yaml index 738de35..a8456ad 100644 --- a/platform/crd-ctrlr/src/config/default/manager_webhook_patch.yaml +++ b/platform/crd-ctrlr/src/config/default/manager_webhook_patch.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: apps/v1 kind: Deployment metadata: diff --git a/platform/crd-ctrlr/src/config/default/rbac_patch.yaml b/platform/crd-ctrlr/src/config/default/rbac_patch.yaml index 8774e0b..e0472a1 100644 --- a/platform/crd-ctrlr/src/config/default/rbac_patch.yaml +++ b/platform/crd-ctrlr/src/config/default/rbac_patch.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/platform/crd-ctrlr/src/config/default/webhookcainjection_patch.yaml b/platform/crd-ctrlr/src/config/default/webhookcainjection_patch.yaml index e75297c..868d041 100644 --- a/platform/crd-ctrlr/src/config/default/webhookcainjection_patch.yaml +++ b/platform/crd-ctrlr/src/config/default/webhookcainjection_patch.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # This patch add annotation to admission webhook config and # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. #apiVersion: admissionregistration.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/manager/kustomization.yaml b/platform/crd-ctrlr/src/config/manager/kustomization.yaml index 1b69499..417e1af 100644 --- a/platform/crd-ctrlr/src/config/manager/kustomization.yaml +++ b/platform/crd-ctrlr/src/config/manager/kustomization.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation resources: - manager.yaml apiVersion: kustomize.config.k8s.io/v1beta1 diff --git a/platform/crd-ctrlr/src/config/manager/manager.yaml b/platform/crd-ctrlr/src/config/manager/manager.yaml index b6c85a5..8a536b0 100644 --- a/platform/crd-ctrlr/src/config/manager/manager.yaml +++ b/platform/crd-ctrlr/src/config/manager/manager.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: v1 kind: Namespace metadata: diff --git a/platform/crd-ctrlr/src/config/prometheus/kustomization.yaml b/platform/crd-ctrlr/src/config/prometheus/kustomization.yaml index ed13716..116caa2 100644 --- a/platform/crd-ctrlr/src/config/prometheus/kustomization.yaml +++ b/platform/crd-ctrlr/src/config/prometheus/kustomization.yaml @@ -1,2 +1,4 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation resources: - monitor.yaml diff --git a/platform/crd-ctrlr/src/config/prometheus/monitor.yaml b/platform/crd-ctrlr/src/config/prometheus/monitor.yaml index e2d9b08..a1b0447 100644 --- a/platform/crd-ctrlr/src/config/prometheus/monitor.yaml +++ b/platform/crd-ctrlr/src/config/prometheus/monitor.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 diff --git a/platform/crd-ctrlr/src/config/rbac/auth_proxy_role.yaml b/platform/crd-ctrlr/src/config/rbac/auth_proxy_role.yaml index 618f5e4..cb84cfc 100644 --- a/platform/crd-ctrlr/src/config/rbac/auth_proxy_role.yaml +++ b/platform/crd-ctrlr/src/config/rbac/auth_proxy_role.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/platform/crd-ctrlr/src/config/rbac/auth_proxy_role_binding.yaml b/platform/crd-ctrlr/src/config/rbac/auth_proxy_role_binding.yaml index 48ed1e4..51dd330 100644 --- a/platform/crd-ctrlr/src/config/rbac/auth_proxy_role_binding.yaml +++ b/platform/crd-ctrlr/src/config/rbac/auth_proxy_role_binding.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/platform/crd-ctrlr/src/config/rbac/auth_proxy_service.yaml b/platform/crd-ctrlr/src/config/rbac/auth_proxy_service.yaml index 6cf656b..de59696 100644 --- a/platform/crd-ctrlr/src/config/rbac/auth_proxy_service.yaml +++ b/platform/crd-ctrlr/src/config/rbac/auth_proxy_service.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: v1 kind: Service metadata: diff --git a/platform/crd-ctrlr/src/config/rbac/cnfroute_editor_role.yaml b/platform/crd-ctrlr/src/config/rbac/cnfroute_editor_role.yaml index 4ad5146..607eddc 100644 --- a/platform/crd-ctrlr/src/config/rbac/cnfroute_editor_role.yaml +++ b/platform/crd-ctrlr/src/config/rbac/cnfroute_editor_role.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # permissions for end users to edit cnfroutes. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/platform/crd-ctrlr/src/config/rbac/cnfroute_viewer_role.yaml b/platform/crd-ctrlr/src/config/rbac/cnfroute_viewer_role.yaml index af5e474..d48a110 100644 --- a/platform/crd-ctrlr/src/config/rbac/cnfroute_viewer_role.yaml +++ b/platform/crd-ctrlr/src/config/rbac/cnfroute_viewer_role.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # permissions for end users to view cnfroutes. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/platform/crd-ctrlr/src/config/rbac/cnfrouterule_editor_role.yaml b/platform/crd-ctrlr/src/config/rbac/cnfrouterule_editor_role.yaml new file mode 100644 index 0000000..98f610a --- /dev/null +++ b/platform/crd-ctrlr/src/config/rbac/cnfrouterule_editor_role.yaml @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation +# permissions for end users to edit cnfrouterules. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cnfrouterule-editor-role +rules: +- apiGroups: + - batch.sdewan.akraino.org + resources: + - cnfrouterules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - cnfrouterules/status + verbs: + - get diff --git a/platform/crd-ctrlr/src/config/rbac/cnfrouterule_viewer_role.yaml b/platform/crd-ctrlr/src/config/rbac/cnfrouterule_viewer_role.yaml new file mode 100644 index 0000000..9b57f6c --- /dev/null +++ b/platform/crd-ctrlr/src/config/rbac/cnfrouterule_viewer_role.yaml @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation +# permissions for end users to view cnfrouterules. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cnfrouterule-viewer-role +rules: +- apiGroups: + - batch.sdewan.akraino.org + resources: + - cnfrouterules + verbs: + - get + - list + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - cnfrouterules/status + verbs: + - get diff --git a/platform/crd-ctrlr/src/config/rbac/cnfservice_editor_role.yaml b/platform/crd-ctrlr/src/config/rbac/cnfservice_editor_role.yaml index dc6d89c..2131e40 100644 --- a/platform/crd-ctrlr/src/config/rbac/cnfservice_editor_role.yaml +++ b/platform/crd-ctrlr/src/config/rbac/cnfservice_editor_role.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # permissions for end users to edit cnfservices. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/platform/crd-ctrlr/src/config/rbac/cnfservice_viewer_role.yaml b/platform/crd-ctrlr/src/config/rbac/cnfservice_viewer_role.yaml index 4e391ab..cd82ab2 100644 --- a/platform/crd-ctrlr/src/config/rbac/cnfservice_viewer_role.yaml +++ b/platform/crd-ctrlr/src/config/rbac/cnfservice_viewer_role.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # permissions for end users to view cnfservices. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/platform/crd-ctrlr/src/config/rbac/cnfstatus_editor_role.yaml b/platform/crd-ctrlr/src/config/rbac/cnfstatus_editor_role.yaml index 2449136..f97e3b2 100644 --- a/platform/crd-ctrlr/src/config/rbac/cnfstatus_editor_role.yaml +++ b/platform/crd-ctrlr/src/config/rbac/cnfstatus_editor_role.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # permissions for end users to edit cnfstatuses. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/platform/crd-ctrlr/src/config/rbac/cnfstatus_viewer_role.yaml b/platform/crd-ctrlr/src/config/rbac/cnfstatus_viewer_role.yaml index 5d1b5b6..06134cb 100644 --- a/platform/crd-ctrlr/src/config/rbac/cnfstatus_viewer_role.yaml +++ b/platform/crd-ctrlr/src/config/rbac/cnfstatus_viewer_role.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # permissions for end users to view cnfstatuses. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/platform/crd-ctrlr/src/config/rbac/kustomization.yaml b/platform/crd-ctrlr/src/config/rbac/kustomization.yaml index 817f1fe..e352ec6 100644 --- a/platform/crd-ctrlr/src/config/rbac/kustomization.yaml +++ b/platform/crd-ctrlr/src/config/rbac/kustomization.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation resources: - role.yaml - role_binding.yaml diff --git a/platform/crd-ctrlr/src/config/rbac/leader_election_role.yaml b/platform/crd-ctrlr/src/config/rbac/leader_election_role.yaml index eaa7915..1e5c8f4 100644 --- a/platform/crd-ctrlr/src/config/rbac/leader_election_role.yaml +++ b/platform/crd-ctrlr/src/config/rbac/leader_election_role.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # permissions to do leader election. apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/platform/crd-ctrlr/src/config/rbac/leader_election_role_binding.yaml b/platform/crd-ctrlr/src/config/rbac/leader_election_role_binding.yaml index eed1690..3ca093a 100644 --- a/platform/crd-ctrlr/src/config/rbac/leader_election_role_binding.yaml +++ b/platform/crd-ctrlr/src/config/rbac/leader_election_role_binding.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/platform/crd-ctrlr/src/config/rbac/role_binding.yaml b/platform/crd-ctrlr/src/config/rbac/role_binding.yaml index 8f26587..492fc41 100644 --- a/platform/crd-ctrlr/src/config/rbac/role_binding.yaml +++ b/platform/crd-ctrlr/src/config/rbac/role_binding.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/platform/crd-ctrlr/src/config/rbac/sdewanapplication_editor_role.yaml b/platform/crd-ctrlr/src/config/rbac/sdewanapplication_editor_role.yaml index c4ff836..cc5ef1d 100644 --- a/platform/crd-ctrlr/src/config/rbac/sdewanapplication_editor_role.yaml +++ b/platform/crd-ctrlr/src/config/rbac/sdewanapplication_editor_role.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # permissions for end users to edit sdewanapplications. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/platform/crd-ctrlr/src/config/rbac/sdewanapplication_viewer_role.yaml b/platform/crd-ctrlr/src/config/rbac/sdewanapplication_viewer_role.yaml index 984f543..e9ae3b8 100644 --- a/platform/crd-ctrlr/src/config/rbac/sdewanapplication_viewer_role.yaml +++ b/platform/crd-ctrlr/src/config/rbac/sdewanapplication_viewer_role.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # permissions for end users to view sdewanapplications. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfroute.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfroute.yaml index ef0f161..c93cff3 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfroute.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfroute.yaml @@ -1,9 +1,11 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: CNFRoute metadata: name: cnfroute-sample labels: - sdewanPurpose: cnf1 + sdewanPurpose: cnf3 spec: dst: "192.167.23.0/24" gw: "172.16.44.11" diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfrouterule.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfrouterule.yaml new file mode 100644 index 0000000..19422b2 --- /dev/null +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfrouterule.yaml @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation +apiVersion: batch.sdewan.akraino.org/v1alpha1 +kind: CNFRouteRule +metadata: + name: cnfrouterule-sample1 + labels: + sdewanPurpose: cnf1 +spec: + # ip rule add prio ${prio} from ${src} to ${dst} lookup %{table} fwmark %{fwmark} + # ip rule add not prio ${prio} from ${src} to ${dst} lookup %{table} fwmark %{fwmark} + # src and dst can not be empty meanwhile + src: "192.167.24.0/24" + # true | false, default is false + not: true + # a priority number, can be enpty + prio: "888" + # main | default | local | number ID, can be empty + table: "40" + # from 0x0 to 0xffffffff, can be empty + fwmark: "0x110" diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfservice.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfservice.yaml index d4664f2..a27a580 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfservice.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfservice.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: CNFService metadata: diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfstatus.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfstatus.yaml index 3c93896..c9b1d66 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfstatus.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_cnfstatus.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: CNFStatus metadata: diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewalldnat.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewalldnat.yaml index cd056d3..c20bf9b 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewalldnat.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewalldnat.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: FirewallDNAT @@ -6,7 +8,7 @@ metadata: namespace: default labels: sdewanPurpose: cnf1 -spec: +spec: src: firewallzone-sample src_ip: 192.168.1.2 src_dip: 1.2.3.4 diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallforwarding.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallforwarding.yaml index df680a4..a54d52e 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallforwarding.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallforwarding.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: FirewallForwarding diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallrule.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallrule.yaml index 358ea6a..4458be1 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallrule.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallrule.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: FirewallRule diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallsnat.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallsnat.yaml index e27eaae..3227f86 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallsnat.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallsnat.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: FirewallSNAT @@ -6,7 +8,7 @@ metadata: namespace: default labels: sdewanPurpose: cnf1 -spec: +spec: src: firewallzone-sample src_ip: 192.168.1.2 src_dip: 1.2.3.5 diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallzone.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallzone.yaml index 5b9f039..d537759 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallzone.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallzone.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: FirewallZone diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallzone2.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallzone2.yaml index 6386932..498719a 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallzone2.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_firewallzone2.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: FirewallZone diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsechost.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsechost.yaml index 8d20e1b..c34c31c 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsechost.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsechost.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: IpsecHost diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsecproposal.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsecproposal.yaml index 16705b0..2be5ca7 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsecproposal.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsecproposal.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: IpsecProposal diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsecsite.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsecsite.yaml index 1d5535c..71e2c8c 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsecsite.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsecsite.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: IpsecSite diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_mwan3policy.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_mwan3policy.yaml index 18f3fa3..19ce6b6 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_mwan3policy.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_mwan3policy.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: Mwan3Policy diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_mwan3rule.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_mwan3rule.yaml index ed9e608..1eaa8ca 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_mwan3rule.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_mwan3rule.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation --- apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: Mwan3Rule diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_sdewanapplication.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_sdewanapplication.yaml index 4d2d975..39f4a86 100644 --- a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_sdewanapplication.yaml +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_sdewanapplication.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: batch.sdewan.akraino.org/v1alpha1 kind: SdewanApplication metadata: diff --git a/platform/crd-ctrlr/src/config/webhook/kustomization.yaml b/platform/crd-ctrlr/src/config/webhook/kustomization.yaml index 9cf2613..593f21d 100644 --- a/platform/crd-ctrlr/src/config/webhook/kustomization.yaml +++ b/platform/crd-ctrlr/src/config/webhook/kustomization.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation resources: - manifests.yaml - service.yaml diff --git a/platform/crd-ctrlr/src/config/webhook/kustomizeconfig.yaml b/platform/crd-ctrlr/src/config/webhook/kustomizeconfig.yaml index 492aac6..1794142 100644 --- a/platform/crd-ctrlr/src/config/webhook/kustomizeconfig.yaml +++ b/platform/crd-ctrlr/src/config/webhook/kustomizeconfig.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation # the following config is for teaching kustomize where to look at when substituting vars. # It requires kustomize v2.1.0 or newer to work properly. nameReference: diff --git a/platform/crd-ctrlr/src/config/webhook/service.yaml b/platform/crd-ctrlr/src/config/webhook/service.yaml index 31e0f82..4c5cf8c 100644 --- a/platform/crd-ctrlr/src/config/webhook/service.yaml +++ b/platform/crd-ctrlr/src/config/webhook/service.yaml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation apiVersion: v1 kind: Service diff --git a/platform/crd-ctrlr/src/controllers/base_controller.go b/platform/crd-ctrlr/src/controllers/base_controller.go index efeaa04..2d878da 100644 --- a/platform/crd-ctrlr/src/controllers/base_controller.go +++ b/platform/crd-ctrlr/src/controllers/base_controller.go @@ -1,31 +1,18 @@ -/* - * Copyright 2020 Intel Corporation, Inc - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( "context" "encoding/json" - "errors" "fmt" "github.com/go-logr/logr" errs "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" + "log" "reflect" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" @@ -76,7 +63,10 @@ func GetToRequestsFunc(r client.Client, crliststruct runtime.Object) func(h hand var enqueueRequest []reconcile.Request cnfName := h.Meta.GetLabels()["sdewanPurpose"] ctx := context.Background() - r.List(ctx, crliststruct, client.MatchingLabels{"sdewanPurpose": cnfName}) + err := r.List(ctx, crliststruct, client.MatchingLabels{"sdewanPurpose": cnfName}) + if err != nil { + log.Println(err) + } value := reflect.ValueOf(crliststruct) items := reflect.Indirect(value).FieldByName("Items") for i := 0; i < items.Len(); i++ { @@ -114,7 +104,10 @@ func GetServiceToRequestsFunc(r client.Client) func(h handler.MapObject) []recon deploymentList := &appsv1.DeploymentList{} podList := &corev1.PodList{} ctx := context.Background() - r.List(ctx, deploymentList) + err := r.List(ctx, deploymentList) + if err != nil { + log.Println(err) + } for _, deployment := range deploymentList.Items { if _, ok := deployment.ObjectMeta.GetLabels()["sdewanPurpose"]; !ok { continue @@ -124,12 +117,18 @@ func GetServiceToRequestsFunc(r client.Client) func(h handler.MapObject) []recon // TODO: For multi-namespace deployments with different sdewanPurpose label, a cnfName list is needed to hold them. break } - r.List(ctx, podList, client.MatchingLabels{"sdewanPurpose": cnfName}) + err = r.List(ctx, podList, client.MatchingLabels{"sdewanPurpose": cnfName}) + if err != nil { + log.Println(err) + } for _, pod := range podList.Items { - clientInfo := &openwrt.OpenwrtClientInfo{Ip: pod.Status.PodIP, User: "root", Password: ""} + clientInfo := cnfprovider.CreateOpenwrtClient(pod, r) openwrtClient := openwrt.GetOpenwrtClient(*clientInfo) service := openwrt.ServiceClient{OpenwrtClient: openwrtClient} - service.ExecuteService("firewall", "restart") + _, err := service.ExecuteService("firewall", "restart") + if err != nil { + log.Println(err) + } } return []reconcile.Request{} } @@ -226,7 +225,7 @@ func net2iface(net string, deployment appsv1.Deployment) (string, error) { return iface.Interface, nil } } - return "", errors.New(fmt.Sprintf("No matched network in annotation: %s", net)) + return "", fmt.Errorf("No matched network in annotation: %s", net) } // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch @@ -280,12 +279,17 @@ func ProcessReconcile(r client.Client, logger logr.Logger, req ctrl.Request, han if err != nil { log.Error(err, "Failed to add/update "+handler.GetType()) setStatus(instance, batchv1alpha1.SdewanStatus{State: batchv1alpha1.Applying, Message: err.Error()}) + _, ok := err.(*openwrt.OpenwrtError) err = r.Status().Update(ctx, instance) if err != nil { log.Error(err, "Failed to update status for "+handler.GetType()) return ctrl.Result{}, err } - return ctrl.Result{RequeueAfter: during}, nil + if ok { + return ctrl.Result{}, err + } else { + return ctrl.Result{RequeueAfter: during}, nil + } } finalizers := getFinalizers(instance) if !containsString(finalizers, finalizerName) { @@ -305,7 +309,7 @@ func ProcessReconcile(r client.Client, logger logr.Logger, req ctrl.Request, han } } } else { - // deletin CR + // deleting CR if cnf == nil { // no cnf exists finalizers := getFinalizers(instance) diff --git a/platform/crd-ctrlr/src/controllers/cnfroute_controller.go b/platform/crd-ctrlr/src/controllers/cnfroute_controller.go index f8ebdc3..6ec627c 100644 --- a/platform/crd-ctrlr/src/controllers/cnfroute_controller.go +++ b/platform/crd-ctrlr/src/controllers/cnfroute_controller.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( diff --git a/platform/crd-ctrlr/src/controllers/cnfrouterule_controller.go b/platform/crd-ctrlr/src/controllers/cnfrouterule_controller.go new file mode 100644 index 0000000..037258a --- /dev/null +++ b/platform/crd-ctrlr/src/controllers/cnfrouterule_controller.go @@ -0,0 +1,120 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation +package controllers + +import ( + "context" + "reflect" + + "github.com/go-logr/logr" + appsv1 "k8s.io/api/apps/v1" + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/handler" + "sigs.k8s.io/controller-runtime/pkg/source" + + batchv1alpha1 "sdewan.akraino.org/sdewan/api/v1alpha1" + "sdewan.akraino.org/sdewan/openwrt" +) + +var cnfRouteRuleHandler = new(CNFRouteRuleHandler) + +type CNFRouteRuleHandler struct { +} + +func (m *CNFRouteRuleHandler) GetType() string { + return "cnfRouteRule" +} + +func (m *CNFRouteRuleHandler) GetName(instance runtime.Object) string { + routerule := instance.(*batchv1alpha1.CNFRouteRule) + return routerule.Name +} + +func (m *CNFRouteRuleHandler) GetFinalizer() string { + return "rule.finalizers.sdewan.akraino.org" +} + +func (m *CNFRouteRuleHandler) GetInstance(r client.Client, ctx context.Context, req ctrl.Request) (runtime.Object, error) { + instance := &batchv1alpha1.CNFRouteRule{} + err := r.Get(ctx, req.NamespacedName, instance) + return instance, err +} + +func (m *CNFRouteRuleHandler) Convert(instance runtime.Object, deployment appsv1.Deployment) (openwrt.IOpenWrtObject, error) { + routerule := instance.(*batchv1alpha1.CNFRouteRule) + openwrtrouterule := openwrt.SdewanRouteRule{ + Name: routerule.Name, + Src: routerule.Spec.Src, + Dst: routerule.Spec.Dst, + Flag: routerule.Spec.Not, + Prio: routerule.Spec.Prio, + Fwmark: routerule.Spec.Fwmark, + Table: routerule.Spec.Table, + } + return &openwrtrouterule, nil +} + +func (m *CNFRouteRuleHandler) IsEqual(instance1 openwrt.IOpenWrtObject, instance2 openwrt.IOpenWrtObject) bool { + routerule1 := instance1.(*openwrt.SdewanRouteRule) + routerule2 := instance2.(*openwrt.SdewanRouteRule) + return reflect.DeepEqual(*routerule1, *routerule2) +} + +func (m *CNFRouteRuleHandler) GetObject(clientInfo *openwrt.OpenwrtClientInfo, name string) (openwrt.IOpenWrtObject, error) { + openwrtClient := openwrt.GetOpenwrtClient(*clientInfo) + routerule := openwrt.RouteRuleClient{OpenwrtClient: openwrtClient} + ret, err := routerule.GetRouteRule(name) + return ret, err +} + +func (m *CNFRouteRuleHandler) CreateObject(clientInfo *openwrt.OpenwrtClientInfo, instance openwrt.IOpenWrtObject) (openwrt.IOpenWrtObject, error) { + openwrtClient := openwrt.GetOpenwrtClient(*clientInfo) + routerule := openwrt.RouteRuleClient{OpenwrtClient: openwrtClient} + obj := instance.(*openwrt.SdewanRouteRule) + return routerule.CreateRouteRule(*obj) +} + +func (m *CNFRouteRuleHandler) UpdateObject(clientInfo *openwrt.OpenwrtClientInfo, instance openwrt.IOpenWrtObject) (openwrt.IOpenWrtObject, error) { + openwrtClient := openwrt.GetOpenwrtClient(*clientInfo) + routerule := openwrt.RouteRuleClient{OpenwrtClient: openwrtClient} + obj := instance.(*openwrt.SdewanRouteRule) + return routerule.UpdateRouteRule(*obj) +} + +func (m *CNFRouteRuleHandler) DeleteObject(clientInfo *openwrt.OpenwrtClientInfo, name string) error { + openwrtClient := openwrt.GetOpenwrtClient(*clientInfo) + routerule := openwrt.RouteRuleClient{OpenwrtClient: openwrtClient} + return routerule.DeleteRouteRule(name) +} + +func (m *CNFRouteRuleHandler) Restart(clientInfo *openwrt.OpenwrtClientInfo) (bool, error) { + return true, nil +} + +// CNFRouteRuleReconciler reconciles a CNFRouteRule object +type CNFRouteRuleReconciler struct { + client.Client + Log logr.Logger + Scheme *runtime.Scheme +} + +// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnfrouterules,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnfrouterules/status,verbs=get;update;patch + +func (r *CNFRouteRuleReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { + return ProcessReconcile(r, r.Log, req, cnfRouteRuleHandler) +} + +func (r *CNFRouteRuleReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&batchv1alpha1.CNFRouteRule{}). + Watches( + &source.Kind{Type: &appsv1.Deployment{}}, + &handler.EnqueueRequestsFromMapFunc{ + ToRequests: handler.ToRequestsFunc(GetToRequestsFunc(r, &batchv1alpha1.CNFRouteRuleList{})), + }, + Filter). + Complete(r) +} diff --git a/platform/crd-ctrlr/src/controllers/cnfservice_controller.go b/platform/crd-ctrlr/src/controllers/cnfservice_controller.go index 93d8354..182eb94 100644 --- a/platform/crd-ctrlr/src/controllers/cnfservice_controller.go +++ b/platform/crd-ctrlr/src/controllers/cnfservice_controller.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( diff --git a/platform/crd-ctrlr/src/controllers/cnfstatus_controller.go b/platform/crd-ctrlr/src/controllers/cnfstatus_controller.go index eb20943..f1f5ad5 100644 --- a/platform/crd-ctrlr/src/controllers/cnfstatus_controller.go +++ b/platform/crd-ctrlr/src/controllers/cnfstatus_controller.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( @@ -25,7 +12,9 @@ import ( errs "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" + batchv1alpha1 "sdewan.akraino.org/sdewan/api/v1alpha1" + "sdewan.akraino.org/sdewan/cnfprovider" "sdewan.akraino.org/sdewan/openwrt" "sigs.k8s.io/controller-runtime/pkg/client" "sync" @@ -35,20 +24,69 @@ var cnfCRNameSpace = "sdewan-system" var cnfCRName = "cnf-status" var inQueryStatus = false +// IStatusAction: defines the action to be executed based on CNF status +type IStatusAction interface { + Execute(clientInfo *openwrt.OpenwrtClientInfo, status interface{}) error +} + +// IpsecStatusAction: restart ipsec service if inactive +type IpsecStatusAction struct { + client.Client + Log logr.Logger +} + +func (r *IpsecStatusAction) Execute(clientInfo *openwrt.OpenwrtClientInfo, status interface{}) error { + stat := status.(map[string]interface{}) + val, ok := stat["InitConnection"] + if !ok { + return nil + } + + if s := val.(string); s == "fail" { + r.Log.Info("Restart IPSec service for " + clientInfo.Ip) + openwrtClient := openwrt.GetOpenwrtClient(*clientInfo) + service := openwrt.ServiceClient{OpenwrtClient: openwrtClient} + _, err := service.ExecuteService("ipsec", "restart") + if err != nil { + r.Log.Info(err.Error()) + return err + } + } + + return nil +} + // SdewanCNFStatusController: query CNF status periodically type SdewanCNFStatusController struct { client.Client Log logr.Logger CheckInterval time.Duration + actions map[string]IStatusAction mux sync.Mutex } +// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnfstatuses,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnfstatuses/status,verbs=get;update;patch + func (r *SdewanCNFStatusController) SetupWithManager() error { + r.actions = make(map[string]IStatusAction) + r.RegisterAction("ipsec", &IpsecStatusAction{r.Client, r.Log}) + go wait.Until(r.SafeQuery, r.CheckInterval, wait.NeverStop) return nil } +func (r *SdewanCNFStatusController) RegisterAction(module string, action IStatusAction) { + r.mux.Lock() + defer r.mux.Unlock() + + r.Log.Info("Register Action: " + module) + if r.actions[module] == nil { + r.actions[module] = action + } +} + func (r *SdewanCNFStatusController) GetInstance(ctx context.Context) (*batchv1alpha1.CNFStatus, error) { instance := &batchv1alpha1.CNFStatus{} err := r.Get(ctx, client.ObjectKey{ @@ -80,7 +118,7 @@ func (r *SdewanCNFStatusController) GetInstance(ctx context.Context) (*batchv1al func (r *SdewanCNFStatusController) SafeQuery() { doQuery := true r.mux.Lock() - if inQueryStatus == false { + if !inQueryStatus { inQueryStatus = true } else { doQuery = false @@ -127,13 +165,27 @@ func (r *SdewanCNFStatusController) query() { info.IP = cnfPod.Status.PodIP // Get CNF Status - clientInfo := &openwrt.OpenwrtClientInfo{Ip: info.IP, User: "root", Password: ""} + clientInfo := cnfprovider.CreateOpenwrtClient(cnfPod, r) openwrtClient := openwrt.GetOpenwrtClient(*clientInfo) status_client := openwrt.StatusClient{OpenwrtClient: openwrtClient} cnf_status, err := status_client.GetStatus() if err != nil { info.Status = "Not Available" } else { + // ececute registered actions + r.mux.Lock() + for _, cs := range *cnf_status { + if r.actions[cs.Name] != nil { + go func() { + err := r.actions[cs.Name].Execute(clientInfo, cs.Status) + if err != nil { + r.Log.Info(err.Error()) + } + }() + } + } + r.mux.Unlock() + p_data, _ := json.Marshal(cnf_status) info.Status = string(p_data) } diff --git a/platform/crd-ctrlr/src/controllers/firewalldnat_controller.go b/platform/crd-ctrlr/src/controllers/firewalldnat_controller.go index f48e782..424f82b 100644 --- a/platform/crd-ctrlr/src/controllers/firewalldnat_controller.go +++ b/platform/crd-ctrlr/src/controllers/firewalldnat_controller.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( diff --git a/platform/crd-ctrlr/src/controllers/firewallforwarding_controller.go b/platform/crd-ctrlr/src/controllers/firewallforwarding_controller.go index 70bc0fd..4cb2171 100644 --- a/platform/crd-ctrlr/src/controllers/firewallforwarding_controller.go +++ b/platform/crd-ctrlr/src/controllers/firewallforwarding_controller.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( diff --git a/platform/crd-ctrlr/src/controllers/firewallrule_controller.go b/platform/crd-ctrlr/src/controllers/firewallrule_controller.go index 8141040..ba45ec8 100644 --- a/platform/crd-ctrlr/src/controllers/firewallrule_controller.go +++ b/platform/crd-ctrlr/src/controllers/firewallrule_controller.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( diff --git a/platform/crd-ctrlr/src/controllers/firewallsnat_controller.go b/platform/crd-ctrlr/src/controllers/firewallsnat_controller.go index 6489e2b..ece591d 100644 --- a/platform/crd-ctrlr/src/controllers/firewallsnat_controller.go +++ b/platform/crd-ctrlr/src/controllers/firewallsnat_controller.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( diff --git a/platform/crd-ctrlr/src/controllers/firewallzone_controller.go b/platform/crd-ctrlr/src/controllers/firewallzone_controller.go index e6cf0d3..132ac31 100644 --- a/platform/crd-ctrlr/src/controllers/firewallzone_controller.go +++ b/platform/crd-ctrlr/src/controllers/firewallzone_controller.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( diff --git a/platform/crd-ctrlr/src/controllers/ipsechost_controller.go b/platform/crd-ctrlr/src/controllers/ipsechost_controller.go index ef3187a..2b9e29e 100644 --- a/platform/crd-ctrlr/src/controllers/ipsechost_controller.go +++ b/platform/crd-ctrlr/src/controllers/ipsechost_controller.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( diff --git a/platform/crd-ctrlr/src/controllers/ipsecproposal_controller.go b/platform/crd-ctrlr/src/controllers/ipsecproposal_controller.go index 7d44a9b..5bbf37b 100644 --- a/platform/crd-ctrlr/src/controllers/ipsecproposal_controller.go +++ b/platform/crd-ctrlr/src/controllers/ipsecproposal_controller.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( diff --git a/platform/crd-ctrlr/src/controllers/ipsecsite_controller.go b/platform/crd-ctrlr/src/controllers/ipsecsite_controller.go index 40d81fb..57a56b1 100644 --- a/platform/crd-ctrlr/src/controllers/ipsecsite_controller.go +++ b/platform/crd-ctrlr/src/controllers/ipsecsite_controller.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( diff --git a/platform/crd-ctrlr/src/controllers/mwan3policy_controller.go b/platform/crd-ctrlr/src/controllers/mwan3policy_controller.go index 3b7213c..e64bccb 100644 --- a/platform/crd-ctrlr/src/controllers/mwan3policy_controller.go +++ b/platform/crd-ctrlr/src/controllers/mwan3policy_controller.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( diff --git a/platform/crd-ctrlr/src/controllers/mwan3rule_controller.go b/platform/crd-ctrlr/src/controllers/mwan3rule_controller.go index bcff843..932c5bc 100644 --- a/platform/crd-ctrlr/src/controllers/mwan3rule_controller.go +++ b/platform/crd-ctrlr/src/controllers/mwan3rule_controller.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( diff --git a/platform/crd-ctrlr/src/controllers/sdewanapplication_controller.go b/platform/crd-ctrlr/src/controllers/sdewanapplication_controller.go index 3cc60d3..0daa39e 100644 --- a/platform/crd-ctrlr/src/controllers/sdewanapplication_controller.go +++ b/platform/crd-ctrlr/src/controllers/sdewanapplication_controller.go @@ -1,23 +1,11 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( "context" "fmt" + "log" "reflect" "github.com/go-logr/logr" @@ -72,7 +60,10 @@ func (m *SdewanApplicationHandler) GetInstance(r client.Client, ctx context.Cont ps := instance.Spec.PodSelector.MatchLabels ns := instance.Spec.AppNamespace podList := &corev1.PodList{} - r.List(ctx, podList, client.MatchingLabels(ps), client.InNamespace(ns)) + err = r.List(ctx, podList, client.MatchingLabels(ps), client.InNamespace(ns)) + if err != nil { + log.Println(err) + } ips := "" for _, item := range podList.Items { if ips == "" { @@ -137,10 +128,7 @@ var appFilter = builder.WithPredicates(predicate.Funcs{ CreateFunc: func(e event.CreateEvent) bool { podPhase := reflect.ValueOf(e.Object).Interface().(*corev1.Pod).Status.Phase - if podPhase == "Running" { - return true - } - return false + return podPhase == "Running" }, UpdateFunc: func(e event.UpdateEvent) bool { podOldPhase := reflect.ValueOf(e.ObjectOld).Interface().(*corev1.Pod).Status.Phase @@ -165,7 +153,10 @@ func GetAppToRequestsFunc(r client.Client) func(h handler.MapObject) []reconcile appCRList := &batchv1alpha1.SdewanApplicationList{} cr := &batchv1alpha1.SdewanApplication{} ctx := context.Background() - r.List(ctx, appCRList) + err := r.List(ctx, appCRList) + if err != nil { + log.Println(err) + } crIsFound := false for _, appCR := range appCRList.Items { ps := appCR.Spec.PodSelector.MatchLabels diff --git a/platform/crd-ctrlr/src/controllers/suite_test.go b/platform/crd-ctrlr/src/controllers/suite_test.go index f48b8b4..22c4c35 100644 --- a/platform/crd-ctrlr/src/controllers/suite_test.go +++ b/platform/crd-ctrlr/src/controllers/suite_test.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package controllers import ( @@ -50,7 +37,7 @@ func TestAPIs(t *testing.T) { } var _ = BeforeSuite(func(done Done) { - logf.SetLogger(zap.LoggerTo(GinkgoWriter, true)) + logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) By("bootstrapping test environment") testEnv = &envtest.Environment{ @@ -98,6 +85,9 @@ var _ = BeforeSuite(func(done Done) { err = batchv1alpha1.AddToScheme(scheme.Scheme) Expect(err).NotTo(HaveOccurred()) + err = batchv1alpha1.AddToScheme(scheme.Scheme) + Expect(err).NotTo(HaveOccurred()) + // +kubebuilder:scaffold:scheme k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) diff --git a/platform/crd-ctrlr/src/go.mod b/platform/crd-ctrlr/src/go.mod index 8bb1ad3..677c4f5 100644 --- a/platform/crd-ctrlr/src/go.mod +++ b/platform/crd-ctrlr/src/go.mod @@ -1,6 +1,6 @@ module sdewan.akraino.org/sdewan -go 1.14 +go 1.16 require ( github.com/go-logr/logr v0.1.0 diff --git a/platform/crd-ctrlr/src/hack/boilerplate.go.txt b/platform/crd-ctrlr/src/hack/boilerplate.go.txt index b92001f..551544e 100644 --- a/platform/crd-ctrlr/src/hack/boilerplate.go.txt +++ b/platform/crd-ctrlr/src/hack/boilerplate.go.txt @@ -1,14 +1,2 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ \ No newline at end of file +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation diff --git a/platform/crd-ctrlr/src/main.go b/platform/crd-ctrlr/src/main.go index a516398..40b3d79 100644 --- a/platform/crd-ctrlr/src/main.go +++ b/platform/crd-ctrlr/src/main.go @@ -1,18 +1,5 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package main import ( @@ -237,6 +224,14 @@ func main() { setupLog.Error(err, "unable to create controller", "controller", "CNFRoute") os.Exit(1) } + if err = (&controllers.CNFRouteRuleReconciler{ + Client: mgr.GetClient(), + Log: ctrl.Log.WithName("controllers").WithName("CNFRouteRule"), + Scheme: mgr.GetScheme(), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "CNFRouteRule") + os.Exit(1) + } // +kubebuilder:scaffold:builder setupLog.Info("start CNFStatusController to query CNF status periodicly") diff --git a/platform/crd-ctrlr/src/openwrt/app.go b/platform/crd-ctrlr/src/openwrt/app.go index d465d05..87da89a 100644 --- a/platform/crd-ctrlr/src/openwrt/app.go +++ b/platform/crd-ctrlr/src/openwrt/app.go @@ -1,3 +1,6 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation + package openwrt import ( diff --git a/platform/crd-ctrlr/src/openwrt/firewall.go b/platform/crd-ctrlr/src/openwrt/firewall.go index 73abb1e..a2fc293 100644 --- a/platform/crd-ctrlr/src/openwrt/firewall.go +++ b/platform/crd-ctrlr/src/openwrt/firewall.go @@ -1,18 +1,5 @@ -/* - * Copyright 2020 Intel Corporation, Inc - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package openwrt diff --git a/platform/crd-ctrlr/src/openwrt/ipsec.go b/platform/crd-ctrlr/src/openwrt/ipsec.go index 3d00fa1..5cfce48 100644 --- a/platform/crd-ctrlr/src/openwrt/ipsec.go +++ b/platform/crd-ctrlr/src/openwrt/ipsec.go @@ -1,18 +1,5 @@ -/* - * Copyright 2020 Intel Corporation, Inc - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package openwrt diff --git a/platform/crd-ctrlr/src/openwrt/mwan3.go b/platform/crd-ctrlr/src/openwrt/mwan3.go index 7dc4ee1..7a6bdc1 100644 --- a/platform/crd-ctrlr/src/openwrt/mwan3.go +++ b/platform/crd-ctrlr/src/openwrt/mwan3.go @@ -1,18 +1,5 @@ -/* - * Copyright 2020 Intel Corporation, Inc - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package openwrt diff --git a/platform/crd-ctrlr/src/openwrt/openwrtclient.go b/platform/crd-ctrlr/src/openwrt/openwrtclient.go index c901185..3febac8 100644 --- a/platform/crd-ctrlr/src/openwrt/openwrtclient.go +++ b/platform/crd-ctrlr/src/openwrt/openwrtclient.go @@ -1,25 +1,15 @@ -/* - * Copyright 2020 Intel Corporation, Inc - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package openwrt import ( "bytes" + "crypto/tls" + "crypto/x509" "fmt" "io/ioutil" + "log" "net/http" "runtime" "strings" @@ -43,11 +33,13 @@ type OpenwrtClientInfo struct { Ip string User string Password string + RootCA []byte } type openwrtClient struct { OpenwrtClientInfo - token string + caCertPool *x509.CertPool + token string } type safeOpenwrtClient struct { @@ -58,27 +50,38 @@ type safeOpenwrtClient struct { var gclients = safeOpenwrtClient{clients: make(map[string]*openwrtClient)} func CloseClient(o *openwrtClient) { - o.logout() + err := o.logout() + if err != nil { + log.Println(err) + } runtime.SetFinalizer(o, nil) } func GetOpenwrtClient(clientInfo OpenwrtClientInfo) *openwrtClient { - return gclients.GetClient(clientInfo.Ip, clientInfo.User, clientInfo.Password) + return gclients.GetClient(clientInfo.Ip, clientInfo.User, clientInfo.Password, clientInfo.RootCA) } // SafeOpenwrtClients -func (s *safeOpenwrtClient) GetClient(ip string, user string, password string) *openwrtClient { +func (s *safeOpenwrtClient) GetClient(ip string, user string, password string, rootCA []byte) *openwrtClient { s.mux.Lock() defer s.mux.Unlock() key := ip + "-" + user + "-" + password if s.clients[key] == nil { + caCertPool := x509.NewCertPool() + ok := caCertPool.AppendCertsFromPEM(rootCA) + if !ok { + log.Println("Error to create rootCA") + } + s.clients[key] = &openwrtClient{ OpenwrtClientInfo: OpenwrtClientInfo{ Ip: ip, User: user, Password: password, + RootCA: rootCA, }, - token: "", + caCertPool: caCertPool, + token: "", } } @@ -87,16 +90,24 @@ func (s *safeOpenwrtClient) GetClient(ip string, user string, password string) * // openwrt base URL func (o *openwrtClient) getBaseURL() string { - return "http://" + o.Ip + "/cgi-bin/luci/" + return "https://" + o.Ip + "/cgi-bin/luci/" } // login to openwrt http server func (o *openwrtClient) login() error { + if o.Password == "" { + return &OpenwrtError{Code: 403, Message: "Unauthorized"} + } client := &http.Client{ // block redirect CheckRedirect: func(req *http.Request, via []*http.Request) error { return http.ErrUseLastResponse }, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + RootCAs: o.caCertPool, + }, + }, } // login @@ -160,7 +171,14 @@ func (o *openwrtClient) call(method string, url string, request string) (string, } } - client := &http.Client{} + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + RootCAs: o.caCertPool, + }, + }, + } + req_body := bytes.NewBuffer([]byte(request)) req, _ := http.NewRequest(method, o.getBaseURL()+url, req_body) req.Header.Add("Cookie", "sysauth="+o.token) diff --git a/platform/crd-ctrlr/src/openwrt/route.go b/platform/crd-ctrlr/src/openwrt/route.go index 797ef54..98c672d 100644 --- a/platform/crd-ctrlr/src/openwrt/route.go +++ b/platform/crd-ctrlr/src/openwrt/route.go @@ -1,3 +1,6 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation + package openwrt import ( diff --git a/platform/crd-ctrlr/src/openwrt/routerule.go b/platform/crd-ctrlr/src/openwrt/routerule.go new file mode 100644 index 0000000..7fb02cd --- /dev/null +++ b/platform/crd-ctrlr/src/openwrt/routerule.go @@ -0,0 +1,113 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation + +package openwrt + +import ( + "encoding/json" +) + +const ( + ruleBaseURL = "sdewan/rule/v1/" +) + +type RouteRuleClient struct { + OpenwrtClient *openwrtClient +} + +// RouteRule Info +type SdewanRouteRule struct { + Name string `json:"name"` + Src string `json:"src"` + Dst string `json:"dst"` + Flag bool `json:"flag"` + Prio string `json:"prio"` + Fwmark string `json:"fwmark"` + Table string `json:"table"` +} + +type SdewanRouteRules struct { + RouteRules []SdewanRouteRule `json:"routerules"` +} + +func (o *SdewanRouteRule) GetName() string { + return o.Name +} + +// RouteRule APIs +// get rules +func (m *RouteRuleClient) GetRouteRules() (*SdewanRouteRules, error) { + response, err := m.OpenwrtClient.Get(ruleBaseURL + "rules") + if err != nil { + return nil, err + } + + var sdewanRouteRules SdewanRouteRules + err2 := json.Unmarshal([]byte(response), &sdewanRouteRules) + if err2 != nil { + return nil, err2 + } + + return &sdewanRouteRules, nil +} + +// get rule +func (m *RouteRuleClient) GetRouteRule(rule_name string) (*SdewanRouteRule, error) { + response, err := m.OpenwrtClient.Get(ruleBaseURL + "rules/" + rule_name) + if err != nil { + return nil, err + } + + var sdewanRouteRule SdewanRouteRule + err2 := json.Unmarshal([]byte(response), &sdewanRouteRule) + if err2 != nil { + return nil, err2 + } + + return &sdewanRouteRule, nil +} + +// create rule +func (m *RouteRuleClient) CreateRouteRule(rule SdewanRouteRule) (*SdewanRouteRule, error) { + rule_obj, _ := json.Marshal(rule) + response, err := m.OpenwrtClient.Post(ruleBaseURL+"rules/", string(rule_obj)) + if err != nil { + return nil, err + } + + var sdewanRouteRule SdewanRouteRule + err2 := json.Unmarshal([]byte(response), &sdewanRouteRule) + if err2 != nil { + return nil, err2 + } + + return &sdewanRouteRule, nil +} + +// delete rule +func (m *RouteRuleClient) DeleteRouteRule(rule_name string) error { + _, err := m.OpenwrtClient.Delete(ruleBaseURL + "rules/" + rule_name) + if err != nil { + return err + } + + return nil +} + +// update rule +func (m *RouteRuleClient) UpdateRouteRule(rule SdewanRouteRule) (*SdewanRouteRule, error) { + rule_obj, _ := json.Marshal(rule) + rule_name := rule.Name + response, err := m.OpenwrtClient.Put(ruleBaseURL+"rules/"+rule_name, string(rule_obj)) + if err != nil { + return nil, err + } + + var sdewanRouteRule SdewanRouteRule + err2 := json.Unmarshal([]byte(response), &sdewanRouteRule) + if err2 != nil { + return nil, err2 + } + + return &sdewanRouteRule, nil +} diff --git a/platform/crd-ctrlr/src/openwrt/service.go b/platform/crd-ctrlr/src/openwrt/service.go index 3050b59..1ac26a6 100644 --- a/platform/crd-ctrlr/src/openwrt/service.go +++ b/platform/crd-ctrlr/src/openwrt/service.go @@ -1,18 +1,5 @@ -/* - * Copyright 2020 Intel Corporation, Inc - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package openwrt diff --git a/platform/crd-ctrlr/src/openwrt/status.go b/platform/crd-ctrlr/src/openwrt/status.go index 5c4b59e..0b6e272 100644 --- a/platform/crd-ctrlr/src/openwrt/status.go +++ b/platform/crd-ctrlr/src/openwrt/status.go @@ -1,3 +1,6 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation + package openwrt import ( diff --git a/platform/crd-ctrlr/src/openwrt/svc.go b/platform/crd-ctrlr/src/openwrt/svc.go index 2210e87..23ff7a6 100644 --- a/platform/crd-ctrlr/src/openwrt/svc.go +++ b/platform/crd-ctrlr/src/openwrt/svc.go @@ -1,3 +1,6 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation + package openwrt import ( diff --git a/platform/crd-ctrlr/src/openwrt/utils.go b/platform/crd-ctrlr/src/openwrt/utils.go index fef7960..759a753 100644 --- a/platform/crd-ctrlr/src/openwrt/utils.go +++ b/platform/crd-ctrlr/src/openwrt/utils.go @@ -1,18 +1,5 @@ -/* - * Copyright 2020 Intel Corporation, Inc - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2021 Intel Corporation package openwrt