From: Ruoyu Date: Tue, 2 Jun 2020 01:03:22 +0000 (+0800) Subject: Add CRD for IPSec Proposal X-Git-Tag: v1.0~26^2 X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F36%2F3536%2F6;p=icn%2Fsdwan.git Add CRD for IPSec Proposal *Contains changes for IPSec Proposal Issue-ID: ICN-289 Change-Id: I31e9effe6d132b9fa82f9ed9bd478255579cc476 Signed-off-by: Ruoyu --- diff --git a/platform/crd-ctrlr/examples/sdewan-controller.yaml b/platform/crd-ctrlr/examples/sdewan-controller.yaml index eff53cc..78c0662 100644 --- a/platform/crd-ctrlr/examples/sdewan-controller.yaml +++ b/platform/crd-ctrlr/examples/sdewan-controller.yaml @@ -483,6 +483,84 @@ status: --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + creationTimestamp: null + name: ipsecproposals.batch.sdewan.akraino.org +spec: + group: batch.sdewan.akraino.org + names: + kind: IpsecProposal + listKind: IpsecProposalList + plural: ipsecproposals + singular: ipsecproposal + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: IpsecProposal is the Schema for the ipsecproposals API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IpsecProposalSpec defines the desired state of IpsecProposal + properties: + dh_group: + type: string + encryption_algorithm: + type: string + hash_algorithm: + type: string + name: + type: string + required: + - dh_group + - encryption_algorithm + - hash_algorithm + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.5 @@ -817,6 +895,26 @@ rules: - get - patch - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - ipsecproposals + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - ipsecproposals/status + verbs: + - get + - patch + - update - apiGroups: - batch.sdewan.akraino.org resources: @@ -1066,3 +1164,4 @@ webhooks: - firewallrules - firewallsnats - firewalldnats + - ipsecproposal diff --git a/platform/crd-ctrlr/src/PROJECT b/platform/crd-ctrlr/src/PROJECT index 2167712..34a442e 100644 --- a/platform/crd-ctrlr/src/PROJECT +++ b/platform/crd-ctrlr/src/PROJECT @@ -22,4 +22,7 @@ resources: - group: batch kind: FirewallForwarding version: v1alpha1 +- group: batch + kind: IpsecProposal + version: v1alpha1 version: "2" diff --git a/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go b/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go index ac63ee4..722ef99 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go @@ -45,7 +45,7 @@ func SetupBucketPermissionWebhookWithManager(mgr ctrl.Manager) error { return nil } -// +kubebuilder:webhook:path=/validate-sdewan-bucket-permission,mutating=false,failurePolicy=fail,groups="batch.sdewan.akraino.org",resources=mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats,verbs=create;update;delete,versions=v1alpha1,name=validate-sdewan-bucket.akraino.org +// +kubebuilder:webhook:path=/validate-sdewan-bucket-permission,mutating=false,failurePolicy=fail,groups="batch.sdewan.akraino.org",resources=mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;ipsecproposal,verbs=create;update;delete,versions=v1alpha1,name=validate-sdewan-bucket.akraino.org // bucketPermissionValidator validates Pods type bucketPermissionValidator struct { diff --git a/platform/crd-ctrlr/src/api/v1alpha1/ipsecproposal_types.go b/platform/crd-ctrlr/src/api/v1alpha1/ipsecproposal_types.go new file mode 100644 index 0000000..cb39ea6 --- /dev/null +++ b/platform/crd-ctrlr/src/api/v1alpha1/ipsecproposal_types.go @@ -0,0 +1,56 @@ +/* + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// IpsecProposalSpec defines the desired state of IpsecProposal +type IpsecProposalSpec struct { + Name string `json:"name,omitempty"` + EncryptionAlgorithm string `json:"encryption_algorithm"` + HashAlgorithm string `json:"hash_algorithm"` + DhGroup string `json:"dh_group"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// IpsecProposal is the Schema for the ipsecproposals API +type IpsecProposal struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec IpsecProposalSpec `json:"spec,omitempty"` + Status SdewanStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// IpsecProposalList contains a list of IpsecProposal +type IpsecProposalList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []IpsecProposal `json:"items"` +} + +func init() { + SchemeBuilder.Register(&IpsecProposal{}, &IpsecProposalList{}) +} diff --git a/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go b/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go index 16a31d9..44dd03b 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go @@ -447,6 +447,80 @@ func (in *FirewallZoneSpec) DeepCopy() *FirewallZoneSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IpsecProposal) DeepCopyInto(out *IpsecProposal) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpsecProposal. +func (in *IpsecProposal) DeepCopy() *IpsecProposal { + if in == nil { + return nil + } + out := new(IpsecProposal) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IpsecProposal) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IpsecProposalList) DeepCopyInto(out *IpsecProposalList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]IpsecProposal, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpsecProposalList. +func (in *IpsecProposalList) DeepCopy() *IpsecProposalList { + if in == nil { + return nil + } + out := new(IpsecProposalList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IpsecProposalList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IpsecProposalSpec) DeepCopyInto(out *IpsecProposalSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IpsecProposalSpec. +func (in *IpsecProposalSpec) DeepCopy() *IpsecProposalSpec { + if in == nil { + return nil + } + out := new(IpsecProposalSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Mwan3Policy) DeepCopyInto(out *Mwan3Policy) { *out = *in diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsecproposals.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsecproposals.yaml new file mode 100644 index 0000000..f8b9b35 --- /dev/null +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsecproposals.yaml @@ -0,0 +1,79 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + creationTimestamp: null + name: ipsecproposals.batch.sdewan.akraino.org +spec: + group: batch.sdewan.akraino.org + names: + kind: IpsecProposal + listKind: IpsecProposalList + plural: ipsecproposals + singular: ipsecproposal + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: IpsecProposal is the Schema for the ipsecproposals API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IpsecProposalSpec defines the desired state of IpsecProposal + properties: + dh_group: + type: string + encryption_algorithm: + type: string + hash_algorithm: + type: string + name: + type: string + required: + - dh_group + - encryption_algorithm + - hash_algorithm + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/platform/crd-ctrlr/src/config/crd/kustomization.yaml b/platform/crd-ctrlr/src/config/crd/kustomization.yaml index 3d5d1f6..f3138ae 100644 --- a/platform/crd-ctrlr/src/config/crd/kustomization.yaml +++ b/platform/crd-ctrlr/src/config/crd/kustomization.yaml @@ -9,6 +9,7 @@ resources: - bases/batch.sdewan.akraino.org_firewallsnats.yaml - bases/batch.sdewan.akraino.org_firewalldnats.yaml - bases/batch.sdewan.akraino.org_firewallforwardings.yaml +- bases/batch.sdewan.akraino.org_ipsecproposals.yaml # +kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: @@ -21,6 +22,7 @@ patchesStrategicMerge: #- patches/webhook_in_firewallsnats.yaml #- patches/webhook_in_firewalldnats.yaml #- patches/webhook_in_firewallforwardings.yaml +#- patches/webhook_in_ipsecproposals.yaml # +kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. @@ -32,6 +34,7 @@ patchesStrategicMerge: #- patches/cainjection_in_firewallsnats.yaml #- patches/cainjection_in_firewalldnats.yaml #- patches/cainjection_in_firewallforwardings.yaml +#- patches/cainjection_in_ipsecproposals.yaml # +kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecproposals.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecproposals.yaml new file mode 100644 index 0000000..15ad96e --- /dev/null +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecproposals.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: ipsecproposals.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecproposals.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecproposals.yaml new file mode 100644 index 0000000..833a759 --- /dev/null +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecproposals.yaml @@ -0,0 +1,17 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ipsecproposals.batch.sdewan.akraino.org +spec: + conversion: + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/platform/crd-ctrlr/src/config/rbac/role.yaml b/platform/crd-ctrlr/src/config/rbac/role.yaml index ceb67f0..9c48bc5 100644 --- a/platform/crd-ctrlr/src/config/rbac/role.yaml +++ b/platform/crd-ctrlr/src/config/rbac/role.yaml @@ -122,6 +122,26 @@ rules: - get - patch - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - ipsecproposals + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - ipsecproposals/status + verbs: + - get + - patch + - update - apiGroups: - batch.sdewan.akraino.org resources: diff --git a/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsecproposal.yaml b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsecproposal.yaml new file mode 100644 index 0000000..91fbf10 --- /dev/null +++ b/platform/crd-ctrlr/src/config/samples/batch_v1alpha1_ipsecproposal.yaml @@ -0,0 +1,11 @@ +apiVersion: batch.sdewan.akraino.org/v1alpha1 +kind: IpsecProposal +metadata: + name: ipsecproposal + namespace: default + labels: + sdewanPurpose: cnf1 +spec: + dh_group: modp4096 + encryption_algorithm: aes + hash_algorithm: sha1 diff --git a/platform/crd-ctrlr/src/config/webhook/manifests.yaml b/platform/crd-ctrlr/src/config/webhook/manifests.yaml index bd55f32..99354b0 100644 --- a/platform/crd-ctrlr/src/config/webhook/manifests.yaml +++ b/platform/crd-ctrlr/src/config/webhook/manifests.yaml @@ -31,3 +31,4 @@ webhooks: - firewallrules - firewallsnats - firewalldnats + - ipsecproposal diff --git a/platform/crd-ctrlr/src/controllers/ipsecproposal_controller.go b/platform/crd-ctrlr/src/controllers/ipsecproposal_controller.go new file mode 100644 index 0000000..fa205f8 --- /dev/null +++ b/platform/crd-ctrlr/src/controllers/ipsecproposal_controller.go @@ -0,0 +1,123 @@ +/* + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controllers + +import ( + "context" + "reflect" + + "github.com/go-logr/logr" + appsv1 "k8s.io/api/apps/v1" + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/builder" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/predicate" + + batchv1alpha1 "sdewan.akraino.org/sdewan/api/v1alpha1" + "sdewan.akraino.org/sdewan/openwrt" +) + +var ipsecProposalHandler = new(IpsecProposalHandler) + +type IpsecProposalHandler struct { +} + +func (m *IpsecProposalHandler) GetType() string { + return "IpsecProposal" +} + +func (m *IpsecProposalHandler) GetName(instance runtime.Object) string { + proposal := instance.(*batchv1alpha1.IpsecProposal) + return proposal.Name +} + +func (m *IpsecProposalHandler) GetFinalizer() string { + return "proposal.finalizers.sdewan.akraino.org" +} + +func (m *IpsecProposalHandler) GetInstance(r client.Client, ctx context.Context, req ctrl.Request) (runtime.Object, error) { + instance := &batchv1alpha1.IpsecProposal{} + err := r.Get(ctx, req.NamespacedName, instance) + return instance, err +} + +func (m *IpsecProposalHandler) Convert(instance runtime.Object, deployment appsv1.Deployment) (openwrt.IOpenWrtObject, error) { + proposal := instance.(*batchv1alpha1.IpsecProposal) + proposal.Spec.Name = proposal.ObjectMeta.Name + proposalObject := openwrt.SdewanIpsecProposal(proposal.Spec) + return &proposalObject, nil +} + +func (m *IpsecProposalHandler) IsEqual(instance1 openwrt.IOpenWrtObject, instance2 openwrt.IOpenWrtObject) bool { + proposal1 := instance1.(*openwrt.SdewanIpsecProposal) + proposal2 := instance2.(*openwrt.SdewanIpsecProposal) + return reflect.DeepEqual(*proposal1, *proposal2) +} + +func (m *IpsecProposalHandler) GetObject(clientInfo *openwrt.OpenwrtClientInfo, name string) (openwrt.IOpenWrtObject, error) { + openwrtClient := openwrt.GetOpenwrtClient(*clientInfo) + ipsec := openwrt.IpsecClient{OpenwrtClient: openwrtClient} + ret, err := ipsec.GetProposal(name) + return ret, err +} + +func (m *IpsecProposalHandler) CreateObject(clientInfo *openwrt.OpenwrtClientInfo, instance openwrt.IOpenWrtObject) (openwrt.IOpenWrtObject, error) { + openwrtClient := openwrt.GetOpenwrtClient(*clientInfo) + ipsec := openwrt.IpsecClient{OpenwrtClient: openwrtClient} + proposal := instance.(*openwrt.SdewanIpsecProposal) + return ipsec.CreateProposal(*proposal) +} + +func (m *IpsecProposalHandler) UpdateObject(clientInfo *openwrt.OpenwrtClientInfo, instance openwrt.IOpenWrtObject) (openwrt.IOpenWrtObject, error) { + openwrtClient := openwrt.GetOpenwrtClient(*clientInfo) + ipsec := openwrt.IpsecClient{OpenwrtClient: openwrtClient} + proposal := instance.(*openwrt.SdewanIpsecProposal) + return ipsec.UpdateProposal(*proposal) +} + +func (m *IpsecProposalHandler) DeleteObject(clientInfo *openwrt.OpenwrtClientInfo, name string) error { + openwrtClient := openwrt.GetOpenwrtClient(*clientInfo) + ipsec := openwrt.IpsecClient{OpenwrtClient: openwrtClient} + return ipsec.DeleteProposal(name) +} + +func (m *IpsecProposalHandler) Restart(clientInfo *openwrt.OpenwrtClientInfo) (bool, error) { + openwrtClient := openwrt.GetOpenwrtClient(*clientInfo) + service := openwrt.ServiceClient{OpenwrtClient: openwrtClient} + return service.ExecuteService("ipsec", "restart") +} + +// IpsecProposalReconciler reconciles a IpsecProposal object +type IpsecProposalReconciler struct { + client.Client + Log logr.Logger + Scheme *runtime.Scheme +} + +// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=ipsecproposals,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=ipsecproposals/status,verbs=get;update;patch + +func (r *IpsecProposalReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { + return ProcessReconcile(r, r.Log, req, ipsecProposalHandler) +} + +func (r *IpsecProposalReconciler) SetupWithManager(mgr ctrl.Manager) error { + ps := builder.WithPredicates(predicate.GenerationChangedPredicate{}) + return ctrl.NewControllerManagedBy(mgr). + For(&batchv1alpha1.IpsecProposal{}, ps). + Complete(r) +} diff --git a/platform/crd-ctrlr/src/main.go b/platform/crd-ctrlr/src/main.go index 6ff7658..04cfa65 100644 --- a/platform/crd-ctrlr/src/main.go +++ b/platform/crd-ctrlr/src/main.go @@ -159,6 +159,14 @@ func main() { setupLog.Error(err, "unable to create controller", "controller", "FirewallForwarding") os.Exit(1) } + if err = (&controllers.IpsecProposalReconciler{ + Client: mgr.GetClient(), + Log: ctrl.Log.WithName("controllers").WithName("IpsecProposal"), + Scheme: mgr.GetScheme(), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "IpsecProposal") + os.Exit(1) + } // +kubebuilder:scaffold:builder setupLog.Info("starting manager") diff --git a/platform/crd-ctrlr/src/openwrt/ipsec.go b/platform/crd-ctrlr/src/openwrt/ipsec.go index 9d6e7b1..788e909 100644 --- a/platform/crd-ctrlr/src/openwrt/ipsec.go +++ b/platform/crd-ctrlr/src/openwrt/ipsec.go @@ -24,6 +24,10 @@ type SdewanIpsecProposals struct { Proposals []SdewanIpsecProposal `json:"proposals"` } +func (o *SdewanIpsecProposal) GetName() string { + return o.Name +} + // Sites type SdewanIpsecConnection struct { Name string `json:"name"`