Merge pull request #301 from AshleyDumaine/cis-enum

Add "cis "to the cis-profile enum to support 1.29+
rancher · Aug 26, 2024 · 1954b23 · 1954b23
2 parents bc6cb16 + da2fd6e
commit 1954b23
Show file tree

Hide file tree

Showing 14 changed files with 66 additions and 113 deletions.
diff --git a/Makefile b/Makefile
@@ -53,8 +53,8 @@ export PATH := $(KREW_ROOT)/bin:$(PATH)
 
 # Set --output-base for conversion-gen if we are not within GOPATH
 ifneq ($(abspath $(ROOT_DIR)),$(shell go env GOPATH)/src/github.com/rancher/cluster-api-provider-rke2)
-	CONVERSION_GEN_OUTPUT_BASE_CAPRKE2 := --output-base=$(ROOT_DIR)/$(CAPRKE2_DIR)
-	CONVERSION_GEN_OUTPUT_BASE_CAPBPR := --output-base=$(ROOT_DIR)/$(CAPBPR_DIR)
+	CONVERSION_GEN_OUTPUT_BASE_CAPRKE2 := --output-dir=$(ROOT_DIR)/$(CAPRKE2_DIR)
+	CONVERSION_GEN_OUTPUT_BASE_CAPBPR := --output-dir=$(ROOT_DIR)/$(CAPBPR_DIR)
 else
 	export GOPATH := $(shell go env GOPATH)
 endif
@@ -77,7 +77,7 @@ CONTROLLER_GEN_BIN := controller-gen
 CONTROLLER_GEN := $(abspath $(TOOLS_BIN_DIR)/$(CONTROLLER_GEN_BIN)-$(CONTROLLER_GEN_VER))
 CONTROLLER_GEN_PKG := sigs.k8s.io/controller-tools/cmd/controller-gen
 
-CONVERSION_GEN_VER := v0.28.0
+CONVERSION_GEN_VER := v0.30.0
 CONVERSION_GEN_BIN := conversion-gen
 # We are intentionally using the binary without version suffix, to avoid the version
 # in generated files.
@@ -210,20 +210,18 @@ generate-go-conversions: ## Run all generate-go-conversions-* targets
 generate-go-conversions-rke2-bootstrap: $(CONVERSION_GEN) ## Generate conversions go code for the rke2 bootstrap
 	$(MAKE) clean-generated-conversions SRC_DIRS="./bootstrap/api/v1alpha1"
 	$(CONVERSION_GEN) \
-		--input-dirs=./bootstrap/api/v1alpha1 \
-		--build-tag=ignore_autogenerated_rke2_bootstrap \
-		--output-file-base=zz_generated.conversion $(ROOT_DIR) \
-		--go-header-file=./hack/boilerplate.go.txt
+		--output-file=zz_generated.conversion.go $(ROOT_DIR)/$(CAPBPR_DIR) \
+		--go-header-file=./hack/boilerplate.go.txt \
+		./bootstrap/api/v1alpha1
 
 .PHONY: generate-go-conversions-rke2-control-plane
 generate-go-conversions-rke2-control-plane: $(CONVERSION_GEN) ## Generate conversions go code for the rke2 control plane
 	$(MAKE) clean-generated-conversions SRC_DIRS="./controlplane/api/v1alpha1"
 	$(CONVERSION_GEN) \
-		--input-dirs=./controlplane/api/v1alpha1 \
-		--extra-peer-dirs=github.com/rancher/cluster-api-provider-rke2/bootstrap/api/v1alpha1 \
-		--build-tag=ignore_autogenerated_rk2_control_plane \
-		--output-file-base=zz_generated.conversion $(ROOT_DIR) \
-		--go-header-file=./hack/boilerplate.go.txt
+		--extra-dirs=github.com/rancher/cluster-api-provider-rke2/bootstrap/api/v1alpha1 \
+		--output-file=zz_generated.conversion.go $(ROOT_DIR)/$(CAPRKE2_DIR) \
+		--go-header-file=./hack/boilerplate.go.txt \
+		./controlplane/api/v1alpha1
 
 .PHONY: generate-modules
 generate-modules: ## Run go mod tidy to ensure modules are up to date

diff --git a/bootstrap/api/v1alpha1/rke2config_types.go b/bootstrap/api/v1alpha1/rke2config_types.go
@@ -102,7 +102,7 @@ type RKE2AgentConfig struct {
 	Snapshotter string `json:"snapshotter,omitempty"`
 
 	// CISProfile activates CIS compliance of RKE2 for a certain profile
-	// +kubebuilder:validation:Enum=cis-1.23;cis-1.5;cis-1.6
+	// +kubebuilder:validation:Enum=cis;cis-1.23;cis-1.5;cis-1.6
 	//+optional
 	CISProfile CISProfile `json:"cisProfile,omitempty"`
 
@@ -256,6 +256,9 @@ type RKE2ConfigList struct {
 type CISProfile string
 
 const (
+	// CIS references RKE2's CIS Profile "cis".
+	CIS CISProfile = "cis"
+
 	// CIS1_23 references RKE2's CIS Profile "cis-1.23".
 	CIS1_23 CISProfile = "cis-1.23"
 

diff --git a/bootstrap/api/v1alpha1/zz_generated.conversion.go b/bootstrap/api/v1alpha1/zz_generated.conversion.go
diff --git a/bootstrap/api/v1alpha1/zz_generated.deepcopy.go b/bootstrap/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/bootstrap/api/v1beta1/rke2config_types.go b/bootstrap/api/v1beta1/rke2config_types.go
@@ -102,7 +102,7 @@ type RKE2AgentConfig struct {
 	Snapshotter string `json:"snapshotter,omitempty"`
 
 	// CISProfile activates CIS compliance of RKE2 for a certain profile
-	// +kubebuilder:validation:Enum=cis-1.23;cis-1.5;cis-1.6
+	// +kubebuilder:validation:Enum=cis;cis-1.23;cis-1.5;cis-1.6
 	//+optional
 	CISProfile CISProfile `json:"cisProfile,omitempty"`
 
@@ -257,6 +257,9 @@ type RKE2ConfigList struct {
 type CISProfile string
 
 const (
+	// CIS references RKE2's CIS Profile "cis".
+	CIS CISProfile = "cis"
+
 	// CIS1_23 references RKE2's CIS Profile "cis-1.23".
 	CIS1_23 CISProfile = "cis-1.23"
 

diff --git a/bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_rke2configs.yaml b/bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_rke2configs.yaml
@@ -78,6 +78,7 @@ spec:
                     description: CISProfile activates CIS compliance of RKE2 for a
                       certain profile
                     enum:
+                    - cis
                     - cis-1.23
                     - cis-1.5
                     - cis-1.6
@@ -665,6 +666,7 @@ spec:
                     description: CISProfile activates CIS compliance of RKE2 for a
                       certain profile
                     enum:
+                    - cis
                     - cis-1.23
                     - cis-1.5
                     - cis-1.6

diff --git a/bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_rke2configtemplates.yaml b/bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_rke2configtemplates.yaml
@@ -90,6 +90,7 @@ spec:
                             description: CISProfile activates CIS compliance of RKE2
                               for a certain profile
                             enum:
+                            - cis
                             - cis-1.23
                             - cis-1.5
                             - cis-1.6
@@ -640,6 +641,7 @@ spec:
                             description: CISProfile activates CIS compliance of RKE2
                               for a certain profile
                             enum:
+                            - cis
                             - cis-1.23
                             - cis-1.5
                             - cis-1.6

diff --git a/controlplane/api/v1alpha1/conversion.go b/controlplane/api/v1alpha1/conversion.go
@@ -22,6 +22,8 @@ import (
 	apiconversion "k8s.io/apimachinery/pkg/conversion"
 	utilconversion "sigs.k8s.io/cluster-api/util/conversion"
 
+	bootstrapv1beta1 "github.com/rancher/cluster-api-provider-rke2/bootstrap/api/v1beta1"
+	bootstrapv1alpha1 "github.com/rancher/cluster-api-provider-rke2/bootstrap/api/v1alpha1"
 	controlplanev1 "github.com/rancher/cluster-api-provider-rke2/controlplane/api/v1beta1"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"
 )
@@ -202,3 +204,11 @@ func Convert_v1alpha1_RKE2ControlPlaneTemplateStatus_To_v1beta1_RKE2ControlPlane
 func Convert_v1beta1_RKE2ControlPlaneStatus_To_v1alpha1_RKE2ControlPlaneTemplateStatus(in *controlplanev1.RKE2ControlPlaneStatus, out *RKE2ControlPlaneTemplateStatus, s apiconversion.Scope) error {
 	return nil
 }
+
+func Convert_v1beta1_RKE2ConfigSpec_To_v1alpha1_RKE2ConfigSpec(in *bootstrapv1beta1.RKE2ConfigSpec, out *bootstrapv1alpha1.RKE2ConfigSpec, s apiconversion.Scope) error {
+        return bootstrapv1alpha1.Convert_v1beta1_RKE2ConfigSpec_To_v1alpha1_RKE2ConfigSpec(in, out, s)
+}
+
+func Convert_v1alpha1_RKE2ConfigSpec_To_v1beta1_RKE2ConfigSpec(in *bootstrapv1alpha1.RKE2ConfigSpec, out *bootstrapv1beta1.RKE2ConfigSpec, s apiconversion.Scope) error {
+        return bootstrapv1alpha1.Convert_v1alpha1_RKE2ConfigSpec_To_v1beta1_RKE2ConfigSpec(in, out, s)
+}
diff --git a/controlplane/api/v1alpha1/zz_generated.conversion.go b/controlplane/api/v1alpha1/zz_generated.conversion.go
diff --git a/controlplane/api/v1alpha1/zz_generated.deepcopy.go b/controlplane/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/controlplane/config/crd/bases/controlplane.cluster.x-k8s.io_rke2controlplanes.yaml b/controlplane/config/crd/bases/controlplane.cluster.x-k8s.io_rke2controlplanes.yaml
@@ -78,6 +78,7 @@ spec:
                     description: CISProfile activates CIS compliance of RKE2 for a
                       certain profile
                     enum:
+                    - cis
                     - cis-1.23
                     - cis-1.5
                     - cis-1.6
@@ -1310,6 +1311,7 @@ spec:
                     description: CISProfile activates CIS compliance of RKE2 for a
                       certain profile
                     enum:
+                    - cis
                     - cis-1.23
                     - cis-1.5
                     - cis-1.6

diff --git a/controlplane/config/crd/bases/controlplane.cluster.x-k8s.io_rke2controlplanetemplates.yaml b/controlplane/config/crd/bases/controlplane.cluster.x-k8s.io_rke2controlplanetemplates.yaml
@@ -133,6 +133,7 @@ spec:
                             description: CISProfile activates CIS compliance of RKE2
                               for a certain profile
                             enum:
+                            - cis
                             - cis-1.23
                             - cis-1.5
                             - cis-1.6

diff --git a/pkg/rke2/config_test.go b/pkg/rke2/config_test.go
@@ -280,7 +280,7 @@ var _ = Describe("RKE2 Agent Config", func() {
 				LoadBalancerPort:      1234,
 				NodeLabels:            []string{"testlabel"},
 				NodeTaints:            []string{"testtaint"},
-				CISProfile:            bootstrapv1.CIS1_23, //nolint:nosnakecase
+				CISProfile:            bootstrapv1.CIS, //nolint:nosnakecase
 				ProtectKernelDefaults: true,
 				ResolvConf: &corev1.ObjectReference{
 					Name:      "test",

diff --git a/pkg/util/util.go b/pkg/util/util.go
@@ -201,6 +201,8 @@ func ProfileCompliant(profile bootstrapv1.CISProfile, version string) bool {
 	}
 
 	switch profile {
+	case bootstrapv1.CIS:
+		return isAtLeastv125
 	case bootstrapv1.CIS1_23:
 		return isAtLeastv125
 	case bootstrapv1.CIS1_5: