Working manually configured firewall group entries

2025-04-10 00:14:11 +02:00
parent e4c5b5fdd7
commit 2a4d03cbfe
8 changed files with 627 additions and 0 deletions
--- a/api/v1beta1/firewallgroup_types.go
+++ b/api/v1beta1/firewallgroup_types.go
@@ -0,0 +1,89 @@
+/*
+Copyright 2025 Vegard Engen.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// FirewallGroupSpec defines the desired state of FirewallGroup.
+type FirewallGroupSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Foo is an example field of FirewallGroup. Edit firewallgroup_types.go to remove/update
+	    // Description is a human-readable explanation for the object
+    Name string `json:"name,omitempty"`
+   
+    MatchServicesInAllNamespaces bool `json:"matchServicesInAllNamespaces,omitempty"`
+    // ManualAddresses is a list of manual IPs or CIDRs (IPv4 or IPv6)
+    // +optional
+    ManualAddresses []string `json:"manualAddresses,omitempty"`
+
+    // AutoIncludeSelector defines which services to extract addresses from
+    // +optional
+    AutoIncludeSelector *metav1.LabelSelector `json:"autoIncludeSelector,omitempty"`
+
+    // AddressType can be "ip", "cidr", or "both"
+    // +kubebuilder:validation:Enum=ip;cidr;both
+    // +optional
+    AddressType string `json:"addressType,omitempty"`
+}
+
+// FirewallGroupStatus defines the observed state of FirewallGroup.
+type FirewallGroupStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+    ResolvedAddresses []string `json:"resolvedAddresses,omitempty"`
+
+    // SyncedWithUnifi indicates whether the addresses are successfully pushed
+    // +optional
+    SyncedWithUnifi bool `json:"syncedWithUnifi,omitempty"`
+
+    // LastSyncTime is the last time the object was synced
+    // +optional
+    LastSyncTime *metav1.Time `json:"lastSyncTime,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// FirewallGroup is the Schema for the firewallgroups API.
+type FirewallGroup struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   FirewallGroupSpec   `json:"spec,omitempty"`
+	Status FirewallGroupStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// FirewallGroupList contains a list of FirewallGroup.
+type FirewallGroupList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []FirewallGroup `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&FirewallGroup{}, &FirewallGroupList{})
+}
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -21,9 +21,118 @@ limitations under the License.
 package v1beta1

 import (
+	"k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FirewallGroup) DeepCopyInto(out *FirewallGroup) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FirewallGroup.
+func (in *FirewallGroup) DeepCopy() *FirewallGroup {
+	if in == nil {
+		return nil
+	}
+	out := new(FirewallGroup)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *FirewallGroup) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FirewallGroupList) DeepCopyInto(out *FirewallGroupList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]FirewallGroup, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FirewallGroupList.
+func (in *FirewallGroupList) DeepCopy() *FirewallGroupList {
+	if in == nil {
+		return nil
+	}
+	out := new(FirewallGroupList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *FirewallGroupList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FirewallGroupSpec) DeepCopyInto(out *FirewallGroupSpec) {
+	*out = *in
+	if in.ManualAddresses != nil {
+		in, out := &in.ManualAddresses, &out.ManualAddresses
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.AutoIncludeSelector != nil {
+		in, out := &in.AutoIncludeSelector, &out.AutoIncludeSelector
+		*out = new(v1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FirewallGroupSpec.
+func (in *FirewallGroupSpec) DeepCopy() *FirewallGroupSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(FirewallGroupSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FirewallGroupStatus) DeepCopyInto(out *FirewallGroupStatus) {
+	*out = *in
+	if in.ResolvedAddresses != nil {
+		in, out := &in.ResolvedAddresses, &out.ResolvedAddresses
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.LastSyncTime != nil {
+		in, out := &in.LastSyncTime, &out.LastSyncTime
+		*out = (*in).DeepCopy()
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FirewallGroupStatus.
+func (in *FirewallGroupStatus) DeepCopy() *FirewallGroupStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(FirewallGroupStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Networkconfiguration) DeepCopyInto(out *Networkconfiguration) {
 	*out = *in