Tracking only Firewall Zone API done

config/crd/bases/unifi.engen.priv.no_firewallrules.yaml

@@ -0,0 +1,54 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.17.2
+  name: firewallrules.unifi.engen.priv.no
+spec:
+  group: unifi.engen.priv.no
+  names:
+    kind: FirewallRule
+    listKind: FirewallRuleList
+    plural: firewallrules
+    singular: firewallrule
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: FirewallRule is the Schema for the firewallrules API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: FirewallRuleSpec defines the desired state of FirewallRule.
+            properties:
+              foo:
+                description: Foo is an example field of FirewallRule. Edit firewallrule_types.go
+                  to remove/update
+                type: string
+            type: object
+          status:
+            description: FirewallRuleStatus defines the observed state of FirewallRule.
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/bases/unifi.engen.priv.no_firewallzones.yaml

@@ -0,0 +1,62 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.17.2
+  name: firewallzones.unifi.engen.priv.no
+spec:
+  group: unifi.engen.priv.no
+  names:
+    kind: FirewallZone
+    listKind: FirewallZoneList
+    plural: firewallzones
+    singular: firewallzone
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: FirewallZone is the Schema for the firewallzones API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: FirewallZoneSpec defines the desired state of FirewallZone.
+            properties:
+              _id:
+                type: string
+              default_zone:
+                type: boolean
+              name:
+                type: string
+              network_ids:
+                items:
+                  type: string
+                type: array
+              zone_key:
+                type: string
+            type: object
+          status:
+            description: FirewallZoneStatus defines the observed state of FirewallZone.
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/bases/unifi.engen.priv.no_networkconfigurations.yaml

@@ -44,7 +44,7 @@ spec:
                 description: Foo is an example field of Networkconfiguration. Edit
                   networkconfiguration_types.go to remove/update
                 type: boolean
-              firewall_zone_id:
+              firewall_zone:
                 type: string
               gateway_type:
                 type: string
@@ -64,8 +64,6 @@ spec:
                 type: string
               network_id:
                 type: string
-              network_name:
-                type: string
               networkgroup:
                 type: string
               purpose:
@@ -79,17 +77,26 @@ spec:
                 type: boolean
             required:
             - name
-            - network_name
             type: object
           status:
             description: NetworkconfigurationStatus defines the observed state of
               Networkconfiguration.
             properties:
-              ipv6_subnet_status:
+              firewall_zone_id:
                 description: |-
                   INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
                   Important: Run "make" to regenerate code after modifying this file
                 type: string
+              ipv6_subnet_status:
+                type: string
+              lastSyncTime:
+                description: LastSyncTime is the last time the object was synced
+                format: date-time
+                type: string
+              syncedWithUnifi:
+                description: SyncedWithUnifi indicates whether the addresses are successfully
+                  pushed
+                type: boolean
             type: object
         type: object
     served: true

config/crd/kustomization.yaml

@@ -3,6 +3,8 @@
 # It should be run by config/default
 resources:
 - bases/unifi.engen.priv.no_networkconfigurations.yaml
+- bases/unifi.engen.priv.no_firewallzones.yaml
+- bases/unifi.engen.priv.no_firewallrules.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patches:

config/rbac/firewallrule_admin_role.yaml

@@ -0,0 +1,27 @@
+# This rule is not used by the project unifi-network-operator itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants full permissions ('*') over unifi.engen.priv.no.
+# This role is intended for users authorized to modify roles and bindings within the cluster,
+# enabling them to delegate specific permissions to other users or groups as needed.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: unifi-network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: firewallrule-admin-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallrules
+  verbs:
+  - '*'
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallrules/status
+  verbs:
+  - get

config/rbac/firewallrule_editor_role.yaml

@@ -0,0 +1,33 @@
+# This rule is not used by the project unifi-network-operator itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants permissions to create, update, and delete resources within the unifi.engen.priv.no.
+# This role is intended for users who need to manage these resources
+# but should not control RBAC or manage permissions for others.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: unifi-network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: firewallrule-editor-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallrules
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallrules/status
+  verbs:
+  - get

config/rbac/firewallrule_viewer_role.yaml

@@ -0,0 +1,29 @@
+# This rule is not used by the project unifi-network-operator itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants read-only access to unifi.engen.priv.no resources.
+# This role is intended for users who need visibility into these resources
+# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: unifi-network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: firewallrule-viewer-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallrules
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallrules/status
+  verbs:
+  - get

config/rbac/firewallzone_admin_role.yaml

@@ -0,0 +1,27 @@
+# This rule is not used by the project unifi-network-operator itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants full permissions ('*') over unifi.engen.priv.no.
+# This role is intended for users authorized to modify roles and bindings within the cluster,
+# enabling them to delegate specific permissions to other users or groups as needed.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: unifi-network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: firewallzone-admin-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallzones
+  verbs:
+  - '*'
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallzones/status
+  verbs:
+  - get

config/rbac/firewallzone_editor_role.yaml

@@ -0,0 +1,33 @@
+# This rule is not used by the project unifi-network-operator itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants permissions to create, update, and delete resources within the unifi.engen.priv.no.
+# This role is intended for users who need to manage these resources
+# but should not control RBAC or manage permissions for others.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: unifi-network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: firewallzone-editor-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallzones
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallzones/status
+  verbs:
+  - get

config/rbac/firewallzone_viewer_role.yaml

@@ -0,0 +1,29 @@
+# This rule is not used by the project unifi-network-operator itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants read-only access to unifi.engen.priv.no resources.
+# This role is intended for users who need visibility into these resources
+# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: unifi-network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: firewallzone-viewer-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallzones
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallzones/status
+  verbs:
+  - get

config/rbac/kustomization.yaml

@@ -22,6 +22,12 @@ resources:
 # default, aiding admins in cluster management. Those roles are
 # not used by the {{ .ProjectName }} itself. You can comment the following lines
 # if you do not want those helpers be installed with your Project.
+- firewallrule_admin_role.yaml
+- firewallrule_editor_role.yaml
+- firewallrule_viewer_role.yaml
+- firewallzone_admin_role.yaml
+- firewallzone_editor_role.yaml
+- firewallzone_viewer_role.yaml
 - networkconfiguration_admin_role.yaml
 - networkconfiguration_editor_role.yaml
 - networkconfiguration_viewer_role.yaml

config/rbac/role.yaml

@@ -16,6 +16,8 @@ rules:
   - unifi.engen.priv.no
   resources:
   - firewallgroups
+  - firewallrules
+  - firewallzones
   - networkconfigurations
   verbs:
   - create
@@ -29,6 +31,8 @@ rules:
   - unifi.engen.priv.no
   resources:
   - firewallgroups/finalizers
+  - firewallrules/finalizers
+  - firewallzones/finalizers
   - networkconfigurations/finalizers
   verbs:
   - update
@@ -36,6 +40,8 @@ rules:
   - unifi.engen.priv.no
   resources:
   - firewallgroups/status
+  - firewallrules/status
+  - firewallzones/status
   - networkconfigurations/status
   verbs:
   - get

config/samples/kustomization.yaml

@@ -1,4 +1,6 @@
 ## Append samples of your project ##
 resources:
 - unifi_v1beta1_networkconfiguration.yaml
+- unifi_v1beta1_firewallzone.yaml
+- unifi_v1beta1_firewallrule.yaml
 # +kubebuilder:scaffold:manifestskustomizesamples

config/samples/unifi_v1beta1_firewallrule.yaml

@@ -0,0 +1,9 @@
+apiVersion: unifi.engen.priv.no/v1beta1
+kind: FirewallRule
+metadata:
+  labels:
+    app.kubernetes.io/name: unifi-network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: firewallrule-sample
+spec:
+  # TODO(user): Add fields here

config/samples/unifi_v1beta1_firewallzone.yaml

@@ -0,0 +1,9 @@
+apiVersion: unifi.engen.priv.no/v1beta1
+kind: FirewallZone
+metadata:
+  labels:
+    app.kubernetes.io/name: unifi-network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: firewallzone-sample
+spec:
+  # TODO(user): Add fields here