go fmt

Use reauthentication

api/v1beta1/firewallgroup_types.go

@@ -36,7 +36,7 @@ type FirewallGroupSpec struct {
 	// ManualAddresses is a list of manual IPs or CIDRs (IPv4 or IPv6)
 	// +optional
 	ManualAddresses []string `json:"manualAddresses,omitempty"`
-	ManualPorts []string `json:"manualPorts,omitempty"`
+	ManualPorts     []string `json:"manualPorts,omitempty"`
 
 	// AutoIncludeSelector defines which services to extract addresses from
 	// +optional

api/v1beta1/firewallzone_types.go

@@ -28,11 +28,11 @@ type FirewallZoneSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
-	Name string `json:"name,omitempty"`
+	Name        string   `json:"name,omitempty"`
-	ID string `json:"_id,omitempty"`
+	ID          string   `json:"_id,omitempty"`
-	DefaultZone bool `json:"default_zone,omitempty"`
+	DefaultZone bool     `json:"default_zone,omitempty"`
-	ZoneKey string `json:"zone_key,omitempty"`
+	ZoneKey     string   `json:"zone_key,omitempty"`
-	NetworkIDs []string `json:"network_ids,omitempty"`
+	NetworkIDs  []string `json:"network_ids,omitempty"`
 }
 
 // FirewallZoneStatus defines the observed state of FirewallZone.

api/v1beta1/networkconfiguration_types.go

@@ -51,16 +51,16 @@ type NetworkconfigurationSpec struct {
 type NetworkconfigurationStatus struct {
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
-	FirewallZoneID            string `json:"firewall_zone_id,omitempty"`
+	FirewallZoneID   string `json:"firewall_zone_id,omitempty"`
-	Ipv6SubnetStatus          string `json:"ipv6_subnet_status,omitempty"`
+	Ipv6SubnetStatus string `json:"ipv6_subnet_status,omitempty"`
 
 	// SyncedWithUnifi indicates whether the addresses are successfully pushed
-        // +optional
+	// +optional
-	SyncedWithUnifi           bool `json:"syncedWithUnifi,omitempty"`
+	SyncedWithUnifi bool `json:"syncedWithUnifi,omitempty"`
 
 	// LastSyncTime is the last time the object was synced
-        // +optional
+	// +optional
-        LastSyncTime *metav1.Time `json:"lastSyncTime,omitempty"`
+	LastSyncTime *metav1.Time `json:"lastSyncTime,omitempty"`
 }
 
 // +kubebuilder:object:root=true

cmd/main.go

@@ -38,9 +38,9 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
+	"github.com/vegardengen/unifi-network-operator/internal/config"
 	"github.com/vegardengen/unifi-network-operator/internal/controller"
 	"github.com/vegardengen/unifi-network-operator/internal/unifi"
-	"github.com/vegardengen/unifi-network-operator/internal/config"
 	// +kubebuilder:scaffold:imports
 )
 
@@ -204,7 +204,7 @@ func main() {
 		os.Exit(1)
 	}
 
-       configLoader := config.NewConfigLoader(mgr.GetClient())
+	configLoader := config.NewConfigLoader(mgr.GetClient())
 
 	// Unifi client
 	setupLog.Info("Setting up UniFi client")
@@ -216,27 +216,27 @@ func main() {
 	setupLog.Info("Finished Setting up UniFi client")
 
 	if err = (&controller.NetworkconfigurationReconciler{
-		Client:      mgr.GetClient(),
+		Client:       mgr.GetClient(),
-		Scheme:      mgr.GetScheme(),
+		Scheme:       mgr.GetScheme(),
-		UnifiClient: unifiClient,
+		UnifiClient:  unifiClient,
 		ConfigLoader: configLoader,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Networkconfiguration")
 		os.Exit(1)
 	}
 	if err = (&controller.FirewallZoneReconciler{
-		Client: mgr.GetClient(),
+		Client:       mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
+		Scheme:       mgr.GetScheme(),
-		UnifiClient: unifiClient,
+		UnifiClient:  unifiClient,
 		ConfigLoader: configLoader,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "FirewallZone")
 		os.Exit(1)
 	}
 	if err = (&controller.FirewallRuleReconciler{
-		Client: mgr.GetClient(),
+		Client:       mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
+		Scheme:       mgr.GetScheme(),
-		UnifiClient: unifiClient,
+		UnifiClient:  unifiClient,
 		ConfigLoader: configLoader,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "FirewallRule")
@@ -245,9 +245,9 @@ func main() {
 	// +kubebuilder:scaffold:builder
 
 	if err = (&controller.FirewallGroupReconciler{
-		Client:      mgr.GetClient(),
+		Client:       mgr.GetClient(),
-		Scheme:      mgr.GetScheme(),
+		Scheme:       mgr.GetScheme(),
-		UnifiClient: unifiClient,
+		UnifiClient:  unifiClient,
 		ConfigLoader: configLoader,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "FirewallGroup")

internal/config/config.go

@@ -1,45 +1,44 @@
 package config
 
 import (
-    "context"
+	"context"
-    "sync"
+	"sync"
 
-    corev1 "k8s.io/api/core/v1"
+	corev1 "k8s.io/api/core/v1"
-    "k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/types"
-    "sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 type ConfigLoaderType struct {
-    Client client.Client
+	Client client.Client
 
-    mu      sync.Mutex
+	mu     sync.Mutex
-    loaded  bool
+	loaded bool
-    config  *corev1.ConfigMap
+	config *corev1.ConfigMap
-    err     error
+	err    error
 }
 
 func NewConfigLoader(k8sClient client.Client) *ConfigLoaderType {
-    return &ConfigLoaderType{Client: k8sClient}
+	return &ConfigLoaderType{Client: k8sClient}
 }
 
 func (c *ConfigLoaderType) GetConfig(ctx context.Context, name string) (*corev1.ConfigMap, error) {
-    c.mu.Lock()
+	c.mu.Lock()
-    defer c.mu.Unlock()
+	defer c.mu.Unlock()
 
-    if c.loaded {
+	if c.loaded {
-        return c.config, c.err
+		return c.config, c.err
-    }
+	}
 
-    cm := &corev1.ConfigMap{}
+	cm := &corev1.ConfigMap{}
-    err := c.Client.Get(ctx, types.NamespacedName{
+	err := c.Client.Get(ctx, types.NamespacedName{
-        Name:      name,
+		Name:      name,
-        Namespace: "unifi-network-operator-system",
+		Namespace: "unifi-network-operator-system",
-    }, cm)
+	}, cm)
 
-    c.loaded = true
+	c.loaded = true
-    c.config = cm
+	c.config = cm
-    c.err = err
+	c.err = err
 
-    return cm, err
+	return cm, err
 }
-

internal/controller/firewallgroup_controller.go

@@ -21,10 +21,10 @@ import (
 	"fmt"
 	"net"
 	"reflect"
+	"regexp"
 	"slices"
 	"strconv"
 	"strings"
-	"regexp"
 
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -39,15 +39,15 @@ import (
 
 	goUnifi "github.com/vegardengen/go-unifi/unifi"
 	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
-	"github.com/vegardengen/unifi-network-operator/internal/unifi"
 	"github.com/vegardengen/unifi-network-operator/internal/config"
+	"github.com/vegardengen/unifi-network-operator/internal/unifi"
 )
 
 // FirewallGroupReconciler reconciles a FirewallGroup object
 type FirewallGroupReconciler struct {
 	client.Client
-	Scheme      *runtime.Scheme
+	Scheme       *runtime.Scheme
-	UnifiClient *unifi.UnifiClient
+	UnifiClient  *unifi.UnifiClient
 	ConfigLoader *config.ConfigLoaderType
 }
 
@@ -71,11 +71,11 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
 	log := log.FromContext(ctx)
 
 	cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config")
-        if err != nil {
+	if err != nil {
-            return ctrl.Result{}, err
+		return ctrl.Result{}, err
-        }
+	}
 
-        defaultNs := cfg.Data["defaultNamespace"]
+	defaultNs := cfg.Data["defaultNamespace"]
 	log.Info(defaultNs)
 
 	var nwObj unifiv1beta1.FirewallGroup
@@ -118,19 +118,19 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
 		port_type := "tcp"
 		port := portEntry
 		if match, _ := regexp.MatchString("(?:tcp|udp)\\/?)\\d+", string(portEntry)); match {
-		  fields := strings.Split("/",portEntry)
+			fields := strings.Split("/", portEntry)
-		  port_type = fields[0]
+			port_type = fields[0]
-		  port = fields[1]
+			port = fields[1]
 		}
-		if(port_type == "tcp") {
+		if port_type == "tcp" {
-		  if !slices.Contains(tcpports, port) {
+			if !slices.Contains(tcpports, port) {
-			tcpports = append(tcpports, port)
+				tcpports = append(tcpports, port)
-	          }
+			}
 		}
-		if(port_type == "udp") {
+		if port_type == "udp" {
-		  if !slices.Contains(udpports, port) {
+			if !slices.Contains(udpports, port) {
-			tcpports = append(udpports, port)
+				tcpports = append(udpports, port)
-	          }
+			}
 		}
 	}
 	var services corev1.ServiceList
@@ -162,15 +162,15 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
 				for _, portSpec := range service.Spec.Ports {
 					log.Info(fmt.Sprintf("portSpec: %+v", portSpec))
 					log.Info(fmt.Sprintf("Port: %s %d", strconv.Itoa(int(portSpec.Port)), portSpec.Port))
-					if(portSpec.Protocol == "TCP") {
+					if portSpec.Protocol == "TCP" {
-					  if !slices.Contains(tcpports, strconv.Itoa(int(portSpec.Port))) {
+						if !slices.Contains(tcpports, strconv.Itoa(int(portSpec.Port))) {
-						tcpports = append(tcpports, strconv.Itoa(int(portSpec.Port)))
+							tcpports = append(tcpports, strconv.Itoa(int(portSpec.Port)))
-					  }
+						}
 					}
-					if(portSpec.Protocol == "UDP") {
+					if portSpec.Protocol == "UDP" {
-					  if !slices.Contains(udpports, strconv.Itoa(int(portSpec.Port))) {
+						if !slices.Contains(udpports, strconv.Itoa(int(portSpec.Port))) {
-						udpports = append(udpports, strconv.Itoa(int(portSpec.Port)))
+							udpports = append(udpports, strconv.Itoa(int(portSpec.Port)))
-					  }
+						}
 					}
 				}
 			}

internal/controller/firewallrule_controller.go

@@ -25,15 +25,15 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
-	"github.com/vegardengen/unifi-network-operator/internal/unifi"
 	"github.com/vegardengen/unifi-network-operator/internal/config"
+	"github.com/vegardengen/unifi-network-operator/internal/unifi"
 )
 
 // FirewallRuleReconciler reconciles a FirewallRule object
 type FirewallRuleReconciler struct {
 	client.Client
-	Scheme *runtime.Scheme
+	Scheme       *runtime.Scheme
-	UnifiClient      *unifi.UnifiClient
+	UnifiClient  *unifi.UnifiClient
 	ConfigLoader *config.ConfigLoaderType
 }
 
@@ -57,13 +57,18 @@ func (r *FirewallRuleReconciler) Reconcile(ctx context.Context, req ctrl.Request
 	// TODO(user): your logic here
 
 	cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config")
-        if err != nil {
+	if err != nil {
-            return ctrl.Result{}, err
+		return ctrl.Result{}, err
-        }
+	}
 
-        defaultNs := cfg.Data["defaultNamespace"]
+	defaultNs := cfg.Data["defaultNamespace"]
 	log.Info(defaultNs)
 
+	err = r.UnifiClient.Reauthenticate()
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
 	return ctrl.Result{}, nil
 }
 

internal/controller/firewallzone_controller.go

@@ -19,8 +19,8 @@ package controller
 import (
 	"context"
 	"fmt"
-	"strings"
 	"regexp"
+	"strings"
 	"time"
 
 	"k8s.io/apimachinery/pkg/runtime"
@@ -29,40 +29,39 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
-	"github.com/vegardengen/unifi-network-operator/internal/unifi"
 	"github.com/vegardengen/unifi-network-operator/internal/config"
+	"github.com/vegardengen/unifi-network-operator/internal/unifi"
 )
 
 // FirewallZoneReconciler reconciles a FirewallZone object
 type FirewallZoneReconciler struct {
 	client.Client
-	Scheme      *runtime.Scheme
+	Scheme       *runtime.Scheme
-	UnifiClient *unifi.UnifiClient
+	UnifiClient  *unifi.UnifiClient
 	ConfigLoader *config.ConfigLoaderType
 }
 
 func toKubeName(input string) string {
-    // Lowercase the input
+	// Lowercase the input
-    name := strings.ToLower(input)
+	name := strings.ToLower(input)
 
-    // Replace any non-alphanumeric characters with dashes
+	// Replace any non-alphanumeric characters with dashes
-    re := regexp.MustCompile(`[^a-z0-9\-\.]+`)
+	re := regexp.MustCompile(`[^a-z0-9\-\.]+`)
-    name = re.ReplaceAllString(name, "-")
+	name = re.ReplaceAllString(name, "-")
 
-    // Trim leading and trailing non-alphanumerics
+	// Trim leading and trailing non-alphanumerics
-    name = strings.Trim(name, "-.")
+	name = strings.Trim(name, "-.")
 
-    // Ensure it's not empty and doesn't exceed 253 characters
+	// Ensure it's not empty and doesn't exceed 253 characters
-    if len(name) == 0 {
+	if len(name) == 0 {
-        name = "default"
+		name = "default"
-    } else if len(name) > 253 {
+	} else if len(name) > 253 {
-        name = name[:253]
+		name = name[:253]
-    }
+	}
 
-    return name
+	return name
 }
 
-
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallzones,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallzones/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=unifi.engen.priv.no,resources=firewallzones/finalizers,verbs=update
@@ -81,11 +80,16 @@ func (r *FirewallZoneReconciler) Reconcile(ctx context.Context, req ctrl.Request
 	log := log.FromContext(ctx)
 
 	cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config")
-        if err != nil {
+	if err != nil {
-            return ctrl.Result{}, err
+		return ctrl.Result{}, err
-        }
+	}
 
-        defaultNs := cfg.Data["defaultNamespace"]
+	defaultNs := cfg.Data["defaultNamespace"]
+
+	err = r.UnifiClient.Reauthenticate()
+	if err != nil {
+		return ctrl.Result{}, err
+	}
 
 	var fwzCRDs unifiv1beta1.FirewallZoneList
 	_ = r.List(ctx, &fwzCRDs, client.InNamespace(defaultNs))
@@ -118,17 +122,17 @@ func (r *FirewallZoneReconciler) Reconcile(ctx context.Context, req ctrl.Request
 	for _, unifizone := range firewall_zones {
 		log.Info(fmt.Sprintf("%+v\n", unifizone))
 		if _, found := firewallZoneNamesCRDs[unifizone.Name]; !found {
-			zoneCRD := &unifiv1beta1.FirewallZone {
+			zoneCRD := &unifiv1beta1.FirewallZone{
-				ObjectMeta : ctrl.ObjectMeta {
+				ObjectMeta: ctrl.ObjectMeta{
-				   Name: toKubeName(unifizone.Name),
+					Name:      toKubeName(unifizone.Name),
-			  	   Namespace: defaultNs,
+					Namespace: defaultNs,
-			   	},
+				},
-				Spec: unifiv1beta1.FirewallZoneSpec {
+				Spec: unifiv1beta1.FirewallZoneSpec{
-					Name : unifizone.Name,
+					Name:        unifizone.Name,
-					ID : unifizone.ID,
+					ID:          unifizone.ID,
 					DefaultZone: unifizone.DefaultZone,
-					ZoneKey : unifizone.ZoneKey,
+					ZoneKey:     unifizone.ZoneKey,
-					NetworkIDs : unifizone.NetworkIDs,
+					NetworkIDs:  unifizone.NetworkIDs,
 				},
 			}
 			err := r.Create(ctx, zoneCRD)
@@ -136,22 +140,22 @@ func (r *FirewallZoneReconciler) Reconcile(ctx context.Context, req ctrl.Request
 				return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
 			}
 		} else {
-                    for _, zoneCRD := range fwzCRDs.Items {
+			for _, zoneCRD := range fwzCRDs.Items {
-			    if zoneCRD.Spec.Name == unifizone.Name {
+				if zoneCRD.Spec.Name == unifizone.Name {
-				    zoneCRD.Spec = unifiv1beta1.FirewallZoneSpec {
+					zoneCRD.Spec = unifiv1beta1.FirewallZoneSpec{
-                                        Name : unifizone.Name,
+						Name:        unifizone.Name,
-                                        ID : unifizone.ID,
+						ID:          unifizone.ID,
-                                        DefaultZone: unifizone.DefaultZone,
+						DefaultZone: unifizone.DefaultZone,
-                                        ZoneKey : unifizone.ZoneKey,
+						ZoneKey:     unifizone.ZoneKey,
-                                        NetworkIDs : unifizone.NetworkIDs,
+						NetworkIDs:  unifizone.NetworkIDs,
-                                    }
+					}
-	                            err := r.Update(ctx, &zoneCRD)
+					err := r.Update(ctx, &zoneCRD)
-                                    if err != nil {
+					if err != nil {
-                                          return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
+						return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
-                                    }
+					}
-		             }
+				}
-                   }
+			}
-	        }    
+		}
 	}
 
 	return ctrl.Result{RequeueAfter: 10 * time.Minute}, nil

internal/controller/networkconfiguration_controller.go

@@ -26,15 +26,15 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	unifiv1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
-	"github.com/vegardengen/unifi-network-operator/internal/unifi"
 	"github.com/vegardengen/unifi-network-operator/internal/config"
+	"github.com/vegardengen/unifi-network-operator/internal/unifi"
 )
 
 // NetworkconfigurationReconciler reconciles a Networkconfiguration object
 type NetworkconfigurationReconciler struct {
 	client.Client
-	Scheme      *runtime.Scheme
+	Scheme       *runtime.Scheme
-	UnifiClient *unifi.UnifiClient
+	UnifiClient  *unifi.UnifiClient
 	ConfigLoader *config.ConfigLoaderType
 }
 
@@ -55,17 +55,23 @@ type NetworkconfigurationReconciler struct {
 func (r *NetworkconfigurationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	log := log.FromContext(ctx)
 	cfg, err := r.ConfigLoader.GetConfig(ctx, "unifi-operator-config")
-        if err != nil {
+	if err != nil {
-            return ctrl.Result{}, err
+		return ctrl.Result{}, err
-        }
+	}
 
-        defaultNs := cfg.Data["defaultNamespace"]
+	defaultNs := cfg.Data["defaultNamespace"]
 	log.Info(defaultNs)
 
 	var networkCRDs unifiv1.NetworkconfigurationList
 	if err := r.List(ctx, &networkCRDs); err != nil {
 		return ctrl.Result{}, err
 	}
+
+	err = r.UnifiClient.Reauthenticate()
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
 	k8sNetworks := make(map[string]*unifiv1.Networkconfiguration)
 	for i := range networkCRDs.Items {
 		log.Info(fmt.Sprintf("Inserting network %s\n", networkCRDs.Items[i].Spec.NetworkID))

internal/unifi_network_operator_utils/unifi_network_operator_utils.go

@@ -0,0 +1,33 @@
+/* https://github.com/clbx/kube-port-forward-controller */
+
+package unifi_network_operator_utils
+
+import (
+	"regexp"
+	"strings"
+)
+
+func isIPv6(ip string) bool {
+	return strings.Contains(ip, ":")
+}
+
+func toKubeName(input string) string {
+	// Lowercase the input
+	name := strings.ToLower(input)
+
+	// Replace any non-alphanumeric characters with dashes
+	re := regexp.MustCompile(`[^a-z0-9\-\.]+`)
+	name = re.ReplaceAllString(name, "-")
+
+	// Trim leading and trailing non-alphanumerics
+	name = strings.Trim(name, "-.")
+
+	// Ensure it's not empty and doesn't exceed 253 characters
+	if len(name) == 0 {
+		name = "default"
+	} else if len(name) > 253 {
+		name = name[:253]
+	}
+
+	return name
+}