Crd-redesign

.vscode/settings.json

@@ -4,10 +4,11 @@
         "https://json.schemastore.org/composer": "compose.yaml",
         "kubernetes": [
             "manifests/*.yaml",
-            "config/**/*.yaml"
-        ],  
+            "config/crd/bases/*.yaml"
+        ],
         ".vscode/schemas/audit-event-schema.json": [
             "**/audit-events/*.yaml"
-        ]
+        ],
+        "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.32.1-standalone-strict/all.json": "file:///workspaces/gitops-reverser2/config/crd/bases/configbutler.ai_clusterwatchrules.yaml"
     }
 }

PROJECT

@@ -11,23 +11,18 @@ repo: github.com/ConfigButler/gitops-reverser
 resources:
 - api:
     crdVersion: v1
+    namespaced: true
   controller: true
   domain: configbutler.ai
-  group: configbutler.ai
-  kind: GitRepoConfig
+  kind: GitProvider
   path: github.com/ConfigButler/gitops-reverser/api/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
     namespaced: true
   controller: true
   domain: configbutler.ai
-  group: configbutler.ai
-  kind: WatchRule
+  kind: GitTarget
   path: github.com/ConfigButler/gitops-reverser/api/v1alpha1
   version: v1alpha1
-  webhooks:
-    defaulting: true
-    validation: true
-    webhookVersion: v1
 version: "3"

README.md

@@ -74,19 +74,19 @@ See [`docs/GITHUB_SETUP_GUIDE.md`](docs/GITHUB_SETUP_GUIDE.md) for detailed setu
 
 **3. Configure what to reconcile:**
 
-Reconciliation sources and targets are configured by three types of custom resources (shown in blue). Create these to start reconciling ConfigMaps:
+Reconciliation sources and targets are configured by three types of custom resources. Create these to start reconciling ConfigMaps:
 
 ![](docs/images/config-basics.excalidraw.svg)
 
 ```bash
 # NOTE: Edit the line with YOUR_USERNAME to match your repository
 cat <<EOF | kubectl apply -f -
 apiVersion: configbutler.ai/v1alpha1
-kind: GitRepoConfig
+kind: GitProvider
 metadata:
   name: your-repo
 spec:
-  repoUrl: "git@github.com:YOUR_USERNAME/my-k8s-audit.git"
+  url: "git@github.com:YOUR_USERNAME/my-k8s-audit.git"
   allowedBranches: ["*"]
   secretRef:
     name: git-creds
@@ -96,16 +96,16 @@ spec:
 EOF
 ```
 
-Check the status to see if it's able to connect: `kubectl get `
+Check the status to see if it's able to connect: `kubectl get gitprovider your-repo`
 
 ```bash
 cat <<EOF | kubectl apply -f -
 apiVersion: configbutler.ai/v1alpha1
-kind: GitDestination
+kind: GitTarget
 metadata:
   name: to-folder-live-cluster
 spec:
-  repoRef:
+  providerRef:
     name: your-repo
   branch: test-gitops-reverser
   baseFolder: live-cluster
@@ -115,7 +115,7 @@ kind: WatchRule
 metadata:
   name: only-configmaps
 spec:
-  destinationRef:
+  targetRef:
     name: to-folder-live-cluster
   rules:
     - operations: [CREATE, UPDATE, DELETE]

TODO.md

@@ -16,7 +16,6 @@ New questions:
 * If the AccessPolicy is adjusted on the GitRepoConfig, are the existing watchrules also re-evaluated (if they can send in events).
 * Is there to much code duplication between clusterwatchrule and watchrule?
 * Add a default business rule that Config resources are not written to disk: these should never be in git. Have an example on the frontpage on how to use sealedSecrets for now: that's a nice start and will just make sure that it's safe (perhaps something better later). We could add an exception as a commandline flag: people that want to do bad should not be blocked in doing so. :-)
-* Check if we are still in line witht the [Kubebuilder stuff](https://book.kubebuilder.io/architecture), I noticed that my PROJECT file does not seem up2date. Should it be gone at some point in time?
 * Improve README.m
   * Better explaination of configuration of this tool: one GitRepoConfig per repo, security considerations (namespace or non namespace etc), storeRawConfigmaps (default false).
 * There is no time in the admission request: we should add the time received as soon as possible and also put that as commit time (if we can override that).

api/v1alpha1/clusterwatchrule_types.go

@@ -34,16 +34,30 @@ const (
 	ResourceScopeNamespaced ResourceScope = "Namespaced"
 )
 
+type NamespacedTargetReference struct {
+	// API Group of the referent.
+	// Kind of the referrer.
+	// +kubebuilder:validation:Enum=configbutler.ai
+	// +kubebuilder:default=configbutler.ai
+	Group string `json:"group,omitempty"`
+
+	// Kind of the referrer.
+	// +kubebuilder:validation:Enum=GitTarget
+	// +kubebuilder:default=GitTarget
+	Kind string `json:"kind"`
+	Name string `json:"name"`
+
+	// Required because ClusterWatchRule has no namespace.
+	// +required
+	Namespace string `json:"namespace"`
+}
+
 // ClusterWatchRuleSpec defines the desired state of ClusterWatchRule.
 type ClusterWatchRuleSpec struct {
-
-	// DestinationRef references a GitDestination that encapsulates repo+branch+baseFolder.
-	// When set, DestinationRef takes precedence over GitRepoConfigRef.
-	// Namespace must be specified for cluster-scoped rules.
-	// Pointer is used so that omitempty truly omits the field when unset to avoid
-	// API validation on zero-value structs.
-	// +optional
-	DestinationRef *NamespacedName `json:"destinationRef,omitempty"`
+	// TargetRef references the GitTarget to use.
+	// Must specify namespace.
+	// +required
+	TargetRef NamespacedTargetReference `json:"targetRef"`
 
 	// Rules define which resources to watch.
 	// Multiple rules create a logical OR - a resource matching ANY rule is watched.

api/v1alpha1/gitprovider_types.go

@@ -0,0 +1,109 @@
+/*
+SPDX-License-Identifier: Apache-2.0
+
+Copyright 2025 ConfigButler
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// GitProviderSpec defines the desired state of GitProvider.
+type GitProviderSpec struct {
+	// URL of the repository (HTTP/SSH)
+	URL string `json:"url"`
+
+	// SecretRef for authentication credentials (may be nil for public repos)
+	SecretRef *LocalSecretReference `json:"secretRef,omitempty"`
+
+	// AllowedBranches restricts which branches can be written to.
+	// +required
+	AllowedBranches []string `json:"allowedBranches"`
+
+	// Push defines the strategy for pushing commits (batching).
+	// +optional
+	Push *PushStrategy `json:"push,omitempty"`
+}
+
+// LocalSecretReference is a typed reference to a Secret in the same namespace.
+type LocalSecretReference struct {
+	// Group of the referent.
+	// +kubebuilder:default=""
+	// +optional
+	Group string `json:"group,omitempty"`
+
+	// Kind of the referent.
+	// +kubebuilder:validation:Enum=Secret
+	// +kubebuilder:default=Secret
+	// +optional
+	Kind string `json:"kind,omitempty"`
+
+	// Name of the Secret.
+	// +kubebuilder:validation:MinLength=1
+	Name string `json:"name"`
+}
+
+// GitProviderStatus defines the observed state of GitProvider.
+type GitProviderStatus struct {
+	// conditions represent the current state of the GitProvider resource.
+	// Each condition has a unique type and reflects the status of a specific aspect of the resource.
+	//
+	// Standard condition types include:
+	// - "Available": the resource is fully functional
+	// - "Progressing": the resource is being created or updated
+	// - "Degraded": the resource failed to reach or maintain its desired state
+	//
+	// The status of each condition is one of True, False, or Unknown.
+	// +listType=map
+	// +listMapKey=type
+	// +optional
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// GitProvider is the Schema for the gitproviders API.
+type GitProvider struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// metadata is a standard object metadata
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty,omitzero"`
+
+	// spec defines the desired state of GitProvider
+	// +required
+	Spec GitProviderSpec `json:"spec"`
+
+	// status defines the observed state of GitProvider
+	// +optional
+	Status GitProviderStatus `json:"status,omitempty,omitzero"`
+}
+
+// +kubebuilder:object:root=true
+
+// GitProviderList contains a list of GitProvider.
+type GitProviderList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []GitProvider `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&GitProvider{}, &GitProviderList{})
+}