Add NamespaceManagement reconciliation

.gitignore

@@ -7,6 +7,7 @@
 *.dylib
 /bin
 testbin/*
+*.bak
 
 # Test binary, build with `go test -c`
 *.test

PROJECT

@@ -1,3 +1,7 @@
+# Code generated by tool. DO NOT EDIT.
+# This file is used to track the info used to scaffold your project
+# and allow the plugins properly work.
+# More info: https://book.kubebuilder.io/reference/project-config.html
 layout:
 - go.kubebuilder.io/v4
 plugins:
@@ -32,4 +36,11 @@ resources:
   webhooks:
     conversion: true
     webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  group: argoproj.io
+  kind: NamespaceManagement
+  path: github.com/argoproj-labs/argocd-operator/api/v1beta1
+  version: v1beta1
 version: "3"

api/v1alpha1/argocd_conversion.go

@@ -99,6 +99,7 @@ func (src *ArgoCD) ConvertTo(dstRaw conversion.Hub) error {
 	dst.Spec.Banner = (*v1beta1.Banner)(src.Spec.Banner)
 	dst.Spec.DefaultClusterScopedRoleDisabled = src.Spec.DefaultClusterScopedRoleDisabled
 	dst.Spec.AggregatedClusterRoles = src.Spec.AggregatedClusterRoles
+	dst.Spec.NamespaceManagement = ConvertAlphaToBetaNamespaceManagement(src.Spec.NamespaceManagement)
 
 	// Status conversion
 	dst.Status = v1beta1.ArgoCDStatus(src.Status)
@@ -172,6 +173,7 @@ func (dst *ArgoCD) ConvertFrom(srcRaw conversion.Hub) error {
 	dst.Spec.Banner = (*Banner)(src.Spec.Banner)
 	dst.Spec.DefaultClusterScopedRoleDisabled = src.Spec.DefaultClusterScopedRoleDisabled
 	dst.Spec.AggregatedClusterRoles = src.Spec.AggregatedClusterRoles
+	dst.Spec.NamespaceManagement = ConvertBetaToAlphaNamespaceManagement(src.Spec.NamespaceManagement)
 
 	// Status conversion
 	dst.Status = ArgoCDStatus(src.Status)
@@ -707,3 +709,26 @@ func ConvertBetaToAlphaRepo(src *v1beta1.ArgoCDRepoSpec) *ArgoCDRepoSpec {
 	}
 	return dst
 }
+
+func ConvertBetaToAlphaNamespaceManagement(src []v1beta1.ManagedNamespaces) []ManagedNamespaces {
+	var dst []ManagedNamespaces
+	for _, s := range src {
+		dst = append(dst, ManagedNamespaces{
+			Name:           s.Name,
+			AllowManagedBy: s.AllowManagedBy,
+		})
+	}
+	return dst
+}
+
+func ConvertAlphaToBetaNamespaceManagement(src []ManagedNamespaces) []v1beta1.ManagedNamespaces {
+	var dst []v1beta1.ManagedNamespaces
+	for _, s := range src {
+		dst = append(dst, v1beta1.ManagedNamespaces{
+			Name:           s.Name,
+			AllowManagedBy: s.AllowManagedBy,
+		},
+		)
+	}
+	return dst
+}

api/v1alpha1/argocd_conversion_test.go

@@ -327,6 +327,12 @@ func TestAlphaToBetaConversion(t *testing.T) {
 						Kind:  "Deployment",
 					},
 				}
+				cr.Spec.NamespaceManagement = []ManagedNamespaces{
+					{
+						Name:           "test-nm-namespace",
+						AllowManagedBy: true,
+					},
+				}
 			}),
 			expectedOutput: makeTestArgoCDBeta(func(cr *v1beta1.ArgoCD) {
 				cr.Spec.ResourceIgnoreDifferences = &v1beta1.ResourceIgnoreDifference{
@@ -374,6 +380,12 @@ func TestAlphaToBetaConversion(t *testing.T) {
 						Kind:  "Deployment",
 					},
 				}
+				cr.Spec.NamespaceManagement = []v1beta1.ManagedNamespaces{
+					{
+						Name:           "test-nm-namespace",
+						AllowManagedBy: true,
+					},
+				}
 			}),
 		},
 		{

api/v1alpha1/argocd_types.go

@@ -849,6 +849,18 @@ type ArgoCDSpec struct {
 
 	// AggregatedClusterRoles will allow users to have aggregated ClusterRoles for a cluster scoped instance.
 	AggregatedClusterRoles bool `json:"aggregatedClusterRoles,omitempty"`
+
+	// NamespaceManagement defines the list of namespaces that Argo CD is allowed to manage.
+	NamespaceManagement []ManagedNamespaces `json:"namespaceManagement,omitempty"`
+}
+
+// NamespaceManagement defines the namespace management settings
+type ManagedNamespaces struct {
+	// Name of the namespace or pattern to be managed
+	Name string `json:"name"`
+
+	// Whether the namespace can be managed by ArgoCD
+	AllowManagedBy bool `json:"allowManagedBy"`
 }
 
 const (

api/v1beta1/argocd_types.go

@@ -954,6 +954,18 @@ type ArgoCDSpec struct {
 
 	// AggregatedClusterRoles will allow users to have aggregated ClusterRoles for a cluster scoped instance.
 	AggregatedClusterRoles bool `json:"aggregatedClusterRoles,omitempty"`
+
+	// NamespaceManagement defines the list of namespaces that Argo CD is allowed to manage.
+	NamespaceManagement []ManagedNamespaces `json:"namespaceManagement,omitempty"`
+}
+
+// NamespaceManagement defines the namespace management settings
+type ManagedNamespaces struct {
+	// Name of the namespace or pattern to be managed
+	Name string `json:"name"`
+
+	// Whether the namespace can be managed by ArgoCD
+	AllowManagedBy bool `json:"allowManagedBy"`
 }
 
 const (

api/v1beta1/namespacemanagement_types.go

@@ -0,0 +1,60 @@
+/*
+Copyright 2021.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// NamespaceManagementSpec defines the desired state of NamespaceManagement
+type NamespaceManagementSpec struct {
+	ManagedBy string `json:"managedBy"`
+}
+
+// NamespaceManagementStatus defines the observed state of NamespaceManagement
+type NamespaceManagementStatus struct {
+	// Conditions is an array of the NamespaceManagement's status conditions
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// NamespaceManagement is the Schema for the namespacemanagements API
+type NamespaceManagement struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   NamespaceManagementSpec   `json:"spec,omitempty"`
+	Status NamespaceManagementStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// NamespaceManagementList contains a list of NamespaceManagement
+type NamespaceManagementList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []NamespaceManagement `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&NamespaceManagement{}, &NamespaceManagementList{})
+}

bundle/manifests/argocd-operator-namespacemanagement-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: argocd-operator-namespacemanagement-editor-role
+rules:
+- apiGroups:
+  - argoproj.io
+  resources:
+  - namespacemanagements
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - argoproj.io
+  resources:
+  - namespacemanagements/status
+  verbs:
+  - get