Merge branch 'main' into retryable_improvements

Makefile

@@ -157,7 +157,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v4.5.5
-CONTROLLER_TOOLS_VERSION ?= v0.15.0
+CONTROLLER_TOOLS_VERSION ?= v0.16.5
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.

api/v1/runtime_types.go

@@ -67,7 +67,6 @@ const (
 	ConditionTypeRuntimeKubeconfigReady   RuntimeConditionType = "KubeconfigReady"
 	ConditionTypeOidcConfigured           RuntimeConditionType = "OidcConfigured"
 	ConditionTypeRuntimeConfigured        RuntimeConditionType = "Configured"
-	ConditionTypeAuditLogConfigured       RuntimeConditionType = "AuditlogConfigured"
 	ConditionTypeRuntimeDeprovisioned     RuntimeConditionType = "Deprovisioned"
 )
 
@@ -98,12 +97,11 @@ const (
 	ConditionReasonSerializationError   = RuntimeConditionReason("SerializationErr")
 	ConditionReasonDeleted              = RuntimeConditionReason("Deleted")
 
-	ConditionReasonAdministratorsConfigured     = RuntimeConditionReason("AdministratorsConfigured")
-	ConditionReasonAuditLogConfigured           = RuntimeConditionReason("AuditLogConfigured")
-	ConditionReasonAuditLogError                = RuntimeConditionReason("AuditLogErr")
-	ConditionReasonAuditLogMissingRegionMapping = RuntimeConditionReason("AuditLogMissingRegionMappingErr")
-	ConditionReasonOidcConfigured               = RuntimeConditionReason("OidcConfigured")
-	ConditionReasonOidcError                    = RuntimeConditionReason("OidcConfigurationErr")
+	ConditionReasonAuditLogError = RuntimeConditionReason("AuditLogErr")
+
+	ConditionReasonAdministratorsConfigured = RuntimeConditionReason("AdministratorsConfigured")
+	ConditionReasonOidcConfigured           = RuntimeConditionReason("OidcConfigured")
+	ConditionReasonOidcError                = RuntimeConditionReason("OidcConfigurationErr")
 )
 
 //+kubebuilder:object:root=true

cmd/main.go

@@ -31,14 +31,14 @@ import (
 	"github.com/go-logr/logr"
 	validator "github.com/go-playground/validator/v10"
 	infrastructuremanagerv1 "github.com/kyma-project/infrastructure-manager/api/v1"
-	"github.com/kyma-project/infrastructure-manager/internal/auditlogging"
 	kubeconfig_controller "github.com/kyma-project/infrastructure-manager/internal/controller/kubeconfig"
 	"github.com/kyma-project/infrastructure-manager/internal/controller/metrics"
 	runtime_controller "github.com/kyma-project/infrastructure-manager/internal/controller/runtime"
 	"github.com/kyma-project/infrastructure-manager/internal/controller/runtime/fsm"
 	"github.com/kyma-project/infrastructure-manager/pkg/config"
 	"github.com/kyma-project/infrastructure-manager/pkg/gardener"
 	"github.com/kyma-project/infrastructure-manager/pkg/gardener/kubeconfig"
+	"github.com/kyma-project/infrastructure-manager/pkg/gardener/shoot/extender/auditlogs"
 	"github.com/pkg/errors"
 	rbacv1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -181,9 +181,9 @@ func main() {
 		os.Exit(1)
 	}
 
-	err = validateAuditLogConfiguration(config.ConverterConfig.AuditLog.TenantConfigPath)
+	auditLogDataMap, err := loadAuditLogDataMap(config.ConverterConfig.AuditLog.TenantConfigPath)
 	if err != nil {
-		setupLog.Error(err, "invalid Audit Log configuration")
+		setupLog.Error(err, "invalid audit log tenant configuration")
 		os.Exit(1)
 	}
 
@@ -195,7 +195,7 @@ func main() {
 		Config:                      config,
 		AuditLogMandatory:           auditLogMandatory,
 		Metrics:                     metrics,
-		AuditLogging:                auditlogging.NewAuditLogging(config.ConverterConfig.AuditLog.TenantConfigPath, config.ConverterConfig.AuditLog.PolicyConfigMapName, gardenerClient),
+		AuditLogging:                auditLogDataMap,
 	}
 	if shootSpecDumpEnabled {
 		cfg.PVCPath = "/testdata/kim"
@@ -266,49 +266,27 @@ func initGardenerClients(kubeconfigPath string, namespace string) (client.Client
 	return gardenerClient, shootClient, dynamicKubeconfigAPI, nil
 }
 
-func validateAuditLogConfiguration(tenantConfigPath string) error {
-	getReaderCloser := func() (io.ReadCloser, error) {
-		return os.Open(tenantConfigPath)
-	}
-
-	f, err := getReaderCloser()
-
-	defer func(f io.ReadCloser) {
-		_ = f.Close()
-	}(f)
-
+func loadAuditLogDataMap(p string) (auditlogs.Configuration, error) {
+	file, err := os.Open(p)
 	if err != nil {
-		setupLog.Error(err, "unable to open Audit Log configuration file")
-		return err
-	}
-
-	var auditLogConfig map[string]map[string]auditlogging.AuditLogData
-
-	if err = json.NewDecoder(f).Decode(&auditLogConfig); err != nil {
-		setupLog.Error(err, "unable to decode Audit Log configuration")
-		return err
+		return nil, err
 	}
 
-	if err = validateAuditLogDataMap(auditLogConfig); err != nil {
-		setupLog.Error(err, "invalid audit log configuration")
-		return err
+	var data auditlogs.Configuration
+	if err := json.NewDecoder(file).Decode(&data); err != nil {
+		return nil, err
 	}
-
-	return err
-}
-
-func validateAuditLogDataMap(data map[string]map[string]auditlogging.AuditLogData) error {
 	validate := validator.New(validator.WithRequiredStructEnabled())
 
 	for _, nestedMap := range data {
 		for _, auditLogData := range nestedMap {
 			if err := validate.Struct(auditLogData); err != nil {
-				return err
+				return nil, err
 			}
 		}
 	}
 
-	return nil
+	return data, nil
 }
 
 func refreshRuntimeMetrics(restConfig *rest.Config, logger logr.Logger, metrics metrics.Metrics) {

config/crd/bases/infrastructuremanager.kyma-project.io_gardenerclusters.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.4
+    controller-gen.kubebuilder.io/version: v0.16.5
   name: gardenerclusters.infrastructuremanager.kyma-project.io
 spec:
   group: infrastructuremanager.kyma-project.io

config/crd/bases/infrastructuremanager.kyma-project.io_runtimes.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.4
+    controller-gen.kubebuilder.io/version: v0.16.5
   name: runtimes.infrastructuremanager.kyma-project.io
 spec:
   group: infrastructuremanager.kyma-project.io

go.mod

@@ -3,7 +3,8 @@ module github.com/kyma-project/infrastructure-manager
 go 1.23.1
 
 require (
-	github.com/gardener/gardener v1.105.0
+	github.com/Masterminds/semver/v3 v3.3.0
+	github.com/gardener/gardener v1.106.1
 	github.com/gardener/gardener-extension-provider-aws v1.57.1
 	github.com/gardener/gardener-extension-provider-gcp v1.39.0
 	github.com/gardener/gardener-extension-provider-openstack v1.42.1
@@ -15,23 +16,22 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.20.5
 	github.com/stretchr/testify v1.9.0
-	k8s.io/api v0.30.3
-	k8s.io/apimachinery v0.30.3
-	k8s.io/client-go v0.30.3
+	k8s.io/api v0.31.2
+	k8s.io/apimachinery v0.31.2
+	k8s.io/client-go v0.31.2
 	k8s.io/utils v0.0.0-20240921022957-49e7df575cb6
-	sigs.k8s.io/controller-runtime v0.18.4
+	sigs.k8s.io/controller-runtime v0.19.1
 	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
-	github.com/Masterminds/semver/v3 v3.3.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
-	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.3 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
@@ -60,31 +60,33 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.59.1 // indirect
+	github.com/prometheus/common v0.60.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.28.0 // indirect
-	golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect
+	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
 	golang.org/x/net v0.30.0 // indirect
-	golang.org/x/oauth2 v0.22.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
 	golang.org/x/sys v0.26.0 // indirect
 	golang.org/x/term v0.25.0 // indirect
 	golang.org/x/text v0.19.0 // indirect
-	golang.org/x/time v0.6.0 // indirect
-	golang.org/x/tools v0.25.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
+	golang.org/x/tools v0.26.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.30.1 // indirect
-	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/apiextensions-apiserver v0.31.1 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect