csi-addons · mergify · Jul 26, 2024 · Jul 23, 2024 · Jul 23, 2024 · Jul 23, 2024
diff --git a/.github/workflows/test-golang.yaml b/.github/workflows/test-golang.yaml
@@ -24,7 +24,7 @@ jobs:
         # action @v1.3.0 can install protoc 3.19, @v2 installs protoc v21.0+
         uses: arduino/[email protected]
         with:
-          version: "3.19.6"
+          version: "3.20.2"
 
       - name: Run "make test"
         run: make test

diff --git a/PROJECT b/PROJECT
@@ -87,4 +87,22 @@ resources:
   kind: VolumeGroupReplicationContent
   path: github.com/csi-addons/kubernetes-csi-addons/api/replication.storage/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: openshift.io
+  group: csiaddons
+  kind: EncryptionKeyRotationJob
+  path: github.com/csi-addons/kubernetes-csi-addons/api/csiaddons/v1alpha1
+  version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: openshift.io
+  group: csiaddons
+  kind: EncryptionKeyRotationCronJob
+  path: github.com/csi-addons/kubernetes-csi-addons/api/csiaddons/v1alpha1
+  version: v1alpha1
 version: "3"
diff --git a/api/csiaddons/v1alpha1/encryptionkeyrotationcronjob_types.go b/api/csiaddons/v1alpha1/encryptionkeyrotationcronjob_types.go
@@ -0,0 +1,128 @@
+/*
+Copyright 2024 The Kubernetes-CSI-Addons Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EncryptionKeyRotationJobTemplateSpec describes the data a Job should have when created from a template
+type EncryptionKeyRotationJobTemplateSpec struct {
+	// Standard object's metadata of the jobs created from this template.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Specification of the desired behavior of the job.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+	// +kubebuilder:validation:Required
+	Spec EncryptionKeyRotationJobSpec `json:"spec,omitempty"`
+}
+
+// EncryptionKeyRotationCronJobSpec defines the desired state of EncryptionKeyRotationCronJob
+type EncryptionKeyRotationCronJobSpec struct {
+	// The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Pattern:=.+
+	Schedule string `json:"schedule"`
+
+	// Optional deadline in seconds for starting the job if it misses scheduled
+	// time for any reason.  Missed jobs executions will be counted as failed ones.
+	// +kubebuilder:validation:Optional
+	StartingDeadlineSeconds *int64 `json:"startingDeadlineSeconds,omitempty"`
+
+	// Specifies how to treat concurrent executions of a Job.
+	// Valid values are:
+	// - "Forbid" (default): forbids concurrent runs, skipping next run if
+	//   previous run hasn't finished yet;
+	// - "Replace": cancels currently running job and replaces it
+	//   with a new one
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:Enum=Forbid;Replace
+	// +kubebuilder:default:=Forbid
+	ConcurrencyPolicy ConcurrencyPolicy `json:"concurrencyPolicy,omitempty"`
+
+	// This flag tells the controller to suspend subsequent executions, it does
+	// not apply to already started executions.  Defaults to false.
+	// +kubebuilder:validation:Optional
+	Suspend *bool `json:"suspend,omitempty"`
+
+	// Specifies the job that will be created when executing a CronJob.
+	// +kubebuilder:validation:Required
+	JobSpec EncryptionKeyRotationJobTemplateSpec `json:"jobTemplate"`
+
+	// The number of successful finished jobs to retain. Value must be non-negative integer.
+	// Defaults to 3.
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:Maximum=60
+	// +kubebuilder:validation:Minimum=0
+	// +kubebuilder:default:=3
+	SuccessfulJobsHistoryLimit *int32 `json:"successfulJobsHistoryLimit,omitempty"`
+
+	// The number of failed finished jobs to retain. Value must be non-negative integer.
+	// Defaults to 1.
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:Maximum=60
+	// +kubebuilder:validation:Minimum=0
+	// +kubebuilder:default:=1
+	FailedJobsHistoryLimit *int32 `json:"failedJobsHistoryLimit,omitempty"`
+}
+
+// EncryptionKeyRotationCronJobStatus defines the observed state of EncryptionKeyRotationCronJob
+type EncryptionKeyRotationCronJobStatus struct {
+	// A pointer to currently running job.
+	Active *v1.ObjectReference `json:"active,omitempty"`
+
+	// Information when was the last time the job was successfully scheduled.
+	LastScheduleTime *metav1.Time `json:"lastScheduleTime,omitempty"`
+
+	// Information when was the last time the job successfully completed.
+	LastSuccessfulTime *metav1.Time `json:"lastSuccessfulTime,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:JSONPath=".spec.schedule",name=Schedule,type=string
+// +kubebuilder:printcolumn:JSONPath=".spec.suspend",name=Suspend,type=boolean
+// +kubebuilder:printcolumn:JSONPath=".status.active.name",name=Active,type=string
+// +kubebuilder:printcolumn:JSONPath=".status.lastScheduleTime",name=Lastschedule,type=date
+// +kubebuilder:printcolumn:JSONPath=".status.lastSuccessfulTime",name=Lastsuccessfultime,type=date,priority=1
+// +kubebuilder:printcolumn:JSONPath=".metadata.creationTimestamp",name=Age,type=date
+
+// EncryptionKeyRotationCronJob is the Schema for the encryptionkeyrotationcronjobs API
+type EncryptionKeyRotationCronJob struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	//+kubebuilder:validation:Required
+	Spec EncryptionKeyRotationCronJobSpec `json:"spec,omitempty"`
+
+	Status EncryptionKeyRotationCronJobStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// EncryptionKeyRotationCronJobList contains a list of EncryptionKeyRotationCronJob
+type EncryptionKeyRotationCronJobList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []EncryptionKeyRotationCronJob `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&EncryptionKeyRotationCronJob{}, &EncryptionKeyRotationCronJobList{})
+}
diff --git a/api/csiaddons/v1alpha1/encryptionkeyrotationjob_types.go b/api/csiaddons/v1alpha1/encryptionkeyrotationjob_types.go
@@ -0,0 +1,103 @@
+/*
+Copyright 2024 The Kubernetes-CSI-Addons Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EncryptionKeyRotationJobSpec defines the desired state of EncryptionKeyRotationJob
+type EncryptionKeyRotationJobSpec struct {
+	// Target represents tvolume target on which operation will be
+	// performed.
+	// +kubebuilder:validation:Required
+	Target TargetSpec `json:"target"`
+
+	// BackOffLimit specifies the number of retries allowed before marking reclaim
+	// space operation as failed. If not specified, defaults to 6. Maximum allowed
+	// value is 60 and minimum allowed value is 0.
+	// +optional
+	// +kubebuilder:validation:Maximum=60
+	// +kubebuilder:validation:Minimum=0
+	// +kubebuilder:default:=6
+	BackoffLimit int32 `json:"backOffLimit"`
+
+	// RetryDeadlineSeconds specifies the duration in seconds relative to the
+	// start time that the operation may be retried; value MUST be positive integer.
+	// If not specified, defaults to 600 seconds. Maximum allowed
+	// value is 1800.
+	// +optional
+	// +kubebuilder:validation:Maximum=1800
+	// +kubebuilder:validation:Minimum=0
+	// +kubebuilder:default:=600
+	RetryDeadlineSeconds int64 `json:"retryDeadlineSeconds"`
+
+	// Timeout specifies the timeout in seconds for the grpc request sent to the
+	// CSI driver.
+	// Minimum allowed value is 60.
+	// +optional
+	// +kubebuilder:validation:Minimum=60
+	Timeout *int64 `json:"timeout,omitempty"`
+}
+
+// EncryptionKeyRotationJobStatus defines the observed state of EncryptionKeyRotationJob
+type EncryptionKeyRotationJobStatus struct {
+	// Result indicates the result of EncryptionKeyRotationJob.
+	Result OperationResult `json:"result,omitempty"`
+
+	// Message contains any message from the EncryptionKeyRotationJob.
+	Message string `json:"message,omitempty"`
+
+	// Conditions are the list of conditions and their status.
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+
+	// Retries indicates the number of times the operation is retried.
+	Retries        int32        `json:"retries,omitempty"`
+	StartTime      *metav1.Time `json:"startTime,omitempty"`
+	CompletionTime *metav1.Time `json:"completionTime,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:JSONPath=".metadata.namespace",name=Namespace,type=string
+// +kubebuilder:printcolumn:JSONPath=".metadata.creationTimestamp",name=Age,type=date
+// +kubebuilder:printcolumn:JSONPath=".status.retries",name=Retries,type=integer
+// +kubebuilder:printcolumn:JSONPath=".status.result",name=Result,type=string
+
+// EncryptionKeyRotationJob is the Schema for the encryptionkeyrotationjobs API
+type EncryptionKeyRotationJob struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// +kubebuilder:validation:Required
+	Spec EncryptionKeyRotationJobSpec `json:"spec,omitempty"`
+
+	Status EncryptionKeyRotationJobStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// EncryptionKeyRotationJobList contains a list of EncryptionKeyRotationJob
+type EncryptionKeyRotationJobList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []EncryptionKeyRotationJob `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&EncryptionKeyRotationJob{}, &EncryptionKeyRotationJobList{})
+}