Merge pull request #432 from redhatrises/more_fixes

fix: various scaffolding fixes

Makefile

@@ -259,7 +259,7 @@ endif
 
 .PHONY: bundle
 bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
-	$(OPERATOR_SDK) generate kustomize manifests --interactive=false -q
+	$(OPERATOR_SDK) generate kustomize manifests --interactive=false -q --apis-dir api
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
 	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS)
 	$(OPERATOR_SDK) bundle validate ./bundle
@@ -281,7 +281,7 @@ ifeq (,$(shell which opm 2>/dev/null))
 	set -e ;\
 	mkdir -p $(dir $(OPM)) ;\
 	OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \
-	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$${OS}-$${ARCH}-opm ;\
+	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.29.0/$${OS}-$${ARCH}-opm ;\
 	chmod +x $(OPM) ;\
 	}
 else

PROJECT

@@ -4,9 +4,9 @@
 # More info: https://book.kubebuilder.io/reference/project-config.html
 componentConfig: true
 domain: crowdstrike.com
-layout:
-- go.kubebuilder.io/v3
 multigroup: true
+layout:
+- go.kubebuilder.io/v4-alpha
 plugins:
   manifests.sdk.operatorframework.io/v2: {}
   scorecard.sdk.operatorframework.io/v2: {}
@@ -35,6 +35,7 @@ resources:
     namespaced: true
   controller: true
   domain: crowdstrike.com
+  group: falcon
   kind: FalconAdmission
   path: github.com/crowdstrike/falcon-operator/api/falcon/v1alpha1
   version: v1alpha1

api/falcon/v1alpha1/falcon.go

@@ -7,29 +7,36 @@ type FalconSensor struct {
 	// +kubebuilder:validation:Pattern:="^[0-9a-fA-F]{32}-[0-9a-fA-F]{2}$"
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Customer ID (CID)",order=1
 	CID *string `json:"cid,omitempty"`
+
 	// Disable the Falcon Sensor's use of a proxy.
 	// +kubebuilder:default:=false
-	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Disable Falcon Proxy",order=3
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Disable Falcon Proxy",order=3,xDescriptors="urn:alm:descriptor:com.tectonic.ui:booleanSwitch"
 	APD *bool `json:"apd,omitempty"`
+
 	// The application proxy host to use for Falcon sensor proxy configuration.
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Disable Falcon Proxy Host",order=4
 	APH string `json:"aph,omitempty"`
+
 	// The application proxy port to use for Falcon sensor proxy configuration.
 	// +kubebuilder:validation:Minimum:=0
 	// +kubebuilder:validation:Maximum:=65535
-	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Proxy Port",order=5
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Proxy Port",order=5,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:number"}
 	APP *int `json:"app,omitempty"`
+
 	// Utilize default or Pay-As-You-Go billing.
 	// +kubebuilder:validation:Enum:=default;metered
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Billing",order=8
 	Billing string `json:"billing,omitempty"`
+
 	// Installation token that prevents unauthorized hosts from being accidentally or maliciously added to your customer ID (CID).
 	// +kubebuilder:validation:Pattern:="^[0-9a-fA-F]{8}$"
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Provisioning Token",order=2
 	PToken string `json:"provisioning_token,omitempty"`
+
 	// Sensor grouping tags are optional, user-defined identifiers that can used to group and filter hosts. Allowed characters: all alphanumerics, '/', '-', and '_'.
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Sensor Grouping Tags",order=6
 	Tags []string `json:"tags,omitempty"`
+
 	// Set sensor trace level.
 	// +kubebuilder:validation:Enum:=none;err;warn;info;debug
 	// +kubebuilder:default:=none

api/falcon/v1alpha1/falcon_api.go

@@ -15,12 +15,15 @@ type FalconAPI struct {
 	// +kubebuilder:validation:Enum=autodiscover;us-1;us-2;eu-1;us-gov-1
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="CrowdStrike Falcon Cloud Region",order=3
 	CloudRegion string `json:"cloud_region"`
+
 	// Falcon OAuth2 API Client ID
-	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Client ID",order=1
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Client ID",order=1,xDescriptors="urn:alm:descriptor:com.tectonic.ui:password"
 	ClientId string `json:"client_id"`
+
 	// Falcon OAuth2 API Client Secret
-	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Client Secret",order=2
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Client Secret",order=2,xDescriptors="urn:alm:descriptor:com.tectonic.ui:password"
 	ClientSecret string `json:"client_secret"`
+
 	// Falcon Customer ID (CID) Override (optional, default is derived from the API Key pair)
 	// +kubebuilder:validation:Pattern="^[0-9a-fA-F]{32}-[0-9a-fA-F]{2}$"
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Customer ID (CID)",order=4
@@ -30,13 +33,15 @@ type FalconAPI struct {
 // RegistryTLSSpec configures TLS for registry pushing
 type RegistryTLSSpec struct {
 	// Allow pushing to docker registries over HTTPS with failed TLS verification. Note that this does not affect other TLS connections.
-	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Skip Registry TLS Verification",order=1
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Skip Registry TLS Verification",order=1,xDescriptors="urn:alm:descriptor:com.tectonic.ui:booleanSwitch"
 	InsecureSkipVerify bool `json:"insecure_skip_verify,omitempty"`
+
 	// Allow for users to provide a CA Cert Bundle, as either a string or base64 encoded string
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Registry CA Certificate Bundle; optionally (double) base64 encoded",order=2
 	CACertificate string `json:"caCertificate,omitempty"`
+
 	// Allow for users to provide a ConfigMap containing a CA Cert Bundle under a key ending in .crt
-	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="ConfigMap containing Registry CA Certificate Bundle",order=3
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="ConfigMap containing Registry CA Certificate Bundle",order=3,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap"}
 	CACertificateConfigMap string `json:"caCertificateConfigMap,omitempty"`
 }
 
@@ -57,13 +62,17 @@ const (
 
 // RegistrySpec configures container image registry to which the Falcon Container image will be pushed
 type RegistrySpec struct {
-	// Type of the registry to be used
+	// Type of container registry to be used
 	// +kubebuilder:validation:Enum=acr;ecr;gcr;crowdstrike;openshift
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Registry Type",order=1
 	Type RegistryTypeSpec `json:"type"`
 
 	// TLS configures TLS connection for push of Falcon Container image to the registry
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Registry TLS Configuration",order=2
 	TLS RegistryTLSSpec `json:"tls,omitempty"`
+
 	// Azure Container Registry Name represents the name of the ACR for the Falcon Container push. Only applicable to Azure cloud.
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Azure Container Registry Name",order=3
 	AcrName *string `json:"acr_name,omitempty"`
 }
 

config/crd/bases/falcon.crowdstrike.com_falconcontainers.yaml

@@ -1899,7 +1899,7 @@ spec:
                         type: boolean
                     type: object
                   type:
-                    description: Type of the registry to be used
+                    description: Type of container registry to be used
                     enum:
                     - acr
                     - ecr

config/crd/patches/cainjection_in_falconadmissions.yaml

@@ -4,4 +4,4 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
-  name: falconadmissions.crowdstrike.com
+  name: falconadmissions.falcon.crowdstrike.com

config/crd/patches/webhook_in_falconadmissions.yaml

@@ -2,7 +2,7 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
-  name: falconadmissions.crowdstrike.com
+  name: falconadmissions.falcon.crowdstrike.com
 spec:
   conversion:
     strategy: Webhook

deploy/falcon-operator.yaml

@@ -1962,7 +1962,7 @@ spec:
                         type: boolean
                     type: object
                   type:
-                    description: Type of the registry to be used
+                    description: Type of container registry to be used
                     enum:
                     - acr
                     - ecr