feat: implement controller for groups

see https://gravitee.atlassian.net/browse/GKO-938

.circleci/config.yml

@@ -218,6 +218,7 @@ jobs:
           name: Run IT with filter << parameters.ginkgo-filter >>
           command: |
             export SAFE_RANDOM=true
+            export GKO_MANAGER_SILENT_LOG=true
             IT_ARGS="--label-filter=<< parameters.ginkgo-filter >> --flake-attempts=2 --cover --coverprofile=cover-<< parameters.ginkgo-filter >>.out --coverpkg=github.com/gravitee-io/gravitee-kubernetes-operator/... --output-dir=/tmp/junit/reports" make -s it
       - store_test_results:
           path: /tmp/junit/reports

api/model/api/base/api.go

@@ -16,6 +16,7 @@
 package base
 
 import (
+	"github.com/gravitee-io/gravitee-kubernetes-operator/api/model/refs"
 	"github.com/gravitee-io/gravitee-kubernetes-operator/internal/core"
 )
 
@@ -60,10 +61,16 @@ type ApiBase struct {
 	// of an <a href="#apiresource">existing API resource definition</a>.
 	// +kubebuilder:default:={}
 	Resources []*ResourceOrRef `json:"resources"`
-	// List of groups associated with the API
+	// List of groups associated with the API.
+	// This groups are id or name references to existing groups in APIM.
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:default:={}
 	Groups []string `json:"groups"`
+	// List of group references associated with the API
+	// This groups are references to Group custom resources created on the cluster.
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default:={}
+	GroupRefs []refs.NamespacedName `json:"groupRefs"`
 	// +kubebuilder:validation:Optional
 	// The list of categories the API belongs to.
 	// Categories are reflected in APIM portal so that consumers can easily find the APIs they need.

api/model/api/base/member.go

@@ -14,7 +14,11 @@
 
 package base
 
-import "fmt"
+import (
+	"fmt"
+
+	"github.com/gravitee-io/gravitee-kubernetes-operator/api/model/group"
+)
 
 type Member struct {
 	// Member source
@@ -52,3 +56,15 @@ func NewMemoryMember(username, role string) *Member {
 		Role:     role,
 	}
 }
+
+func NewGraviteeGroupMember(username, role string) group.Member {
+	return group.Member{
+		Source:   "gravitee",
+		SourceID: username,
+		Roles: map[group.RoleScope]string{
+			group.APIRoleScope:         role,
+			group.ApplicationRoleScope: role,
+			group.IntegrationRoleScope: role,
+		},
+	}
+}

api/model/api/v2/api.go

@@ -154,6 +154,22 @@ func (api *Api) SetDefinitionContext(ctx core.DefinitionContext) {
 	}
 }
 
+func (api *Api) GetGroupRefs() []core.ObjectRef {
+	refs := make([]core.ObjectRef, 0)
+	for i := range api.GroupRefs {
+		refs = append(refs, &api.GroupRefs[i])
+	}
+	return refs
+}
+
+func (api *Api) GetGroups() []string {
+	return api.Groups
+}
+
+func (api *Api) SetGroups(groups []string) {
+	api.Groups = groups
+}
+
 func (ctx *DefinitionContext) GetOrigin() string {
 	if ctx == nil {
 		return OriginKubernetes

api/model/api/v4/api.go

@@ -97,6 +97,22 @@ func (api *Api) GetType() string {
 	return string(api.Type)
 }
 
+func (api *Api) GetGroupRefs() []core.ObjectRef {
+	refs := make([]core.ObjectRef, 0)
+	for i := range api.GroupRefs {
+		refs = append(refs, &api.GroupRefs[i])
+	}
+	return refs
+}
+
+func (api *Api) GetGroups() []string {
+	return api.Groups
+}
+
+func (api *Api) SetGroups(groups []string) {
+	api.Groups = groups
+}
+
 type GatewayDefinitionApi struct {
 	*Api    `json:",inline"`
 	Version string                   `json:"apiVersion"`

api/model/group/group.go

@@ -0,0 +1,76 @@
+// Copyright (C) 2015 The Gravitee team (http://gravitee.io)
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//         http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +kubebuilder:object:generate=true
+package group
+
+import (
+	"github.com/gravitee-io/gravitee-kubernetes-operator/api/model/status"
+	"github.com/gravitee-io/gravitee-kubernetes-operator/internal/core"
+)
+
+// +kubebuilder:validation:Enum=API;APPLICATION;INTEGRATION;
+type RoleScope string
+
+const (
+	APIRoleScope         = RoleScope("API")
+	ApplicationRoleScope = RoleScope("APPLICATION")
+	IntegrationRoleScope = RoleScope("INTEGRATION")
+)
+
+type Type struct {
+	// +kubebuilder:validation:Optional
+	ID string `json:"id,omitempty"`
+	// +kubebuilder:validation:Required
+	Name string `json:"name"`
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default:=true
+	// If true, new members added to the API spec will
+	// be notified when the API is synced with APIM.
+	NotifyMembers bool     `json:"notifyMembers"`
+	Members       []Member `json:"members"`
+}
+
+type Member struct {
+	// Member source
+	// +kubebuilder:validation:Required
+	// +kubebuilder:example:=gravitee
+	Source string `json:"source"`
+	// Member source ID
+	// +kubebuilder:validation:Required
+	// +kubebuilder:example:[email protected]
+	SourceID string `json:"sourceId"`
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default:={}
+	Roles map[RoleScope]string `json:"roles"`
+}
+
+type Status struct {
+	// The ID of the Group in the Gravitee API Management instance
+	// +kubebuilder:validation:Optional
+	ID string `json:"id,omitempty"`
+	// The organization ID defined in the management context
+	// +kubebuilder:validation:Optional
+	OrgID string `json:"organizationId,omitempty"`
+	// The environment ID defined in the management context
+	// +kubebuilder:validation:Optional
+	EnvID string `json:"environmentId,omitempty"`
+	// The processing status of the Group.
+	ProcessingStatus core.ProcessingStatus `json:"processingStatus,omitempty"`
+	// The number of members added to this group
+	Members uint `json:"members"`
+	// When group has been created regardless of errors, this field is
+	// used to persist the error message encountered during admission
+	Errors status.Errors `json:"errors,omitempty"`
+}

api/v1alpha1/apiv2definition_types.go

@@ -170,13 +170,29 @@ func (api *ApiDefinition) GetPlan(name string) core.PlanModel {
 	return api.Spec.GetPlan(name)
 }
 
+func (api *ApiDefinition) GetGroupRefs() []core.ObjectRef {
+	return api.Spec.GetGroupRefs()
+}
+
+func (api *ApiDefinition) GetGroups() []string {
+	return api.Spec.Groups
+}
+
+func (api *ApiDefinition) SetGroups(groups []string) {
+	api.Spec.Groups = groups
+}
+
 func (api *ApiDefinition) GetRef() core.ObjectRef {
 	return &refs.NamespacedName{
 		Name:      api.Name,
 		Namespace: api.Namespace,
 	}
 }
 
+func (api *ApiDefinition) IsBeingDeleted() bool {
+	return !api.ObjectMeta.DeletionTimestamp.IsZero()
+}
+
 func (api *ApiDefinition) PopulateIDs(_ core.ContextModel) {
 	api.Spec.ID = api.pickID()
 	api.Spec.CrossID = api.pickCrossID()

api/v1alpha1/apiv4definition_types.go

@@ -323,6 +323,18 @@ func getFLowSharedPolicyGroupsReferences(flows []*v4.Flow) []*refs.NamespacedNam
 	return results
 }
 
+func (api *ApiV4Definition) GetGroupRefs() []core.ObjectRef {
+	return api.Spec.GetGroupRefs()
+}
+
+func (api *ApiV4Definition) GetGroups() []string {
+	return api.Spec.Groups
+}
+
+func (api *ApiV4Definition) SetGroups(groups []string) {
+	api.Spec.Groups = groups
+}
+
 func (spec *ApiV4DefinitionSpec) Hash() string {
 	return hash.Calculate(spec)
 }