wip

Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>

helm/templates/controller/role.yaml

@@ -56,3 +56,29 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - storage.sbombastic.rancher.io.sbombastic.rancher.io
+  resources:
+  - sboms
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - storage.sbombastic.rancher.io.sbombastic.rancher.io
+  resources:
+  - sboms/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - storage.sbombastic.rancher.io.sbombastic.rancher.io
+  resources:
+  - sboms/status
+  verbs:
+  - get
+  - patch
+  - update

internal/controller/sbom_controller_test.go

@@ -0,0 +1,111 @@
+/*
+Copyright 2024.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controller
+
+import (
+	"context"
+
+	. "github.com/onsi/ginkgo/v2" //nolint:revive // Required for testing
+	. "github.com/onsi/gomega"    //nolint:revive // Required for testing
+
+	"github.com/google/uuid"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+
+	storagev1alpha1 "github.com/rancher/sbombastic/api/storage/v1alpha1"
+	"github.com/rancher/sbombastic/api/v1alpha1"
+)
+
+var _ = Describe("SBOM Controller", func() {
+	When("An SBOM is created", func() {
+		var reconciler SBOMReconciler
+		var registry v1alpha1.Registry
+		var sbom storagev1alpha1.SBOM
+
+		BeforeEach(func(ctx context.Context) {
+			By("Creating a new RegistryReconciler")
+			reconciler = SBOMReconciler{
+				Client: k8sClient,
+			}
+
+			By("Creating a Registry")
+			registry = v1alpha1.Registry{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      uuid.New().String(),
+					Namespace: "default",
+				},
+				Spec: v1alpha1.RegistrySpec{
+					URL:          "ghcr.io/rancher",
+					Repositories: []string{"sbombastic"},
+				},
+			}
+			Expect(k8sClient.Create(ctx, &registry)).To(Succeed())
+
+			By("Creating an Image")
+			image := v1alpha1.Image{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      uuid.New().String(),
+					Namespace: "default",
+					Labels: map[string]string{
+						v1alpha1.ImageRegistryLabel:   registry.Name,
+						v1alpha1.ImageRepositoryLabel: "sbombastic",
+					},
+				},
+			}
+			Expect(k8sClient.Create(ctx, &image)).To(Succeed())
+
+			By("Creating the SBOM")
+			sbom = storagev1alpha1.SBOM{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      uuid.New().String(),
+					Namespace: "default",
+					Labels: map[string]string{
+						v1alpha1.ImageRegistryLabel: registry.Name,
+					},
+				},
+				Spec: storagev1alpha1.SBOMSpec{
+					Data: runtime.RawExtension{
+						Raw: []byte("{}"),
+					},
+				},
+			}
+			Expect(k8sClient.Create(ctx, &sbom)).To(Succeed())
+		})
+
+		It("should successfully reconcile the resource", func(ctx context.Context) {
+			By("Reconciling the Registry")
+			_, err := reconciler.Reconcile(ctx, reconcile.Request{
+				NamespacedName: types.NamespacedName{
+					Name:      sbom.Name,
+					Namespace: sbom.Namespace,
+				},
+			})
+			Expect(err).NotTo(HaveOccurred())
+
+			By("Checking the Registry LastDiscoveryAt annotation")
+			Expect(k8sClient.Get(ctx, types.NamespacedName{
+				Name:      registry.Name,
+				Namespace: registry.Namespace,
+			}, &registry)).To(Succeed())
+
+			_, found := registry.Annotations[v1alpha1.RegistryLastDiscoveredAtAnnotation]
+			Expect(found).To(BeTrue())
+		})
+	})
+})

test/crd/storage.sbombastic.rancher.io_sboms.yaml

@@ -0,0 +1,53 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.16.1
+  name: sboms.storage.sbombastic.rancher.io
+spec:
+  group: storage.sbombastic.rancher.io
+  names:
+    kind: SBOM
+    listKind: SBOMList
+    plural: sboms
+    singular: sbom
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: SBOM represents a Software Bill of Materials of an OCI artifact
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: SBOMSpec defines the desired state of a SBOM
+            properties:
+              data:
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+            required:
+            - data
+            type: object
+          status:
+            description: SBOMStatus defines the observed state of a SBOM
+            type: object
+        type: object
+    served: true
+    storage: true

test/crd/storage.sbombastic.rancher.io_scanresults.yaml

@@ -0,0 +1,51 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.16.1
+  name: scanresults.storage.sbombastic.rancher.io
+spec:
+  group: storage.sbombastic.rancher.io
+  names:
+    kind: ScanResult
+    listKind: ScanResultList
+    plural: scanresults
+    singular: scanresult
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ScanResult is the Schema for the scanresults API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ScanResultSpec defines the desired state of ScanResult
+            properties:
+              foo:
+                description: Foo is an example field of ScanResult.
+                type: string
+            type: object
+          status:
+            description: ScanResultStatus defines the observed state of ScanResult
+            type: object
+        type: object
+    served: true
+    storage: true