feat: add maas plugin

.gitleaksignore

@@ -4,4 +4,5 @@ e7156f3be822e9da88949cd9405e8eedde836e5f:tests/integration/_validator/testcases/
 e7156f3be822e9da88949cd9405e8eedde836e5f:tests/integration/_validator/testcases/data/validator.yaml:generic-api-key:51
 481cdf910c0bc555363ae4278b2f57a66a72ed6b:tests/integration/_validator/testcases/data/validator.yaml:generic-api-key:27
 481cdf910c0bc555363ae4278b2f57a66a72ed6b:tests/integration/_validator/testcases/data/validator.yaml:generic-api-key:51
-hack/validator.tmpl:generic-api-key:538
+hack/validator.tmpl:generic-api-key:538
+hack/validator.tmpl:generic-api-key:865

.vscode/launch.json

@@ -27,6 +27,7 @@
                 "DISABLE_KIND_CLUSTER_CHECK": "true",
                 "KUBECONFIG": "/Users/tylergillson/Downloads/vdev.kubeconfig",
                 "CLI_VERSION": "0.0.4-dev",
+                "HELM_PRESERVE_FILES": "true"
             }
         }
     ]

go.mod

@@ -5,6 +5,7 @@ go 1.22.5
 require (
 	emperror.dev/errors v0.8.1
 	github.com/L30Bola/aws-policy v0.0.0-20230126045340-5e6118545ac1
+	github.com/canonical/gomaasclient v0.6.0
 	github.com/fsnotify/fsnotify v1.7.0
 	github.com/go-logr/logr v1.4.2
 	github.com/google/uuid v1.6.0
@@ -19,6 +20,7 @@ require (
 	github.com/validator-labs/validator v0.1.4
 	github.com/validator-labs/validator-plugin-aws v0.1.4
 	github.com/validator-labs/validator-plugin-azure v0.0.16
+	github.com/validator-labs/validator-plugin-maas v0.0.8-0.20240809210245-5894f5118612
 	github.com/validator-labs/validator-plugin-network v0.0.23
 	github.com/validator-labs/validator-plugin-oci v0.2.0
 	github.com/validator-labs/validator-plugin-vsphere v0.0.30
@@ -108,6 +110,7 @@ require (
 	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.5 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/deckarep/golang-set/v2 v2.6.0 // indirect
 	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
 	github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
@@ -163,6 +166,13 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/juju/collections v1.0.4 // indirect
+	github.com/juju/errors v1.0.0 // indirect
+	github.com/juju/gomaasapi/v2 v2.3.0 // indirect
+	github.com/juju/loggo v1.0.0 // indirect
+	github.com/juju/mgo/v2 v2.0.2 // indirect
+	github.com/juju/schema v1.0.1 // indirect
+	github.com/juju/version v0.0.0-20210303051006-2015802527a8 // indirect
 	github.com/klauspost/compress v1.17.8 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
@@ -242,6 +252,7 @@ require (
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.30.3 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
@@ -253,6 +264,6 @@ require (
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )
 
-// replace github.com/spectrocloud-labs/prompts-tui => ../../spectrocloud-labs/prompts-tui
-
 // replace github.com/validator-labs/validator => ../validator
+
+replace github.com/canonical/gomaasclient v0.6.0 => github.com/arturshadnik/gomaasclient v0.0.0-20240731231205-8239cfb13409

hack/validator.tmpl

@@ -826,3 +826,41 @@ azurePlugin:
     auth:
       implicit: false
       secretName: azure-creds
+maasPlugin:
+  enabled: true
+  helmRelease:
+    chart:
+      name: validator-plugin-maas
+      repository: validator-plugin-maas
+      version: v${MAAS_VERSION}
+    values: ""
+  validator:
+    internalDNSRules:
+      - maasDomain: example.com
+        dnsResources:
+          - fqdn: foo.example.com
+            dnsRecords:
+            - type: A
+              ip: 0.0.0.0
+              ttl: 10
+    upstreamDNSRules:
+      - name: upstream dns
+        numDNSServers: 1
+    imageRules:
+      - name: Image Rule
+        images:
+          - name: example
+            architecture: amd64/ga-20.04
+    resourceAvailabilityRules:
+      - name: AZ1 
+        az: az1
+        resources:
+          - numMachines: 1
+            numCPU: 16
+            ram: 16
+            disk: 100
+    host: "http://example.com/MAAS"
+    auth:
+      secretName: maas-creds
+      tokenKey: MAAS_API_KEY
+  maasApiToken: "jG81nj7n8feUpHaIU/gFH2tLaqcnSshrpCiziFt+0JZ7OA=="

hack/versions.tmpl

@@ -5,6 +5,7 @@ var ValidatorChartVersions = map[string]string{
 	Validator:              "v${VALIDATOR_VERSION}",
 	ValidatorPluginAws:     "v${AWS_VERSION}",
 	ValidatorPluginAzure:   "v${AZURE_VERSION}",
+	ValidatorPluginMaas:    "v${MAAS_VERSION}",
 	ValidatorPluginNetwork: "v${NETWORK_VERSION}",
 	ValidatorPluginOci:     "v${OCI_VERSION}",
 	ValidatorPluginVsphere: "v${VSPHERE_VERSION}",

pkg/cmd/validator/validator.go

@@ -28,6 +28,8 @@
 	awsval "github.com/validator-labs/validator-plugin-aws/pkg/validate"
 	azureapi "github.com/validator-labs/validator-plugin-azure/api/v1alpha1"
 	azureval "github.com/validator-labs/validator-plugin-azure/pkg/validate"
+	maasapi "github.com/validator-labs/validator-plugin-maas/api/v1alpha1"
+	maasval "github.com/validator-labs/validator-plugin-maas/pkg/validate"
 	netapi "github.com/validator-labs/validator-plugin-network/api/v1alpha1"
 	netval "github.com/validator-labs/validator-plugin-network/pkg/validate"
 	ociapi "github.com/validator-labs/validator-plugin-oci/api/v1alpha1"
@@ -538,6 +540,22 @@
 		results = append(results, vr)
 	}
 
+	if vc.MaasPlugin.Enabled {
+		v := &maasapi.MaasValidator{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "maas-validator",
+				Namespace: "N/A",
+			},
+			Spec: *vc.MaasPlugin.Validator,
+		}
+		vr := vres.Build(v)
+		vrr := maasval.Validate(*vc.MaasPlugin.Validator, vc.MaasPlugin.Validator.Host, vc.MaasPlugin.MaasAPIToken, l)
+		if err := vres.Finalize(vr, vrr, l); err != nil {
+			return err
+		}
+		results = append(results, vr)
+	}
+
 	if vc.NetworkPlugin.Enabled {
 		v := &netapi.NetworkValidator{
 			ObjectMeta: metav1.ObjectMeta{
@@ -739,6 +757,22 @@
 		pluginCount++
 	}
 
+	if vc.MaasPlugin.Enabled {
+		args := map[string]interface{}{
+			"Config":        vc.MaasPlugin,
+			"ImageRegistry": vc.ImageRegistry,
+		}
+		values, err := embed.EFS.RenderTemplateBytes(args, cfg.Validator, "validator-plugin-maas-values.tmpl")
+		if err != nil {
+			return errors.Wrap(err, "failed to render validator plugin maas values.yaml")
+		}
+		validatorSpec.Plugins = append(validatorSpec.Plugins, vapi.HelmRelease{
+			Chart:  vc.MaasPlugin.Release.Chart,
+			Values: string(values),
+		})
+		pluginCount++
+	}
+
 	if vc.NetworkPlugin.Enabled {
 		args := map[string]interface{}{
 			"Config":        vc.NetworkPlugin,
@@ -799,6 +833,7 @@
 		"SinkConfig":    vc.SinkConfig,
 		"AWSPlugin":     vc.AWSPlugin,
 		"AzurePlugin":   vc.AzurePlugin,
+		"MAASPlugin":    vc.MaasPlugin,
 		"NetworkPlugin": vc.NetworkPlugin,
 		"OCIPlugin":     vc.OCIPlugin,
 		"VspherePlugin": vc.VspherePlugin,
@@ -984,10 +1019,19 @@
 		}
 	}
 
-	if vc.VspherePlugin.Enabled {
-		log.InfoCLI("\n==== Applying vSphere plugin validator(s) ====")
+	if vc.AzurePlugin.Enabled {
+		log.InfoCLI("\n==== Applying Azure plugin validator(s) ====")
 		if err := createValidator(
-			vc.Kubeconfig, c.RunLoc, cfg.ValidatorPluginVsphere, cfg.ValidatorPluginVsphereTemplate, *vc.VspherePlugin.Validator,
+			vc.Kubeconfig, c.RunLoc, cfg.ValidatorPluginAzure, cfg.ValidatorPluginAzureTemplate, *vc.AzurePlugin.Validator,
+		); err != nil {
+			return err
+		}
+	}
+
+	if vc.MaasPlugin.Enabled {
+		log.InfoCLI("\n==== Applying MAAS plugin validator(s) ====")
+		if err := createValidator(
+			vc.Kubeconfig, c.RunLoc, cfg.ValidatorPluginMaas, cfg.ValidatorPluginMaasTemplate, *vc.MaasPlugin.Validator,
 		); err != nil {
 			return err
 		}
@@ -1011,10 +1055,10 @@
 		}
 	}
 
-	if vc.AzurePlugin.Enabled {
-		log.InfoCLI("\n==== Applying Azure plugin validator(s) ====")
+	if vc.VspherePlugin.Enabled {
+		log.InfoCLI("\n==== Applying vSphere plugin validator(s) ====")
 		if err := createValidator(
-			vc.Kubeconfig, c.RunLoc, cfg.ValidatorPluginAzure, cfg.ValidatorPluginAzureTemplate, *vc.AzurePlugin.Validator,
+			vc.Kubeconfig, c.RunLoc, cfg.ValidatorPluginVsphere, cfg.ValidatorPluginVsphereTemplate, *vc.VspherePlugin.Validator,
 		); err != nil {
 			return err
 		}

pkg/components/validator.go

@@ -10,6 +10,7 @@
 
 	aws "github.com/validator-labs/validator-plugin-aws/api/v1alpha1"
 	azure "github.com/validator-labs/validator-plugin-azure/api/v1alpha1"
+	maas "github.com/validator-labs/validator-plugin-maas/api/v1alpha1"
 	network "github.com/validator-labs/validator-plugin-network/api/v1alpha1"
 	oci "github.com/validator-labs/validator-plugin-oci/api/v1alpha1"
 	vsphereapi "github.com/validator-labs/validator-plugin-vsphere/api/v1alpha1"
@@ -36,6 +37,7 @@
 
 	AWSPlugin     *AWSPluginConfig     `yaml:"awsPlugin,omitempty"`
 	AzurePlugin   *AzurePluginConfig   `yaml:"azurePlugin,omitempty"`
+	MaasPlugin    *MaasPluginConfig    `yaml:"maasPlugin,omitempty"`
 	NetworkPlugin *NetworkPluginConfig `yaml:"networkPlugin,omitempty"`
 	OCIPlugin     *OCIPluginConfig     `yaml:"ociPlugin,omitempty"`
 	VspherePlugin *VspherePluginConfig `yaml:"vspherePlugin,omitempty"`
@@ -78,6 +80,10 @@
 			StaticDeploymentTypes:  make(map[int]string),
 			StaticDeploymentValues: make(map[int]*AzureStaticDeploymentValues),
 		},
+		MaasPlugin: &MaasPluginConfig{
+			Release:   &validator.HelmRelease{},
+			Validator: &maas.MaasValidatorSpec{},
+		},
 		NetworkPlugin: &NetworkPluginConfig{
 			Release:       &validator.HelmRelease{},
 			HTTPFileAuths: make([][]string, 0),
@@ -100,7 +106,7 @@
 
 // AnyPluginEnabled returns true if any plugin is enabled.
 func (c *ValidatorConfig) AnyPluginEnabled() bool {
-	return c.AWSPlugin.Enabled || c.NetworkPlugin.Enabled || c.VspherePlugin.Enabled || c.OCIPlugin.Enabled || c.AzurePlugin.Enabled
+	return c.AWSPlugin.Enabled || c.NetworkPlugin.Enabled || c.VspherePlugin.Enabled || c.OCIPlugin.Enabled || c.AzurePlugin.Enabled || c.MaasPlugin.Enabled
 }
 
 // EnabledPluginsHaveRules returns true if all enabled plugins have at least one rule configured.
@@ -111,19 +117,23 @@
 		invalidPlugins = append(invalidPlugins, c.AWSPlugin.Validator.PluginCode())
 	}
 	if c.AzurePlugin.Enabled && c.AzurePlugin.Validator.ResultCount() == 0 {
-		invalidPlugins = append(invalidPlugins, "Azure")
-		// invalidPlugins = append(invalidPlugins, c.AzurePlugin.Validator.PluginCode())
+		invalidPlugins = append(invalidPlugins, c.AzurePlugin.Validator.PluginCode())
+	}
+	if c.MaasPlugin.Enabled && c.MaasPlugin.Validator.ResultCount() == 0 {
+		invalidPlugins = append(invalidPlugins, c.MaasPlugin.Validator.PluginCode())
+	}
+	if c.MaasPlugin.Enabled && c.MaasPlugin.Validator.ResultCount() == 0 {
+		// invalidPlugins = append(invalidPlugins, c.MaasPlugin.Validator.PluginCode())
+		invalidPlugins = append(invalidPlugins, "MAAS")
 	}
 	if c.NetworkPlugin.Enabled && c.NetworkPlugin.Validator.ResultCount() == 0 {
 		invalidPlugins = append(invalidPlugins, c.NetworkPlugin.Validator.PluginCode())
 	}
 	if c.OCIPlugin.Enabled && c.OCIPlugin.Validator.ResultCount() == 0 {
-		invalidPlugins = append(invalidPlugins, "OCI")
-		// invalidPlugins = append(invalidPlugins, c.OCIPlugin.Validator.PluginCode())
+		invalidPlugins = append(invalidPlugins, c.OCIPlugin.Validator.PluginCode())
 	}
 	if c.VspherePlugin.Enabled && c.VspherePlugin.Validator.ResultCount() == 0 {
-		invalidPlugins = append(invalidPlugins, "vSphere")
-		// invalidPlugins = append(invalidPlugins, c.VspherePlugin.Validator.PluginCode())
+		invalidPlugins = append(invalidPlugins, c.VspherePlugin.Validator.PluginCode())
 	}
 	if len(invalidPlugins) == 0 {
 		ok = true
@@ -152,6 +162,11 @@
 			return errors.Wrap(err, "failed to decrypt Azure plugin configuration")
 		}
 	}
+	if c.MaasPlugin != nil {
+		if err := c.MaasPlugin.decrypt(); err != nil {
+			return errors.Wrap(err, "failed to decrypt MAAS plugin configuration")
+		}
+	}
 	if c.NetworkPlugin != nil {
 		if err := c.NetworkPlugin.decrypt(); err != nil {
 			return errors.Wrap(err, "failed to decrypt Network plugin configuration")
@@ -192,6 +207,11 @@
 			return errors.Wrap(err, "failed to encrypt Azure plugin configuration")
 		}
 	}
+	if c.MaasPlugin != nil {
+		if err := c.MaasPlugin.encrypt(); err != nil {
+			return errors.Wrap(err, "failed to encrypt MAAS plugin configuration")
+		}
+	}
 	if c.NetworkPlugin != nil {
 		if err := c.NetworkPlugin.encrypt(); err != nil {
 			return errors.Wrap(err, "failed to encrypt Network plugin configuration")
@@ -394,6 +414,34 @@
 	ComputeGallery string `yaml:"computeGalleryUuid"`
 }
 
+// MaasPluginConfig represents the MAAS plugin configuration.
+type MaasPluginConfig struct {
+	Enabled      bool                    `yaml:"enabled"`
+	Release      *validator.HelmRelease  `yaml:"helmRelease"`
+	Validator    *maas.MaasValidatorSpec `yaml:"validator"`
+	MaasAPIToken string                  `yaml:"maasApiToken"`
+}
+
+func (c *MaasPluginConfig) encrypt() error {
+	token, err := crypto.EncryptB64([]byte(c.MaasAPIToken))
+	if err != nil {
+		return errors.Wrap(err, "failed to encrypt token")
+	}
+	c.MaasAPIToken = token
+
+	return nil
+}
+
+func (c *MaasPluginConfig) decrypt() error {
+	bytes, err := crypto.DecryptB64(c.MaasAPIToken)
+	if err != nil {
+		return errors.Wrap(err, "failed to decrypt token")
+	}
+	c.MaasAPIToken = string(*bytes)
+
+	return nil
+}
+
 // NetworkPluginConfig represents the network plugin configuration.
 type NetworkPluginConfig struct {
 	Enabled       bool                          `yaml:"enabled"`

pkg/config/constants.go

@@ -31,12 +31,14 @@ const (
 
 	ValidatorPluginAws     = "validator-plugin-aws"
 	ValidatorPluginAzure   = "validator-plugin-azure"
+	ValidatorPluginMaas    = "validator-plugin-maas"
 	ValidatorPluginNetwork = "validator-plugin-network"
 	ValidatorPluginOci     = "validator-plugin-oci"
 	ValidatorPluginVsphere = "validator-plugin-vsphere"
 
 	ValidatorPluginAwsTemplate     = "validator-rules-aws.tmpl"
 	ValidatorPluginAzureTemplate   = "validator-rules-azure.tmpl"
+	ValidatorPluginMaasTemplate    = "validator-rules-maas.tmpl"
 	ValidatorPluginNetworkTemplate = "validator-rules-network.tmpl"
 	ValidatorPluginOciTemplate     = "validator-rules-oci.tmpl"
 	ValidatorPluginVsphereTemplate = "validator-rules-vsphere.tmpl"
@@ -77,6 +79,7 @@ var (
 	RegistryMirrors         = []string{"docker.io", "gcr.io", "ghcr.io", "k8s.gcr.io", "registry.k8s.io", "quay.io", "*"}
 	RegistryMirrorSeparator = "::"
 	FileInputs              = []string{LocalFilepath, FileEditor}
+	DNSRecordTypes          = []string{"A", "AAAA", "CNAME", "TXT", "MX", "NS", "SRV", "SSHFP"}
 
 	// Command dirs
 	ValidatorSubdirs = []string{"logs", "manifests"}

pkg/config/versions.go

@@ -5,6 +5,7 @@ var ValidatorChartVersions = map[string]string{
 	Validator:              "v0.1.4",
 	ValidatorPluginAws:     "v0.1.4",
 	ValidatorPluginAzure:   "v0.0.16",
+	ValidatorPluginMaas:    "v0.0.7",
 	ValidatorPluginNetwork: "v0.0.23",
 	ValidatorPluginOci:     "v0.2.0",
 	ValidatorPluginVsphere: "v0.0.30",