feat: support management policies

chore: bump dependencies, update README

Signed-off-by: Jesús Fernández <[email protected]>

.golangci.yml

@@ -1,12 +1,9 @@
 run:
-  deadline: 2m
-
-  skip-files:
-  - "zz_generated\\..+\\.go$"
+  timeout: 2m
 
 output:
-  # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
-  format: colored-line-number
+  formats:
+  - format: colored-line-number
 
 linters-settings:
   errcheck:
@@ -21,15 +18,14 @@ linters-settings:
     # [deprecated] comma-separated list of pairs of the form pkg:regex
     # the regex is used to ignore names within pkg. (default "fmt:.*").
     # see https://github.com/kisielk/errcheck#the-deprecated-method for details
-    ignore: fmt:.*,io/ioutil:^Read.*
+    exclude-functions:
+      - fmt:.*
+      - io/ioutil:^Read.*
 
   govet:
     # report about shadowed variables
-    check-shadowing: false
-
-  golint:
-    # minimal confidence for issues, default is 0.8
-    min-confidence: 0.8
+    disable:
+    - shadow
 
   gofmt:
     # simplify code: gofmt with `-s` option, true by default
@@ -44,10 +40,6 @@ linters-settings:
     # minimal code complexity to report, 30 by default (but we recommend 10-20)
     min-complexity: 10
 
-  maligned:
-    # print struct with more effective memory layout or not, false by default
-    suggest-new: true
-
   dupl:
     # tokens count to trigger issue, 150 by default
     threshold: 100
@@ -67,8 +59,8 @@ linters-settings:
     # XXX: if you enable this setting, unused will report a lot of false-positives in text editors:
     # if it's called for subdir of a project it can't find funcs usages. All text editor integrations
     # with golangci-lint call it on a directory with the changed file.
-    check-exported: false
-
+    exported-fields-are-used: false
+    
   unparam:
     # Inspect exported functions, default is false. Set to true if no external program/library imports your code.
     # XXX: if you enable this setting, unparam will report a lot of false-positives in text editors:
@@ -104,16 +96,16 @@ linters-settings:
 
 linters:
   enable:
-    - megacheck
+    - gosimple
+    - staticcheck
+    - unused
     - govet
     - gocyclo
     - gocritic
-    - interfacer
     - goconst
     - goimports
     - gofmt  # We enable this as well as goimports for its simplify mode.
     - prealloc
-    - golint
     - unconvert
     - misspell
     - nakedret
@@ -125,6 +117,9 @@ linters:
 
 
 issues:
+  exclude-files:
+  - "zz_\\..+\\.go$"
+
   # Excluding configuration per-path and per-linter
   exclude-rules:
     # Exclude some linters from running on tests files.
@@ -174,6 +169,10 @@ issues:
       - gosec
       - gas
 
+    - text: "G115:"
+      linters:
+      - gosec
+
   # Independently from option `exclude` we use default exclude patterns,
   # it can be disabled by this option. To list all
   # excluded by default patterns execute `golangci-lint run --help`.
@@ -189,7 +188,7 @@ issues:
   new: false
 
   # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
-  max-per-linter: 0
+  max-issues-per-linter: 0
 
   # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
   max-same-issues: 0

Makefile

@@ -7,8 +7,8 @@ PROJECT_REPO := github.com/crossplane-contrib/$(PROJECT_NAME)
 PLATFORMS ?= linux_amd64 linux_arm64
 
 # kind-related versions
-KIND_VERSION ?= v0.11.1
-KIND_NODE_IMAGE_TAG ?= v1.19.11
+KIND_VERSION ?= v0.26.0
+KIND_NODE_IMAGE_TAG ?= v1.32.0
 
 # -include will silently skip missing files, which allows us
 # to load those files with a target in the Makefile. If only
@@ -25,9 +25,9 @@ KIND_NODE_IMAGE_TAG ?= v1.19.11
 # Setup Go
 
 # TODO(jastang): update Go version to be in-line with the build submodule.
-GO_REQUIRED_VERSION = 1.21
+GO_REQUIRED_VERSION = 1.23
 
-GOLANGCILINT_VERSION ?= 1.54.0
+GOLANGCILINT_VERSION ?= 1.63.4
 
 # Set a sane default so that the nprocs calculation below is less noisy on the initial
 # loading of this file
@@ -47,10 +47,10 @@ GO111MODULE = on
 # ====================================================================================
 # Setup Kubernetes tools
 
-UP_VERSION = v0.13.0
+UP_VERSION = v0.37.0
 UP_CHANNEL = stable
 USE_HELM3 = true
-HELM3_VERSION = v3.6.3
+HELM3_VERSION = v3.17.0
 -include build/makelib/k8s_tools.mk
 
 # ====================================================================================

README.md

@@ -42,89 +42,136 @@ parameters [here](https://github.com/bitnami/charts/tree/master/bitnami/kafka/#i
 1. (Optional) Create a local [kind](https://kind.sigs.k8s.io/) cluster unless you want to develop against an existing
    k8s cluster.
 
-
 2. Install the [Kafka helm chart](https://bitnami.com/stack/kafka/helm):
 
-      ```
-      helm repo add bitnami https://charts.bitnami.com/bitnami
-      kubectl create ns kafka-cluster
-      helm upgrade --install kafka-dev -n kafka-cluster bitnami/kafka \
-        --version 20.0.5 \
-        --set auth.clientProtocol=sasl \
-        --set deleteTopicEnable=true \
-        --set authorizerClassName="kafka.security.authorizer.AclAuthorizer" \
-        --wait
-      ```
+   ```shell
+   helm repo add bitnami https://charts.bitnami.com/bitnami
+   helm repo update bitnami
+   helm upgrade --install kafka-dev -n kafka-cluster bitnami/kafka \
+      --create-namespace \
+      --version 31.0.0 \
+      --set auth.clientProtocol=sasl \
+      --set deleteTopicEnable=true \
+      --set authorizerClassName="kafka.security.authorizer.AclAuthorizer" \
+      --set controller.replicaCount=1 \
+      --wait
+   ```
 
-   Username is "user", obtain password using the following
+   Username is `user1`, obtain password using the following:
 
-      ```
-      kubectl -n kafka-cluster exec kafka-dev-0 -- cat /opt/bitnami/kafka/config/kafka_jaas.conf
-      ```
-   Create the Kubernetes secret by adding a JSON filed called kc.json with the following contents
-   ```json
+   ```shell
+   export KAFKA_PASSWORD=$(kubectl get secret kafka-dev-user-passwords -oyaml | yq '.data.client-passwords | @base64d')
+   ```
+
+   Create the Kubernetes secret to be used by the `ProviderConfig` with:
+
+   ```shell
+   cat <<EOF > /tmp/creds.json
    {
       "brokers": [
-         "kafka-dev-0.kafka-dev-headless:9092"
+         "kafka-dev-controller-headless.kafka-cluster.svc:9092"
       ],
       "sasl": {
          "mechanism": "PLAIN",
-         "username": "user",
-         "password": "<password-you-obtained-in-step-2>"
+         "username": "user1",
+         "password": "${KAFKA_PASSWORD}"
       }
    }
+   EOF
+
+   kubectl -n kafka-cluster create secret generic kafka-creds \
+      --from-file=credentials=/tmp/creds.json
    ```
-   Once this file is created, apply it by running the following command
-    ```bash
-    kubectl -n kafka-cluster create secret generic kafka-creds --from-file=credentials=kc.json
-    ```
 
 3. Install [kubefwd](https://github.com/txn2/kubefwd#os).
 
-
 4. Run `kubefwd` for `kafka-cluster` namespace which will make internal k8s services locally accessible:
 
+   ```console
+   sudo kubefwd svc -n kafka-cluster -c ~/.kube/config
+   ```
+5. To run tests, use the `KAFKA_PASSWORD` environment variable from step 2
+
+6. (optional) Install the [kafka cli](https://github.com/twmb/kcl)
+   1. Create a config file for the client with:
+
+      ```shell
+      cat <<EOF > ~/.kcl/config.toml
+      seed_brokers = ["kafka-dev-0.kafka-dev-headless:9092"]
+      timeout_ms = 10000
+      [sasl]
+      method = "plain"
+      user = "user1"
+      pass = "${KAFKA_PASSWORD}"
+      EOF
       ```
-      sudo kubefwd svc -n kafka-cluster
-      ```
-
-5. To run tests, export the KAFKA_PASSWORD environment variable using the password from step 2
-
-      ```
-      export KAFKA_PASSWORD="<password-you-obtained-in-step-2>"
-      ```
-
-6. (optional) Install the [kafka cli](https://github.com/twmb/kcl).
-
-
-7. (optional) Configure the kafka cli to talk against local Kafka installation:
-
-    1. Create a config file for the client with the following content at `~/.kcl/config.toml`:
-
-       ```
-       seed_brokers = ["kafka-dev-0.kafka-dev-headless:9092"]
-       timeout_ms = 10000
-
-       [sasl]
-       method = "plain"
-       user = "user"
-       pass = "<password-you-obtained-in-step-2>"
-       ```
-
-        1. Verify that cli could talk to the Kafka cluster:
-
-       ```
-       export  KCL_CONFIG_DIR=~/.kcl
-
-       kcl metadata --all
-       ```
+      
+       1. Verify that cli could talk to the Kafka cluster:
+      
+         ```shell
+         export  KCL_CONFIG_DIR=~/.kcl
+         
+         kcl metadata --all
+         ```
+
+6. (optional) or deploy [RedPanda console](https://github.com/redpanda-data/console) with:
+
+   ```shell
+   kubectl create -f - <<EOF
+   apiVersion: apps/v1
+   kind: Deployment
+   metadata:
+   name: rp-console
+   spec:
+   replicas: 1
+   selector:
+      matchLabels:
+         app: rp-console
+   template:
+      metadata:
+         labels:
+         app: rp-console
+      spec:
+         containers:
+         - name: rp-console
+         image: docker.redpanda.com/redpandadata/console:latest
+         ports:
+         - containerPort: 8001
+         env:
+            - name: KAFKA_TLS_ENABLED
+               value: "false"
+            - name: KAFKA_SASL_ENABLED
+               value: "true"
+            - name: KAFKA_SASL_USERNAME
+               value: user1
+            - name: KAFKA_SASL_PASSWORD
+               value: ${KAFKA_PASSWORD}
+            - name: KAFKA_BROKERS
+               value: kafka-dev-controller-headless.kafka-cluster.svc:9092
+   EOF
+  ```
 
 ### Building and Running the provider locally
 
 Run against a Kubernetes cluster:
 
 ```console
-make run
+# Install CRD and run provider locally
+make dev
+
+# Create a ProviderConfig pointing to the local Kafka cluster
+kubectl apply -f - <<EOF
+kind: ProviderConfig
+metadata:
+  name: default
+spec:
+  credentials:
+    secretRef:
+      key: credentials
+      name: kafka-creds
+      namespace: kafka-cluster    
+    source: Secret
+EOF
 ```
 
 Build, push, and install:
@@ -150,4 +197,3 @@ Build binary:
 ```console
 make build
 ```
-