feat: Add Cisco IOS-XR Provider and implement interface stubs

sven-rosenzweig · sven-rosenzweig · commit ff39ceec215d · 2025-10-01T17:36:04.000+02:00
diff --git a/PROJECT b/PROJECT
@@ -28,4 +28,13 @@ resources:
   kind: Device
   path: github.com/ironcore-dev/network-operator/api/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: cloud.sap
+  group: networking
+  kind: CiscoIosxrPortConfig
+  path: github.com/ironcore-dev/network-operator/api/v1alpha1
+  version: v1alpha1
 version: "3"
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/cmd/main.go b/cmd/main.go
@@ -35,10 +35,12 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	// Import all supported provider implementations.
+	_ "github.com/ironcore-dev/network-operator/internal/provider/cisco/iosxr"
 	_ "github.com/ironcore-dev/network-operator/internal/provider/cisco/nxos"
 	_ "github.com/ironcore-dev/network-operator/internal/provider/openconfig"
 
 	"github.com/ironcore-dev/network-operator/api/v1alpha1"
+	networkingcloudsapv1alpha1 "github.com/ironcore-dev/network-operator/api/v1alpha1"
 	"github.com/ironcore-dev/network-operator/internal/controller"
 	"github.com/ironcore-dev/network-operator/internal/provider"
 	// +kubebuilder:scaffold:imports
@@ -52,6 +54,7 @@ var (
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 	utilruntime.Must(v1alpha1.AddToScheme(scheme))
+	utilruntime.Must(networkingcloudsapv1alpha1.AddToScheme(scheme))
 	// +kubebuilder:scaffold:scheme
 }
 
@@ -232,6 +235,13 @@ func main() {
 		os.Exit(1)
 	}
 
+	if err := (&controller.CiscoIosxrPortConfigReconciler{
+		Client: mgr.GetClient(),
+		Scheme: mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "CiscoIosxrPortConfig")
+		os.Exit(1)
+	}
 	// +kubebuilder:scaffold:builder
 
 	if metricsCertWatcher != nil {
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -4,6 +4,7 @@
 resources:
 - bases/networking.cloud.sap_devices.yaml
 - bases/networking.cloud.sap_interfaces.yaml
+- bases/networking.cloud.sap_ciscoiosxrportconfigs.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patches:
diff --git a/config/rbac/ciscoiosxrportconfig_admin_role.yaml b/config/rbac/ciscoiosxrportconfig_admin_role.yaml
@@ -0,0 +1,27 @@
+# This rule is not used by the project network-operator itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants full permissions ('*') over networking.cloud.sap.
+# This role is intended for users authorized to modify roles and bindings within the cluster,
+# enabling them to delegate specific permissions to other users or groups as needed.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: ciscoiosxrportconfig-admin-role
+rules:
+- apiGroups:
+  - networking.cloud.sap
+  resources:
+  - ciscoiosxrportconfigs
+  verbs:
+  - '*'
+- apiGroups:
+  - networking.cloud.sap
+  resources:
+  - ciscoiosxrportconfigs/status
+  verbs:
+  - get
diff --git a/config/rbac/ciscoiosxrportconfig_editor_role.yaml b/config/rbac/ciscoiosxrportconfig_editor_role.yaml
@@ -0,0 +1,33 @@
+# This rule is not used by the project network-operator itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants permissions to create, update, and delete resources within the networking.cloud.sap.
+# This role is intended for users who need to manage these resources
+# but should not control RBAC or manage permissions for others.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: ciscoiosxrportconfig-editor-role
+rules:
+- apiGroups:
+  - networking.cloud.sap
+  resources:
+  - ciscoiosxrportconfigs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - networking.cloud.sap
+  resources:
+  - ciscoiosxrportconfigs/status
+  verbs:
+  - get
diff --git a/config/rbac/ciscoiosxrportconfig_viewer_role.yaml b/config/rbac/ciscoiosxrportconfig_viewer_role.yaml
@@ -0,0 +1,29 @@
+# This rule is not used by the project network-operator itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants read-only access to networking.cloud.sap resources.
+# This role is intended for users who need visibility into these resources
+# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: ciscoiosxrportconfig-viewer-role
+rules:
+- apiGroups:
+  - networking.cloud.sap
+  resources:
+  - ciscoiosxrportconfigs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - networking.cloud.sap
+  resources:
+  - ciscoiosxrportconfigs/status
+  verbs:
+  - get
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -28,3 +28,11 @@ resources:
 - interface_admin_role.yaml
 - interface_editor_role.yaml
 - interface_viewer_role.yaml
+# For each CRD, "Admin", "Editor" and "Viewer" roles are scaffolded by
+# default, aiding admins in cluster management. Those roles are
+# not used by the network-operator itself. You can comment the following lines
+# if you do not want those helpers be installed with your Project.
+- ciscoiosxrportconfig_admin_role.yaml
+- ciscoiosxrportconfig_editor_role.yaml
+- ciscoiosxrportconfig_viewer_role.yaml
+
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -31,6 +31,7 @@ rules:
 - apiGroups:
   - networking.cloud.sap
   resources:
+  - ciscoiosxrportconfigs
   - devices
   - interfaces
   verbs:
@@ -44,13 +45,15 @@ rules:
 - apiGroups:
   - networking.cloud.sap
   resources:
+  - ciscoiosxrportconfigs/finalizers
   - devices/finalizers
   - interfaces/finalizers
   verbs:
   - update
 - apiGroups:
   - networking.cloud.sap
   resources:
+  - ciscoiosxrportconfigs/status
   - devices/status
   - interfaces/status
   verbs:
diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml
@@ -2,4 +2,5 @@
 resources:
 - v1alpha1_device.yaml
 - v1alpha1_interface.yaml
+- networking.cloud.sap_v1alpha1_ciscoiosxrportconfig.yaml
 # +kubebuilder:scaffold:manifestskustomizesamples
diff --git a/internal/controller/ciscoiosxrportconfig_controller.go b/internal/controller/ciscoiosxrportconfig_controller.go
@@ -0,0 +1,49 @@
+// SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package controller
+
+import (
+	"context"
+
+	"github.com/ironcore-dev/network-operator/api/v1alpha1"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+// CiscoIosxrPortConfigReconciler reconciles a CiscoIosxrPortConfig object
+type CiscoIosxrPortConfigReconciler struct {
+	client.Client
+	Scheme *runtime.Scheme
+}
+
+// +kubebuilder:rbac:groups=networking.cloud.sap,resources=ciscoiosxrportconfigs,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=networking.cloud.sap,resources=ciscoiosxrportconfigs/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=networking.cloud.sap,resources=ciscoiosxrportconfigs/finalizers,verbs=update
+
+// Reconcile is part of the main kubernetes reconciliation loop which aims to
+// move the current state of the cluster closer to the desired state.
+// TODO(user): Modify the Reconcile function to compare the state specified by
+// the CiscoIosxrPortConfig object against the actual cluster state, and then
+// perform operations to make the cluster state reflect the state specified by
+// the user.
+//
+// For more details, check Reconcile and its Result here:
+// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.21.0/pkg/reconcile
+func (r *CiscoIosxrPortConfigReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	_ = logf.FromContext(ctx)
+
+	// TODO(user): update port on config change
+
+	return ctrl.Result{}, nil
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *CiscoIosxrPortConfigReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&v1alpha1.CiscoIosxrPortConfig{}).
+		Named("ciscoiosxrportconfig").
+		Complete(r)
+}
diff --git a/internal/controller/ciscoiosxrportconfig_controller_test.go b/internal/controller/ciscoiosxrportconfig_controller_test.go
@@ -0,0 +1,19 @@
+// SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package controller
+
+import (
+	. "github.com/onsi/ginkgo/v2"
+)
+
+var _ = Describe("CiscoIosxrPortConfig Controller", func() {
+	Context("When reconciling a resource", func() {
+
+		It("should successfully reconcile the resource", func() {
+
+			// TODO(user): Add more specific assertions depending on your controller's reconciliation logic.
+			// Example: If you expect a certain status condition after reconciliation, verify it here.
+		})
+	})
+})
diff --git a/internal/provider/cisco/iosxr/iface/bundleif.go b/internal/provider/cisco/iosxr/iface/bundleif.go
@@ -0,0 +1,7 @@
+package iface
+
+type BundleInteface struct {
+	name             string
+	description      string
+	memberInterfaces map[string]struct{}
+}
diff --git a/internal/provider/cisco/iosxr/iface/iface.go b/internal/provider/cisco/iosxr/iface/iface.go
diff --git a/internal/provider/cisco/iosxr/provider.go b/internal/provider/cisco/iosxr/provider.go
