Bootstrap initial state

Author: nick-jones

go.mod

@@ -6,8 +6,13 @@ require (
 	cloud.google.com/go/logging v1.10.0
 	github.com/dgraph-io/badger/v4 v4.2.0
 	github.com/expr-lang/expr v1.16.9
+	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e
+	golang.org/x/time v0.5.0
 	google.golang.org/genproto v0.0.0-20240708141625-4ad9e859172b
+	google.golang.org/grpc v1.64.1
 	gopkg.in/yaml.v3 v3.0.1
+	k8s.io/apiextensions-apiserver v0.30.2
+	k8s.io/apimachinery v0.30.2
 	k8s.io/client-go v0.30.2
 )
 
@@ -21,7 +26,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgraph-io/ristretto v0.1.1 // indirect
-	github.com/dustin/go-humanize v1.0.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
@@ -64,16 +69,13 @@ require (
 	golang.org/x/sys v0.21.0 // indirect
 	golang.org/x/term v0.21.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
 	google.golang.org/api v0.187.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
-	google.golang.org/grpc v1.64.1 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/api v0.30.2 // indirect
-	k8s.io/apimachinery v0.30.2 // indirect
 	k8s.io/klog/v2 v2.120.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect

go.sum

@@ -30,8 +30,9 @@ github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWa
 github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA=
 github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA=
 github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
-github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -176,6 +177,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA=
+golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -278,6 +281,8 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI=
 k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI=
+k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE=
+k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw=
 k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg=
 k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
 k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50=

internal/auditlog/tail.go

@@ -16,22 +16,13 @@ import (
 	"google.golang.org/grpc/status"
 )
 
-var suspendableResourceNames = []string{
-	"alerts",
-	"buckets",
-	"gitrepositories",
-	"helmcharts",
-	"helmreleases",
-	"helmrepositories",
-	"imagerepositories",
-	"imageupdateautomations",
-	"kustomizations",
-	"ocirepositories",
-	"providers",
-	"receivers",
-}
-
-func Tail(ctx context.Context, projectID, clusterName string, cb func(*audit.AuditLog) error) error {
+func Tail(
+	ctx context.Context,
+	projectID string,
+	clusterName string,
+	resourceKinds []string,
+	cb func(*audit.AuditLog) error,
+) error {
 	client, err := logging.NewClient(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to create client: %w", err)
@@ -52,7 +43,7 @@ func Tail(ctx context.Context, projectID, clusterName string, cb func(*audit.Aud
 			return fmt.Errorf("limit wait failed: %w", err)
 		}
 
-		if err = tailLogs(ctx, client, projectID, clusterName, cb); err != nil {
+		if err = tailLogs(ctx, client, projectID, clusterName, resourceKinds, cb); err != nil {
 			if _, ok := status.FromError(err); ok {
 				slog.Warn("gRPC request terminated, restarting", slog.Any("error", err))
 				continue
@@ -62,7 +53,14 @@ func Tail(ctx context.Context, projectID, clusterName string, cb func(*audit.Aud
 	}
 }
 
-func tailLogs(ctx context.Context, client *logging.Client, projectID, clusterName string, cb func(*audit.AuditLog) error) error {
+func tailLogs(
+	ctx context.Context,
+	client *logging.Client,
+	projectID string,
+	clusterName string,
+	resourceKinds []string,
+	cb func(*audit.AuditLog) error,
+) error {
 	stream, err := client.TailLogEntries(ctx)
 	if err != nil {
 		return fmt.Errorf("request to tail log entries failed: %w", err)
@@ -79,7 +77,7 @@ func tailLogs(ctx context.Context, client *logging.Client, projectID, clusterNam
 				fmt.Sprintf(`log_name="projects/%s/logs/cloudaudit.googleapis.com%%2Factivity"`, projectID),
 				fmt.Sprintf(`resource.labels.cluster_name="%s"`, clusterName),
 				`protoPayload."@type"="type.googleapis.com/google.cloud.audit.AuditLog"`,
-				fmt.Sprintf(`protoPayload.methodName=~"io\.fluxcd\.toolkit\..*\.(%s)\.patch"`, strings.Join(suspendableResourceNames, "|")),
+				fmt.Sprintf(`protoPayload.methodName=~"io\.fluxcd\.toolkit\..*\.(%s)\.patch"`, strings.Join(resourceKinds, "|")),
 				`-protoPayload.authenticationInfo.principalEmail=~"system:.*"`,
 			},
 			" AND ",

internal/datastore/badgerdb.go

@@ -69,34 +69,10 @@ func (s *Store) SaveEntry(entry Entry) error {
 	})
 }
 
-func (s *Store) AllEntries() ([]Entry, error) {
-	entries := make([]Entry, 0)
-	err := s.db.View(func(txn *badger.Txn) error {
-		it := txn.NewIterator(badger.DefaultIteratorOptions)
-		defer it.Close()
-
-		prefix := []byte("resource:")
-		for it.Seek(prefix); it.ValidForPrefix(prefix); it.Next() {
-			item := it.Item()
-			val, err := item.ValueCopy(nil)
-			if err != nil {
-				return fmt.Errorf("failed to get value: %w", err)
-			}
-			var entry Entry
-			if err = json.Unmarshal(val, &entry); err != nil {
-				return fmt.Errorf("failed to unmarshal entry: %w", err)
-			}
-			entries = append(entries, entry)
-		}
-		return nil
-	})
-	return entries, err
-}
-
 func (s *Store) Close() error {
 	return s.db.Close()
 }
 
 func buildKey(resource k8s.Resource) []byte {
-	return []byte(fmt.Sprintf("resource:%s:%s:%s", resource.Kind, resource.Namespace, resource.Name))
+	return []byte(fmt.Sprintf("resource:%s:%s:%s:%s", resource.Type.Group, resource.Type.Kind, resource.Namespace, resource.Name))
 }

internal/k8s/client.go

@@ -7,13 +7,17 @@ import (
 	"log/slog"
 	"path"
 
+	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 )
 
 type Client struct {
-	client *kubernetes.Clientset
+	client       *kubernetes.Clientset
+	apiExtClient *clientset.Clientset
 }
 
 func NewClient(configPath string) (*Client, error) {
@@ -35,15 +39,31 @@ func NewClient(configPath string) (*Client, error) {
 		return nil, err
 	}
 
+	apiExtClientSet, err := clientset.NewForConfig(config)
+	if err != nil {
+		return nil, err
+	}
+
 	return &Client{
-		client: clientSet,
+		client:       clientSet,
+		apiExtClient: apiExtClientSet,
 	}, nil
 }
 
-func (c *Client) GetRawResource(ctx context.Context, relativePath string) (map[string]any, error) {
-	body, err := c.client.RESTClient().Get().AbsPath(path.Join("apis", relativePath)).DoRaw(ctx)
+func (c *Client) GetRawResource(ctx context.Context, resource Resource) (map[string]any, error) {
+	absPath := path.Join(
+		"apis",
+		resource.Type.Group,
+		resource.Type.Version,
+		"namespaces",
+		resource.Namespace,
+		resource.Type.Kind,
+		resource.Name,
+	)
+
+	body, err := c.client.RESTClient().Get().AbsPath(absPath).DoRaw(ctx)
 	if err != nil {
-		slog.Warn("failed to fetch resource", slog.Any("error", err), slog.Any("path", path.Join("apis", relativePath)))
+		slog.Warn("failed to fetch resource", slog.Any("error", err), slog.Any("path", absPath))
 		return nil, err
 	}
 
@@ -53,3 +73,31 @@ func (c *Client) GetRawResource(ctx context.Context, relativePath string) (map[s
 	}
 	return res, nil
 }
+
+func (c *Client) GetRawResources(ctx context.Context, group ResourceType) (map[string]any, error) {
+	absPath := path.Join(
+		"apis",
+		group.Group,
+		group.Version,
+		group.Kind,
+	)
+
+	body, err := c.client.RESTClient().Get().AbsPath(absPath).DoRaw(ctx)
+	if err != nil {
+		slog.Warn("failed to fetch resource", slog.Any("error", err), slog.Any("path", absPath))
+		return nil, err
+	}
+
+	var res map[string]any
+	if err = json.Unmarshal(body, &res); err != nil {
+		return nil, fmt.Errorf("invalid response: %w", err)
+	}
+	return res, nil
+}
+
+func (c *Client) GetCustomResourceDefinitions(ctx context.Context, listOptions metav1.ListOptions) (*v1.CustomResourceDefinitionList, error) {
+	return c.apiExtClient.
+		ApiextensionsV1().
+		CustomResourceDefinitions().
+		List(ctx, listOptions)
+}

internal/k8s/resource.go

@@ -5,11 +5,16 @@ import (
 	"strings"
 )
 
+type ResourceType struct {
+	Group   string `json:"group"`
+	Version string `json:"version"`
+	Kind    string `json:"kind"`
+}
+
 type Resource struct {
-	Namespace string
-	Kind      string
-	Name      string
-	Path      string
+	Type      ResourceType `json:"type"`
+	Namespace string       `json:"namespace"`
+	Name      string       `json:"name"`
 }
 
 func ResourceFromPath(path string) (Resource, error) {
@@ -18,9 +23,12 @@ func ResourceFromPath(path string) (Resource, error) {
 		return Resource{}, fmt.Errorf("unexpected path format: %s", path)
 	}
 	return Resource{
+		Type: ResourceType{
+			Group:   parts[0],
+			Version: parts[1],
+			Kind:    parts[4],
+		},
 		Namespace: parts[3],
-		Kind:      strings.TrimSuffix(parts[4], "s"),
 		Name:      parts[5],
-		Path:      path,
 	}, nil
 }

internal/notification/slack.go

@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"strings"
 	"time"
 )
 
@@ -58,11 +59,13 @@ func (sn *SlackNotifier) Notify(ctx context.Context, notif Notification) error {
 		color = "good"
 	}
 
+	kind := strings.TrimSuffix(notif.Resource.Type.Kind, "s")
+
 	reqBody, err := json.Marshal(SlackWebhook{
 		Attachments: []SlackAttachment{
 			{
 				Color:      color,
-				AuthorName: fmt.Sprintf("%s/%s.%s", notif.Resource.Kind, notif.Resource.Name, notif.Resource.Namespace),
+				AuthorName: fmt.Sprintf("%s/%s.%s", kind, notif.Resource.Name, notif.Resource.Namespace),
 				Text:       fmt.Sprintf("%s by %s", action, notif.Email),
 				MrkdwnIn:   []string{"text"},
 				Fields: []SlackAttachmentField{