feat(operator): expose all fact configuration values

This requires some refactoring to re-use the FactConfig struct as part
of the CRD spec for fact. We also make all configuration apply through a
config map, which means we can hotreload the configuration as required.

Still needs more testing, but so far it looks good.

Author: Molter73

Cargo.lock

@@ -3,6 +3,7 @@ resolver = "2"
 members = [
     "fact",
     "fact-api",
+    "fact-core",
     "fact-ebpf",
     "fact-operator",
 ]
@@ -31,6 +32,7 @@ openssl = "0.10.75"
 prometheus-client = { version = "0.24.0", default-features = false }
 prost = "0.14.0"
 prost-types = "0.14.0"
+schemars = { version = "1" }
 serde = { version = "1.0.219", features = ["derive"] }
 serde_json = "1.0.142"
 shlex = "2.0.1"

Cargo.toml

@@ -9,6 +9,9 @@ version:
 image-name:
 	@echo "$(FACT_IMAGE_NAME)"
 
+operator-name:
+	@echo "$(FACT_OPERATOR_NAME)"
+
 mock-server:
 	make -C mock-server
 
@@ -66,4 +69,5 @@ format:
 	make -C fact-ebpf format
 	ruff format tests/
 
-.PHONY: tag mock-server integration-tests image image-name licenses coverage lint clean
+.PHONY: tag mock-server integration-tests image images image-name
+.PHONY: operator operator-name licenses coverage lint clean

Makefile

@@ -0,0 +1,17 @@
+[package]
+name = "fact-core"
+version = "0.1.0"
+edition = "2024"
+license.workspace = true
+
+[dependencies]
+anyhow = { workspace = true }
+clap = { workspace = true }
+log = { workspace = true }
+schemars = { workspace = true }
+serde = { workspace = true }
+tokio = { workspace = true }
+yaml-rust2 = { workspace = true }
+
+[build-dependencies]
+anyhow = { workspace = true }

fact-core/Cargo.toml

@@ -10,6 +10,8 @@ use std::{
 use anyhow::{Context, bail};
 use clap::Parser;
 use log::info;
+use schemars::JsonSchema;
+use serde::{Deserialize, Serialize};
 use yaml_rust2::{Yaml, YamlLoader, yaml};
 
 pub mod reloader;
@@ -23,11 +25,14 @@ const CONFIG_FILES: [&str; 4] = [
     "fact.yaml",
 ];
 
-#[derive(Debug, Default, PartialEq, Eq, Clone)]
+#[derive(Debug, Default, PartialEq, Eq, Clone, JsonSchema, Serialize, Deserialize)]
 pub struct FactConfig {
     paths: Option<Vec<PathBuf>>,
+    #[serde(default)]
     pub grpc: GrpcConfig,
+    #[serde(default)]
     pub endpoint: EndpointConfig,
+    #[serde(default)]
     pub bpf: BpfConfig,
     skip_pre_flight: Option<bool>,
     json: Option<bool>,
@@ -125,10 +130,56 @@ impl FactConfig {
         self.rate_limit.unwrap_or(0)
     }
 
-    #[cfg(test)]
     pub fn set_paths(&mut self, paths: Vec<PathBuf>) {
         self.paths = Some(paths);
     }
+
+    pub fn to_yaml(&self) -> Yaml {
+        let mut config = yaml::Hash::new();
+
+        if let Some(paths) = &self.paths {
+            let paths = paths
+                .iter()
+                .filter_map(|p| p.to_str().map(|p| Yaml::String(p.to_string())))
+                .collect::<Vec<_>>();
+            config.insert(Yaml::String("paths".into()), Yaml::Array(paths));
+        }
+
+        config.insert(Yaml::String("grpc".into()), self.grpc.to_yaml());
+        config.insert(Yaml::String("endpoint".into()), self.endpoint.to_yaml());
+        config.insert(Yaml::String("bpf".into()), self.bpf.to_yaml());
+
+        if let Some(skip_pre_flight) = self.skip_pre_flight {
+            config.insert(
+                Yaml::String("skip_pre_flight".into()),
+                Yaml::Boolean(skip_pre_flight),
+            );
+        }
+
+        if let Some(json) = self.skip_pre_flight {
+            config.insert(Yaml::String("json".into()), Yaml::Boolean(json));
+        }
+
+        if let Some(hotreload) = self.hotreload {
+            config.insert(Yaml::String("hotreload".into()), Yaml::Boolean(hotreload));
+        }
+
+        if let Some(scan_interval) = self.scan_interval {
+            config.insert(
+                Yaml::String("scan_interval".into()),
+                Yaml::Integer(scan_interval.as_secs() as i64),
+            );
+        }
+
+        if let Some(rate_limit) = self.rate_limit {
+            config.insert(
+                Yaml::String("rate_limit".into()),
+                Yaml::Integer(rate_limit as i64),
+            );
+        }
+
+        Yaml::Hash(config)
+    }
 }
 
 impl TryFrom<&str> for FactConfig {
@@ -189,10 +240,16 @@ impl TryFrom<Vec<Yaml>> for FactConfig {
                     let grpc = v.as_hash().unwrap();
                     config.grpc = GrpcConfig::try_from(grpc)?;
                 }
+                "grpc" if v.is_null() => {
+                    // Nothing to do
+                }
                 "endpoint" if v.is_hash() => {
                     let endpoint = v.as_hash().unwrap();
                     config.endpoint = EndpointConfig::try_from(endpoint)?;
                 }
+                "endpoint" if v.is_null() => {
+                    // Nothing to do
+                }
                 "skip_pre_flight" => {
                     let Some(spf) = v.as_bool() else {
                         bail!("skip_pre_flight field has incorrect type: {v:?}");
@@ -205,12 +262,13 @@ impl TryFrom<Vec<Yaml>> for FactConfig {
                     };
                     config.json = Some(json);
                 }
-                "bpf" => {
-                    let Some(bpf) = v.as_hash() else {
-                        bail!("bpf section has incorrect type: {v:#?}");
-                    };
+                "bpf" if v.is_hash() => {
+                    let bpf = v.as_hash().unwrap();
                     config.bpf = BpfConfig::try_from(bpf)?;
                 }
+                "bpf" if v.is_null() => {
+                    // Nothing to do
+                }
                 "hotreload" => {
                     let Some(hotreload) = v.as_bool() else {
                         bail!("hotreload field has incorrect type: {v:?}");
@@ -251,7 +309,7 @@ impl TryFrom<Vec<Yaml>> for FactConfig {
     }
 }
 
-#[derive(Debug, Default, PartialEq, Eq, Clone)]
+#[derive(Debug, Default, PartialEq, Eq, Clone, JsonSchema, Serialize, Deserialize)]
 pub struct EndpointConfig {
     address: Option<SocketAddr>,
     expose_metrics: Option<bool>,
@@ -285,6 +343,37 @@ impl EndpointConfig {
     pub fn health_check(&self) -> bool {
         self.health_check.unwrap_or(false)
     }
+
+    fn to_yaml(&self) -> Yaml {
+        let mut endpoint = yaml::Hash::new();
+
+        if let Some(address) = self.address {
+            endpoint.insert(
+                Yaml::String("address".into()),
+                Yaml::String(address.to_string()),
+            );
+        }
+
+        if let Some(expose_metrics) = self.expose_metrics {
+            endpoint.insert(
+                Yaml::String("expose_metrics".into()),
+                Yaml::Boolean(expose_metrics),
+            );
+        }
+
+        if let Some(health_check) = self.health_check {
+            endpoint.insert(
+                Yaml::String("health_check".into()),
+                Yaml::Boolean(health_check),
+            );
+        }
+
+        if !endpoint.is_empty() {
+            Yaml::Hash(endpoint)
+        } else {
+            Yaml::Null
+        }
+    }
 }
 
 impl TryFrom<&yaml::Hash> for EndpointConfig {
@@ -328,7 +417,7 @@ impl TryFrom<&yaml::Hash> for EndpointConfig {
     }
 }
 
-#[derive(Debug, Default, PartialEq, Eq, Clone)]
+#[derive(Debug, Default, PartialEq, Eq, Clone, JsonSchema, Serialize, Deserialize)]
 pub struct GrpcConfig {
     url: Option<String>,
     certs: Option<PathBuf>,
@@ -352,6 +441,26 @@ impl GrpcConfig {
     pub fn certs(&self) -> Option<&Path> {
         self.certs.as_deref()
     }
+
+    fn to_yaml(&self) -> Yaml {
+        let mut grpc = yaml::Hash::new();
+
+        if let Some(url) = &self.url {
+            grpc.insert(Yaml::String("url".into()), Yaml::String(url.clone()));
+        }
+
+        if let Some(certs) = &self.certs
+            && let Some(certs) = certs.to_str()
+        {
+            grpc.insert(Yaml::String("certs".into()), Yaml::String(certs.into()));
+        }
+
+        if !grpc.is_empty() {
+            Yaml::Hash(grpc)
+        } else {
+            Yaml::Null
+        }
+    }
 }
 
 impl TryFrom<&yaml::Hash> for GrpcConfig {
@@ -385,7 +494,7 @@ impl TryFrom<&yaml::Hash> for GrpcConfig {
     }
 }
 
-#[derive(Debug, Default, PartialEq, Eq, Clone)]
+#[derive(Debug, Default, PartialEq, Eq, Clone, JsonSchema, Serialize, Deserialize)]
 pub struct BpfConfig {
     ringbuf_size: Option<u32>,
     inodes_max: Option<u32>,
@@ -409,6 +518,30 @@ impl BpfConfig {
     pub fn inodes_max(&self) -> u32 {
         self.inodes_max.unwrap_or(65536)
     }
+
+    fn to_yaml(&self) -> Yaml {
+        let mut bpf = yaml::Hash::new();
+
+        if let Some(ringbuf_size) = self.ringbuf_size {
+            bpf.insert(
+                Yaml::String("ringbuf_size".into()),
+                Yaml::Integer(ringbuf_size as i64),
+            );
+        }
+
+        if let Some(inodes_max) = self.ringbuf_size {
+            bpf.insert(
+                Yaml::String("inodes_max".into()),
+                Yaml::Integer(inodes_max as i64),
+            );
+        }
+
+        if !bpf.is_empty() {
+            Yaml::Hash(bpf)
+        } else {
+            Yaml::Null
+        }
+    }
 }
 
 impl TryFrom<&yaml::Hash> for BpfConfig {

fact/build.rs fact-core/build.rsfact/build.rs renamed to fact-core/build.rs

@@ -0,0 +1,11 @@
+use crate::version::FACT_VERSION;
+
+pub mod config;
+
+mod version {
+    include!(concat!(env!("OUT_DIR"), "/version.rs"));
+}
+
+pub fn version() -> &'static str {
+    FACT_VERSION
+}

fact/src/config/mod.rs fact-core/src/config/mod.rsfact/src/config/mod.rs renamed to fact-core/src/config/mod.rs

@@ -11,7 +11,10 @@ futures = { version = "0.3.32", default-features = false }
 kube = { version = "4.0.0", default-features = true, features = ["client", "openssl-tls", "derive", "runtime"] }
 k8s-openapi = { version = "0.28.0", features = ["latest", "schemars"] }
 log = { workspace = true }
-schemars = { version = "1" }
+schemars = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 tokio = { workspace = true }
+yaml-rust2 = { workspace = true }
+
+fact-core = { path = "../fact-core" }