fix(artifact): remove configMapKey, add configMap Indexer, restore artifact constants and types

Signed-off-by: cannarelladev <cannarella.dev@gmail.com>

Author: c2ndev

api/artifact/v1alpha1/rulesfile_types.go

@@ -1,4 +1,4 @@
-// Copyright (C) 2025 The Falco Authors
+// Copyright (C) 2026 The Falco Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

api/common/v1alpha1/types.go

@@ -1,4 +1,4 @@
-// Copyright (C) 2025 The Falco Authors
+// Copyright (C) 2026 The Falco Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -39,6 +39,11 @@ const (
 	ConditionReconciled ConditionType = "ConditionReconciled"
 )
 
+const (
+	// ConfigMapRulesKey is the standard key used for rules data in ConfigMaps.
+	ConfigMapRulesKey = "rules.yaml"
+)
+
 // OCIArtifact defines the structure for specifying an OCI artifact reference.
 // +kubebuilder:object:generate=true
 type OCIArtifact struct {
@@ -72,8 +77,4 @@ type ConfigMapRef struct {
 	// Name is the name of the ConfigMap.
 	// +kubebuilder:validation:Required
 	Name string `json:"name"`
-
-	// Key is the key in the ConfigMap to select.
-	// +kubebuilder:validation:Required
-	Key string `json:"key"`
 }

config/crd/bases/artifact.falcosecurity.dev_rulesfiles.yaml

@@ -43,14 +43,10 @@ spec:
                 description: ConfigMapRef specifies a reference to a ConfigMap containing
                   the rules.
                 properties:
-                  key:
-                    description: Key is the key in the ConfigMap to select.
-                    type: string
                   name:
                     description: Name is the name of the ConfigMap.
                     type: string
                 required:
-                - key
                 - name
                 type: object
               inlineRules:

config/samples/artifact_v1alpha1_rulesfile_configmap.yaml

@@ -37,6 +37,7 @@ data:
 
 ---
 # Example Rulesfile using ConfigMap reference
+# Note: The ConfigMap must have a key named "rules.yaml" containing the rules content
 apiVersion: artifact.falcosecurity.dev/v1alpha1
 kind: Rulesfile
 metadata:
@@ -48,6 +49,5 @@ metadata:
 spec:
   configMapRef:
     name: custom-falco-rules
-    key: rules.yaml
   priority: 60
 

controllers/artifact/config/controller.go

@@ -14,8 +14,6 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-// Package controller defines controllers' logic.
-
 package config
 
 import (

controllers/artifact/config/controller_test.go

@@ -1,4 +1,4 @@
-// Copyright (C) 2025 The Falco Authors
+// Copyright (C) 2026 The Falco Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,8 +14,6 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-// Package controller defines controllers' logic.
-
 package config
 
 import (

controllers/artifact/config/suite_test.go

@@ -1,4 +1,4 @@
-// Copyright (C) 2025 The Falco Authors
+// Copyright (C) 2026 The Falco Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,8 +14,6 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-// Package controller defines controllers' logic.
-
 package config
 
 import (

controllers/artifact/plugin/controller.go

@@ -33,7 +33,6 @@ import (
 	"github.com/falcosecurity/falco-operator/internal/pkg/artifact"
 	"github.com/falcosecurity/falco-operator/internal/pkg/common"
 	"github.com/falcosecurity/falco-operator/internal/pkg/controllerhelper"
-	"github.com/falcosecurity/falco-operator/internal/pkg/filesystem"
 	"github.com/falcosecurity/falco-operator/internal/pkg/priority"
 )
 
@@ -278,8 +277,8 @@ type PluginsConfig struct {
 }
 
 func (pc *PluginsConfig) addConfig(plugin *artifactv1alpha1.Plugin) {
-	var config = PluginConfig{
-		LibraryPath: artifact.Path(plugin.Name, priority.DefaultPriority, filesystem.MediumOCI, artifact.TypePlugin),
+	config := PluginConfig{
+		LibraryPath: artifact.Path(plugin.Name, priority.DefaultPriority, artifact.MediumOCI, artifact.TypePlugin),
 		Name:        plugin.Name,
 	}
 
@@ -359,16 +358,9 @@ func (pc *PluginsConfig) toString() (string, error) {
 	if err != nil {
 		return "", err
 	}
-
-	// Convert the YAML to a string.
-	yamlString := string(data)
-
-	return yamlString, nil
+	return string(data), nil
 }
 
 func (pc *PluginsConfig) isEmpty() bool {
-	if len(pc.Configs) == 0 && len(pc.LoadPlugins) == 0 {
-		return true
-	}
-	return false
+	return len(pc.Configs) == 0 && len(pc.LoadPlugins) == 0
 }

controllers/artifact/rulesfile/controller.go

@@ -14,8 +14,6 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-// Package controller defines controllers' logic.
-
 package rulesfile
 
 import (
@@ -25,12 +23,10 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/log"
-	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
 	artifactv1alpha1 "github.com/falcosecurity/falco-operator/api/artifact/v1alpha1"
@@ -42,6 +38,8 @@ import (
 const (
 	// rulesfileFinalizerPrefix is the prefix for the finalizer name.
 	rulesfileFinalizerPrefix = "rulesfile.artifact.falcosecurity.dev/finalizer"
+	// configMapRefIndexField is the field used for indexing Rulesfiles by ConfigMap reference.
+	configMapRefIndexField = ".spec.configMapRef.name"
 )
 
 // NewRulesfileReconciler returns a new RulesfileReconciler.
@@ -115,41 +113,53 @@ func (r *RulesfileReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *RulesfileReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	// Filter ConfigMap watches to only the operator's namespace to reduce overhead.
-	namespaceFilter := predicate.NewPredicateFuncs(func(object client.Object) bool {
-		return object.GetNamespace() == r.namespace
-	})
+	// Create an index for Rulesfiles by ConfigMap reference for efficient lookups.
+	if err := mgr.GetFieldIndexer().IndexField(
+		context.Background(),
+		&artifactv1alpha1.Rulesfile{},
+		configMapRefIndexField,
+		indexRulesfileByConfigMapRef,
+	); err != nil {
+		return err
+	}
 
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&artifactv1alpha1.Rulesfile{}).
 		Watches(
 			&corev1.ConfigMap{},
 			handler.EnqueueRequestsFromMapFunc(r.findRulesfilesForConfigMap),
-			builder.WithPredicates(namespaceFilter),
 		).
 		Named("artifact-rulesfile").
 		Complete(r)
 }
 
-// findRulesfilesForConfigMap finds all Rulesfiles that reference a given ConfigMap.
+func indexRulesfileByConfigMapRef(obj client.Object) []string {
+	rulesfile := obj.(*artifactv1alpha1.Rulesfile)
+	if rulesfile.Spec.ConfigMapRef == nil {
+		return nil
+	}
+	return []string{rulesfile.Namespace + "/" + rulesfile.Spec.ConfigMapRef.Name}
+}
+
+// findRulesfilesForConfigMap finds all Rulesfiles that reference a given ConfigMap using the index.
 func (r *RulesfileReconciler) findRulesfilesForConfigMap(ctx context.Context, configMap client.Object) []reconcile.Request {
 	logger := log.FromContext(ctx)
 	rulesfileList := &artifactv1alpha1.RulesfileList{}
 
-	if err := r.List(ctx, rulesfileList, client.InNamespace(configMap.GetNamespace())); err != nil {
-		logger.Error(err, "unable to list Rulesfiles")
+	// Use the index to find Rulesfiles that reference this ConfigMap
+	indexKey := configMap.GetNamespace() + "/" + configMap.GetName()
+	if err := r.List(ctx, rulesfileList, client.MatchingFields{configMapRefIndexField: indexKey}); err != nil {
+		logger.Error(err, "unable to list Rulesfiles by ConfigMap index")
 		return []reconcile.Request{}
 	}
 
-	var requests []reconcile.Request
+	requests := make([]reconcile.Request, len(rulesfileList.Items))
 	for i := range rulesfileList.Items {
-		if rulesfileList.Items[i].Spec.ConfigMapRef != nil && rulesfileList.Items[i].Spec.ConfigMapRef.Name == configMap.GetName() {
-			requests = append(requests, reconcile.Request{
-				NamespacedName: client.ObjectKey{
-					Name:      rulesfileList.Items[i].Name,
-					Namespace: rulesfileList.Items[i].Namespace,
-				},
-			})
+		requests[i] = reconcile.Request{
+			NamespacedName: client.ObjectKey{
+				Name:      rulesfileList.Items[i].Name,
+				Namespace: rulesfileList.Items[i].Namespace,
+			},
 		}
 	}
 
@@ -188,7 +198,8 @@ func (r *RulesfileReconciler) ensureRulesfile(ctx context.Context, rulesfile *ar
 		return err
 	}
 
-	if err := r.artifactManager.StoreFromConfigMap(ctx, rulesfile.Name, p, rulesfile.Spec.ConfigMapRef, artifact.TypeRulesfile); err != nil {
+	if err := r.artifactManager.StoreFromConfigMap(
+		ctx, rulesfile.Name, rulesfile.Namespace, p, rulesfile.Spec.ConfigMapRef, artifact.TypeRulesfile); err != nil {
 		return err
 	}
 

controllers/artifact/rulesfile/controller_test.go

@@ -1,4 +1,4 @@
-// Copyright (C) 2025 The Falco Authors
+// Copyright (C) 2026 The Falco Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,8 +14,6 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-// Package controller defines controllers' logic.
-
 package rulesfile
 
 import (