Allow to configure both PreLogin and PostLogin Banners (#136)

Author: felix-kaestner

api/core/v1alpha1/banner_types.go

@@ -20,11 +20,31 @@ type BannerSpec struct {
 	// +optional
 	ProviderConfigRef *TypedLocalObjectReference `json:"providerConfigRef,omitempty"`
 
-	// Pre-Login banner to display on login.
+	// Type specifies the banner type to configure, either PreLogin or PostLogin.
+	// Immutable.
+	// +optional
+	// +kubebuilder:default=PreLogin
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Type is immutable"
+	Type BannerType `json:"type,omitempty"`
+
+	// Message is the banner message to display.
 	// +required
 	Message TemplateSource `json:"message"`
 }
 
+// BannerType represents the type of banner to configure
+// +kubebuilder:validation:Enum=PreLogin;PostLogin
+type BannerType string
+
+const (
+	// BannerTypePreLogin represents the login banner displayed before user authentication.
+	// This corresponds to the openconfig-system login-banner leaf.
+	BannerTypePreLogin BannerType = "PreLogin"
+	// BannerTypePostLogin represents the message banner displayed after user authentication.
+	// This corresponds to the openconfig-system motd-banner leaf.
+	BannerTypePostLogin BannerType = "PostLogin"
+)
+
 // BannerStatus defines the observed state of Banner.
 type BannerStatus struct {
 	// The conditions are a list of status objects that describe the state of the Banner.

charts/network-operator/templates/crd/networking.metal.ironcore.dev_banners.yaml

@@ -77,7 +77,7 @@ spec:
                 - message: DeviceRef is immutable
                   rule: self == oldSelf
               message:
-                description: Pre-Login banner to display on login.
+                description: Message is the banner message to display.
                 properties:
                   configMapRef:
                     description: Reference to a ConfigMap containing the template
@@ -179,6 +179,18 @@ spec:
                 - name
                 type: object
                 x-kubernetes-map-type: atomic
+              type:
+                default: PreLogin
+                description: |-
+                  Type specifies the banner type to configure, either PreLogin or PostLogin.
+                  Immutable.
+                enum:
+                - PreLogin
+                - PostLogin
+                type: string
+                x-kubernetes-validations:
+                - message: Type is immutable
+                  rule: self == oldSelf
             required:
             - deviceRef
             - message

config/crd/bases/networking.metal.ironcore.dev_banners.yaml

@@ -71,7 +71,7 @@ spec:
                 - message: DeviceRef is immutable
                   rule: self == oldSelf
               message:
-                description: Pre-Login banner to display on login.
+                description: Message is the banner message to display.
                 properties:
                   configMapRef:
                     description: Reference to a ConfigMap containing the template
@@ -173,6 +173,18 @@ spec:
                 - name
                 type: object
                 x-kubernetes-map-type: atomic
+              type:
+                default: PreLogin
+                description: |-
+                  Type specifies the banner type to configure, either PreLogin or PostLogin.
+                  Immutable.
+                enum:
+                - PreLogin
+                - PostLogin
+                type: string
+                x-kubernetes-validations:
+                - message: Type is immutable
+                  rule: self == oldSelf
             required:
             - deviceRef
             - message

config/samples/v1alpha1_banner.yaml

@@ -9,6 +9,7 @@ metadata:
 spec:
   deviceRef:
     name: leaf1
+  type: PreLogin
   message:
     inline: |
       ###################################################

internal/controller/core/banner_controller.go

@@ -245,8 +245,9 @@ func (r *BannerReconciler) reconcile(ctx context.Context, s *bannerScope) (reter
 	}
 
 	// Ensure the Banner is realized on the provider.
-	err = s.Provider.EnsureBanner(ctx, &provider.BannerRequest{
+	err = s.Provider.EnsureBanner(ctx, &provider.EnsureBannerRequest{
 		Message:        string(msg),
+		Type:           s.Banner.Spec.Type,
 		ProviderConfig: s.ProviderConfig,
 	})
 
@@ -268,7 +269,9 @@ func (r *BannerReconciler) finalize(ctx context.Context, s *bannerScope) (reterr
 		}
 	}()
 
-	return s.Provider.DeleteBanner(ctx)
+	return s.Provider.DeleteBanner(ctx, &provider.DeleteBannerRequest{
+		Type: s.Banner.Spec.Type,
+	})
 }
 
 // secretToBanner is a [handler.MapFunc] to be used to enqueue requests for reconciliation

internal/controller/core/banner_controller_test.go

@@ -37,24 +37,6 @@ var _ = Describe("Banner Controller", func() {
 				}
 				Expect(k8sClient.Create(ctx, resource)).To(Succeed())
 			}
-
-			By("Creating the custom resource for the Kind Banner")
-			banner := &v1alpha1.Banner{}
-			if err := k8sClient.Get(ctx, key, banner); errors.IsNotFound(err) {
-				resource := &v1alpha1.Banner{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      name,
-						Namespace: metav1.NamespaceDefault,
-					},
-					Spec: v1alpha1.BannerSpec{
-						DeviceRef: v1alpha1.LocalObjectReference{Name: name},
-						Message: v1alpha1.TemplateSource{
-							Inline: ptr.To("Test Banner"),
-						},
-					},
-				}
-				Expect(k8sClient.Create(ctx, resource)).To(Succeed())
-			}
 		})
 
 		AfterEach(func() {
@@ -74,11 +56,87 @@ var _ = Describe("Banner Controller", func() {
 
 			By("Ensuring the resource is deleted from the provider")
 			Eventually(func(g Gomega) {
-				g.Expect(testProvider.Banner).To(BeNil(), "Provider Banner should be nil")
+				g.Expect(testProvider.PreLoginBanner).To(BeNil(), "Provider PreLogin Banner should be nil")
+				g.Expect(testProvider.PostLoginBanner).To(BeNil(), "Provider PostLogin Banner should be nil")
+			}).Should(Succeed())
+		})
+
+		It("Should successfully reconcile a PreLogin Banner", func() {
+			By("Creating a PreLogin Banner")
+			banner := &v1alpha1.Banner{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      name,
+					Namespace: metav1.NamespaceDefault,
+				},
+				Spec: v1alpha1.BannerSpec{
+					DeviceRef: v1alpha1.LocalObjectReference{Name: name},
+					Type:      v1alpha1.BannerTypePreLogin,
+					Message: v1alpha1.TemplateSource{
+						Inline: ptr.To("Test Banner"),
+					},
+				},
+			}
+			Expect(k8sClient.Create(ctx, banner)).To(Succeed())
+
+			By("Adding a finalizer to the resource")
+			Eventually(func(g Gomega) {
+				resource := &v1alpha1.Banner{}
+				g.Expect(k8sClient.Get(ctx, key, resource)).To(Succeed())
+				g.Expect(controllerutil.ContainsFinalizer(resource, v1alpha1.FinalizerName)).To(BeTrue())
+			}).Should(Succeed())
+
+			By("Adding the device label to the resource")
+			Eventually(func(g Gomega) {
+				resource := &v1alpha1.Banner{}
+				g.Expect(k8sClient.Get(ctx, key, resource)).To(Succeed())
+				g.Expect(resource.Labels).To(HaveKeyWithValue(v1alpha1.DeviceLabel, name))
+			}).Should(Succeed())
+
+			By("Adding the device as a owner reference")
+			Eventually(func(g Gomega) {
+				resource := &v1alpha1.Banner{}
+				g.Expect(k8sClient.Get(ctx, key, resource)).To(Succeed())
+				g.Expect(resource.OwnerReferences).To(HaveLen(1))
+				g.Expect(resource.OwnerReferences[0].Kind).To(Equal("Device"))
+				g.Expect(resource.OwnerReferences[0].Name).To(Equal(name))
+			}).Should(Succeed())
+
+			By("Updating the resource status")
+			Eventually(func(g Gomega) {
+				resource := &v1alpha1.Banner{}
+				g.Expect(k8sClient.Get(ctx, key, resource)).To(Succeed())
+				g.Expect(resource.Status.Conditions).To(HaveLen(1))
+				g.Expect(resource.Status.Conditions[0].Type).To(Equal(v1alpha1.ReadyCondition))
+				g.Expect(resource.Status.Conditions[0].Status).To(Equal(metav1.ConditionTrue))
+			}).Should(Succeed())
+
+			By("Ensuring the resource is created in the provider")
+			Eventually(func(g Gomega) {
+				g.Expect(testProvider.PreLoginBanner).ToNot(BeNil(), "Provider Banner should not be nil")
+				g.Expect(testProvider.PostLoginBanner).To(BeNil(), "Provider PostLogin Banner should be nil")
+				if testProvider.PreLoginBanner != nil {
+					g.Expect(*testProvider.PreLoginBanner).To(Equal("Test Banner"))
+				}
 			}).Should(Succeed())
 		})
 
-		It("Should successfully reconcile the resource", func() {
+		It("Should successfully reconcile a PostLogin Banner", func() {
+			By("Creating a PostLogin Banner")
+			banner := &v1alpha1.Banner{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      name,
+					Namespace: metav1.NamespaceDefault,
+				},
+				Spec: v1alpha1.BannerSpec{
+					DeviceRef: v1alpha1.LocalObjectReference{Name: name},
+					Type:      v1alpha1.BannerTypePostLogin,
+					Message: v1alpha1.TemplateSource{
+						Inline: ptr.To("Test Banner"),
+					},
+				},
+			}
+			Expect(k8sClient.Create(ctx, banner)).To(Succeed())
+
 			By("Adding a finalizer to the resource")
 			Eventually(func(g Gomega) {
 				resource := &v1alpha1.Banner{}
@@ -113,9 +171,10 @@ var _ = Describe("Banner Controller", func() {
 
 			By("Ensuring the resource is created in the provider")
 			Eventually(func(g Gomega) {
-				g.Expect(testProvider.Banner).ToNot(BeNil(), "Provider Banner should not be nil")
-				if testProvider.Banner != nil {
-					g.Expect(*testProvider.Banner).To(Equal("Test Banner"))
+				g.Expect(testProvider.PreLoginBanner).To(BeNil(), "Provider PreLogin Banner should be nil")
+				g.Expect(testProvider.PostLoginBanner).ToNot(BeNil(), "Provider PostLogin Banner should not be nil")
+				if testProvider.PostLoginBanner != nil {
+					g.Expect(*testProvider.PostLoginBanner).To(Equal("Test Banner"))
 				}
 			}).Should(Succeed())
 		})

internal/controller/core/suite_test.go

@@ -5,6 +5,7 @@ package core
 
 import (
 	"context"
+	"errors"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -346,7 +347,8 @@ type Provider struct {
 
 	Ports           sets.Set[string]
 	User            sets.Set[string]
-	Banner          *string
+	PreLoginBanner  *string
+	PostLoginBanner *string
 	DNS             *v1alpha1.DNS
 	NTP             *v1alpha1.NTP
 	ACLs            sets.Set[string]
@@ -427,17 +429,31 @@ func (p *Provider) GetInterfaceStatus(context.Context, *provider.InterfaceReques
 	}, nil
 }
 
-func (p *Provider) EnsureBanner(_ context.Context, req *provider.BannerRequest) error {
+func (p *Provider) EnsureBanner(_ context.Context, req *provider.EnsureBannerRequest) error {
 	p.Lock()
 	defer p.Unlock()
-	p.Banner = &req.Message
+	switch req.Type {
+	case v1alpha1.BannerTypePreLogin:
+		p.PreLoginBanner = &req.Message
+	case v1alpha1.BannerTypePostLogin:
+		p.PostLoginBanner = &req.Message
+	default:
+		return errors.New("unknown banner type")
+	}
 	return nil
 }
 
-func (p *Provider) DeleteBanner(context.Context) error {
+func (p *Provider) DeleteBanner(_ context.Context, req *provider.DeleteBannerRequest) error {
 	p.Lock()
 	defer p.Unlock()
-	p.Banner = nil
+	switch req.Type {
+	case v1alpha1.BannerTypePreLogin:
+		p.PreLoginBanner = nil
+	case v1alpha1.BannerTypePostLogin:
+		p.PostLoginBanner = nil
+	default:
+		return errors.New("unknown banner type")
+	}
 	return nil
 }
 

internal/provider/cisco/nxos/banner.go

@@ -3,7 +3,12 @@
 
 package nxos
 
-import "github.com/ironcore-dev/network-operator/internal/provider/cisco/gnmiext/v2"
+import (
+	"fmt"
+
+	"github.com/ironcore-dev/network-operator/api/core/v1alpha1"
+	"github.com/ironcore-dev/network-operator/internal/provider/cisco/gnmiext/v2"
+)
 
 var (
 	_ gnmiext.Configurable = (*Banner)(nil)
@@ -16,13 +21,40 @@ type Banner struct {
 	Delimiter string `json:"delimiter"`
 	// String to be displayed as the banner message
 	Message string `json:"message"`
+	// Type indicates whether this is a pre-login or post-login banner.
+	// This field is not serialized to JSON and is only used internally
+	// to determine the correct XPath for the banner configuration.
+	Type BannerType `json:"-"`
 }
 
-func (*Banner) XPath() string {
+func (b *Banner) XPath() string {
+	if b.Type == PostLogin {
+		return "System/userext-items/postloginbanner-items"
+	}
 	return "System/userext-items/preloginbanner-items"
 }
 
 func (b *Banner) Default() {
 	b.Delimiter = "#"
-	b.Message = "User Access Verification\n"
+	if b.Type == PreLogin {
+		b.Message = "User Access Verification\n"
+	}
+}
+
+type BannerType string
+
+const (
+	PreLogin  BannerType = "prelogin"
+	PostLogin BannerType = "postlogin"
+)
+
+func BannerTypeFrom(bt v1alpha1.BannerType) (BannerType, error) {
+	switch bt {
+	case v1alpha1.BannerTypePreLogin:
+		return PreLogin, nil
+	case v1alpha1.BannerTypePostLogin:
+		return PostLogin, nil
+	default:
+		return "", fmt.Errorf("unknown banner type: %s", bt)
+	}
 }

internal/provider/cisco/nxos/banner_test.go

@@ -4,5 +4,5 @@
 package nxos
 
 func init() {
-	Register("banner", &Banner{Delimiter: "^", Message: "Test Banner"})
+	Register("banner", &Banner{Delimiter: "^", Message: "Test Banner", Type: PreLogin})
 }