humio · SaaldjorMike · May 19, 2025 · Apr 18, 2025 · Apr 22, 2025 · Apr 23, 2025
diff --git a/.gitignore b/.gitignore
@@ -84,4 +84,5 @@ bin/
 testbin/
 *-junit.xml
 .envrc
-tmp/**
+tmp/**
+humio-operator.iml
diff --git a/api/v1alpha1/humiogroup_types.go b/api/v1alpha1/humiogroup_types.go
@@ -0,0 +1,72 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	// HumioGroupStateUnknown is the Unknown state of the group
+	HumioGroupStateUnknown = "Unknown"
+	// HumioGroupStateExists is the Exists state of the group
+	HumioGroupStateExists = "Exists"
+	// HumioGroupStateNotFound is the NotFound state of the group
+	HumioGroupStateNotFound = "NotFound"
+	// HumioGroupStateConfigError is the state of the group when user-provided specification results in configuration error, such as non-existent humio cluster
+	HumioGroupStateConfigError = "ConfigError"
+)
+
+// HumioGroupSpec defines the desired state of HumioGroup.
+// +kubebuilder:validation:XValidation:rule="(has(self.managedClusterName) && self.managedClusterName != \"\") != (has(self.externalClusterName) && self.externalClusterName != \"\")",message="Must specify exactly one of managedClusterName or externalClusterName"
+type HumioGroupSpec struct {
+	// ManagedClusterName refers to an object of type HumioCluster that is managed by the operator where the Humio
+	// resources should be created.
+	// This conflicts with ExternalClusterName.
+	ManagedClusterName string `json:"managedClusterName,omitempty"`
+	// ExternalClusterName refers to an object of type HumioExternalCluster where the Humio resources should be created.
+	// This conflicts with ManagedClusterName.
+	ExternalClusterName string `json:"externalClusterName,omitempty"`
+	// Name is the display name of the HumioGroup
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
+	// +kubebuilder:validation:Required
+	Name string `json:"name"`
+	// ExternalMappingName is the mapping name from the external provider that will assign the user to this HumioGroup
+	// +kubebuilder:validation:MinLength=2
+	// +kubebuilder:validation:Optional
+	ExternalMappingName *string `json:"externalMappingName,omitempty"`
+}
+
+// HumioGroupStatus defines the observed state of HumioGroup.
+type HumioGroupStatus struct {
+	// State reflects the current state of the HumioGroup
+	State string `json:"state,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:path=humiogroups,scope=Namespaced
+// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state",description="The state of the group"
+// +operator-sdk:gen-csv:customresourcedefinitions.displayName="Humio Group"
+
+// HumioGroup is the Schema for the humiogroups API
+type HumioGroup struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// +kubebuilder:validation:Required
+	Spec   HumioGroupSpec   `json:"spec,omitempty"`
+	Status HumioGroupStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// HumioGroupList contains a list of HumioGroup
+type HumioGroupList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []HumioGroup `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&HumioGroup{}, &HumioGroupList{})
+}
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/humio-operator/crds/core.humio.com_humiogroups.yaml b/charts/humio-operator/crds/core.humio.com_humiogroups.yaml
@@ -0,0 +1,96 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.17.0
+  name: humiogroups.core.humio.com
+  labels:
+    app: 'humio-operator'
+    app.kubernetes.io/name: 'humio-operator'
+    app.kubernetes.io/instance: 'humio-operator'
+    app.kubernetes.io/managed-by: 'Helm'
+    helm.sh/chart: 'humio-operator-0.28.2'
+spec:
+  group: core.humio.com
+  names:
+    kind: HumioGroup
+    listKind: HumioGroupList
+    plural: humiogroups
+    singular: humiogroup
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: The state of the group
+      jsonPath: .status.state
+      name: State
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: HumioGroup is the Schema for the humiogroups API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: HumioGroupSpec defines the desired state of HumioGroup.
+            properties:
+              externalClusterName:
+                description: |-
+                  ExternalClusterName refers to an object of type HumioExternalCluster where the Humio resources should be created.
+                  This conflicts with ManagedClusterName.
+                type: string
+              externalMappingName:
+                description: ExternalMappingName is the mapping name from the external
+                  provider that will assign the user to this HumioGroup
+                minLength: 2
+                type: string
+              managedClusterName:
+                description: |-
+                  ManagedClusterName refers to an object of type HumioCluster that is managed by the operator where the Humio
+                  resources should be created.
+                  This conflicts with ExternalClusterName.
+                type: string
+              name:
+                description: Name is the display name of the HumioGroup
+                minLength: 1
+                type: string
+                x-kubernetes-validations:
+                - message: Value is immutable
+                  rule: self == oldSelf
+            required:
+            - name
+            type: object
+            x-kubernetes-validations:
+            - message: Must specify exactly one of managedClusterName or externalClusterName
+              rule: (has(self.managedClusterName) && self.managedClusterName != "")
+                != (has(self.externalClusterName) && self.externalClusterName != "")
+          status:
+            description: HumioGroupStatus defines the observed state of HumioGroup.
+            properties:
+              state:
+                description: State reflects the current state of the HumioGroup
+                type: string
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/humio-operator/templates/operator-rbac.yaml b/charts/humio-operator/templates/operator-rbac.yaml
@@ -103,6 +103,9 @@ rules:
   - humiofilteralerts
   - humiofilteralerts/finalizers
   - humiofilteralerts/status
+  - humiogroups
+  - humiogroups/finalizers
+  - humiogroups/status
   - humiousers
   - humiousers/finalizers
   - humiousers/status

diff --git a/cmd/main.go b/cmd/main.go
@@ -24,15 +24,15 @@ import (
 	"path/filepath"
 	"time"
 
-	"github.com/humio/humio-operator/internal/controller"
-	"github.com/humio/humio-operator/internal/humio"
-
 	cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	"github.com/go-logr/logr"
 	"github.com/go-logr/zapr"
 	uberzap "go.uber.org/zap"
 
+	"github.com/humio/humio-operator/internal/controller"
 	"github.com/humio/humio-operator/internal/helpers"
+	"github.com/humio/humio-operator/internal/humio"
+
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
@@ -417,6 +417,17 @@ func setupControllers(mgr ctrl.Manager, log logr.Logger, requeuePeriod time.Dura
 		ctrl.Log.Error(err, "unable to create controller", "controller", "HumioUser")
 		os.Exit(1)
 	}
+	if err = (&controller.HumioGroupReconciler{
+		Client: mgr.GetClient(),
+		CommonConfig: controller.CommonConfig{
+			RequeuePeriod: requeuePeriod,
+		},
+		HumioClient: humio.NewClient(log, userAgent),
+		BaseLogger:  log,
+	}).SetupWithManager(mgr); err != nil {
+		ctrl.Log.Error(err, "unable to create controller", "controller", "HumioGroup")
+		os.Exit(1)
+	}
 	if err = (&controller.HumioViewPermissionRoleReconciler{
 		Client: mgr.GetClient(),
 		CommonConfig: controller.CommonConfig{