feat: add ruleset api(#1844)

* fix(controller): decode old object for delete requests

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: modernize golang

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: modernize golang

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: modernize golang

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* fix(config): remove usergroups default

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* fix(config): remove usergroups default

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* sec(ghsa-2ww6-hf35-mfjm): intercept namespace subresource

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

---------

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

hack/distro/capsule/example-setup/tenants.yaml

@@ -4,21 +4,38 @@ kind: Tenant
 metadata:
   name: solar
 spec:
+  owners:
+  - name: alice
+    kind: User
   permissions:
     matchOwners:
     - matchLabels:
         team: platform
     - matchLabels:
         tenant: solar
-  owners:
-  - name: alice
-    kind: User
   additionalRoleBindings:
   - clusterRoleName: 'view'
     subjects:
     - apiGroup: rbac.authorization.k8s.io
       kind: User
       name: joe
+  rules:
+    - enforce:
+        registries:
+        - url: "harbor/.*"
+          policy:
+          - "Never"
+    - namespaceSelector:
+        matchExpressions:
+          - key: env
+            operator: In
+            values:
+            - "prod"
+      enforce:
+        registries:
+        - url: "harbor/v2/customer-registry/prod-image/.*"
+          policy:
+          - "Always"
 ---
 apiVersion: capsule.clastix.io/v1beta2
 kind: Tenant

hack/kind-cluster.yaml

@@ -0,0 +1,8 @@
+---
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+name: capsule
+featureGates:
+  ImageVolume: true
+nodes:
+- role: control-plane

hack/kind-cluster.yml

@@ -1,13 +0,0 @@
-# With Kind configuration is used to
-# share a folder between the outside sistem
-# and the internal container (capsule-controller-manager),
-# In this way we will be able to get the metadata
-# generated by harpoon at the end of the e2e tests execution.
-kind: Cluster
-apiVersion: kind.x-k8s.io/v1alpha4
-name: capsule-tracing
-nodes:
-- role: control-plane
-  extraMounts:
-  - hostPath: /tmp/results
-    containerPath: /tmp/results