forked from openshift/operator-framework-operator-controller
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprovider.go
More file actions
199 lines (173 loc) · 7.61 KB
/
provider.go
File metadata and controls
199 lines (173 loc) · 7.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
package applier
import (
"crypto/sha256"
"encoding/json"
"fmt"
"io/fs"
"helm.sh/helm/v3/pkg/chart"
"k8s.io/apimachinery/pkg/util/sets"
"sigs.k8s.io/controller-runtime/pkg/client"
"github.com/operator-framework/api/pkg/operators/v1alpha1"
ocv1 "github.com/operator-framework/operator-controller/api/v1"
"github.com/operator-framework/operator-controller/internal/operator-controller/config"
"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/bundle"
"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/bundle/source"
"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/render"
errorutil "github.com/operator-framework/operator-controller/internal/shared/util/error"
)
// ManifestProvider returns the manifests that should be applied by OLM given a bundle and its associated ClusterExtension
type ManifestProvider interface {
// Get returns a set of resource manifests in bundle that take into account the configuration in ext
Get(bundle fs.FS, ext *ocv1.ClusterExtension) ([]client.Object, error)
}
// RegistryV1ManifestProvider generates the manifests that should be installed for a registry+v1 bundle
// given the user specified configuration given by the ClusterExtension API surface
type RegistryV1ManifestProvider struct {
BundleRenderer render.BundleRenderer
CertificateProvider render.CertificateProvider
IsWebhookSupportEnabled bool
IsSingleOwnNamespaceEnabled bool
IsDeploymentConfigEnabled bool
}
func (r *RegistryV1ManifestProvider) Get(bundleFS fs.FS, ext *ocv1.ClusterExtension) ([]client.Object, error) {
rv1, err := source.FromFS(bundleFS).GetBundle()
if err != nil {
return nil, err
}
if len(rv1.CSV.Spec.APIServiceDefinitions.Owned) > 0 {
return nil, fmt.Errorf("unsupported bundle: apiServiceDefintions are not supported")
}
if len(rv1.CSV.Spec.WebhookDefinitions) > 0 {
if !r.IsWebhookSupportEnabled {
return nil, fmt.Errorf("unsupported bundle: webhookDefinitions are not supported")
} else if r.CertificateProvider == nil {
return nil, fmt.Errorf("unsupported bundle: webhookDefinitions are not supported: certificate provider is nil")
}
}
installModes := sets.New(rv1.CSV.Spec.InstallModes...)
if !r.IsSingleOwnNamespaceEnabled && !installModes.Has(v1alpha1.InstallMode{Type: v1alpha1.InstallModeTypeAllNamespaces, Supported: true}) {
return nil, fmt.Errorf("unsupported bundle: bundle does not support AllNamespaces install mode")
}
if !installModes.HasAny(
v1alpha1.InstallMode{Type: v1alpha1.InstallModeTypeAllNamespaces, Supported: true},
v1alpha1.InstallMode{Type: v1alpha1.InstallModeTypeSingleNamespace, Supported: true},
v1alpha1.InstallMode{Type: v1alpha1.InstallModeTypeOwnNamespace, Supported: true},
) {
return nil, fmt.Errorf("unsupported bundle: bundle must support at least one of [AllNamespaces SingleNamespace OwnNamespace] install modes")
}
opts := []render.Option{
render.WithCertificateProvider(r.CertificateProvider),
}
// Always validate inline config when present so that disabled features produce
// a clear error rather than being silently ignored. When IsSingleOwnNamespaceEnabled
// is true we also call this with no config to validate required fields (e.g.
// watchNamespace for OwnNamespace-only bundles).
if r.IsSingleOwnNamespaceEnabled || ext.Spec.Config != nil {
configOpts, err := r.extractBundleConfigOptions(&rv1, ext)
if err != nil {
return nil, err
}
opts = append(opts, configOpts...)
}
return r.BundleRenderer.Render(rv1, ext.Spec.Namespace, opts...)
}
// extractBundleConfigOptions extracts and validates configuration options from a ClusterExtension.
// Returns render options for watchNamespace and deploymentConfig if present in the extension's configuration.
func (r *RegistryV1ManifestProvider) extractBundleConfigOptions(rv1 *bundle.RegistryV1, ext *ocv1.ClusterExtension) ([]render.Option, error) {
schema, err := rv1.GetConfigSchema()
if err != nil {
return nil, fmt.Errorf("error getting configuration schema: %w", err)
}
// When the DeploymentConfig feature gate is disabled, remove deploymentConfig from the
// schema so that users get a clear "unknown field" error if they attempt to use it.
if !r.IsDeploymentConfigEnabled {
if props, ok := schema["properties"].(map[string]any); ok {
delete(props, "deploymentConfig")
}
}
bundleConfigBytes := extensionConfigBytes(ext)
bundleConfig, err := config.UnmarshalConfig(bundleConfigBytes, schema, ext.Spec.Namespace)
if err != nil {
return nil, errorutil.NewTerminalError(ocv1.ReasonInvalidConfiguration, fmt.Errorf("invalid ClusterExtension configuration: %w", err))
}
var opts []render.Option
if watchNS := bundleConfig.GetWatchNamespace(); watchNS != nil {
opts = append(opts, render.WithTargetNamespaces(*watchNS))
}
// Extract deploymentConfig if present and the feature gate is enabled.
if r.IsDeploymentConfigEnabled {
deploymentConfig, err := bundleConfig.GetDeploymentConfig()
if err != nil {
return nil, errorutil.NewTerminalError(ocv1.ReasonInvalidConfiguration, fmt.Errorf("invalid deploymentConfig: %w", err))
}
if deploymentConfig != nil {
opts = append(opts, render.WithDeploymentConfig(deploymentConfig))
}
}
return opts, nil
}
// RegistryV1HelmChartProvider creates a Helm-Chart from a registry+v1 bundle and its associated ClusterExtension
type RegistryV1HelmChartProvider struct {
ManifestProvider ManifestProvider
}
func (r *RegistryV1HelmChartProvider) Get(bundleFS fs.FS, ext *ocv1.ClusterExtension) (*chart.Chart, error) {
objs, err := r.ManifestProvider.Get(bundleFS, ext)
if err != nil {
return nil, err
}
chrt := &chart.Chart{Metadata: &chart.Metadata{}}
// The need to get the underlying bundle in order to extract its annotations
// will go away once we have a bundle interface that can surface the annotations independently of the
// underlying bundle format...
rv1, err := source.FromFS(bundleFS).GetBundle()
if err != nil {
return nil, err
}
chrt.Metadata.Annotations = rv1.CSV.GetAnnotations()
for _, obj := range objs {
jsonData, err := json.Marshal(obj)
if err != nil {
return nil, err
}
hash := sha256.Sum256(jsonData)
name := fmt.Sprintf("object-%x.json", hash[0:8])
// Some registry+v1 manifests may actually contain Go Template strings
// that are meant to survive and actually persist into etcd (e.g. to be
// used as a templated configuration for another component). In order to
// avoid applying templating logic to registry+v1's static manifests, we
// create the manifests as Files, and then template those files via simple
// Templates.
chrt.Files = append(chrt.Files, &chart.File{
Name: name,
Data: jsonData,
})
chrt.Templates = append(chrt.Templates, &chart.File{
Name: name,
Data: []byte(fmt.Sprintf(`{{.Files.Get "%s"}}`, name)),
})
}
return chrt, nil
}
// ExtensionConfigBytes returns the ClusterExtension configuration input by the user
// through .spec.config as a byte slice.
func extensionConfigBytes(ext *ocv1.ClusterExtension) []byte {
if ext.Spec.Config != nil {
switch ext.Spec.Config.ConfigType {
case ocv1.ClusterExtensionConfigTypeInline:
if ext.Spec.Config.Inline != nil {
return ext.Spec.Config.Inline.Raw
}
}
}
return nil
}
func getBundleAnnotations(bundleFS fs.FS) (map[string]string, error) {
// The need to get the underlying bundle in order to extract its annotations
// will go away once we have a bundle interface that can surface the annotations independently of the
// underlying bundle format...
rv1, err := source.FromFS(bundleFS).GetBundle()
if err != nil {
return nil, err
}
return rv1.CSV.GetAnnotations(), nil
}