Replace rukpak Convert() with BundleRenderer

Signed-off-by: Per Goncalves da Silva <[email protected]>

Author: Per Goncalves da Silva

Diff for: internal/operator-controller/rukpak/convert/generators.go

@@ -0,0 +1,210 @@
+package convert
+
+import (
+	"cmp"
+	"fmt"
+	"strings"
+
+	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/utils/ptr"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	registrybundle "github.com/operator-framework/operator-registry/pkg/lib/bundle"
+
+	"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/util"
+)
+
+type ResourceGenerator func(rv1 *RegistryV1, opts Options) ([]client.Object, error)
+
+func (g ResourceGenerator) GenerateResources(rv1 *RegistryV1, opts Options) ([]client.Object, error) {
+	return g(rv1, opts)
+}
+
+type ResourceGenerators []ResourceGenerator
+
+func (r ResourceGenerators) GenerateResources(rv1 *RegistryV1, opts Options) ([]client.Object, error) {
+	//nolint:prealloc
+	var renderedObjects []client.Object
+	for _, generator := range r {
+		objs, err := generator.GenerateResources(rv1, opts)
+		if err != nil {
+			return nil, err
+		}
+		renderedObjects = append(renderedObjects, objs...)
+	}
+	return renderedObjects, nil
+}
+
+func (r ResourceGenerators) ResourceGenerator() ResourceGenerator {
+	return r.GenerateResources
+}
+
+var BundleCSVRBACResourceGenerator = ResourceGenerators{
+	BundleCSVServiceAccountGenerator,
+	BundleCSVPermissionsGenerator,
+	BundleCSVClusterPermissionsGenerator,
+}
+
+func BundleCSVDeploymentGenerator(rv1 *RegistryV1, opts Options) ([]client.Object, error) {
+	if rv1 == nil {
+		return nil, fmt.Errorf("bundle cannot be nil")
+	}
+	objs := make([]client.Object, 0, len(rv1.CSV.Spec.InstallStrategy.StrategySpec.DeploymentSpecs))
+	for _, depSpec := range rv1.CSV.Spec.InstallStrategy.StrategySpec.DeploymentSpecs {
+		annotations := util.MergeMaps(rv1.CSV.Annotations, depSpec.Spec.Template.Annotations)
+		annotations["olm.targetNamespaces"] = strings.Join(opts.TargetNamespaces, ",")
+		depSpec.Spec.Template.Annotations = annotations
+
+		if depSpec.Spec.Template.Spec.ServiceAccountName == "" {
+			depSpec.Spec.Template.Spec.ServiceAccountName = "default"
+		}
+
+		// Hardcode the deployment with RevisionHistoryLimit=1 to maintain parity with OLMv0 behaviour.
+		// See https://github.com/operator-framework/operator-lifecycle-manager/blob/dfd0b2bea85038d3c0d65348bc812d297f16b8d2/pkg/controller/install/deployment.go#L177-L180
+		depSpec.Spec.RevisionHistoryLimit = ptr.To(int32(1))
+
+		objs = append(objs,
+			GenerateDeploymentResource(
+				depSpec.Name,
+				opts.InstallNamespace,
+				WithDeploymentSpec(depSpec.Spec),
+				WithLabels(depSpec.Label),
+			),
+		)
+	}
+	return objs, nil
+}
+
+func BundleCSVPermissionsGenerator(rv1 *RegistryV1, opts Options) ([]client.Object, error) {
+	if rv1 == nil {
+		return nil, fmt.Errorf("bundle cannot be nil")
+	}
+
+	// If we're in AllNamespaces mode permissions will be treated as clusterPermissions
+	if len(opts.TargetNamespaces) == 1 && opts.TargetNamespaces[0] == "" {
+		return nil, nil
+	}
+
+	permissions := rv1.CSV.Spec.InstallStrategy.StrategySpec.Permissions
+
+	objs := make([]client.Object, 0, 2*len(opts.TargetNamespaces)*len(permissions))
+	for _, ns := range opts.TargetNamespaces {
+		for _, permission := range permissions {
+			saName := saNameOrDefault(permission.ServiceAccountName)
+			name, err := opts.UniqueNameGenerator(fmt.Sprintf("%s-%s", rv1.CSV.Name, saName), permission)
+			if err != nil {
+				return nil, err
+			}
+
+			objs = append(objs,
+				GenerateRoleResource(name, ns, WithRules(permission.Rules...)),
+				GenerateRoleBindingResource(
+					name,
+					ns,
+					WithSubjects(rbacv1.Subject{Kind: "ServiceAccount", Namespace: opts.InstallNamespace, Name: saName}),
+					WithRoleRef(rbacv1.RoleRef{APIGroup: rbacv1.GroupName, Kind: "Role", Name: name}),
+				),
+			)
+		}
+	}
+	return objs, nil
+}
+
+func BundleCSVClusterPermissionsGenerator(rv1 *RegistryV1, opts Options) ([]client.Object, error) {
+	if rv1 == nil {
+		return nil, fmt.Errorf("bundle cannot be nil")
+	}
+	clusterPermissions := rv1.CSV.Spec.InstallStrategy.StrategySpec.ClusterPermissions
+
+	// If we're in AllNamespaces mode, promote the permissions to clusterPermissions
+	if len(opts.TargetNamespaces) == 1 && opts.TargetNamespaces[0] == "" {
+		for _, p := range rv1.CSV.Spec.InstallStrategy.StrategySpec.Permissions {
+			p.Rules = append(p.Rules, rbacv1.PolicyRule{
+				Verbs:     []string{"get", "list", "watch"},
+				APIGroups: []string{corev1.GroupName},
+				Resources: []string{"namespaces"},
+			})
+			clusterPermissions = append(clusterPermissions, p)
+		}
+	}
+
+	objs := make([]client.Object, 0, 2*len(clusterPermissions))
+	for _, permission := range clusterPermissions {
+		saName := saNameOrDefault(permission.ServiceAccountName)
+		name, err := opts.UniqueNameGenerator(fmt.Sprintf("%s-%s", rv1.CSV.Name, saName), permission)
+		if err != nil {
+			return nil, err
+		}
+		objs = append(objs,
+			GenerateClusterRoleResource(name, WithRules(permission.Rules...)),
+			GenerateClusterRoleBindingResource(
+				name,
+				WithSubjects(rbacv1.Subject{Kind: "ServiceAccount", Namespace: opts.InstallNamespace, Name: saName}),
+				WithRoleRef(rbacv1.RoleRef{APIGroup: rbacv1.GroupName, Kind: "ClusterRole", Name: name}),
+			),
+		)
+	}
+	return objs, nil
+}
+
+func BundleCSVServiceAccountGenerator(rv1 *RegistryV1, opts Options) ([]client.Object, error) {
+	if rv1 == nil {
+		return nil, fmt.Errorf("bundle cannot be nil")
+	}
+	allPermissions := append(
+		rv1.CSV.Spec.InstallStrategy.StrategySpec.Permissions,
+		rv1.CSV.Spec.InstallStrategy.StrategySpec.ClusterPermissions...,
+	)
+
+	serviceAccountNames := sets.Set[string]{}
+	for _, permission := range allPermissions {
+		serviceAccountNames.Insert(saNameOrDefault(permission.ServiceAccountName))
+	}
+
+	objs := make([]client.Object, 0, len(serviceAccountNames))
+	for _, serviceAccountName := range serviceAccountNames.UnsortedList() {
+		// no need to generate the default service account
+		if serviceAccountName != "default" {
+			objs = append(objs, GenerateServiceAccountResource(serviceAccountName, opts.InstallNamespace))
+		}
+	}
+	return objs, nil
+}
+
+func BundleCRDGenerator(rv1 *RegistryV1, _ Options) ([]client.Object, error) {
+	if rv1 == nil {
+		return nil, fmt.Errorf("bundle cannot be nil")
+	}
+	objs := make([]client.Object, 0, len(rv1.CRDs))
+	for _, crd := range rv1.CRDs {
+		objs = append(objs, crd.DeepCopy())
+	}
+	return objs, nil
+}
+
+func BundleAdditionalResourcesGenerator(rv1 *RegistryV1, opts Options) ([]client.Object, error) {
+	if rv1 == nil {
+		return nil, fmt.Errorf("bundle cannot be nil")
+	}
+	objs := make([]client.Object, 0, len(rv1.Others))
+	for _, res := range rv1.Others {
+		supported, namespaced := registrybundle.IsSupported(res.GetKind())
+		if !supported {
+			return nil, fmt.Errorf("bundle contains unsupported resource: Name: %v, Kind: %v", res.GetName(), res.GetKind())
+		}
+
+		obj := res.DeepCopy()
+		if namespaced {
+			obj.SetNamespace(opts.InstallNamespace)
+		}
+
+		objs = append(objs, obj)
+	}
+	return objs, nil
+}
+
+func saNameOrDefault(saName string) string {
+	return cmp.Or(saName, "default")
+}