Code cleanup / refactoring to minimize dependencies in api (#2498)

The api package should keep minimal dependencies, as it is typically the
kind of package that other integrating tools may want to import

The dependency on
github.com/netobserv/network-observability-operator/internal/pkg/cluster
was problematic because it pulls a lot of things transitively, including
kube clients. So it's removed, and cluster.Info is replaced in the
webhook with an interface clusterInfo.

The remaining other dependencies have more limited impact.

Author: jotak

api/flowcollector/v1beta2/flowcollector_validation_webhook.go

@@ -14,13 +14,25 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+)
+
+type NetworkType string
 
-	"github.com/netobserv/network-observability-operator/internal/pkg/cluster"
+const (
+	OpenShiftSDN  NetworkType = "OpenShiftSDN"
+	OVNKubernetes NetworkType = "OVNKubernetes"
 )
 
+type clusterInfo interface {
+	IsOpenShift() bool
+	IsOpenShiftVersionAtLeast(v string) (bool, string, error)
+	GetNbNodes() (uint16, error)
+	GetCNI() (NetworkType, error)
+}
+
 var (
 	log                    = logf.Log.WithName("flowcollector-resource")
-	CurrentClusterInfo     *cluster.Info
+	CurrentClusterInfo     clusterInfo
 	needPrivileged         = []AgentFeature{UDNMapping, NetworkEvents}
 	neededOpenShiftVersion = map[AgentFeature]string{
 		PacketDrop:    "4.14.0",
@@ -98,9 +110,9 @@ func (v *validator) validateNetPol() {
 		cni, err := CurrentClusterInfo.GetCNI()
 		if err != nil {
 			v.warnings = append(v.warnings, fmt.Sprintf("Could not detect CNI: %s", err.Error()))
-		} else if cni == cluster.OpenShiftSDN && v.fc.NetworkPolicy.Enable != nil && *v.fc.NetworkPolicy.Enable {
+		} else if cni == OpenShiftSDN && v.fc.NetworkPolicy.Enable != nil && *v.fc.NetworkPolicy.Enable {
 			v.warnings = append(v.warnings, "OpenShiftSDN detected with unsupported setting: spec.networkPolicy.enable; this setting will be ignored; to remove this warning set spec.networkPolicy.enable to false.")
-		} else if cni != cluster.OVNKubernetes && v.fc.DeployNetworkPolicyOtherCNI() {
+		} else if cni != OVNKubernetes && v.fc.DeployNetworkPolicyOtherCNI() {
 			v.warnings = append(v.warnings, "Network policy is enabled via spec.networkPolicy.enable, despite not running OVN-Kubernetes: this configuration has not been tested; to remove this warning set spec.networkPolicy.enable to false.")
 		}
 	} else {

api/flowcollector/v1beta2/flowcollector_validation_webhook_test.go

@@ -2,9 +2,10 @@ package v1beta2
 
 import (
 	"context"
+	"errors"
 	"testing"
 
-	"github.com/netobserv/network-observability-operator/internal/pkg/cluster"
+	"github.com/coreos/go-semver/semver"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -13,6 +14,40 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
+type clusterInfoMock struct {
+	cni     NetworkType
+	version string
+}
+
+func (m *clusterInfoMock) IsOpenShift() bool {
+	return m.version != ""
+}
+
+func (m *clusterInfoMock) IsOpenShiftVersionAtLeast(v string) (bool, string, error) {
+	if m.version == "" {
+		return false, "", errors.New("unknown OpenShift version, cannot compare versions")
+	}
+	openshiftVersion, err := semver.NewVersion(m.version)
+	if err != nil {
+		return false, "", err
+	}
+	version, err := semver.NewVersion(v)
+	if err != nil {
+		return false, "", err
+	}
+	// Ignore pre-release block for comparison
+	openshiftVersion.PreRelease = ""
+	return !openshiftVersion.LessThan(*version), m.version, nil
+}
+
+func (m *clusterInfoMock) GetNbNodes() (uint16, error) {
+	return 1, nil
+}
+
+func (m *clusterInfoMock) GetCNI() (NetworkType, error) {
+	return m.cni, nil
+}
+
 func TestValidateAgent(t *testing.T) {
 	tests := []struct {
 		name             string
@@ -437,9 +472,8 @@ func TestValidateAgent(t *testing.T) {
 		},
 	}
 
-	CurrentClusterInfo = &cluster.Info{}
 	for _, test := range tests {
-		CurrentClusterInfo.Mock(test.ocpVersion, "")
+		CurrentClusterInfo = &clusterInfoMock{version: test.ocpVersion}
 		v := validator{fc: &test.fc.Spec}
 		v.validateAgent()
 		if test.expectedError == "" {
@@ -527,8 +561,7 @@ func TestValidateConntrack(t *testing.T) {
 	}
 
 	r := FlowCollector{}
-	CurrentClusterInfo = &cluster.Info{}
-	CurrentClusterInfo.Mock("", "")
+	CurrentClusterInfo = &clusterInfoMock{}
 	for _, test := range tests {
 		warnings, err := r.Validate(context.TODO(), test.fc)
 		if test.expectedError == "" {
@@ -862,10 +895,9 @@ func TestValidateFLP(t *testing.T) {
 		},
 	}
 
-	CurrentClusterInfo = &cluster.Info{}
 	r := FlowCollector{}
 	for _, test := range tests {
-		CurrentClusterInfo.Mock(test.ocpVersion, "")
+		CurrentClusterInfo = &clusterInfoMock{version: test.ocpVersion}
 		warnings, err := r.Validate(context.TODO(), test.fc)
 		if test.expectedError == "" {
 			assert.NoError(t, err, test.name)
@@ -1021,10 +1053,9 @@ func TestValidateScheduling(t *testing.T) {
 		},
 	}
 
-	CurrentClusterInfo = &cluster.Info{}
 	r := FlowCollector{}
 	for _, test := range tests {
-		CurrentClusterInfo.Mock(test.ocpVersion, "")
+		CurrentClusterInfo = &clusterInfoMock{version: test.ocpVersion}
 		warnings, err := r.Validate(context.TODO(), test.fc)
 		if test.expectedError == "" {
 			assert.NoError(t, err, test.name)
@@ -1063,7 +1094,7 @@ func TestValidateNetPol(t *testing.T) {
 	tests := []struct {
 		name             string
 		fc               *FlowCollector
-		cni              cluster.NetworkType
+		cni              NetworkType
 		expectedError    string
 		expectedWarnings admission.Warnings
 	}{
@@ -1075,7 +1106,7 @@ func TestValidateNetPol(t *testing.T) {
 				},
 				Spec: FlowCollectorSpec{},
 			},
-			cni: cluster.OVNKubernetes,
+			cni: OVNKubernetes,
 		},
 		{
 			name: "Empty config is valid for sdn",
@@ -1085,7 +1116,7 @@ func TestValidateNetPol(t *testing.T) {
 				},
 				Spec: FlowCollectorSpec{},
 			},
-			cni: cluster.OpenShiftSDN,
+			cni: OpenShiftSDN,
 		},
 		{
 			name: "Empty config is valid for unknown",
@@ -1107,7 +1138,7 @@ func TestValidateNetPol(t *testing.T) {
 					NetworkPolicy: NetworkPolicy{Enable: ptr.To(true)},
 				},
 			},
-			cni: cluster.OVNKubernetes,
+			cni: OVNKubernetes,
 		},
 		{
 			name: "Enabled netpol triggers warning for sdn",
@@ -1119,7 +1150,7 @@ func TestValidateNetPol(t *testing.T) {
 					NetworkPolicy: NetworkPolicy{Enable: ptr.To(true)},
 				},
 			},
-			cni:              cluster.OpenShiftSDN,
+			cni:              OpenShiftSDN,
 			expectedWarnings: admission.Warnings{"OpenShiftSDN detected with unsupported setting: spec.networkPolicy.enable; this setting will be ignored; to remove this warning set spec.networkPolicy.enable to false."},
 		},
 		{
@@ -1137,9 +1168,11 @@ func TestValidateNetPol(t *testing.T) {
 		},
 	}
 
-	CurrentClusterInfo = &cluster.Info{}
 	for _, test := range tests {
-		CurrentClusterInfo.Mock("4.20.0", test.cni)
+		CurrentClusterInfo = &clusterInfoMock{
+			version: "4.20.0",
+			cni:     test.cni,
+		}
 		v := validator{fc: &test.fc.Spec}
 		v.validateNetPol()
 		if test.expectedError == "" {

internal/controller/ebpf/agent_controller_test.go

@@ -247,7 +247,7 @@ func TestNetworkEventsOVNMount(t *testing.T) {
 	assert.Equal(t, "/var/run/openvswitch", ds.Spec.Template.Spec.Volumes[2].HostPath.Path)
 
 	// OpenShift OVN
-	info.ClusterInfo.Mock("4.20.0", cluster.OVNKubernetes)
+	info.ClusterInfo.Mock("4.20.0", flowslatest.OVNKubernetes)
 	ds, err = agent.desired(context.Background(), &fc)
 	assert.NoError(t, err)
 	assert.NotNil(t, ds)

internal/controller/networkpolicy/np_controller_test.go

@@ -2,8 +2,6 @@
 package networkpolicy
 
 import (
-	"time"
-
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	networkingv1 "k8s.io/api/networking/v1"
@@ -18,11 +16,8 @@ import (
 )
 
 const (
-	timeout                     = test.Timeout
-	interval                    = test.Interval
-	conntrackEndTimeout         = 10 * time.Second
-	conntrackTerminatingTimeout = 5 * time.Second
-	conntrackHeartbeatInterval  = 30 * time.Second
+	timeout  = test.Timeout
+	interval = test.Interval
 )
 
 var (

internal/controller/networkpolicy/np_objects.go

@@ -3,7 +3,6 @@ package networkpolicy
 import (
 	flowslatest "github.com/netobserv/network-observability-operator/api/flowcollector/v1beta2"
 	"github.com/netobserv/network-observability-operator/internal/controller/constants"
-	"github.com/netobserv/network-observability-operator/internal/pkg/cluster"
 	"github.com/netobserv/network-observability-operator/internal/pkg/helper"
 	"github.com/netobserv/network-observability-operator/internal/pkg/manager"
 	corev1 "k8s.io/api/core/v1"
@@ -50,14 +49,14 @@ func addAllowedNamespaces(np *networkingv1.NetworkPolicy, in, out []string) {
 	}
 }
 
-func buildMainNetworkPolicy(desired *flowslatest.FlowCollector, mgr *manager.Manager, cni cluster.NetworkType, apiServerIPs []string) (types.NamespacedName, *networkingv1.NetworkPolicy) {
+func buildMainNetworkPolicy(desired *flowslatest.FlowCollector, mgr *manager.Manager, cni flowslatest.NetworkType, apiServerIPs []string) (types.NamespacedName, *networkingv1.NetworkPolicy) {
 	ns := desired.Spec.GetNamespace()
 
 	name := types.NamespacedName{Name: netpolName, Namespace: ns}
 	switch cni {
-	case cluster.OpenShiftSDN:
+	case flowslatest.OpenShiftSDN:
 		return name, nil
-	case cluster.OVNKubernetes:
+	case flowslatest.OVNKubernetes:
 		if !desired.Spec.DeployNetworkPolicyOVN() {
 			return name, nil
 		}
@@ -205,15 +204,15 @@ func buildMainNetworkPolicy(desired *flowslatest.FlowCollector, mgr *manager.Man
 	return name, &np
 }
 
-func buildPrivilegedNetworkPolicy(desired *flowslatest.FlowCollector, mgr *manager.Manager, cni cluster.NetworkType) (types.NamespacedName, *networkingv1.NetworkPolicy) {
+func buildPrivilegedNetworkPolicy(desired *flowslatest.FlowCollector, mgr *manager.Manager, cni flowslatest.NetworkType) (types.NamespacedName, *networkingv1.NetworkPolicy) {
 	mainNs := desired.Spec.GetNamespace()
 	privNs := mainNs + constants.EBPFPrivilegedNSSuffix
 
 	name := types.NamespacedName{Name: netpolName, Namespace: privNs}
 	switch cni {
-	case cluster.OpenShiftSDN:
+	case flowslatest.OpenShiftSDN:
 		return name, nil
-	case cluster.OVNKubernetes:
+	case flowslatest.OVNKubernetes:
 		if !desired.Spec.DeployNetworkPolicyOVN() {
 			return name, nil
 		}

internal/controller/networkpolicy/np_test.go

@@ -74,23 +74,23 @@ func TestNpBuilder(t *testing.T) {
 	mgr := &manager.Manager{ClusterInfo: &cluster.Info{}}
 
 	desired.Spec.NetworkPolicy.Enable = nil
-	name, np := buildMainNetworkPolicy(&desired, mgr, cluster.OVNKubernetes, nil)
+	name, np := buildMainNetworkPolicy(&desired, mgr, flowslatest.OVNKubernetes, nil)
 	assert.Equal(netpolName, name.Name)
 	assert.Equal("netobserv", name.Namespace)
 	assert.NotNil(np)
-	name, np = buildPrivilegedNetworkPolicy(&desired, mgr, cluster.OVNKubernetes)
+	name, np = buildPrivilegedNetworkPolicy(&desired, mgr, flowslatest.OVNKubernetes)
 	assert.Equal(netpolName, name.Name)
 	assert.Equal("netobserv-privileged", name.Namespace)
 	assert.NotNil(np)
 
 	desired.Spec.NetworkPolicy.Enable = ptr.To(false)
-	_, np = buildMainNetworkPolicy(&desired, mgr, cluster.OVNKubernetes, nil)
+	_, np = buildMainNetworkPolicy(&desired, mgr, flowslatest.OVNKubernetes, nil)
 	assert.Nil(np)
-	_, np = buildPrivilegedNetworkPolicy(&desired, mgr, cluster.OVNKubernetes)
+	_, np = buildPrivilegedNetworkPolicy(&desired, mgr, flowslatest.OVNKubernetes)
 	assert.Nil(np)
 
 	desired.Spec.NetworkPolicy.Enable = ptr.To(true)
-	name, np = buildMainNetworkPolicy(&desired, mgr, cluster.OVNKubernetes, nil)
+	name, np = buildMainNetworkPolicy(&desired, mgr, flowslatest.OVNKubernetes, nil)
 	assert.NotNil(np)
 	assert.Equal(np.ObjectMeta.Name, name.Name)
 	assert.Equal(np.ObjectMeta.Namespace, name.Namespace)
@@ -115,14 +115,14 @@ func TestNpBuilder(t *testing.T) {
 		}},
 	}, np.Spec.Egress)
 
-	name, np = buildPrivilegedNetworkPolicy(&desired, mgr, cluster.OVNKubernetes)
+	name, np = buildPrivilegedNetworkPolicy(&desired, mgr, flowslatest.OVNKubernetes)
 	assert.NotNil(np)
 	assert.Equal(np.ObjectMeta.Name, name.Name)
 	assert.Equal(np.ObjectMeta.Namespace, name.Namespace)
 	assert.Equal([]networkingv1.NetworkPolicyIngressRule{}, np.Spec.Ingress)
 
 	desired.Spec.NetworkPolicy.AdditionalNamespaces = []string{"foo", "bar"}
-	name, np = buildMainNetworkPolicy(&desired, mgr, cluster.OVNKubernetes, nil)
+	name, np = buildMainNetworkPolicy(&desired, mgr, flowslatest.OVNKubernetes, nil)
 	assert.NotNil(np)
 	assert.Equal(np.ObjectMeta.Name, name.Name)
 	assert.Equal(np.ObjectMeta.Namespace, name.Namespace)
@@ -156,7 +156,7 @@ func TestNpBuilder(t *testing.T) {
 		}},
 	}, np.Spec.Egress)
 
-	name, np = buildPrivilegedNetworkPolicy(&desired, mgr, cluster.OVNKubernetes)
+	name, np = buildPrivilegedNetworkPolicy(&desired, mgr, flowslatest.OVNKubernetes)
 	assert.NotNil(np)
 	assert.Equal(np.ObjectMeta.Name, name.Name)
 	assert.Equal(np.ObjectMeta.Namespace, name.Namespace)
@@ -170,15 +170,15 @@ func TestNpBuilderSDN(t *testing.T) {
 	mgr := &manager.Manager{ClusterInfo: &cluster.Info{}}
 
 	desired.Spec.NetworkPolicy.Enable = nil
-	_, np := buildMainNetworkPolicy(&desired, mgr, cluster.OpenShiftSDN, nil)
+	_, np := buildMainNetworkPolicy(&desired, mgr, flowslatest.OpenShiftSDN, nil)
 	assert.Nil(np)
-	_, np = buildPrivilegedNetworkPolicy(&desired, mgr, cluster.OpenShiftSDN)
+	_, np = buildPrivilegedNetworkPolicy(&desired, mgr, flowslatest.OpenShiftSDN)
 	assert.Nil(np)
 
 	desired.Spec.NetworkPolicy.Enable = ptr.To(true)
-	_, np = buildMainNetworkPolicy(&desired, mgr, cluster.OpenShiftSDN, nil)
+	_, np = buildMainNetworkPolicy(&desired, mgr, flowslatest.OpenShiftSDN, nil)
 	assert.Nil(np)
-	_, np = buildPrivilegedNetworkPolicy(&desired, mgr, cluster.OpenShiftSDN)
+	_, np = buildPrivilegedNetworkPolicy(&desired, mgr, flowslatest.OpenShiftSDN)
 	assert.Nil(np)
 }
 
@@ -206,15 +206,15 @@ func TestNpBuilderWithAPIServerIPs(t *testing.T) {
 
 	desired := getConfig()
 	clusterInfo := &cluster.Info{}
-	clusterInfo.Mock("4.14.0", cluster.OVNKubernetes) // Mock as OpenShift 4.14 with OVN
+	clusterInfo.Mock("4.14.0", flowslatest.OVNKubernetes) // Mock as OpenShift 4.14 with OVN
 	mgr := &manager.Manager{
 		ClusterInfo: clusterInfo,
 		Config:      &manager.Config{DownstreamDeployment: false},
 	}
 
 	// Test with specific API server IPs (HyperShift scenario)
 	apiServerIPs := []string{"172.20.0.1", "10.0.0.5"}
-	_, np := buildMainNetworkPolicy(&desired, mgr, cluster.OVNKubernetes, apiServerIPs)
+	_, np := buildMainNetworkPolicy(&desired, mgr, flowslatest.OVNKubernetes, apiServerIPs)
 	assert.NotNil(np)
 
 	// Verify that we have a single egress rule with multiple IP peers
@@ -231,7 +231,7 @@ func TestNpBuilderWithAPIServerIPs(t *testing.T) {
 	assert.True(found, "Expected to find a single egress rule with multiple API server IPs")
 
 	// Test without API server IPs - should not create the external API server egress rule
-	_, npWithoutIPs := buildMainNetworkPolicy(&desired, mgr, cluster.OVNKubernetes, nil)
+	_, npWithoutIPs := buildMainNetworkPolicy(&desired, mgr, flowslatest.OVNKubernetes, nil)
 	assert.NotNil(npWithoutIPs)
 
 	// Verify that we do NOT have an egress rule for external API server when IPs are not provided
@@ -251,7 +251,7 @@ func TestNpBuilderWithAPIServerIPs(t *testing.T) {
 
 	// Test with IPv6 addresses
 	apiServerIPsV6 := []string{"2001:db8::1", "2001:db8::2"}
-	_, npV6 := buildMainNetworkPolicy(&desired, mgr, cluster.OVNKubernetes, apiServerIPsV6)
+	_, npV6 := buildMainNetworkPolicy(&desired, mgr, flowslatest.OVNKubernetes, apiServerIPsV6)
 	assert.NotNil(npV6)
 
 	// Verify IPv6 addresses get /128 CIDR
@@ -268,7 +268,7 @@ func TestNpBuilderWithAPIServerIPs(t *testing.T) {
 
 	// Test with mixed IPv4 and IPv6
 	apiServerIPsMixed := []string{"192.168.1.1", "2001:db8::1"}
-	_, npMixed := buildMainNetworkPolicy(&desired, mgr, cluster.OVNKubernetes, apiServerIPsMixed)
+	_, npMixed := buildMainNetworkPolicy(&desired, mgr, flowslatest.OVNKubernetes, apiServerIPsMixed)
 	assert.NotNil(npMixed)
 
 	foundMixed := false