Add OpenAPI support

ref: https://issues.redhat.com/browse/ACM-9437
Signed-off-by: David Elie-Dit-Cosaque <[email protected]>

Signed-off-by: David Elie-Dit-Cosaque <[email protected]>

Author: edcdavid

docs/policygenerator-reference.yaml

@@ -279,6 +279,10 @@ policies:
               # An example modification to the manifest
               annotations:
                 friends-character: Chandler Bing
+        # The OpenAPI schema used to merge patches (useful for non Kubernetes CRs that containt list of items)
+        openapi:
+          # The path to the OpenAPI schema to use when applying patches defined in patches 
+          path: ""
     # Optional. (See policyDefaults.categories for description.)
     categories:
       - "CM Configuration Management"

internal/patches.go

@@ -4,12 +4,21 @@ package internal
 import (
 	"errors"
 	"fmt"
+	"os"
 	"path"
+	"path/filepath"
 
 	yaml "gopkg.in/yaml.v3"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"sigs.k8s.io/kustomize/api/krusty"
 	"sigs.k8s.io/kustomize/kyaml/filesys"
+
+	"open-cluster-management.io/policy-generator-plugin/internal/types"
+)
+
+const (
+	localSchemaFileName = "schema.json"
+	kustomizeDir        = "kustomize"
 )
 
 type manifestPatcher struct {
@@ -18,6 +27,7 @@ type manifestPatcher struct {
 	// The Kustomize patches to apply on the manifests. Note that modifications are made
 	// to the input maps. If this is an issue, provide a deep copy of the patches.
 	patches []map[string]interface{}
+	openAPI types.OpenAPI
 }
 
 // validateManifestInfo verifies that the apiVersion, kind, metadata.name fields from a manifest
@@ -169,14 +179,14 @@ func (m *manifestPatcher) ApplyPatches() ([]map[string]interface{}, error) {
 	// Create the file system in memory with the Kustomize YAML files
 	fSys := filesys.MakeFsInMemory()
 
-	err := fSys.Mkdir(kustomizeDir)
+	err := InitializeInMemoryKustomizeDir(fSys, m.openAPI.Path)
 	if err != nil {
-		return nil, fmt.Errorf("an unexpected error occurred when configuring Kustomize: %w", err)
+		return nil, fmt.Errorf("failed to initialize Kustomize dir, err: %w", err)
 	}
 
-	kustomizationYAMLFile := map[string][]interface{}{
-		"resources": {},
-		"patches":   {},
+	kustomizationYAMLFile := types.KustomizeJSON{}
+	if m.openAPI.Path != "" {
+		kustomizationYAMLFile.OpenAPI.Path = localSchemaFileName
 	}
 
 	options := []struct {
@@ -206,13 +216,10 @@ func (m *manifestPatcher) ApplyPatches() ([]map[string]interface{}, error) {
 			}
 
 			if option.kustomizeKey != "patches" {
-				kustomizationYAMLFile[option.kustomizeKey] = append(
-					kustomizationYAMLFile[option.kustomizeKey], manifestFileName,
-				)
+				kustomizationYAMLFile.Resources = append(kustomizationYAMLFile.Resources, manifestFileName)
 			} else {
-				kustomizationYAMLFile[option.kustomizeKey] = append(
-					kustomizationYAMLFile[option.kustomizeKey], map[string]interface{}{"path": manifestFileName},
-				)
+				kustomizationYAMLFile.Patches = append(kustomizationYAMLFile.Patches,
+					types.Patch{Path: manifestFileName})
 			}
 		}
 	}
@@ -253,3 +260,27 @@ func (m *manifestPatcher) ApplyPatches() ([]map[string]interface{}, error) {
 
 	return manifests, nil
 }
+
+// Initializes the in-memory file system with base directory and open API schema
+func InitializeInMemoryKustomizeDir(fSys filesys.FileSystem, schema string) (err error) {
+	err = fSys.Mkdir(kustomizeDir)
+	if err != nil {
+		return fmt.Errorf("an unexpected error occurred when configuring Kustomize: %w", err)
+	}
+
+	if schema != "" {
+		schema = filepath.Clean(schema)
+
+		schemaJSON, err := os.ReadFile(schema)
+		if err != nil {
+			return fmt.Errorf("unable to open file: %s, err: %w ", schema, err)
+		}
+
+		err = fSys.WriteFile(path.Join(kustomizeDir, localSchemaFileName), schemaJSON)
+		if err != nil {
+			return fmt.Errorf("error writing schema, err: %w", err)
+		}
+	}
+
+	return nil
+}

internal/patches_test.go

@@ -7,6 +7,8 @@ import (
 	"testing"
 
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+
+	"open-cluster-management.io/policy-generator-plugin/internal/types"
 )
 
 func createExConfigMap(name string) *map[string]interface{} {
@@ -45,7 +47,9 @@ func TestValidate(t *testing.T) {
 		},
 	}
 
-	patcher := manifestPatcher{manifests: manifests, patches: patches}
+	openAPIConfig := types.OpenAPI{Path: ""}
+
+	patcher := manifestPatcher{manifests: manifests, patches: patches, openAPI: openAPIConfig}
 	err := patcher.Validate()
 
 	assertEqual(t, err, nil)

internal/types/types.go

@@ -53,15 +53,33 @@ type Manifest struct {
 	Path                       string                   `json:"path,omitempty" yaml:"path,omitempty"`
 	ExtraDependencies          []PolicyDependency       `json:"extraDependencies,omitempty" yaml:"extraDependencies,omitempty"`
 	IgnorePending              bool                     `json:"ignorePending,omitempty" yaml:"ignorePending,omitempty"`
+	OpenAPI                    `json:"openapi,omitempty" yaml:"openapi,omitempty"`
 }
 
-type NamespaceSelector struct {
-	Exclude          []string                           `json:"exclude,omitempty" yaml:"exclude,omitempty"`
-	Include          []string                           `json:"include,omitempty" yaml:"include,omitempty"`
-	MatchLabels      *map[string]string                 `json:"matchLabels,omitempty" yaml:"matchLabels,omitempty"`
-	MatchExpressions *[]metav1.LabelSelectorRequirement `json:"matchExpressions,omitempty" yaml:"matchExpressions,omitempty"`
+type OpenAPI struct {
+	Path string `yaml:"path"`
 }
 
+type KustomizeJSON struct {
+	OpenAPI   `json:"openapi,omitempty" yaml:"openapi,omitempty"`
+	Patches   []Patch  `json:"patches" yaml:"patches"`
+	Resources []string `json:"resources" yaml:"resources"`
+}
+
+type Patch struct {
+	Path string `yaml:"path,omitempty" json:"path,omitempty"`
+}
+
+type (
+	Resources         []string
+	NamespaceSelector struct {
+		Exclude          []string                           `json:"exclude,omitempty" yaml:"exclude,omitempty"`
+		Include          []string                           `json:"include,omitempty" yaml:"include,omitempty"`
+		MatchLabels      *map[string]string                 `json:"matchLabels,omitempty" yaml:"matchLabels,omitempty"`
+		MatchExpressions *[]metav1.LabelSelectorRequirement `json:"matchExpressions,omitempty" yaml:"matchExpressions,omitempty"`
+	}
+)
+
 // Define String() so that the LabelSelector is dereferenced in the logs
 func (t NamespaceSelector) String() string {
 	fmtSelectorStr := "{include:%s,exclude:%s,matchLabels:%+v,matchExpressions:%+v}"

internal/utils.go

@@ -123,7 +123,7 @@ func getManifests(policyConf *types.PolicyConfig) ([][]map[string]interface{}, e
 		}
 
 		if len(manifest.Patches) > 0 {
-			patcher := manifestPatcher{manifests: manifestFiles, patches: manifest.Patches}
+			patcher := manifestPatcher{manifests: manifestFiles, patches: manifest.Patches, openAPI: manifest.OpenAPI}
 			const errTemplate = `failed to process the manifest at "%s": %w`
 
 			err = patcher.Validate()