Bugfix: Add separate APISchema Resolver implementation for standard k8s clusters (#69)

* refactor apischema.Resolver and add prereconcile step for standard k8s clusters

* cleanup duplicate code

* fix obsolete naming

* rm helper files

* improve the CRD GVK lookup logic

Author: fourthisle

listener/apischema/crd_resolver.go

@@ -0,0 +1,157 @@
+package apischema
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"maps"
+	"slices"
+	"strings"
+
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/discovery"
+	"k8s.io/client-go/openapi"
+	"k8s.io/kube-openapi/pkg/validation/spec"
+)
+
+var (
+	ErrInvalidPath     = errors.New("path doesn't contain the / separator")
+	ErrNotPreferred    = errors.New("path ApiGroup does not belong to the server preferred APIs")
+	ErrGVKNotPreferred = errors.New("failed to find CRD GVK in API preferred resources")
+)
+
+type CRDResolver struct {
+	*discovery.DiscoveryClient
+}
+
+func (cr *CRDResolver) Resolve() ([]byte, error) {
+	return resolveSchema(cr.DiscoveryClient)
+}
+
+func (cr *CRDResolver) ResolveApiSchema(crd *apiextensionsv1.CustomResourceDefinition) ([]byte, error) {
+	gvk, err := getCRDGroupVersionKind(crd.Spec)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get CRD GVK: %w", err)
+	}
+
+	apiResLists, err := cr.ServerPreferredResources()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get server preferred resources: %w", err)
+	}
+
+	preferredApiGroups, err := errorIfCRDNotInPreferredApiGroups(gvk, apiResLists)
+	if err != nil {
+		return nil, fmt.Errorf("failed to filter server preferred resources: %w", err)
+	}
+
+	return resolveForPaths(cr.OpenAPIV3(), preferredApiGroups)
+}
+
+func errorIfCRDNotInPreferredApiGroups(gvk *metav1.GroupVersionKind, apiResLists []*metav1.APIResourceList) ([]string, error) {
+	targetGV := gvk.Group + "/" + gvk.Version
+	isGVFound := false
+	preferredApiGroups := make([]string, 0, len(apiResLists))
+	for _, apiResources := range apiResLists {
+		gv := apiResources.GroupVersion
+		isGVFound = gv == targetGV
+		if isGVFound && !isCRDKindIncluded(gvk, apiResources) {
+			return nil, ErrGVKNotPreferred
+		}
+		preferredApiGroups = append(preferredApiGroups, gv)
+	}
+
+	if !isGVFound {
+		return nil, ErrGVKNotPreferred
+	}
+	return preferredApiGroups, nil
+}
+
+func isCRDKindIncluded(gvk *metav1.GroupVersionKind, apiResources *metav1.APIResourceList) bool {
+	for _, res := range apiResources.APIResources {
+		if res.Kind == gvk.Kind {
+			return true
+		}
+	}
+	return false
+}
+
+func getCRDGroupVersionKind(spec apiextensionsv1.CustomResourceDefinitionSpec) (*metav1.GroupVersionKind, error) {
+	for _, v := range spec.Versions {
+		if v.Storage {
+			return &metav1.GroupVersionKind{
+				Group:   spec.Group,
+				Version: v.Name,
+				Kind:    spec.Names.Kind,
+			}, nil
+		}
+	}
+	return nil, errors.New("failed to find storage version")
+}
+
+func getSchemaForPath(preferredApiGroups []string, path string, gv openapi.GroupVersion) (map[string]*spec.Schema, error) {
+	if !strings.Contains(path, separator) {
+		return nil, ErrInvalidPath
+	}
+	pathApiGroupArray := strings.Split(path, separator)
+	pathApiGroup := strings.Join(pathApiGroupArray[1:], separator)
+	// filer out apiGroups that aren't in the preferred list
+	if !slices.Contains(preferredApiGroups, pathApiGroup) {
+		return nil, ErrNotPreferred
+	}
+
+	b, err := gv.Schema(discovery.AcceptV1)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get schema for path %s :%w", path, err)
+	}
+
+	resp := &schemaResponse{}
+	if err := json.Unmarshal(b, resp); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal schema for path %s :%w", path, err)
+	}
+	return resp.Components.Schemas, nil
+}
+
+func resolveForPaths(oc openapi.Client, preferredApiGroups []string) ([]byte, error) {
+	apiv3Paths, err := oc.Paths()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get OpenAPI paths: %w", err)
+	}
+
+	schemas := make(map[string]*spec.Schema)
+	for path, gv := range apiv3Paths {
+		schema, err := getSchemaForPath(preferredApiGroups, path, gv)
+		if err != nil {
+			//TODO: debug log?
+			continue
+		}
+		maps.Copy(schemas, schema)
+	}
+	v3JSON, err := json.Marshal(&schemaResponse{
+		Components: schemasComponentsWrapper{
+			Schemas: schemas,
+		},
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal openAPI v3 schema: %w", err)
+	}
+	v2JSON, err := ConvertJSON(v3JSON)
+	if err != nil {
+		return nil, fmt.Errorf("failed to convert openAPI v3 schema to v2: %w", err)
+	}
+
+	return v2JSON, nil
+}
+
+func resolveSchema(dc discovery.DiscoveryInterface) ([]byte, error) {
+	preferredApiGroups := []string{}
+	apiResList, err := dc.ServerPreferredResources()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get server preferred resources: %w", err)
+	}
+	for _, apiRes := range apiResList {
+		preferredApiGroups = append(preferredApiGroups, apiRes.GroupVersion)
+	}
+
+	return resolveForPaths(dc.OpenAPIV3(), preferredApiGroups)
+}

listener/apischema/resolver.go

@@ -1,18 +1,8 @@
 package apischema
 
 import (
-	"encoding/json"
-	"fmt"
-	"maps"
-	"slices"
-	"strings"
-
-	//nolint:staticcheck // SA1019 Keep using module since it's still being maintained and the api of google.golang.org/protobuf/proto differs
-
 	"k8s.io/client-go/discovery"
 	"k8s.io/kube-openapi/pkg/validation/spec"
-	// "github.com/getkin/kin-openapi/openapi2conv"
-	// "github.com/getkin/kin-openapi/openapi3"
 )
 
 const (
@@ -39,58 +29,5 @@ type ResolverImpl struct {
 }
 
 func (r *ResolverImpl) Resolve(dc discovery.DiscoveryInterface) ([]byte, error) {
-	preferredApiGroups := []string{}
-	apiResList, err := dc.ServerPreferredResources()
-	if err != nil {
-		return nil, fmt.Errorf("failed to get server preferred resources: %w", err)
-	}
-	for _, apiRes := range apiResList {
-		preferredApiGroups = append(preferredApiGroups, apiRes.GroupVersion)
-	}
-
-	apiv3Paths, err := dc.OpenAPIV3().Paths()
-	if err != nil {
-		return nil, fmt.Errorf("failed to get OpenAPI paths: %w", err)
-	}
-
-	schemas := make(map[string]*spec.Schema)
-	for key, path := range apiv3Paths {
-		if !strings.Contains(key, separator) {
-			continue
-		}
-		pathApiGroupArray := strings.Split(key, separator)
-		pathApiGroup := strings.Join(pathApiGroupArray[1:], separator)
-		// filer out apiGroups that aren't in the preferred list
-		if !slices.Contains(preferredApiGroups, pathApiGroup) {
-			continue
-		}
-
-		b, err := path.Schema(discovery.AcceptV1)
-		if err != nil {
-			//TODO: debug log?
-			continue
-		}
-
-		resp := &schemaResponse{}
-		err = json.Unmarshal(b, resp)
-		if err != nil {
-			//TODO: debug log?
-			continue
-		}
-		maps.Copy(schemas, resp.Components.Schemas)
-	}
-	v3JSON, err := json.Marshal(&schemaResponse{
-		Components: schemasComponentsWrapper{
-			Schemas: schemas,
-		},
-	})
-	if err != nil {
-		return nil, fmt.Errorf("failed to marshal openAPI v3 schema: %w", err)
-	}
-	v2JSON, err := ConvertJSON(v3JSON)
-	if err != nil {
-		return nil, fmt.Errorf("failed to convert openAPI v3 schema to v2: %w", err)
-	}
-
-	return v2JSON, nil
+	return resolveSchema(dc)
 }

listener/controller/crd_controller.go

@@ -3,15 +3,13 @@ package controller
 import (
 	"bytes"
 	"context"
-	"errors"
-
-	"io/fs"
+	"fmt"
 
 	"github.com/openmfp/crd-gql-gateway/listener/apischema"
 	"github.com/openmfp/crd-gql-gateway/listener/workspacefile"
-	"k8s.io/client-go/discovery"
 
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
@@ -21,23 +19,20 @@ import (
 type CRDReconciler struct {
 	ClusterName string
 	client.Client
-	*discovery.DiscoveryClient
+	*apischema.CRDResolver
 	io workspacefile.IOHandler
-	sc apischema.Resolver
 }
 
 func NewCRDReconciler(name string,
 	clt client.Client,
-	dc *discovery.DiscoveryClient,
+	cr *apischema.CRDResolver,
 	io workspacefile.IOHandler,
-	sc apischema.Resolver,
 ) *CRDReconciler {
 	return &CRDReconciler{
-		ClusterName:     name,
-		Client:          clt,
-		DiscoveryClient: dc,
-		io:              io,
-		sc:              sc,
+		ClusterName: name,
+		Client:      clt,
+		CRDResolver: cr,
+		io:          io,
 	}
 }
 
@@ -49,49 +44,57 @@ func (r *CRDReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R
 	logger.Info("starting reconciliation...")
 
 	crd := &apiextensionsv1.CustomResourceDefinition{}
-	if err := r.Client.Get(ctx, req.NamespacedName, crd); client.IgnoreNotFound(err) != nil {
+	err := r.Client.Get(ctx, req.NamespacedName, crd)
+	if apierrors.IsNotFound(err) {
+		logger.Info("resource not found, updating schema...")
+		return ctrl.Result{}, r.updateAPISchema()
+	}
+	if client.IgnoreNotFound(err) != nil {
 		logger.Error(err, "failed to get reconciled object")
 		return ctrl.Result{}, err
 	}
 
+	return ctrl.Result{}, r.updateAPISchemaWith(crd)
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *CRDReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&apiextensionsv1.CustomResourceDefinition{}).
+		Named("CRD").
+		Complete(r)
+}
+
+func (r *CRDReconciler) updateAPISchema() error {
 	savedJSON, err := r.io.Read(r.ClusterName)
-	if errors.Is(err, fs.ErrNotExist) {
-		actualJSON, err1 := r.sc.Resolve(r.DiscoveryClient)
-		if err1 != nil {
-			logger.Error(err1, "failed to resolve server JSON schema")
-			return ctrl.Result{}, err1
-		}
+	if err != nil {
+		return fmt.Errorf("failed to read JSON from filesystem: %w", err)
+	}
+	actualJSON, err := r.Resolve()
+	if err != nil {
+		return fmt.Errorf("failed to resolve server JSON schema: %w", err)
+	}
+	if !bytes.Equal(actualJSON, savedJSON) {
 		if err := r.io.Write(actualJSON, r.ClusterName); err != nil {
-			logger.Error(err, "failed to write JSON to filesystem")
-			return ctrl.Result{}, err
+			return fmt.Errorf("failed to write JSON to filesystem: %w", err)
 		}
-		return ctrl.Result{}, nil
 	}
+	return nil
+}
 
+func (r *CRDReconciler) updateAPISchemaWith(crd *apiextensionsv1.CustomResourceDefinition) error {
+	savedJSON, err := r.io.Read(r.ClusterName)
 	if err != nil {
-		logger.Error(err, "failed to read JSON from filesystem")
-		return ctrl.Result{}, err
+		return fmt.Errorf("failed to read JSON from filesystem: %w", err)
 	}
-
-	actualJSON, err := r.sc.Resolve(r.DiscoveryClient)
+	actualJSON, err := r.ResolveApiSchema(crd)
 	if err != nil {
-		logger.Error(err, "failed to resolve server JSON schema")
-		return ctrl.Result{}, err
+		return fmt.Errorf("failed to resolve server JSON schema: %w", err)
 	}
 	if !bytes.Equal(actualJSON, savedJSON) {
 		if err := r.io.Write(actualJSON, r.ClusterName); err != nil {
-			logger.Error(err, "failed to write JSON to filesystem")
-			return ctrl.Result{}, err
+			return fmt.Errorf("failed to write JSON to filesystem: %w", err)
 		}
 	}
-
-	return ctrl.Result{}, nil
-}
-
-// SetupWithManager sets up the controller with the Manager.
-func (r *CRDReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewControllerManagedBy(mgr).
-		For(&apiextensionsv1.CustomResourceDefinition{}).
-		Named("CRD").
-		Complete(r)
+	return nil
 }