Feat: Listener: Expose scope information in x-openmfp-scope schema extension (#92)

fourthisle · web-flow · commit ba7977b2a827 · 2025-02-24T19:00:43.000Z
* expose scope information in x-openmfp-namespaced extension

* expose scope information in x-openmfp-namespaced extension

* review suggestion: switch to k8s convention: use x-openmfp-scope with an enum value
diff --git a/listener/apischema/crd_resolver.go b/listener/apischema/crd_resolver.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/openapi"
@@ -23,10 +24,11 @@ var (
 
 type CRDResolver struct {
 	*discovery.DiscoveryClient
+	meta.RESTMapper
 }
 
 func (cr *CRDResolver) Resolve() ([]byte, error) {
-	return resolveSchema(cr.DiscoveryClient)
+	return resolveSchema(cr.DiscoveryClient, cr.RESTMapper)
 }
 
 func (cr *CRDResolver) ResolveApiSchema(crd *apiextensionsv1.CustomResourceDefinition) ([]byte, error) {
@@ -45,7 +47,7 @@ func (cr *CRDResolver) ResolveApiSchema(crd *apiextensionsv1.CustomResourceDefin
 		return nil, fmt.Errorf("failed to filter server preferred resources: %w", err)
 	}
 
-	return resolveForPaths(cr.OpenAPIV3(), preferredApiGroups)
+	return resolveForPaths(cr.OpenAPIV3(), preferredApiGroups, cr.RESTMapper)
 }
 
 func errorIfCRDNotInPreferredApiGroups(gvk *metav1.GroupVersionKind, apiResLists []*metav1.APIResourceList) ([]string, error) {
@@ -112,7 +114,7 @@ func getSchemaForPath(preferredApiGroups []string, path string, gv openapi.Group
 	return resp.Components.Schemas, nil
 }
 
-func resolveForPaths(oc openapi.Client, preferredApiGroups []string) ([]byte, error) {
+func resolveForPaths(oc openapi.Client, preferredApiGroups []string, rm meta.RESTMapper) ([]byte, error) {
 	apiv3Paths, err := oc.Paths()
 	if err != nil {
 		return nil, fmt.Errorf("failed to get OpenAPI paths: %w", err)
@@ -127,23 +129,29 @@ func resolveForPaths(oc openapi.Client, preferredApiGroups []string) ([]byte, er
 		}
 		maps.Copy(schemas, schema)
 	}
+
+	scopedSchemas, err := addScopeInfo(schemas, rm)
+	if err != nil {
+		return nil, fmt.Errorf("failed to add scope info to v3 schema: %w", err)
+	}
+
 	v3JSON, err := json.Marshal(&schemaResponse{
 		Components: schemasComponentsWrapper{
-			Schemas: schemas,
+			Schemas: scopedSchemas,
 		},
 	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to marshal openAPI v3 schema: %w", err)
 	}
-	v2JSON, err := ConvertJSON(v3JSON)
+	v2JSON, err := convertJSON(v3JSON)
 	if err != nil {
 		return nil, fmt.Errorf("failed to convert openAPI v3 schema to v2: %w", err)
 	}
 
 	return v2JSON, nil
 }
 
-func resolveSchema(dc discovery.DiscoveryInterface) ([]byte, error) {
+func resolveSchema(dc discovery.DiscoveryInterface, rm meta.RESTMapper) ([]byte, error) {
 	preferredApiGroups := []string{}
 	apiResList, err := dc.ServerPreferredResources()
 	if err != nil {
@@ -153,5 +161,5 @@ func resolveSchema(dc discovery.DiscoveryInterface) ([]byte, error) {
 		preferredApiGroups = append(preferredApiGroups, apiRes.GroupVersion)
 	}
 
-	return resolveForPaths(dc.OpenAPIV3(), preferredApiGroups)
+	return resolveForPaths(dc.OpenAPIV3(), preferredApiGroups, rm)
 }
diff --git a/listener/apischema/json_converter.go b/listener/apischema/json_converter.go
@@ -20,7 +20,7 @@ type v2RootWrapper struct {
 	Definitions map[string]any `json:"definitions"`
 }
 
-func ConvertJSON(v3JSON []byte) ([]byte, error) {
+func convertJSON(v3JSON []byte) ([]byte, error) {
 	data := &v3RootWrapper{}
 	if err := json.Unmarshal(v3JSON, data); err != nil {
 		return nil, fmt.Errorf("failed to unmarshal JSON: %w", err)
diff --git a/listener/apischema/resolver.go b/listener/apischema/resolver.go
@@ -1,6 +1,9 @@
 package apischema
 
 import (
+	"errors"
+
+	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/client-go/discovery"
 	"k8s.io/kube-openapi/pkg/validation/spec"
 )
@@ -21,13 +24,17 @@ type Resolver interface {
 	Resolve(dc discovery.DiscoveryInterface) ([]byte, error)
 }
 
-func NewResolver() *ResolverImpl {
-	return &ResolverImpl{}
+func NewResolver(rm meta.RESTMapper) (*ResolverImpl, error) {
+	if rm == nil {
+		return nil, errors.New("rest mapper might not be nil")
+	}
+	return &ResolverImpl{RESTMapper: rm}, nil
 }
 
 type ResolverImpl struct {
+	meta.RESTMapper
 }
 
 func (r *ResolverImpl) Resolve(dc discovery.DiscoveryInterface) ([]byte, error) {
-	return resolveSchema(dc)
+	return resolveSchema(dc, r.RESTMapper)
 }
diff --git a/listener/apischema/scope_resolver.go b/listener/apischema/scope_resolver.go
@@ -0,0 +1,75 @@
+package apischema
+
+import (
+	"encoding/json"
+
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
+	k8sschema "k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/kube-openapi/pkg/validation/spec"
+	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
+)
+
+const (
+	gvkExtensionKey   = "x-kubernetes-group-version-kind"
+	scopeExtensionKey = "x-openmfp-scope"
+)
+
+type GroupVersionKind struct {
+	Group   string `json:"group"`
+	Version string `json:"version"`
+	Kind    string `json:"kind"`
+}
+
+func addScopeInfo(schemas map[string]*spec.Schema, rm meta.RESTMapper) (map[string]*spec.Schema, error) {
+	scopedSchemas := make(map[string]*spec.Schema)
+	for name, schema := range schemas {
+		//skip resources that do not have the GVK extension:
+		//assumption: sub-resources do not have GVKs
+		if schema.VendorExtensible.Extensions == nil {
+			continue
+		}
+		var gvksVal any
+		var ok bool
+		if gvksVal, ok = schema.VendorExtensible.Extensions[gvkExtensionKey]; !ok {
+			continue
+		}
+		b, err := json.Marshal(gvksVal)
+		if err != nil {
+			//TODO: debug log?
+			continue
+		}
+		gvks := make([]*GroupVersionKind, 0, 1)
+		if err := json.Unmarshal(b, &gvks); err != nil {
+			//TODO: debug log?
+			continue
+		}
+
+		if len(gvks) != 1 {
+			//TODO: debug log?
+			continue
+		}
+
+		gvk := gvks[0]
+
+		namespaced, err := apiutil.IsGVKNamespaced(k8sschema.GroupVersionKind{
+			Group:   gvk.Group,
+			Version: gvk.Version,
+			Kind:    gvk.Kind,
+		}, rm)
+
+		if err != nil {
+			//TODO: debug log?
+			continue
+		}
+
+		if namespaced {
+			schema.VendorExtensible.AddExtension(scopeExtensionKey, apiextensionsv1.NamespaceScoped)
+		} else {
+			schema.VendorExtensible.AddExtension(scopeExtensionKey, apiextensionsv1.ClusterScoped)
+		}
+
+		scopedSchemas[name] = schema
+	}
+	return scopedSchemas, nil
+}
diff --git a/listener/kcp/reconciler_factory.go b/listener/kcp/reconciler_factory.go
@@ -10,11 +10,13 @@ import (
 	"github.com/openmfp/crd-gql-gateway/listener/discoveryclient"
 	"github.com/openmfp/crd-gql-gateway/listener/flags"
 	"github.com/openmfp/crd-gql-gateway/listener/workspacefile"
+	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/rest"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 )
 
 const kubernetesClusterName = "kubernetes"
@@ -56,8 +58,14 @@ func NewReconciler(opts ReconcilerOpts) (CustomReconciler, error) {
 		return nil, fmt.Errorf("failed to create IO Handler: %w", err)
 	}
 
+	rm, err := restMapperFromConfig(opts.Config)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create rest mapper from config: %w", err)
+	}
+
 	schemaResolver := &apischema.CRDResolver{
 		DiscoveryClient: dc,
+		RESTMapper:      rm,
 	}
 
 	if err := preReconcile(schemaResolver, ioHandler); err != nil {
@@ -96,11 +104,33 @@ func NewKcpReconciler(opts ReconcilerOpts) (CustomReconciler, error) {
 		return nil, fmt.Errorf("failed to create Discovery client factory: %w", err)
 	}
 
+	rm, err := restMapperFromConfig(opts.Config)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create rest mapper from config: %w", err)
+	}
+
+	sc, err := apischema.NewResolver(rm)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create schema resolver: %w", err)
+	}
+
 	return controller.NewAPIBindingReconciler(
-		ioHandler, df, apischema.NewResolver(), &clusterpath.Resolver{
+		ioHandler, df, sc, &clusterpath.Resolver{
 			Scheme:       opts.Scheme,
 			Config:       opts.Config,
 			ResolverFunc: clusterpath.Resolve,
 		},
 	), nil
 }
+
+func restMapperFromConfig(cfg *rest.Config) (meta.RESTMapper, error) {
+	httpClt, err := rest.HTTPClientFor(cfg)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create http client: %w", err)
+	}
+	rm, err := apiutil.NewDynamicRESTMapper(cfg, httpClt)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create rest mapper: %w", err)
+	}
+	return rm, nil
+}

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@ import (`
`9`	`9`	`"strings"`
`10`	`10`
`11`	`11`	`apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"`
	`12`	`+ "k8s.io/apimachinery/pkg/api/meta"`
`12`	`13`	`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
`13`	`14`	`"k8s.io/client-go/discovery"`
`14`	`15`	`"k8s.io/client-go/openapi"`
`@@ -23,10 +24,11 @@ var (`
`23`	`24`
`24`	`25`	`type CRDResolver struct {`
`25`	`26`	`*discovery.DiscoveryClient`
	`27`	`+ meta.RESTMapper`
`26`	`28`	`}`
`27`	`29`
`28`	`30`	`func (cr *CRDResolver) Resolve() ([]byte, error) {`
`29`		`- return resolveSchema(cr.DiscoveryClient)`
	`31`	`+ return resolveSchema(cr.DiscoveryClient, cr.RESTMapper)`
`30`	`32`	`}`
`31`	`33`
`32`	`34`	`func (cr CRDResolver) ResolveApiSchema(crd apiextensionsv1.CustomResourceDefinition) ([]byte, error) {`
`@@ -45,7 +47,7 @@ func (cr CRDResolver) ResolveApiSchema(crd apiextensionsv1.CustomResourceDefin`
`45`	`47`	`return nil, fmt.Errorf("failed to filter server preferred resources: %w", err)`
`46`	`48`	`}`
`47`	`49`
`48`		`- return resolveForPaths(cr.OpenAPIV3(), preferredApiGroups)`
	`50`	`+ return resolveForPaths(cr.OpenAPIV3(), preferredApiGroups, cr.RESTMapper)`
`49`	`51`	`}`
`50`	`52`
`51`	`53`	`func errorIfCRDNotInPreferredApiGroups(gvk metav1.GroupVersionKind, apiResLists []metav1.APIResourceList) ([]string, error) {`
`@@ -112,7 +114,7 @@ func getSchemaForPath(preferredApiGroups []string, path string, gv openapi.Group`
`112`	`114`	`return resp.Components.Schemas, nil`
`113`	`115`	`}`
`114`	`116`
`115`		`-func resolveForPaths(oc openapi.Client, preferredApiGroups []string) ([]byte, error) {`
	`117`	`+func resolveForPaths(oc openapi.Client, preferredApiGroups []string, rm meta.RESTMapper) ([]byte, error) {`
`116`	`118`	`apiv3Paths, err := oc.Paths()`
`117`	`119`	`if err != nil {`
`118`	`120`	`return nil, fmt.Errorf("failed to get OpenAPI paths: %w", err)`
`@@ -127,23 +129,29 @@ func resolveForPaths(oc openapi.Client, preferredApiGroups []string) ([]byte, er`
`127`	`129`	`}`
`128`	`130`	`maps.Copy(schemas, schema)`
`129`	`131`	`}`
	`132`	`+`
	`133`	`+ scopedSchemas, err := addScopeInfo(schemas, rm)`
	`134`	`+ if err != nil {`
	`135`	`+ return nil, fmt.Errorf("failed to add scope info to v3 schema: %w", err)`
	`136`	`+ }`
	`137`	`+`
`130`	`138`	`v3JSON, err := json.Marshal(&schemaResponse{`
`131`	`139`	`Components: schemasComponentsWrapper{`
`132`		`- Schemas: schemas,`
	`140`	`+ Schemas: scopedSchemas,`
`133`	`141`	`},`
`134`	`142`	`})`
`135`	`143`	`if err != nil {`
`136`	`144`	`return nil, fmt.Errorf("failed to marshal openAPI v3 schema: %w", err)`
`137`	`145`	`}`
`138`		`- v2JSON, err := ConvertJSON(v3JSON)`
	`146`	`+ v2JSON, err := convertJSON(v3JSON)`
`139`	`147`	`if err != nil {`
`140`	`148`	`return nil, fmt.Errorf("failed to convert openAPI v3 schema to v2: %w", err)`
`141`	`149`	`}`
`142`	`150`
`143`	`151`	`return v2JSON, nil`
`144`	`152`	`}`
`145`	`153`
`146`		`-func resolveSchema(dc discovery.DiscoveryInterface) ([]byte, error) {`
	`154`	`+func resolveSchema(dc discovery.DiscoveryInterface, rm meta.RESTMapper) ([]byte, error) {`
`147`	`155`	`preferredApiGroups := []string{}`
`148`	`156`	`apiResList, err := dc.ServerPreferredResources()`
`149`	`157`	`if err != nil {`
`@@ -153,5 +161,5 @@ func resolveSchema(dc discovery.DiscoveryInterface) ([]byte, error) {`
`153`	`161`	`preferredApiGroups = append(preferredApiGroups, apiRes.GroupVersion)`
`154`	`162`	`}`
`155`	`163`
`156`		`- return resolveForPaths(dc.OpenAPIV3(), preferredApiGroups)`
	`164`	`+ return resolveForPaths(dc.OpenAPIV3(), preferredApiGroups, rm)`
`157`	`165`	`}`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ type v2RootWrapper struct {`
`20`	`20`	Definitions map[string]any `json:"definitions"`
`21`	`21`	`}`
`22`	`22`
`23`		`-func ConvertJSON(v3JSON []byte) ([]byte, error) {`
	`23`	`+func convertJSON(v3JSON []byte) ([]byte, error) {`
`24`	`24`	`data := &v3RootWrapper{}`
`25`	`25`	`if err := json.Unmarshal(v3JSON, data); err != nil {`
`26`	`26`	`return nil, fmt.Errorf("failed to unmarshal JSON: %w", err)`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,9 @@`
`1`	`1`	`package apischema`
`2`	`2`
`3`	`3`	`import (`
	`4`	`+ "errors"`
	`5`	`+`
	`6`	`+ "k8s.io/apimachinery/pkg/api/meta"`
`4`	`7`	`"k8s.io/client-go/discovery"`
`5`	`8`	`"k8s.io/kube-openapi/pkg/validation/spec"`
`6`	`9`	`)`
`@@ -21,13 +24,17 @@ type Resolver interface {`
`21`	`24`	`Resolve(dc discovery.DiscoveryInterface) ([]byte, error)`
`22`	`25`	`}`
`23`	`26`
`24`		`-func NewResolver() *ResolverImpl {`
`25`		`- return &ResolverImpl{}`
	`27`	`+func NewResolver(rm meta.RESTMapper) (*ResolverImpl, error) {`
	`28`	`+ if rm == nil {`
	`29`	`+ return nil, errors.New("rest mapper might not be nil")`
	`30`	`+ }`
	`31`	`+ return &ResolverImpl{RESTMapper: rm}, nil`
`26`	`32`	`}`
`27`	`33`
`28`	`34`	`type ResolverImpl struct {`
	`35`	`+ meta.RESTMapper`
`29`	`36`	`}`
`30`	`37`
`31`	`38`	`func (r *ResolverImpl) Resolve(dc discovery.DiscoveryInterface) ([]byte, error) {`
`32`		`- return resolveSchema(dc)`
	`39`	`+ return resolveSchema(dc, r.RESTMapper)`
`33`	`40`	`}`