updates from api audit

Signed-off-by: Jordan Keister <[email protected]>

Author: grokspawn

api/v1alpha1/clusterextension_types.go

@@ -19,6 +19,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	apimachyaml "k8s.io/apimachinery/pkg/util/yaml"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	helmclient "github.com/operator-framework/helm-operator-plugins/pkg/client"
 
@@ -56,6 +57,25 @@ type Helm struct {
 	Preflights         []Preflight
 }
 
+// shouldSkipPreflight is a helper to determine if the preflight check is CRDUpgradeSafety AND
+// if it is set to enforcement None.
+func shouldSkipPreflight(preflight Preflight, ctx context.Context, ext *ocv1alpha1.ClusterExtension, state string) bool {
+	l := log.FromContext(ctx)
+	if ext.Spec.Install.Preflight != nil && ext.Spec.Install.Preflight.CRDUpgradeSafety != nil {
+		if _, ok := preflight.(*crdupgradesafety.Preflight); ok {
+			if state == StateNeedsInstall || state == StateNeedsUpgrade {
+				l.Info("crdUpgradeSafety ", "policy", ext.Spec.Install.Preflight.CRDUpgradeSafety.Enforcement)
+			}
+			if ext.Spec.Install.Preflight.CRDUpgradeSafety.Enforcement == ocv1alpha1.CRDUpgradeSafetyEnforcementNone {
+				// Skip this preflight check because it is of type *crdupgradesafety.Preflight and the CRD Upgrade Safety
+				// policy is set to None
+				return true
+			}
+		}
+	}
+	return false
+}
+
 func (h *Helm) Apply(ctx context.Context, contentFS fs.FS, ext *ocv1alpha1.ClusterExtension, objectLabels map[string]string, storageLabels map[string]string) ([]client.Object, string, error) {
 	chrt, err := convert.RegistryV1ToHelmChart(ctx, contentFS, ext.Spec.Install.Namespace, []string{corev1.NamespaceAll})
 	if err != nil {
@@ -78,12 +98,8 @@ func (h *Helm) Apply(ctx context.Context, contentFS fs.FS, ext *ocv1alpha1.Clust
 	}
 
 	for _, preflight := range h.Preflights {
-		if ext.Spec.Install.Preflight != nil && ext.Spec.Install.Preflight.CRDUpgradeSafety != nil {
-			if _, ok := preflight.(*crdupgradesafety.Preflight); ok && ext.Spec.Install.Preflight.CRDUpgradeSafety.Policy == ocv1alpha1.CRDUpgradeSafetyPolicyDisabled {
-				// Skip this preflight check because it is of type *crdupgradesafety.Preflight and the CRD Upgrade Safety
-				// preflight check has been disabled
-				continue
-			}
+		if shouldSkipPreflight(preflight, ctx, ext, state) {
+			continue
 		}
 		switch state {
 		case StateNeedsInstall:

api/v1alpha1/zz_generated.deepcopy.go

@@ -77,7 +77,7 @@ func TestClusterExtensionSourceConfig(t *testing.T) {
 
 func TestClusterExtensionAdmissionPackageName(t *testing.T) {
 	tooLongError := "spec.source.catalog.packageName: Too long: may not be longer than 253"
-	regexMismatchError := "spec.source.catalog.packageName in body should match"
+	regexMismatchError := "packageName must be a valid DNS1123 subdomain"
 
 	testCases := []struct {
 		name    string
@@ -136,7 +136,7 @@ func TestClusterExtensionAdmissionPackageName(t *testing.T) {
 
 func TestClusterExtensionAdmissionVersion(t *testing.T) {
 	tooLongError := "spec.source.catalog.version: Too long: may not be longer than 64"
-	regexMismatchError := "spec.source.catalog.version in body should match"
+	regexMismatchError := "invalid version expression in the catalog source"
 
 	testCases := []struct {
 		name    string
@@ -293,7 +293,7 @@ func TestClusterExtensionAdmissionChannel(t *testing.T) {
 
 func TestClusterExtensionAdmissionInstallNamespace(t *testing.T) {
 	tooLongError := "spec.install.namespace: Too long: may not be longer than 63"
-	regexMismatchError := "spec.install.namespace in body should match"
+	regexMismatchError := "namespace must be a valid DNS1123 label"
 
 	testCases := []struct {
 		name      string

config/base/crd/bases/olm.operatorframework.io_clusterextensions.yaml

@@ -43,13 +43,18 @@ func (r *CatalogResolver) Resolve(ctx context.Context, ext *ocv1alpha1.ClusterEx
 	versionRange := ext.Spec.Source.Catalog.Version
 	channels := ext.Spec.Source.Catalog.Channels
 
-	selector, err := metav1.LabelSelectorAsSelector(&ext.Spec.Source.Catalog.Selector)
-	if err != nil {
-		return nil, nil, nil, fmt.Errorf("desired catalog selector is invalid: %w", err)
-	}
-	// A nothing (empty) seletor selects everything
-	if selector == labels.Nothing() {
-		selector = labels.Everything()
+	// unless overridden, default to selecting all bundles
+	var selector labels.Selector = labels.Everything()
+	var err error
+	if ext.Spec.Source.Catalog != nil {
+		selector, err = metav1.LabelSelectorAsSelector(ext.Spec.Source.Catalog.Selector)
+		if err != nil {
+			return nil, nil, nil, fmt.Errorf("desired catalog selector is invalid: %w", err)
+		}
+		// A nothing (empty) selector selects everything
+		if selector == labels.Nothing() {
+			selector = labels.Everything()
+		}
 	}
 
 	var versionRangeConstraints *mmsemver.Constraints

docs/api-reference/operator-controller-api-reference.md

@@ -770,7 +770,7 @@ func TestInvalidClusterExtensionCatalogMatchExpressions(t *testing.T) {
 			Source: ocv1alpha1.SourceConfig{
 				Catalog: &ocv1alpha1.CatalogSource{
 					PackageName: "foo",
-					Selector: metav1.LabelSelector{
+					Selector: &metav1.LabelSelector{
 						MatchExpressions: []metav1.LabelSelectorRequirement{
 							{
 								Key:      "name",
@@ -802,7 +802,7 @@ func TestInvalidClusterExtensionCatalogMatchLabelsName(t *testing.T) {
 			Source: ocv1alpha1.SourceConfig{
 				Catalog: &ocv1alpha1.CatalogSource{
 					PackageName: "foo",
-					Selector: metav1.LabelSelector{
+					Selector: &metav1.LabelSelector{
 						MatchLabels: map[string]string{"": "value"},
 					},
 				},
@@ -828,7 +828,7 @@ func TestInvalidClusterExtensionCatalogMatchLabelsValue(t *testing.T) {
 			Source: ocv1alpha1.SourceConfig{
 				Catalog: &ocv1alpha1.CatalogSource{
 					PackageName: "foo",
-					Selector: metav1.LabelSelector{
+					Selector: &metav1.LabelSelector{
 						MatchLabels: map[string]string{"name": "&value"},
 					},
 				},
@@ -852,7 +852,9 @@ func TestClusterExtensionMatchLabel(t *testing.T) {
 	}
 	r := CatalogResolver{WalkCatalogsFunc: w.WalkCatalogs}
 	ce := buildFooClusterExtension(pkgName, []string{}, "", ocv1alpha1.UpgradeConstraintPolicyCatalogProvided)
-	ce.Spec.Source.Catalog.Selector.MatchLabels = map[string]string{"olm.operatorframework.io/metadata.name": "b"}
+	ce.Spec.Source.Catalog.Selector = &metav1.LabelSelector{
+		MatchLabels: map[string]string{"olm.operatorframework.io/metadata.name": "b"},
+	}
 
 	_, _, _, err := r.Resolve(context.Background(), ce, nil)
 	require.NoError(t, err)
@@ -871,7 +873,9 @@ func TestClusterExtensionNoMatchLabel(t *testing.T) {
 	}
 	r := CatalogResolver{WalkCatalogsFunc: w.WalkCatalogs}
 	ce := buildFooClusterExtension(pkgName, []string{}, "", ocv1alpha1.UpgradeConstraintPolicyCatalogProvided)
-	ce.Spec.Source.Catalog.Selector.MatchLabels = map[string]string{"olm.operatorframework.io/metadata.name": "a"}
+	ce.Spec.Source.Catalog.Selector = &metav1.LabelSelector{
+		MatchLabels: map[string]string{"olm.operatorframework.io/metadata.name": "a"},
+	}
 
 	_, _, _, err := r.Resolve(context.Background(), ce, nil)
 	require.Error(t, err)

internal/applier/helm.go

@@ -249,7 +249,7 @@ func TestClusterExtensionInstallRegistry(t *testing.T) {
 					SourceType: "Catalog",
 					Catalog: &ocv1alpha1.CatalogSource{
 						PackageName: tc.packageName,
-						Selector: metav1.LabelSelector{
+						Selector: &metav1.LabelSelector{
 							MatchLabels: map[string]string{"olm.operatorframework.io/metadata.name": extensionCatalog.Name},
 						},
 					},
@@ -516,7 +516,7 @@ func TestClusterExtensionInstallReResolvesWhenCatalogIsPatched(t *testing.T) {
 			SourceType: "Catalog",
 			Catalog: &ocv1alpha1.CatalogSource{
 				PackageName: "prometheus",
-				Selector: metav1.LabelSelector{
+				Selector: &metav1.LabelSelector{
 					MatchExpressions: []metav1.LabelSelectorRequirement{
 						{
 							Key:      "olm.operatorframework.io/metadata.name",
@@ -603,7 +603,7 @@ func TestClusterExtensionInstallReResolvesWhenNewCatalog(t *testing.T) {
 			SourceType: "Catalog",
 			Catalog: &ocv1alpha1.CatalogSource{
 				PackageName: "prometheus",
-				Selector: metav1.LabelSelector{
+				Selector: &metav1.LabelSelector{
 					MatchLabels: map[string]string{"olm.operatorframework.io/metadata.name": extensionCatalog.Name},
 				},
 			},
@@ -666,7 +666,7 @@ func TestClusterExtensionInstallReResolvesWhenManagedContentChanged(t *testing.T
 			SourceType: "Catalog",
 			Catalog: &ocv1alpha1.CatalogSource{
 				PackageName: "prometheus",
-				Selector: metav1.LabelSelector{
+				Selector: &metav1.LabelSelector{
 					MatchLabels: map[string]string{"olm.operatorframework.io/metadata.name": extensionCatalog.Name},
 				},
 			},
@@ -731,7 +731,7 @@ func TestClusterExtensionRecoversFromInitialInstallFailedWhenFailureFixed(t *tes
 			SourceType: "Catalog",
 			Catalog: &ocv1alpha1.CatalogSource{
 				PackageName: "prometheus",
-				Selector: metav1.LabelSelector{
+				Selector: &metav1.LabelSelector{
 					MatchLabels: map[string]string{"olm.operatorframework.io/metadata.name": extensionCatalog.Name},
 				},
 			},