(feat) inject 'Env' from config to deployment spec

Add a deployment initializer function that can inject environment
variable(s) specified in pod configuration of a subscription into
deployment object.

The following rules apply:
- Proxy env variable(s) defined in 'cluster' Proxy object should be
  injected into deployment object(s).
- If proxy env variable defined in pod configuration of a Subscription
  overrides 'cluster' Proxy object.

More here - https://github.com/operator-framework/operator-lifecycle-manager/blob/master/Documentation/contributors/design-proposals/operator-config.md

Author: tkashem

cmd/olm/main.go

@@ -9,6 +9,7 @@ import (
 	"strings"
 	"time"
 
+	configclientset "github.com/openshift/client-go/config/clientset/versioned"
 	configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	log "github.com/sirupsen/logrus"
@@ -158,6 +159,11 @@ func main() {
 	if err != nil {
 		log.Fatalf("error configuring client: %s", err.Error())
 	}
+	versionedConfigClient, err := configclientset.NewForConfig(config)
+	if err != nil {
+		err = fmt.Errorf("error configuring OpenShift Proxy client: %v", err)
+		return
+	}
 	configClient, err := configv1client.NewForConfig(config)
 	if err != nil {
 		log.Fatalf("error configuring client: %s", err.Error())
@@ -179,6 +185,7 @@ func main() {
 		olm.WithExternalClient(crClient),
 		olm.WithOperatorClient(opClient),
 		olm.WithRestConfig(config),
+		olm.WithConfigClient(versionedConfigClient),
 	)
 	if err != nil {
 		log.WithError(err).Fatalf("error configuring operator")

pkg/controller/install/deployment.go

@@ -43,6 +43,7 @@ type StrategyDeploymentInstaller struct {
 	owner               ownerutil.Owner
 	previousStrategy    Strategy
 	templateAnnotations map[string]string
+	initializers        DeploymentInitializerFuncChain
 }
 
 func (d *StrategyDetailsDeployment) GetStrategyName() string {
@@ -52,26 +53,61 @@ func (d *StrategyDetailsDeployment) GetStrategyName() string {
 var _ Strategy = &StrategyDetailsDeployment{}
 var _ StrategyInstaller = &StrategyDeploymentInstaller{}
 
-func NewStrategyDeploymentInstaller(strategyClient wrappers.InstallStrategyDeploymentInterface, templateAnnotations map[string]string, owner ownerutil.Owner, previousStrategy Strategy) StrategyInstaller {
+// DeploymentInitializerFunc takes a deployment object and appropriately
+// initializes it for install.
+//
+// Before a deployment is created on the cluster, we can run a series of
+// initializer functions that will properly initialize the deployment object.
+type DeploymentInitializerFunc func(deployment *appsv1.Deployment) error
+
+// DeploymentInitializerFuncChain defines a chain of DeploymentInitializerFunc.
+type DeploymentInitializerFuncChain []DeploymentInitializerFunc
+
+// Apply runs series of initializer functions that will properly initialize
+// the deployment object.
+func (c DeploymentInitializerFuncChain) Apply(deployment *appsv1.Deployment) (err error) {
+	for _, initializer := range c {
+		if initializer == nil {
+			continue
+		}
+
+		if initializationErr := initializer(deployment); initializationErr != nil {
+			err = initializationErr
+			break
+		}
+	}
+
+	return
+}
+
+type DeploymentInitializerFuncBuilder func(owner ownerutil.Owner) DeploymentInitializerFunc
+
+func NewStrategyDeploymentInstaller(strategyClient wrappers.InstallStrategyDeploymentInterface, templateAnnotations map[string]string, owner ownerutil.Owner, previousStrategy Strategy, initializers DeploymentInitializerFuncChain) StrategyInstaller {
 	return &StrategyDeploymentInstaller{
 		strategyClient:      strategyClient,
 		owner:               owner,
 		previousStrategy:    previousStrategy,
 		templateAnnotations: templateAnnotations,
+		initializers:        initializers,
 	}
 }
 
 func (i *StrategyDeploymentInstaller) installDeployments(deps []StrategyDeploymentSpec) error {
 	for _, d := range deps {
-		if _, err := i.strategyClient.CreateOrUpdateDeployment(i.deploymentForSpec(d.Name, d.Spec)); err != nil {
+		deployment, err := i.deploymentForSpec(d.Name, d.Spec)
+		if err != nil {
+			return err
+		}
+
+		if _, err := i.strategyClient.CreateOrUpdateDeployment(deployment); err != nil {
 			return err
 		}
 	}
 
 	return nil
 }
 
-func (i *StrategyDeploymentInstaller) deploymentForSpec(name string, spec appsv1.DeploymentSpec) *appsv1.Deployment {
+func (i *StrategyDeploymentInstaller) deploymentForSpec(name string, spec appsv1.DeploymentSpec) (deployment *appsv1.Deployment, err error) {
 	dep := &appsv1.Deployment{Spec: spec}
 	dep.SetName(name)
 	dep.SetNamespace(i.owner.GetNamespace())
@@ -88,7 +124,14 @@ func (i *StrategyDeploymentInstaller) deploymentForSpec(name string, spec appsv1
 
 	ownerutil.AddNonBlockingOwner(dep, i.owner)
 	ownerutil.AddOwnerLabelsForKind(dep, i.owner, v1alpha1.ClusterServiceVersionKind)
-	return dep
+
+	if applyErr := i.initializers.Apply(dep); applyErr != nil {
+		err = applyErr
+		return
+	}
+
+	deployment = dep
+	return
 }
 
 func (i *StrategyDeploymentInstaller) cleanupPrevious(current *StrategyDetailsDeployment, previous *StrategyDetailsDeployment) error {
@@ -185,7 +228,11 @@ func (i *StrategyDeploymentInstaller) checkForDeployments(deploymentSpecs []Stra
 		}
 
 		// check equality
-		calculated := i.deploymentForSpec(spec.Name, spec.Spec)
+		calculated, err := i.deploymentForSpec(spec.Name, spec.Spec)
+		if err != nil {
+			return err
+		}
+
 		if !i.equalDeployments(&calculated.Spec, &dep.Spec) {
 			return StrategyError{Reason: StrategyErrDeploymentUpdated, Message: fmt.Sprintf("deployment changed, rolling update with patch: %s\n%#v\n%#v", diff.ObjectDiff(dep.Spec.Template.Spec, calculated.Spec.Template.Spec), calculated.Spec.Template.Spec, dep.Spec.Template.Spec)}
 		}

pkg/controller/install/deployment_test.go

@@ -264,7 +264,7 @@ func TestNewStrategyDeploymentInstaller(t *testing.T) {
 		},
 	}
 	fakeClient := new(clientfakes.FakeInstallStrategyDeploymentInterface)
-	strategy := NewStrategyDeploymentInstaller(fakeClient, map[string]string{"test": "annotation"}, &mockOwner, nil)
+	strategy := NewStrategyDeploymentInstaller(fakeClient, map[string]string{"test": "annotation"}, &mockOwner, nil, nil)
 	require.Implements(t, (*StrategyInstaller)(nil), strategy)
 	require.Error(t, strategy.Install(&BadStrategy{}))
 	installed, err := strategy.CheckInstalled(&BadStrategy{})
@@ -302,7 +302,7 @@ func TestInstallStrategyDeploymentCheckInstallErrors(t *testing.T) {
 		t.Run(tt.description, func(t *testing.T) {
 			fakeClient := new(clientfakes.FakeInstallStrategyDeploymentInterface)
 			strategy := strategy(1, namespace, &mockOwner)
-			installer := NewStrategyDeploymentInstaller(fakeClient, map[string]string{"test": "annotation"}, &mockOwner, nil)
+			installer := NewStrategyDeploymentInstaller(fakeClient, map[string]string{"test": "annotation"}, &mockOwner, nil, nil)
 
 			dep := testDeployment("olm-dep-1", namespace, &mockOwner)
 			dep.Spec.Template.SetAnnotations(map[string]string{"test": "annotation"})

pkg/controller/install/resolver.go

@@ -28,7 +28,9 @@ type StrategyResolverInterface interface {
 	InstallerForStrategy(strategyName string, opClient operatorclient.ClientInterface, opLister operatorlister.OperatorLister, owner ownerutil.Owner, annotations map[string]string, previousStrategy Strategy) StrategyInstaller
 }
 
-type StrategyResolver struct{}
+type StrategyResolver struct {
+	ProxyInjectorBuilder DeploymentInitializerFuncBuilder
+}
 
 func (r *StrategyResolver) UnmarshalStrategy(s v1alpha1.NamedInstallStrategy) (strategy Strategy, err error) {
 	switch s.StrategyName {
@@ -47,7 +49,13 @@ func (r *StrategyResolver) InstallerForStrategy(strategyName string, opClient op
 	switch strategyName {
 	case InstallStrategyNameDeployment:
 		strategyClient := wrappers.NewInstallStrategyDeploymentClient(opClient, opLister, owner.GetNamespace())
-		return NewStrategyDeploymentInstaller(strategyClient, annotations, owner, previousStrategy)
+
+		initializers := []DeploymentInitializerFunc{}
+		if r.ProxyInjectorBuilder != nil {
+			initializers = append(initializers, r.ProxyInjectorBuilder(owner))
+		}
+
+		return NewStrategyDeploymentInstaller(strategyClient, annotations, owner, previousStrategy, initializers)
 	}
 
 	// Insurance against these functions being called incorrectly (unmarshal strategy will return a valid strategy name)

pkg/controller/operators/olm/config.go

@@ -9,6 +9,7 @@ import (
 	utilclock "k8s.io/apimachinery/pkg/util/clock"
 	"k8s.io/client-go/rest"
 
+	configv1client "github.com/openshift/client-go/config/clientset/versioned"
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/api/client/clientset/internalversion"
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/api/client/clientset/versioned"
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/install"
@@ -32,6 +33,7 @@ type operatorConfig struct {
 	apiReconciler     resolver.APIIntersectionReconciler
 	apiLabeler        labeler.Labeler
 	restConfig        *rest.Config
+	configClient      configv1client.Interface
 }
 
 func (o *operatorConfig) apply(options []OperatorOption) {
@@ -160,3 +162,9 @@ func WithRestConfig(restConfig *rest.Config) OperatorOption {
 		config.restConfig = restConfig
 	}
 }
+
+func WithConfigClient(configClient configv1client.Interface) OperatorOption {
+	return func(config *operatorConfig) {
+		config.configClient = configClient
+	}
+}

pkg/controller/operators/olm/envvar/config.go

@@ -0,0 +1,45 @@
+package envvar
+
+import (
+	"fmt"
+
+	"github.com/operator-framework/operator-lifecycle-manager/pkg/api/apis/operators/v1alpha1"
+	"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/operatorlister"
+	"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/ownerutil"
+	"github.com/sirupsen/logrus"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/labels"
+)
+
+type operatorConfig struct {
+	lister operatorlister.OperatorLister
+	logger *logrus.Logger
+}
+
+func (o *operatorConfig) GetOperatorConfig(ownerCSV ownerutil.Owner) (overrides []corev1.EnvVar, err error) {
+	list, listErr := o.lister.OperatorsV1alpha1().SubscriptionLister().Subscriptions(ownerCSV.GetNamespace()).List(labels.Everything())
+	if listErr != nil {
+		err = fmt.Errorf("failed to list subscription namespace=%s - %v", ownerCSV.GetNamespace(), listErr)
+		return
+	}
+
+	owner := findOwner(list, ownerCSV)
+	if owner == nil {
+		o.logger.Debugf("failed to get the owner subscription csv=%s", ownerCSV.GetName())
+		return
+	}
+
+	overrides = owner.Spec.Config.Env
+	return
+}
+
+func findOwner(list []*v1alpha1.Subscription, ownerCSV ownerutil.Owner) *v1alpha1.Subscription {
+	for i := range list {
+		sub := list[i]
+		if sub.Status.InstalledCSV == ownerCSV.GetName() {
+			return sub
+		}
+	}
+
+	return nil
+}

pkg/controller/operators/olm/envvar/initializer.go

@@ -0,0 +1,73 @@
+package envvar
+
+import (
+	"fmt"
+
+	"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/install"
+	"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/operatorlister"
+	"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/ownerutil"
+	"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/proxy"
+	"github.com/sirupsen/logrus"
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+)
+
+// NewDeploymentInitializer returns a function that accepts a Deployment object
+// and initializes it with env variables specified in operator configuration.
+func NewDeploymentInitializer(logger *logrus.Logger, querier proxy.Querier, lister operatorlister.OperatorLister) *DeploymentInitializer {
+	return &DeploymentInitializer{
+		logger:  logger,
+		querier: querier,
+		config: &operatorConfig{
+			lister: lister,
+			logger: logger,
+		},
+	}
+}
+
+type DeploymentInitializer struct {
+	logger  *logrus.Logger
+	querier proxy.Querier
+	config  *operatorConfig
+}
+
+func (d *DeploymentInitializer) GetDeploymentInitializer(ownerCSV ownerutil.Owner) install.DeploymentInitializerFunc {
+	return func(spec *appsv1.Deployment) error {
+		err := d.initialize(ownerCSV, spec)
+		return err
+	}
+}
+
+// Initialize initializes a deployment object with appropriate global cluster
+// level proxy env variable(s).
+func (d *DeploymentInitializer) initialize(ownerCSV ownerutil.Owner, deployment *appsv1.Deployment) error {
+	var podConfigEnvVar, proxyEnvVar, merged []corev1.EnvVar
+	var err error
+
+	podConfigEnvVar, err = d.config.GetOperatorConfig(ownerCSV)
+	if err != nil {
+		err = fmt.Errorf("failed to get subscription pod configuration - %v", err)
+		return err
+	}
+
+	if !proxy.IsOverridden(podConfigEnvVar) {
+		proxyEnvVar, err = d.querier.QueryProxyConfig()
+		if err != nil {
+			err = fmt.Errorf("failed to query cluster proxy configuration - %v", err)
+			return err
+		}
+	}
+
+	merged = append(podConfigEnvVar, proxyEnvVar...)
+
+	if len(merged) == 0 {
+		d.logger.Debugf("no env var to inject into csv=%s", ownerCSV.GetName())
+	}
+
+	podSpec := deployment.Spec.Template.Spec
+	if err := InjectEnvIntoDeployment(&podSpec, merged); err != nil {
+		return fmt.Errorf("failed to inject proxy env variable(s) into deployment spec name=%s - %v", deployment.Name, err)
+	}
+
+	return nil
+}

pkg/controller/operators/olm/envvar/inject.go

@@ -0,0 +1,61 @@
+package envvar
+
+import (
+	"errors"
+
+	corev1 "k8s.io/api/core/v1"
+)
+
+// InjectEnvIntoDeployment injects the proxy env variables specified in
+// proxyEnvVar into the container(s) of the given PodSpec.
+//
+// If any Container in PodSpec already defines an env variable of the same name
+// as any of the proxy env variables then it
+func InjectEnvIntoDeployment(podSpec *corev1.PodSpec, envVars []corev1.EnvVar) error {
+	if podSpec == nil {
+		return errors.New("no pod spec provided")
+	}
+
+	for i := range podSpec.Containers {
+		container := &podSpec.Containers[i]
+		container.Env = merge(container.Env, envVars)
+	}
+
+	return nil
+}
+
+func merge(containerEnvVars []corev1.EnvVar, newEnvVars []corev1.EnvVar) (merged []corev1.EnvVar) {
+	merged = containerEnvVars
+
+	for _, newEnvVar := range newEnvVars {
+		existing, found := find(containerEnvVars, newEnvVar.Name)
+		if !found {
+			if newEnvVar.Value != "" {
+				merged = append(merged, corev1.EnvVar{
+					Name:  newEnvVar.Name,
+					Value: newEnvVar.Value,
+				})
+			}
+
+			continue
+		}
+
+		existing.Value = newEnvVar.Value
+	}
+
+	return
+}
+
+func find(proxyEnvVar []corev1.EnvVar, name string) (envVar *corev1.EnvVar, found bool) {
+	for i := range proxyEnvVar {
+		if name == proxyEnvVar[i].Name {
+			// Environment variable names are case sensitive.
+			found = true
+			envVar = &proxyEnvVar[i]
+
+			break
+		}
+	}
+
+	return
+}