internal/generate: set WATCH_NAMESPACE on namespaced operator CSV's (#3128)

estroz · web-flow · commit 4cdd0f9d9b7c · 2020-05-27T20:40:49.000-07:00
diff --git a/internal/generate/clusterserviceversion/clusterserviceversion_updaters.go b/internal/generate/clusterserviceversion/clusterserviceversion_updaters.go
@@ -26,6 +26,8 @@ import (
 	"github.com/operator-framework/operator-registry/pkg/registry"
 	log "github.com/sirupsen/logrus"
 	admissionregv1 "k8s.io/api/admissionregistration/v1"
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/version"
 
 	"github.com/operator-framework/operator-sdk/internal/generate/collector"
@@ -39,6 +41,10 @@ func ApplyTo(c *collector.Manifests, csv *operatorsv1alpha1.ClusterServiceVersio
 		return fmt.Errorf("error updating ClusterServiceVersion: %v", err)
 	}
 
+	// Set fields required by namespaced operators. This is a no-op for cluster-
+	// scoped operators.
+	setNamespacedFields(csv)
+
 	// Sort all updated fields.
 	sortUpdates(csv)
 
@@ -111,6 +117,47 @@ func applyDeployments(c *collector.Manifests, strategy *operatorsv1alpha1.Strate
 	strategy.DeploymentSpecs = depSpecs
 }
 
+const (
+	// WatchNamespaceEnv is a constant for internal use.
+	WatchNamespaceEnv = "WATCH_NAMESPACE"
+	// TargetNamespacesRef references the target namespaces a CSV is installed in.
+	// This is required by legacy project Deployments.
+	TargetNamespacesRef = "metadata.annotations['olm.targetNamespaces']"
+)
+
+// setNamespacedFields sets static fields in a CSV required by namespaced
+// operators.
+func setNamespacedFields(csv *operatorsv1alpha1.ClusterServiceVersion) {
+	for _, dep := range csv.Spec.InstallStrategy.StrategySpec.DeploymentSpecs {
+		// Set WATCH_NAMESPACE if it exists in a deployment spec..
+		envVar := newFieldRefEnvVar(WatchNamespaceEnv, TargetNamespacesRef)
+		setContainerEnvVarIfExists(&dep.Spec, envVar)
+	}
+}
+
+// setContainerEnvVarIfExists overwrites all references to ev.Name with ev.
+func setContainerEnvVarIfExists(spec *appsv1.DeploymentSpec, ev corev1.EnvVar) {
+	for _, c := range spec.Template.Spec.Containers {
+		for i := 0; i < len(c.Env); i++ {
+			if c.Env[i].Name == ev.Name {
+				c.Env[i] = ev
+			}
+		}
+	}
+}
+
+// newFieldRefEnvVar creates a new environment variable referencing fieldPath.
+func newFieldRefEnvVar(name, fieldPath string) corev1.EnvVar {
+	return corev1.EnvVar{
+		Name: name,
+		ValueFrom: &corev1.EnvVarSource{
+			FieldRef: &corev1.ObjectFieldSelector{
+				FieldPath: fieldPath,
+			},
+		},
+	}
+}
+
 // applyCustomResourceDefinitions updates csv's customresourcedefinitions.owned
 // with CustomResourceDefinitions in the collector.
 // customresourcedefinitions.required are left as-is, since they are
diff --git a/internal/generate/olm-catalog/csv.go b/internal/generate/olm-catalog/csv.go
@@ -15,6 +15,7 @@
 package olmcatalog
 
 import (
+	"bytes"
 	"errors"
 	"fmt"
 	"io/ioutil"
@@ -393,7 +394,34 @@ func (g BundleGenerator) updateCSVFromManifests(csv *olmapiv1alpha1.ClusterServi
 		return fmt.Errorf("error building CSV: %v", err)
 	}
 
-	handleWatchNamespaces(csv)
+	// Ensure WATCH_NAMESPACE is set.
+	if err = checkWatchNamespaces(csv); err != nil {
+		return fmt.Errorf("error checking for WATCH_NAMESPACE: %v", err)
+	}
+
+	return nil
+}
 
+// OLM places the set of target namespaces for the operator in
+// "metadata.annotations['olm.targetNamespaces']". This value should be
+// referenced in either:
+//	- The DeploymentSpec's pod spec WATCH_NAMESPACE env variable.
+//	- Some other DeploymentSpec pod spec field.
+func checkWatchNamespaces(csv *olmapiv1alpha1.ClusterServiceVersion) error {
+	envVarValue := clusterserviceversion.TargetNamespacesRef
+	for _, dep := range csv.Spec.InstallStrategy.StrategySpec.DeploymentSpecs {
+		// Make sure "olm.targetNamespaces" is referenced somewhere in dep,
+		// and emit a warning of not.
+		b, err := dep.Spec.Template.Marshal()
+		if err != nil {
+			return err
+		}
+		if !bytes.Contains(b, []byte(envVarValue)) {
+			log.Warnf("No WATCH_NAMESPACE environment variable nor reference to %q "+
+				"detected in operator Deployment %s. For compatibility between OLM and a "+
+				"namespaced operator, your operator must watch namespaces defined in %q",
+				envVarValue, dep.Name, envVarValue)
+		}
+	}
 	return nil
 }
diff --git a/internal/generate/olm-catalog/csv_updaters.go b/internal/generate/olm-catalog/csv_updaters.go
diff --git a/internal/generate/testdata/clusterserviceversions/newlayout/manifests/memcached-operator.clusterserviceversion.yaml b/internal/generate/testdata/clusterserviceversions/newlayout/manifests/memcached-operator.clusterserviceversion.yaml
@@ -64,7 +64,7 @@ spec:
                 - name: WATCH_NAMESPACE
                   valueFrom:
                     fieldRef:
-                      fieldPath: metadata.namespace
+                      fieldPath: metadata.annotations['olm.targetNamespaces']
                 - name: POD_NAME
                   valueFrom:
                     fieldRef:
