diff --git a/.gitignore b/.gitignore index 273b66b81..d7ffdb1b3 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,4 @@ install.sh site .tiltbuild/ +.vscode \ No newline at end of file diff --git a/Makefile b/Makefile index 8a040ad38..d6ccb6e59 100644 --- a/Makefile +++ b/Makefile @@ -54,7 +54,7 @@ else $(warning Could not find docker or podman in path! This may result in targets requiring a container runtime failing!) endif -KUSTOMIZE_BUILD_DIR := config/default +KUSTOMIZE_BUILD_DIR := config/overlays/tls # Disable -j flag for make .NOTPARALLEL: @@ -95,7 +95,7 @@ tidy: #HELP Update dependencies. .PHONY: manifests manifests: $(CONTROLLER_GEN) #EXHELP Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases + $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/base/crd/bases .PHONY: generate generate: $(CONTROLLER_GEN) #EXHELP Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. @@ -150,7 +150,7 @@ build-push-e2e-catalog: ## Build the testdata catalog used for e2e tests and pus # for example: ARTIFACT_PATH=/tmp/artifacts make test-e2e .PHONY: test-e2e test-e2e: KIND_CLUSTER_NAME := operator-controller-e2e -test-e2e: KUSTOMIZE_BUILD_DIR := config/e2e +test-e2e: KUSTOMIZE_BUILD_DIR := config/overlays/e2e test-e2e: GO_BUILD_FLAGS := -cover test-e2e: run image-registry build-push-e2e-catalog registry-load-bundles e2e e2e-coverage kind-clean #HELP Run e2e test suite on local kind cluster diff --git a/Tiltfile b/Tiltfile index 783123d74..ef12a3042 100644 --- a/Tiltfile +++ b/Tiltfile @@ -9,7 +9,7 @@ repos = cfg.get('repos', ['operator-controller', 'catalogd']) repo = { 'image': 'quay.io/operator-framework/operator-controller', - 'yaml': 'config/default', + 'yaml': 'config/overlays/tls', 'binaries': { 'manager': 'operator-controller-controller-manager', }, diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 5d2847b0b..b4da91205 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -20,11 +20,9 @@ import ( "crypto/x509" "flag" "fmt" - "net/http" "net/url" "os" "path/filepath" - "time" "github.com/spf13/pflag" "go.uber.org/zap/zapcore" @@ -50,6 +48,7 @@ import ( "github.com/operator-framework/operator-controller/internal/catalogmetadata/cache" catalogclient "github.com/operator-framework/operator-controller/internal/catalogmetadata/client" "github.com/operator-framework/operator-controller/internal/controllers" + "github.com/operator-framework/operator-controller/internal/httputil" "github.com/operator-framework/operator-controller/internal/labels" "github.com/operator-framework/operator-controller/internal/version" "github.com/operator-framework/operator-controller/pkg/features" @@ -58,7 +57,7 @@ import ( var ( setupLog = ctrl.Log.WithName("setup") - defaultSystemNamespace = "operator-controller-system" + defaultSystemNamespace = "olmv1-system" ) // podNamespace checks whether the controller is running in a Pod vs. @@ -82,9 +81,11 @@ func main() { operatorControllerVersion bool systemNamespace string provisionerStorageDirectory string + caCert string ) flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + flag.StringVar(&caCert, "ca-cert", "", "The TLS certificate to use for verifying HTTPS connections to the Catalogd web server.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") @@ -153,8 +154,13 @@ func main() { os.Exit(1) } + httpClient, err := httputil.BuildHTTPClient(caCert) + if err != nil { + setupLog.Error(err, "unable to create catalogd http client") + } + cl := mgr.GetClient() - catalogClient := catalogclient.New(cl, cache.NewFilesystemCache(cachePath, &http.Client{Timeout: 10 * time.Second})) + catalogClient := catalogclient.New(cl, cache.NewFilesystemCache(cachePath, httpClient)) cfgGetter, err := helmclient.NewActionConfigGetter(mgr.GetConfig(), mgr.GetRESTMapper(), helmclient.StorageNamespaceMapper(func(o client.Object) (string, error) { return systemNamespace, nil diff --git a/config/crd/bases/olm.operatorframework.io_clusterextensions.yaml b/config/base/crd/bases/olm.operatorframework.io_clusterextensions.yaml similarity index 100% rename from config/crd/bases/olm.operatorframework.io_clusterextensions.yaml rename to config/base/crd/bases/olm.operatorframework.io_clusterextensions.yaml diff --git a/config/crd/kustomization.yaml b/config/base/crd/kustomization.yaml similarity index 100% rename from config/crd/kustomization.yaml rename to config/base/crd/kustomization.yaml diff --git a/config/crd/kustomizeconfig.yaml b/config/base/crd/kustomizeconfig.yaml similarity index 100% rename from config/crd/kustomizeconfig.yaml rename to config/base/crd/kustomizeconfig.yaml diff --git a/config/default/kustomization.yaml b/config/base/kustomization.yaml similarity index 98% rename from config/default/kustomization.yaml rename to config/base/kustomization.yaml index 6e2a672dd..12884c03c 100644 --- a/config/default/kustomization.yaml +++ b/config/base/kustomization.yaml @@ -1,5 +1,5 @@ # Adds namespace to all resources. -namespace: operator-controller-system +namespace: olmv1-system # Value of this field is prepended to the # names of all resources, e.g. a deployment named @@ -15,9 +15,9 @@ namePrefix: operator-controller- # someName: someValue resources: -- ../crd -- ../rbac -- ../manager +- crd +- rbac +- manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml #- ../webhook diff --git a/config/manager/kustomization.yaml b/config/base/manager/kustomization.yaml similarity index 100% rename from config/manager/kustomization.yaml rename to config/base/manager/kustomization.yaml diff --git a/config/manager/manager.yaml b/config/base/manager/manager.yaml similarity index 99% rename from config/manager/manager.yaml rename to config/base/manager/manager.yaml index f5c73c56e..42d9fe682 100644 --- a/config/manager/manager.yaml +++ b/config/base/manager/manager.yaml @@ -114,4 +114,4 @@ spec: - name: cache emptyDir: {} - name: bundle-cache - emptyDir: {} + emptyDir: {} \ No newline at end of file diff --git a/config/prometheus/kustomization.yaml b/config/base/prometheus/kustomization.yaml similarity index 100% rename from config/prometheus/kustomization.yaml rename to config/base/prometheus/kustomization.yaml diff --git a/config/prometheus/monitor.yaml b/config/base/prometheus/monitor.yaml similarity index 100% rename from config/prometheus/monitor.yaml rename to config/base/prometheus/monitor.yaml diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/base/rbac/auth_proxy_client_clusterrole.yaml similarity index 100% rename from config/rbac/auth_proxy_client_clusterrole.yaml rename to config/base/rbac/auth_proxy_client_clusterrole.yaml diff --git a/config/rbac/auth_proxy_role.yaml b/config/base/rbac/auth_proxy_role.yaml similarity index 100% rename from config/rbac/auth_proxy_role.yaml rename to config/base/rbac/auth_proxy_role.yaml diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/base/rbac/auth_proxy_role_binding.yaml similarity index 100% rename from config/rbac/auth_proxy_role_binding.yaml rename to config/base/rbac/auth_proxy_role_binding.yaml diff --git a/config/rbac/auth_proxy_service.yaml b/config/base/rbac/auth_proxy_service.yaml similarity index 100% rename from config/rbac/auth_proxy_service.yaml rename to config/base/rbac/auth_proxy_service.yaml diff --git a/config/rbac/clusterextension_editor_role.yaml b/config/base/rbac/clusterextension_editor_role.yaml similarity index 100% rename from config/rbac/clusterextension_editor_role.yaml rename to config/base/rbac/clusterextension_editor_role.yaml diff --git a/config/rbac/clusterextension_viewer_role.yaml b/config/base/rbac/clusterextension_viewer_role.yaml similarity index 100% rename from config/rbac/clusterextension_viewer_role.yaml rename to config/base/rbac/clusterextension_viewer_role.yaml diff --git a/config/rbac/extension_editor_role.yaml b/config/base/rbac/extension_editor_role.yaml similarity index 100% rename from config/rbac/extension_editor_role.yaml rename to config/base/rbac/extension_editor_role.yaml diff --git a/config/rbac/extension_viewer_role.yaml b/config/base/rbac/extension_viewer_role.yaml similarity index 100% rename from config/rbac/extension_viewer_role.yaml rename to config/base/rbac/extension_viewer_role.yaml diff --git a/config/rbac/kustomization.yaml b/config/base/rbac/kustomization.yaml similarity index 100% rename from config/rbac/kustomization.yaml rename to config/base/rbac/kustomization.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/base/rbac/leader_election_role.yaml similarity index 100% rename from config/rbac/leader_election_role.yaml rename to config/base/rbac/leader_election_role.yaml diff --git a/config/rbac/leader_election_role_binding.yaml b/config/base/rbac/leader_election_role_binding.yaml similarity index 100% rename from config/rbac/leader_election_role_binding.yaml rename to config/base/rbac/leader_election_role_binding.yaml diff --git a/config/rbac/role.yaml b/config/base/rbac/role.yaml similarity index 97% rename from config/rbac/role.yaml rename to config/base/rbac/role.yaml index a0340fbef..d1016c6c8 100644 --- a/config/rbac/role.yaml +++ b/config/base/rbac/role.yaml @@ -20,7 +20,7 @@ rules: - apiGroups: - catalogd.operatorframework.io resources: - - catalogs + - clustercatalogs verbs: - list - watch diff --git a/config/rbac/role_binding.yaml b/config/base/rbac/role_binding.yaml similarity index 100% rename from config/rbac/role_binding.yaml rename to config/base/rbac/role_binding.yaml diff --git a/config/rbac/service_account.yaml b/config/base/rbac/service_account.yaml similarity index 100% rename from config/rbac/service_account.yaml rename to config/base/rbac/service_account.yaml diff --git a/config/e2e/kustomization.yaml b/config/overlays/e2e/kustomization.yaml similarity index 71% rename from config/e2e/kustomization.yaml rename to config/overlays/e2e/kustomization.yaml index 7d0ba86c5..e9a19438f 100644 --- a/config/e2e/kustomization.yaml +++ b/config/overlays/e2e/kustomization.yaml @@ -1,7 +1,7 @@ -namespace: operator-controller-system +namespace: olmv1-system resources: -- ../default +- ../../overlays/tls - manager_e2e_coverage_pvc.yaml - manager_e2e_coverage_copy_pod.yaml diff --git a/config/e2e/manager_e2e_coverage_copy_pod.yaml b/config/overlays/e2e/manager_e2e_coverage_copy_pod.yaml similarity index 100% rename from config/e2e/manager_e2e_coverage_copy_pod.yaml rename to config/overlays/e2e/manager_e2e_coverage_copy_pod.yaml diff --git a/config/e2e/manager_e2e_coverage_patch.yaml b/config/overlays/e2e/manager_e2e_coverage_patch.yaml similarity index 100% rename from config/e2e/manager_e2e_coverage_patch.yaml rename to config/overlays/e2e/manager_e2e_coverage_patch.yaml diff --git a/config/e2e/manager_e2e_coverage_pvc.yaml b/config/overlays/e2e/manager_e2e_coverage_pvc.yaml similarity index 100% rename from config/e2e/manager_e2e_coverage_pvc.yaml rename to config/overlays/e2e/manager_e2e_coverage_pvc.yaml diff --git a/config/overlays/tls/kustomization.yaml b/config/overlays/tls/kustomization.yaml new file mode 100644 index 000000000..9d8517a68 --- /dev/null +++ b/config/overlays/tls/kustomization.yaml @@ -0,0 +1,20 @@ +# Adds namespace to all resources. +namespace: olmv1-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. + +# the following config is for teaching kustomize how to do var substitution +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../base + +patches: +- target: + kind: Deployment + name: controller-manager + path: patches/manager_deployment_cert.yaml \ No newline at end of file diff --git a/config/overlays/tls/patches/manager_deployment_cert.yaml b/config/overlays/tls/patches/manager_deployment_cert.yaml new file mode 100644 index 000000000..72615bcd5 --- /dev/null +++ b/config/overlays/tls/patches/manager_deployment_cert.yaml @@ -0,0 +1,9 @@ +- op: add + path: /spec/template/spec/volumes/- + value: {"name":"ca-certificate", "secret":{"secretName":"catalogd-catalogserver-cert", "optional": false, "items": [{"key": "tls.crt", "path": "tls.crt"}]}} +- op: add + path: /spec/template/spec/containers/0/volumeMounts/- + value: {"name":"ca-certificate", "readOnly": true, "mountPath":"/var/certs"} +- op: add + path: /spec/template/spec/containers/0/args/- + value: "--ca-cert=/var/certs/tls.crt" \ No newline at end of file diff --git a/config/samples/catalogd_operatorcatalog.yaml b/config/samples/catalogd_operatorcatalog.yaml index 0a4de4d24..bd148bc85 100644 --- a/config/samples/catalogd_operatorcatalog.yaml +++ b/config/samples/catalogd_operatorcatalog.yaml @@ -1,5 +1,5 @@ apiVersion: catalogd.operatorframework.io/v1alpha1 -kind: Catalog +kind: ClusterCatalog metadata: name: operatorhubio spec: diff --git a/docs/Tasks/adding-a-catalog.md b/docs/Tasks/adding-a-catalog.md index f0a297ad6..8961d1d9a 100644 --- a/docs/Tasks/adding-a-catalog.md +++ b/docs/Tasks/adding-a-catalog.md @@ -113,7 +113,7 @@ This catalog is distributed as an image [quay.io/operatorhubio/catalog](https:// Reason: UnpackSuccessful Status: True Type: Unpacked - Content URL: http://catalogd-catalogserver.catalogd-system.svc/catalogs/operatorhubio/all.json + Content URL: http://catalogd-catalogserver.olmv1-system.svc/catalogs/operatorhubio/all.json Observed Generation: 2 Phase: Unpacked Resolved Source: diff --git a/docs/Tasks/explore-available-packages.md b/docs/Tasks/explore-available-packages.md index 117757f87..e377bf9f8 100644 --- a/docs/Tasks/explore-available-packages.md +++ b/docs/Tasks/explore-available-packages.md @@ -11,7 +11,7 @@ Then you can query the catalog by using `curl` commands and the `jq` CLI tool to 1. Port forward the catalog server service: ``` terminal - $ kubectl -n catalogd-system port-forward svc/catalogd-catalogserver 8080:80 + $ kubectl -n olmv1-system port-forward svc/catalogd-catalogserver 8080:80 ``` 2. Return a list of all the extensions in a catalog: diff --git a/go.mod b/go.mod index 7a60d5972..64f7dfa74 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/go-logr/logr v1.4.2 github.com/google/go-cmp v0.6.0 github.com/operator-framework/api v0.25.0 - github.com/operator-framework/catalogd v0.12.0 + github.com/operator-framework/catalogd v0.14.0 github.com/operator-framework/helm-operator-plugins v0.2.2-0.20240520180534-f463c36fedf9 github.com/operator-framework/operator-registry v1.43.1 github.com/operator-framework/rukpak v0.23.1 diff --git a/go.sum b/go.sum index 1c6b05bce..0b78ebb92 100644 --- a/go.sum +++ b/go.sum @@ -475,8 +475,8 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/operator-framework/api v0.25.0 h1:pSQwFSoPmZaTIERadawxtCwicehLkC7i9n3w3+70SVI= github.com/operator-framework/api v0.25.0/go.mod h1:PvyCQb0x53ytIqdTECH5e+iqv+am3uZ0qGsZWmL35gQ= -github.com/operator-framework/catalogd v0.12.0 h1:Cww+CyowkfTFugB9ZjUDpKvumh2vPe/TjCUpMHDmVBM= -github.com/operator-framework/catalogd v0.12.0/go.mod h1:4lryGtBTVOdqlKR0MaVYnlsSOc7HiagVRVo3J4uIo7E= +github.com/operator-framework/catalogd v0.14.0 h1:M/kDqhH1hBB9amUk7/dAV4WZuJIa5ARboeY6GMjhx0E= +github.com/operator-framework/catalogd v0.14.0/go.mod h1:84M4gm0JPrwOLVbEOoCns/xjlg4ljenVMPYUO/Cs+Wc= github.com/operator-framework/helm-operator-plugins v0.2.2-0.20240520180534-f463c36fedf9 h1:f7/TMBpuIZEQ3JbD9UyP1L1ZCSLLWdR2aPN+A+dOHFY= github.com/operator-framework/helm-operator-plugins v0.2.2-0.20240520180534-f463c36fedf9/go.mod h1:ly6Bd9rSzmt37Wy6WtZHmA+IY9zG958MryJFLcVpCXw= github.com/operator-framework/operator-lib v0.14.0 h1:er+BgZymZD1im2wytLJiPLZpGALAX6N0gXaHx3PKbO4= diff --git a/hack/e2e-coverage.sh b/hack/e2e-coverage.sh index 4b24bfe33..dae8dbb38 100755 --- a/hack/e2e-coverage.sh +++ b/hack/e2e-coverage.sh @@ -4,7 +4,7 @@ set -euo pipefail COVERAGE_OUTPUT="${COVERAGE_OUTPUT:-e2e-cover.out}" -OPERATOR_CONTROLLER_NAMESPACE="operator-controller-system" +OPERATOR_CONTROLLER_NAMESPACE="olmv1-system" OPERATOR_CONTROLLER_MANAGER_DEPLOYMENT_NAME="operator-controller-controller-manager" COPY_POD_NAME="e2e-coverage-copy-pod" diff --git a/internal/catalogmetadata/cache/cache.go b/internal/catalogmetadata/cache/cache.go index d1471601d..85c1a81ac 100644 --- a/internal/catalogmetadata/cache/cache.go +++ b/internal/catalogmetadata/cache/cache.go @@ -66,7 +66,7 @@ type filesystemCache struct { // resources that have been successfully reconciled, unpacked, and are being served. // These requirements help ensure that we can rely on status conditions to determine // when to issue a request to update the cached Catalog contents. -func (fsc *filesystemCache) FetchCatalogContents(ctx context.Context, catalog *catalogd.Catalog) (io.ReadCloser, error) { +func (fsc *filesystemCache) FetchCatalogContents(ctx context.Context, catalog *catalogd.ClusterCatalog) (io.ReadCloser, error) { if catalog == nil { return nil, fmt.Errorf("error: provided catalog must be non-nil") } diff --git a/internal/catalogmetadata/cache/cache_test.go b/internal/catalogmetadata/cache/cache_test.go index bf6bd2f56..f6719522c 100644 --- a/internal/catalogmetadata/cache/cache_test.go +++ b/internal/catalogmetadata/cache/cache_test.go @@ -54,7 +54,7 @@ func TestCache(t *testing.T) { t.Run("FetchCatalogContents", func(t *testing.T) { type test struct { name string - catalog *catalogd.Catalog + catalog *catalogd.ClusterCatalog contents []byte wantErr bool tripper *MockTripper @@ -64,11 +64,11 @@ func TestCache(t *testing.T) { for _, tt := range []test{ { name: "valid non-cached fetch", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: &catalogd.ResolvedCatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ResolvedImageSource{ @@ -82,11 +82,11 @@ func TestCache(t *testing.T) { }, { name: "valid cached fetch", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: &catalogd.ResolvedCatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ResolvedImageSource{ @@ -102,11 +102,11 @@ func TestCache(t *testing.T) { }, { name: "cached update fetch with changes", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: &catalogd.ResolvedCatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ResolvedImageSource{ @@ -122,11 +122,11 @@ func TestCache(t *testing.T) { }, { name: "fetch error", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: &catalogd.ResolvedCatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ResolvedImageSource{ @@ -141,11 +141,11 @@ func TestCache(t *testing.T) { }, { name: "fetch internal server error response", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: &catalogd.ResolvedCatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ResolvedImageSource{ @@ -167,11 +167,11 @@ func TestCache(t *testing.T) { }, { name: "nil catalog.status.resolvedSource", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: nil, }, }, @@ -181,11 +181,11 @@ func TestCache(t *testing.T) { }, { name: "nil catalog.status.resolvedSource.image", - catalog: &catalogd.Catalog{ + catalog: &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "test-catalog", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ ResolvedSource: &catalogd.ResolvedCatalogSource{ Image: nil, }, diff --git a/internal/catalogmetadata/client/client.go b/internal/catalogmetadata/client/client.go index 172f686c6..147a50842 100644 --- a/internal/catalogmetadata/client/client.go +++ b/internal/catalogmetadata/client/client.go @@ -23,7 +23,7 @@ type Fetcher interface { // server for the catalog provided. It returns an io.ReadCloser // containing the FBC contents that the caller is expected to close. // returns an error if any occur. - FetchCatalogContents(ctx context.Context, catalog *catalogd.Catalog) (io.ReadCloser, error) + FetchCatalogContents(ctx context.Context, catalog *catalogd.ClusterCatalog) (io.ReadCloser, error) } func New(cl client.Client, fetcher Fetcher) *Client { @@ -46,7 +46,7 @@ type Client struct { func (c *Client) Bundles(ctx context.Context) ([]*catalogmetadata.Bundle, error) { var allBundles []*catalogmetadata.Bundle - var catalogList catalogd.CatalogList + var catalogList catalogd.ClusterCatalogList if err := c.cl.List(ctx, &catalogList); err != nil { return nil, err } diff --git a/internal/catalogmetadata/client/client_test.go b/internal/catalogmetadata/client/client_test.go index 047861871..7d75f4f6e 100644 --- a/internal/catalogmetadata/client/client_test.go +++ b/internal/catalogmetadata/client/client_test.go @@ -105,7 +105,7 @@ func TestClient(t *testing.T) { name: "skip catalog missing Unpacked status condition", fakeCatalog: func() ([]client.Object, []*catalogmetadata.Bundle, map[string][]byte) { objs, bundles, catalogContentMap := defaultFakeCatalog() - objs = append(objs, &catalogd.Catalog{ + objs = append(objs, &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "foobar", }, @@ -220,11 +220,11 @@ func defaultFakeCatalog() ([]client.Object, []*catalogmetadata.Bundle, map[strin }` objs := []client.Object{ - &catalogd.Catalog{ + &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "catalog-1", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ Conditions: []metav1.Condition{ { Type: catalogd.TypeUnpacked, @@ -234,11 +234,11 @@ func defaultFakeCatalog() ([]client.Object, []*catalogmetadata.Bundle, map[strin }, }, }, - &catalogd.Catalog{ + &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: "catalog-2", }, - Status: catalogd.CatalogStatus{ + Status: catalogd.ClusterCatalogStatus{ Conditions: []metav1.Condition{ { Type: catalogd.TypeUnpacked, @@ -338,7 +338,7 @@ type MockFetcher struct { shouldError bool } -func (mc *MockFetcher) FetchCatalogContents(_ context.Context, catalog *catalogd.Catalog) (io.ReadCloser, error) { +func (mc *MockFetcher) FetchCatalogContents(_ context.Context, catalog *catalogd.ClusterCatalog) (io.ReadCloser, error) { if mc.shouldError { return nil, errors.New("mock cache error") } diff --git a/internal/controllers/clusterextension_controller.go b/internal/controllers/clusterextension_controller.go index 83d1fc8e8..d102d90dc 100644 --- a/internal/controllers/clusterextension_controller.go +++ b/internal/controllers/clusterextension_controller.go @@ -109,7 +109,7 @@ const ( //+kubebuilder:rbac:groups=core,resources=pods/log,verbs=get //+kubebuilder:rbac:groups=*,resources=*,verbs=* -//+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=catalogs,verbs=list;watch +//+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=clustercatalogs,verbs=list;watch //+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=catalogmetadata,verbs=list;watch // The operator controller needs to watch all the bundle objects and reconcile accordingly. Though not ideal, but these permissions are required. @@ -555,12 +555,12 @@ func isInsecureSkipTLSVerifySet(ce *ocv1alpha1.ClusterExtension) bool { func (r *ClusterExtensionReconciler) SetupWithManager(mgr ctrl.Manager) error { controller, err := ctrl.NewControllerManagedBy(mgr). For(&ocv1alpha1.ClusterExtension{}). - Watches(&catalogd.Catalog{}, + Watches(&catalogd.ClusterCatalog{}, crhandler.EnqueueRequestsFromMapFunc(clusterExtensionRequestsForCatalog(mgr.GetClient(), mgr.GetLogger()))). WithEventFilter(predicate.Funcs{ UpdateFunc: func(ue event.UpdateEvent) bool { - oldObject, isOldCatalog := ue.ObjectOld.(*catalogd.Catalog) - newObject, isNewCatalog := ue.ObjectNew.(*catalogd.Catalog) + oldObject, isOldCatalog := ue.ObjectOld.(*catalogd.ClusterCatalog) + newObject, isNewCatalog := ue.ObjectNew.(*catalogd.ClusterCatalog) if !isOldCatalog || !isNewCatalog { return true diff --git a/internal/controllers/suite_test.go b/internal/controllers/suite_test.go index 82e0078e5..a5c4d7a0f 100644 --- a/internal/controllers/suite_test.go +++ b/internal/controllers/suite_test.go @@ -140,7 +140,7 @@ var ( func TestMain(m *testing.M) { testEnv := &envtest.Environment{ CRDDirectoryPaths: []string{ - filepath.Join("..", "..", "config", "crd", "bases")}, + filepath.Join("..", "..", "config", "base", "crd", "bases")}, ErrorIfCRDPathMissing: true, } diff --git a/internal/httputil/httputil.go b/internal/httputil/httputil.go new file mode 100644 index 000000000..dde765f0a --- /dev/null +++ b/internal/httputil/httputil.go @@ -0,0 +1,34 @@ +package httputil + +import ( + "crypto/tls" + "crypto/x509" + "net/http" + "os" + "time" +) + +func BuildHTTPClient(caCert string) (*http.Client, error) { + httpClient := &http.Client{Timeout: 10 * time.Second} + + if caCert != "" { + // tlsFileWatcher, err := certwatcher.New(caCert, "") + + cert, err := os.ReadFile(caCert) + if err != nil { + return nil, err + } + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(cert) + tlsConfig := &tls.Config{ + RootCAs: caCertPool, + MinVersion: tls.VersionTLS12, + } + tlsTransport := &http.Transport{ + TLSClientConfig: tlsConfig, + } + httpClient.Transport = tlsTransport + } + + return httpClient, nil +} diff --git a/scripts/install.tpl.sh b/scripts/install.tpl.sh index 7ee165004..1b44ac630 100644 --- a/scripts/install.tpl.sh +++ b/scripts/install.tpl.sh @@ -36,7 +36,7 @@ kubectl apply -f "https://github.com/cert-manager/cert-manager/releases/download kubectl_wait "cert-manager" "deployment/cert-manager-webhook" "60s" kubectl apply -f "https://github.com/operator-framework/catalogd/releases/download/${catalogd_version}/catalogd.yaml" -kubectl_wait "catalogd-system" "deployment/catalogd-controller-manager" "60s" +kubectl_wait "olmv1-system" "deployment/catalogd-controller-manager" "60s" kubectl apply -f "${operator_controller_manifest}" -kubectl_wait "operator-controller-system" "deployment/operator-controller-controller-manager" "60s" +kubectl_wait "olmv1-system" "deployment/operator-controller-controller-manager" "60s" diff --git a/test/e2e/cluster_extension_install_test.go b/test/e2e/cluster_extension_install_test.go index 2042190a9..2bfe2c6c8 100644 --- a/test/e2e/cluster_extension_install_test.go +++ b/test/e2e/cluster_extension_install_test.go @@ -36,7 +36,7 @@ const ( var pollDuration = time.Minute var pollInterval = time.Second -func testInit(t *testing.T) (*ocv1alpha1.ClusterExtension, *catalogd.Catalog) { +func testInit(t *testing.T) (*ocv1alpha1.ClusterExtension, *catalogd.ClusterCatalog) { var err error extensionCatalog, err := createTestCatalog(context.Background(), testCatalogName, os.Getenv(testCatalogRefEnvVar)) require.NoError(t, err) @@ -53,10 +53,10 @@ func testInit(t *testing.T) (*ocv1alpha1.ClusterExtension, *catalogd.Catalog) { return clusterExtension, extensionCatalog } -func testCleanup(t *testing.T, cat *catalogd.Catalog, clusterExtension *ocv1alpha1.ClusterExtension) { +func testCleanup(t *testing.T, cat *catalogd.ClusterCatalog, clusterExtension *ocv1alpha1.ClusterExtension) { require.NoError(t, c.Delete(context.Background(), cat)) require.Eventually(t, func() bool { - err := c.Get(context.Background(), types.NamespacedName{Name: cat.Name}, &catalogd.Catalog{}) + err := c.Get(context.Background(), types.NamespacedName{Name: cat.Name}, &catalogd.ClusterCatalog{}) return errors.IsNotFound(err) }, pollDuration, pollInterval) require.NoError(t, c.Delete(context.Background(), clusterExtension)) @@ -139,7 +139,7 @@ func TestClusterExtensionInstallReResolvesWhenNewCatalog(t *testing.T) { t.Log("By deleting the catalog first") require.NoError(t, c.Delete(context.Background(), extensionCatalog)) require.EventuallyWithT(t, func(ct *assert.CollectT) { - err := c.Get(context.Background(), types.NamespacedName{Name: extensionCatalog.Name}, &catalogd.Catalog{}) + err := c.Get(context.Background(), types.NamespacedName{Name: extensionCatalog.Name}, &catalogd.ClusterCatalog{}) assert.True(ct, errors.IsNotFound(err)) }, pollDuration, pollInterval) @@ -368,7 +368,7 @@ func getArtifactsOutput(t *testing.T) { } // get all catalogsources save them to the artifact path. - catalogsources := catalogd.CatalogList{} + catalogsources := catalogd.ClusterCatalogList{} if err := c.List(context.Background(), &catalogsources, client.InNamespace("")); err != nil { fmt.Printf("Failed to list catalogsources: %v", err) } diff --git a/test/e2e/e2e_suite_test.go b/test/e2e/e2e_suite_test.go index 5f9e4f0ca..8c32390bd 100644 --- a/test/e2e/e2e_suite_test.go +++ b/test/e2e/e2e_suite_test.go @@ -39,12 +39,12 @@ func TestMain(m *testing.M) { // createTestCatalog will create a new catalog on the test cluster, provided // the context, catalog name, and the image reference. It returns the created catalog // or an error if any errors occurred while creating the catalog. -func createTestCatalog(ctx context.Context, name string, imageRef string) (*catalogd.Catalog, error) { - catalog := &catalogd.Catalog{ +func createTestCatalog(ctx context.Context, name string, imageRef string) (*catalogd.ClusterCatalog, error) { + catalog := &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ Name: name, }, - Spec: catalogd.CatalogSpec{ + Spec: catalogd.ClusterCatalogSpec{ Source: catalogd.CatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ImageSource{ diff --git a/test/extension-developer-e2e/extension_developer_test.go b/test/extension-developer-e2e/extension_developer_test.go index 0d215085b..52f333273 100644 --- a/test/extension-developer-e2e/extension_developer_test.go +++ b/test/extension-developer-e2e/extension_developer_test.go @@ -50,11 +50,11 @@ func TestExtensionDeveloper(t *testing.T) { clusterExtension := ce t.Run(clusterExtension.ObjectMeta.Name, func(t *testing.T) { t.Parallel() - catalog := &catalogd.Catalog{ + catalog := &catalogd.ClusterCatalog{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "catalog", }, - Spec: catalogd.CatalogSpec{ + Spec: catalogd.ClusterCatalogSpec{ Source: catalogd.CatalogSource{ Type: catalogd.SourceTypeImage, Image: &catalogd.ImageSource{