Write CRD filter for OpenShift

This adds a Go binary that filters certain keys from the CRDs. This is meant to remove keys that are not compatible with OpenShift 3.11. This then is ran on creating the deployment manifests. Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
2020-02-18 10:52:42 +01:00 · 2020-02-18 10:52:42 +01:00 · 1439ca350c
commit 1439ca350c
parent 672f7654a7
7 changed files with 143 additions and 5 deletions
--- a/deploy/manifests/BUILD.bazel
+++ b/deploy/manifests/BUILD.bazel
@ -14,7 +14,7 @@ VARIANTS = {
    "cert-manager-no-webhook": {
        "webhook.enabled": "false",
    },
-    "cert-manager-openshift.yaml": {
+    "cert-manager-openshift": {
        "global.isOpenshift": "true",
    },
 }
@ -28,13 +28,35 @@ VARIANTS = {
 ) for (name, values) in VARIANTS.items()]

 [genrule(
-    name = name,
+    name = "%s.crds" % name,
    srcs = [
        "00-crds.yaml",
+        "//hack/filter-crd",
+    ],
+    outs = ["%s.crds.yaml" % name],
+    cmd = " ".join([
+        "$(location //hack/filter-crd)",
+        "-variant=%s" % name,
+        "$(location 00-crds.yaml)",
+        "> $@",
+    ]),
+) for (name, values) in VARIANTS.items()]
+
+[genrule(
+    name = name,
+    srcs = [
+        "%s.crds" % name,
+        "01-namespace.yaml",
        "%s.manifests" % name,
    ],
    outs = ["%s.yaml" % name],
-    cmd = "cat $(location 00-crds.yaml) $(location %s.manifests) > $@" % name,
+    cmd = " ".join([
+        "cat",
+        "$(location %s.crds)" % name,
+        "$(location 01-namespace.yaml)",
+        "$(location %s.manifests)" % name,
+        "> $@",
+    ]),
 ) for (name, values) in VARIANTS.items()]

 pkg_tar(
--- a/go.mod
+++ b/go.mod
@ -40,6 +40,7 @@ require (
 	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
 	google.golang.org/api v0.4.0
 	gopkg.in/ini.v1 v1.52.0 // indirect
+	gopkg.in/yaml.v2 v2.2.8
 	k8s.io/api v0.17.0
 	k8s.io/apiextensions-apiserver v0.17.0
 	k8s.io/apimachinery v0.17.0
--- a/go.sum
+++ b/go.sum
@ -662,6 +662,8 @@ gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20190905181640-827449938966 h1:B0J02caTR6tpSJozBJyiAzT6CtBzjclw4pgm9gg8Ys0=
 gopkg.in/yaml.v3 v3.0.0-20190905181640-827449938966/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
--- a/hack/BUILD.bazel
+++ b/hack/BUILD.bazel
@ -285,6 +285,7 @@ filegroup(
        "//hack/bin:all-srcs",
        "//hack/boilerplate:all-srcs",
        "//hack/build:all-srcs",
+        "//hack/filter-crd:all-srcs",
    ],
    tags = ["automanaged"],
    visibility = ["//visibility:public"],
--- a/hack/build/repos.bzl
+++ b/hack/build/repos.bzl
@ -1767,8 +1767,8 @@ def go_repositories():
        build_file_generation = "on",
        build_file_proto_mode = "disable",
        importpath = "gopkg.in/yaml.v2",
-        sum = "h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=",
-        version = "v2.2.4",
+        sum = "h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=",
+        version = "v2.2.8",
    )
    go_repository(
        name = "io_k8s_api",
--- a/hack/filter-crd/BUILD.bazel
+++ b/hack/filter-crd/BUILD.bazel
@ -0,0 +1,29 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["main.go"],
+    importpath = "github.com/jetstack/cert-manager/hack/filter-crd",
+    visibility = ["//visibility:private"],
+    deps = ["@in_gopkg_yaml_v2//:go_default_library"],
+)
+
+go_binary(
+    name = "filter-crd",
+    embed = [":go_default_library"],
+    visibility = ["//visibility:public"],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/hack/filter-crd/main.go
+++ b/hack/filter-crd/main.go
@ -0,0 +1,83 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"os"
+	"strings"
+
+	"gopkg.in/yaml.v2"
+)
+
+var removeKeys = []string{}
+
+func main() {
+	loadVariant()
+
+	if len(flag.Args()) < 1 {
+		fmt.Println("Usage: filter-crd <CRD YAML file>")
+		return
+	}
+
+	f, err := os.Open(flag.Args()[0])
+	if err != nil {
+		log.Fatal("Error opening file", err)
+	}
+
+	decoder := yaml.NewDecoder(f)
+	var d map[interface{}]interface{}
+	output := []string{}
+
+	for decoder.Decode(&d) == nil {
+
+		if len(d) == 0 {
+			continue
+		}
+
+		checkChain(d, []string{})
+
+		fileOut, err := yaml.Marshal(d)
+		if err != nil {
+			log.Fatal("Error marshaling output", err)
+		}
+
+		output = append(output, string(fileOut))
+
+	}
+
+	fmt.Println(strings.Join(output, "---\n"))
+}
+
+func checkChain(d map[interface{}]interface{}, chain []string) {
+	for k, v := range d {
+		if key, ok := k.(string); ok {
+			chain = append(chain, key)
+
+			for _, removeKey := range removeKeys {
+				if strings.Join(chain, "/") == removeKey {
+					delete(d, key)
+				}
+			}
+
+			if value, ok := v.(map[interface{}]interface{}); ok {
+				checkChain(value, chain)
+			}
+			chain = chain[:len(chain)-1] // we're done with this key, remove it from the chain
+		}
+	}
+}
+
+func loadVariant() {
+	variant := ""
+	flag.StringVar(&variant, "variant", "", "variant of remove rules")
+	flag.Parse()
+
+	if variant == "cert-manager-openshift" {
+		// These are the keys that the script will remove for OpenShift compatibility
+		removeKeys = []string{
+			"spec/preserveUnknownFields",
+			"spec/validation/openAPIV3Schema/type",
+		}
+	}
+}