Replace openshift/no-webhook manifests with legacy

This releases a new manifest type "legacy" to support Kubernetes <1.15 and OpenShift 3. This version uses the webhook but disables the conversions as they are not supported. For this reason only the v1alpha2 API is added in these manifests. All newer APIs are filtered by the filter-crd tool. Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
2020-03-04 14:26:25 +01:00 · 2020-03-04 14:26:25 +01:00 · aaae73a45d
commit aaae73a45d
parent f2c462d29f
2 changed files with 90 additions and 6 deletions
--- a/deploy/manifests/BUILD.bazel
+++ b/deploy/manifests/BUILD.bazel
@ -11,10 +11,8 @@ RELEASE_NAMESPACE = "cert-manager"

 VARIANTS = {
    "cert-manager": {},
-    "cert-manager-no-webhook": {
-        "webhook.enabled": "false",
-    },
-    "cert-manager-openshift": {},
+    "cert-manager-legacy": {},
+
 }

 [helm_tmpl(
--- a/hack/filter-crd/main.go
+++ b/hack/filter-crd/main.go
@ -21,12 +21,15 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"reflect"
 	"strings"

 	"gopkg.in/yaml.v2"
 )

 var removeKeys = []string{}
+var removeSliceElemForValue = map[string]string{}
+var checkValidationLocation = false

 func main() {
 	loadVariant()
@ -52,13 +55,37 @@ func main() {

 		checkChain(d, []string{})

+		if checkValidationLocation {
+			spec, ok := d["spec"].(map[interface{}]interface{})
+			if !ok {
+				log.Fatal("Cannot read spec of CRD")
+			}
+			versions, ok := spec["versions"].([]interface{})
+			if !ok {
+				log.Fatal("Cannot read versions of CRD")
+			}
+			if len(versions) == 0 {
+				log.Fatal("CRD versions length is 0")
+			}
+			versionInfo, ok := versions[0].(map[interface{}]interface{})
+			if !ok {
+				log.Fatal("Cannot read version of CRD")
+			}
+
+			// move the schema to the root of the CRD as we only have 1 version specified
+			if validations, exists := versionInfo["schema"]; exists {
+				spec["validation"] = validations
+				delete(versionInfo, "schema")
+			}
+
+		}
+
 		fileOut, err := yaml.Marshal(d)
 		if err != nil {
 			log.Fatal("Error marshaling output: ", err)
 		}

 		output = append(output, string(fileOut))
-
 	}

 	fmt.Println(strings.Join(output, "---\n"))
@ -69,30 +96,89 @@ func checkChain(d map[interface{}]interface{}, chain []string) {
 		if key, ok := k.(string); ok {
 			chain = append(chain, key)

+			// check if keys need to be removed
 			for _, removeKey := range removeKeys {
 				if strings.Join(chain, "/") == removeKey {
 					delete(d, key)
 				}
 			}

+			// checks if keys need to be removed when a value is set
+			if value, ok := removeSliceElemForValue[strings.Join(chain, "/")]; ok && value == v.(string) {
+				// TODO
+			}
+
 			if value, ok := v.(map[interface{}]interface{}); ok {
 				checkChain(value, chain)
 			}
+			if value, ok := v.([]interface{}); ok {
+				d[k] = checkSliceChain(value, append(chain, "[]"))
+			}
 			chain = chain[:len(chain)-1] // we're done with this key, remove it from the chain
 		}
 	}
 }

+func checkSliceChain(s []interface{}, chain []string) []interface{} {
+	for _, sliceVal := range s {
+		if d, ok := sliceVal.(map[interface{}]interface{}); ok {
+			for k, v := range d {
+				if key, ok := k.(string); ok {
+					chain = append(chain, key)
+
+					// check if keys need to be removed
+					for _, removeKey := range removeKeys {
+						if strings.Join(chain, "/") == removeKey {
+							delete(d, key)
+						}
+					}
+
+					if value, ok := removeSliceElemForValue[strings.Join(chain, "/")]; ok && value == v.(string) {
+						newSlice := []interface{}{}
+
+						for _, sliceVal := range s {
+							if !reflect.DeepEqual(sliceVal, d) {
+								newSlice = append(newSlice, sliceVal)
+							}
+						}
+
+						s = newSlice
+					}
+
+					if value, ok := v.(map[interface{}]interface{}); ok {
+						checkChain(value, chain)
+					}
+					if value, ok := v.([]interface{}); ok {
+						d[k] = checkSliceChain(value, append(chain, "[]"))
+					}
+
+					chain = chain[:len(chain)-1] // we're done with this key, remove it from the chain
+				}
+			}
+		}
+	}
+
+	return s
+}
+
 func loadVariant() {
 	variant := ""
 	flag.StringVar(&variant, "variant", "", "variant of remove rules")
 	flag.Parse()

-	if variant == "cert-manager-openshift" {
+	if variant == "cert-manager-legacy" {
 		// These are the keys that the script will remove for OpenShift compatibility
 		removeKeys = []string{
 			"spec/preserveUnknownFields",
 			"spec/validation/openAPIV3Schema/type",
+			"spec/versions/[]/schema/openAPIV3Schema/type",
+			"spec/conversion",
 		}
+
+		removeSliceElemForValue = map[string]string{
+			"spec/versions/[]/name": "v1alpha3",
+		}
+
+		checkValidationLocation = true
 	}
 }