Merge pull request openshift#294 from tmshort/synchronize

NO-ISSUE: Synchronize From Upstream Repositories through PR1871

Author: openshift-merge-bot[bot]

Makefile

@@ -151,15 +151,9 @@ generate: $(CONTROLLER_GEN) #EXHELP Generate code containing DeepCopy, DeepCopyI
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
 .PHONY: verify
-verify: tidy fmt generate manifests crd-ref-docs update-k8s-values #HELP Verify all generated code is up-to-date.
+verify: tidy fmt generate manifests crd-ref-docs #HELP Verify all generated code is up-to-date.
 	git diff --exit-code
 
-.PHONY: update-k8s-values # HELP Update PSA labels in config manifests with Kubernetes version
-update-k8s-values:
-	find config -type f -name '*.yaml' -exec \
-	sed -i.bak -E 's/(pod-security.kubernetes.io\/[a-zA-Z-]+-version:).*/\1 "v$(K8S_VERSION)"/g' {} +;
-	find config -type f -name '*.yaml.bak' -delete
-
 .PHONY: fix-lint
 fix-lint: $(GOLANGCI_LINT) #EXHELP Fix lint issues
 	$(GOLANGCI_LINT) run --fix --build-tags $(GO_BUILD_TAGS) $(GOLANGCI_LINT_ARGS)
@@ -303,10 +297,15 @@ kind-clean: $(KIND) #EXHELP Delete the kind cluster.
 
 #SECTION Build
 
-ifeq ($(origin VERSION), undefined)
+# attempt to generate the VERSION attribute for certificates
+# fail if it is unset afterwards, since the side effects are indirect
+ifeq ($(strip $(VERSION)),)
 VERSION := $(shell git describe --tags --always --dirty)
 endif
 export VERSION
+ifeq ($(strip $(VERSION)),)
+	$(error undefined VERSION; resulting certs will be invalid)
+endif
 
 ifeq ($(origin CGO_ENABLED), undefined)
 CGO_ENABLED := 0

api/v1/clustercatalog_types.go

@@ -34,6 +34,14 @@ const (
 
 	AvailabilityModeAvailable   AvailabilityMode = "Available"
 	AvailabilityModeUnavailable AvailabilityMode = "Unavailable"
+
+	// Condition types
+	TypeServing = "Serving"
+
+	// Serving Reasons
+	ReasonAvailable                = "Available"
+	ReasonUnavailable              = "Unavailable"
+	ReasonUserSpecifiedUnavailable = "UserSpecifiedUnavailable"
 )
 
 //+kubebuilder:object:root=true

api/v1/clusterextension_types_test.go

@@ -5,7 +5,6 @@ import (
 	"go/ast"
 	"go/parser"
 	"go/token"
-	"io/fs"
 	"strconv"
 	"strings"
 	"testing"
@@ -52,49 +51,47 @@ func TestClusterExtensionReasonRegistration(t *testing.T) {
 	}
 }
 
-// parseConstants parses the values of the top-level constants in the current
-// directory whose names start with the given prefix. When running as part of a
-// test, the current directory is the directory of the file that contains the
-// test in which this function is called.
+// parseConstants parses the values of the top-level constants that start with the given prefix,
+// in the files clusterextension_types.go and common_types.go.
 func parseConstants(prefix string) ([]string, error) {
 	fset := token.NewFileSet()
-	// ParseDir returns a map of package name to package ASTs. An AST is a representation of the source code
-	// that can be traversed to extract information. The map is keyed by the package name.
-	pkgs, err := parser.ParseDir(fset, ".", func(info fs.FileInfo) bool {
-		return !strings.HasSuffix(info.Name(), "_test.go")
-	}, 0)
-	if err != nil {
-		return nil, err
+	// An AST is a representation of the source code that can be traversed to extract information.
+	// Converting files to AST representation to extract information.
+	parseFiles, astFiles := []string{"clusterextension_types.go", "common_types.go"}, []*ast.File{}
+	for _, file := range parseFiles {
+		p, err := parser.ParseFile(fset, file, nil, 0)
+		if err != nil {
+			return nil, err
+		}
+		astFiles = append(astFiles, p)
 	}
 
 	var constValues []string
 
-	// Iterate all of the top-level declarations in each package's files,
-	// looking for constants that start with the prefix. When we find one,
-	// add its value to the constValues list.
-	for _, pkg := range pkgs {
-		for _, f := range pkg.Files {
-			for _, d := range f.Decls {
-				genDecl, ok := d.(*ast.GenDecl)
-				if !ok {
+	// Iterate all of the top-level declarations in each file, looking
+	// for constants that start with the prefix. When we find one, add
+	// its value to the constValues list.
+	for _, f := range astFiles {
+		for _, d := range f.Decls {
+			genDecl, ok := d.(*ast.GenDecl)
+			if !ok {
+				continue
+			}
+			for _, s := range genDecl.Specs {
+				valueSpec, ok := s.(*ast.ValueSpec)
+				if !ok || len(valueSpec.Names) != 1 || valueSpec.Names[0].Obj.Kind != ast.Con || !strings.HasPrefix(valueSpec.Names[0].String(), prefix) {
 					continue
 				}
-				for _, s := range genDecl.Specs {
-					valueSpec, ok := s.(*ast.ValueSpec)
-					if !ok || len(valueSpec.Names) != 1 || valueSpec.Names[0].Obj.Kind != ast.Con || !strings.HasPrefix(valueSpec.Names[0].String(), prefix) {
+				for _, val := range valueSpec.Values {
+					lit, ok := val.(*ast.BasicLit)
+					if !ok || lit.Kind != token.STRING {
 						continue
 					}
-					for _, val := range valueSpec.Values {
-						lit, ok := val.(*ast.BasicLit)
-						if !ok || lit.Kind != token.STRING {
-							continue
-						}
-						v, err := strconv.Unquote(lit.Value)
-						if err != nil {
-							return nil, fmt.Errorf("unquote literal string %s: %v", lit.Value, err)
-						}
-						constValues = append(constValues, v)
+					v, err := strconv.Unquote(lit.Value)
+					if err != nil {
+						return nil, fmt.Errorf("unquote literal string %s: %v", lit.Value, err)
 					}
+					constValues = append(constValues, v)
 				}
 			}
 		}

api/v1/common_types.go

@@ -19,7 +19,6 @@ package v1
 const (
 	TypeInstalled   = "Installed"
 	TypeProgressing = "Progressing"
-	TypeServing     = "Serving"
 
 	// Progressing reasons
 	ReasonSucceeded = "Succeeded"
@@ -29,9 +28,4 @@ const (
 	// Terminal reasons
 	ReasonDeprecated = "Deprecated"
 	ReasonFailed     = "Failed"
-
-	// Serving reasons
-	ReasonAvailable                = "Available"
-	ReasonUnavailable              = "Unavailable"
-	ReasonUserSpecifiedUnavailable = "UserSpecifiedUnavailable"
 )

commitchecker.yaml

@@ -1,4 +1,4 @@
-expectedMergeBase: 7fc18c64660c97c70e4c6704147a746f657543f4
+expectedMergeBase: ef348ee326375febc7571a4c640646e2f752811c
 upstreamBranch: main
 upstreamOrg: operator-framework
 upstreamRepo: operator-controller

config/base/common/namespace.yaml

@@ -4,5 +4,5 @@ metadata:
   labels:
     app.kubernetes.io/part-of: olm
     pod-security.kubernetes.io/enforce: restricted
-    pod-security.kubernetes.io/enforce-version: "v1.32"
+    pod-security.kubernetes.io/enforce-version: latest
   name: system

docs/draft/api-reference/catalogd-webserver-metas-endpoint.md

@@ -0,0 +1,111 @@
+# Catalogd web server
+
+[Catalogd](https://github.com/operator-framework/operator-controller/tree/main/catalogd), the OLM v1 component for making catalog contents available on cluster, includes
+a web server that serves catalog contents to clients via HTTP(S) endpoints.
+
+The endpoints to retrieve information about installable clusterextentions can be composed from the `.status.urls.base` of a `ClusterCatalog` resource with the selected access API path.
+
+Currently, there are two API endpoints: 
+
+1. `api/v1/all` endpoint that provides access to the FBC metadata in entirety. 
+
+As an example, to access the full FBC via the v1 API endpoint (indicated by path `api/v1/all`) where `.status.urls.base` is
+
+```yaml
+    urls:
+        base: https://catalogd-service.olmv1-system.svc/catalogs/operatorhubio
+```
+
+the URL to access the service would be `https://catalogd-service.olmv1-system.svc/catalogs/operatorhubio/api/v1/all`
+
+2. `api/v1/metas` endpoint that allows clients to retrieve filtered portions of the FBC. 
+
+The metas endpoint accepts parameters which are one of the sub-types of the `Meta` [definition](https://github.com/operator-framework/operator-registry/blob/e15668c933c03e229b6c80025fdadb040ab834e0/alpha/declcfg/declcfg.go#L111-L114), following the pattern `/api/v1/metas?<parameter>[&<parameter>...]`.
+
+As an example, to access only the [package schema](https://olm.operatorframework.io/docs/reference/file-based-catalogs/#olmpackage-1) blobs of the FBC via the `api/v1/metas` endpoint where `.status.urls.base` is
+
+```yaml
+    urls:
+        base: https://catalogd-service.olmv1-system.svc/catalogs/operatorhubio
+```
+
+the URL to access the service would be `https://catalogd-service.olmv1-system.svc/catalogs/operatorhubio/api/v1/metas?schema=olm.package`
+
+For more examples of valid queries that can be made to the `api/v1/metas` service endpoint, please see [Catalog Queries](../howto/catalog-queries.md).
+
+!!! note
+
+    The values of the `.status.urls` field in a `ClusterCatalog` resource are arbitrary string values and can change at any time.
+    While there are no guarantees on the exact value of this field, it will always contain catalog-specific API endpoints for use
+    by clients to make a request from within the cluster.
+
+## Interacting With the Server
+
+### Supported HTTP Methods
+
+The HTTP request methods supported by the catalogd web server are:
+
+- [GET](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/GET)
+- [HEAD](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/HEAD)
+
+### Response Format
+
+Responses are encoded as a [JSON Lines](https://jsonlines.org/) stream of [File-Based Catalog](https://olm.operatorframework.io/docs/reference/file-based-catalogs) (FBC) [Meta](https://olm.operatorframework.io/docs/reference/file-based-catalogs/#schema) objects delimited by newlines.
+
+??? example "Example JSON-encoded FBC snippet"
+
+    ```json
+    {
+        "schema": "olm.package",
+        "name": "cockroachdb",
+        "defaultChannel": "stable-v6.x",
+    }
+    {
+        "schema": "olm.channel",
+        "name": "stable-v6.x",
+        "package": "cockroachdb",
+        "entries": [
+            {
+                "name": "cockroachdb.v6.0.0",
+                "skipRange": "<6.0.0"
+            }
+        ]
+    }
+    {
+        "schema": "olm.bundle",
+        "name": "cockroachdb.v6.0.0",
+        "package": "cockroachdb",
+        "image": "quay.io/openshift-community-operators/cockroachdb@sha256:d3016b1507515fc7712f9c47fd9082baf9ccb070aaab58ed0ef6e5abdedde8ba",
+        "properties": [
+            {
+                "type": "olm.package",
+                "value": {
+                    "packageName": "cockroachdb",
+                    "version": "6.0.0"
+                }
+            },
+        ],
+    }
+    ```
+
+    Corresponding JSON lines response:
+    ```jsonlines
+    {"schema":"olm.package","name":"cockroachdb","defaultChannel":"stable-v6.x"}
+    {"schema":"olm.channel","name":"stable-v6.x","package":"cockroachdb","entries":[{"name":"cockroachdb.v6.0.0","skipRange":"<6.0.0"}]}
+    {"schema":"olm.bundle","name":"cockroachdb.v6.0.0","package":"cockroachdb","image":"quay.io/openshift-community-operators/cockroachdb@sha256:d3016b1507515fc7712f9c47fd9082baf9ccb070aaab58ed0ef6e5abdedde8ba","properties":[{"type":"olm.package","value":{"packageName":"cockroachdb","version":"6.0.0"}}]}
+    ```
+
+### Compression Support
+
+The `catalogd` web server supports gzip compression of responses, which can significantly reduce associated network traffic.  In order to signal that the client handles compressed responses, the client must include `Accept-Encoding: gzip` as a header in the HTTP request.
+
+The web server will include a `Content-Encoding: gzip` header in compressed responses.
+
+!!! note
+
+    Only catalogs whose uncompressed response body would result in a response size greater than 1400 bytes will be compressed.
+
+### Cache Header Support
+
+For clients interested in caching the information returned from the `catalogd` web server, the `Last-Modified` header is set
+on responses and the `If-Modified-Since` header is supported for requests.

docs/draft/howto/catalog-queries-metas-endpoint.md

@@ -0,0 +1,93 @@
+# Catalog queries
+
+After you [add a catalog of extensions](../tutorials/add-catalog.md) to your cluster, you must port forward your catalog as a service.
+Then you can query the catalog by using `curl` commands and the `jq` CLI tool to find extensions to install.
+
+## Prerequisites
+
+* You have added a ClusterCatalog of extensions, such as [OperatorHub.io](https://operatorhub.io), to your cluster.
+* You have installed the `jq` CLI tool.
+
+!!! note
+    By default, Catalogd is installed with TLS enabled for the catalog webserver.
+    The following examples will show this default behavior, but for simplicity's sake will ignore TLS verification in the curl commands using the `-k` flag.
+
+!!! note 
+    While using the `/api/v1/metas` endpoint shown in the below examples, it is important to note that the metas endpoint accepts parameters which are one of the sub-types of the `Meta` [definition](https://github.com/operator-framework/operator-registry/blob/e15668c933c03e229b6c80025fdadb040ab834e0/alpha/declcfg/declcfg.go#L111-L114), following the pattern `/api/v1/metas?<parameter>[&<parameter>...]`. e.g. `schema=<schema_name>&package=<package_name>`, `schema=<schema_name>&name=<name>`, and `package=<package_name>&name=<name>` are all valid parameter combinations. However `schema=<schema_name>&version=<version_string>` is not a valid parameter combination, since version is not a first class FBC meta field. 
+    
+You also need to port forward the catalog server service:
+
+``` terminal
+kubectl -n olmv1-system port-forward svc/catalogd-service 8443:443
+```
+
+Now you can use the `curl` command with `jq` to query catalogs that are installed on your cluster.
+
+## Package queries
+
+* Available packages in a catalog:
+    ``` terminal
+    curl -k 'https://localhost:8443/catalogs/operatorhubio/api/v1/metas?schema=olm.package'
+    ```
+
+* Packages that support `AllNamespaces` install mode and do not use webhooks:
+    ``` terminal
+    jq -cs '[.[] | select(.schema == "olm.bundle" and (.properties[] | select(.type == "olm.csv.metadata").value.installModes[] | select(.type == "AllNamespaces" and .supported == true)) and .spec.webhookdefinitions == null) | .package] | unique[]'
+    ```
+
+* Package metadata:
+    ``` terminal
+    curl -k 'https://localhost:8443/catalogs/operatorhubio/api/v1/metas?schema=olm.package&name=<package_name>'
+    ```
+
+    `<package_name>`
+    : Name of the package from the catalog you are querying.
+
+* Blobs that belong to a package (that are not schema=olm.package):
+    ``` terminal
+    curl -k 'https://localhost:8443/catalogs/operatorhubio/api/v1/metas?package=<package_name>'
+    ```
+
+    `<package_name>`
+    : Name of the package from the catalog you are querying.
+
+Note: the `olm.package` schema blob does not have the `package` field set. In other words, to get all the blobs that belong to a package, along with the olm.package blob for that package, a combination of both of the above queries need to be used. 
+
+## Channel queries
+
+* Channels in a package:
+    ``` terminal
+    curl -k 'https://localhost:8443/catalogs/operatorhubio/api/v1/metas?schema=olm.channel&package=<package_name>'
+    ```
+
+    `<package_name>`
+    : Name of the package from the catalog you are querying.
+
+* Versions in a channel:
+    ``` terminal
+    curl -k 'https://localhost:8443/catalogs/operatorhubio/api/v1/metas?schema=olm.channel&package=zoperator&name=alpha' | jq -s '.[] | .entries | .[] | .name'
+    ```
+
+    `<package_name>`
+    : Name of the package from the catalog you are querying.
+
+    `<channel_name>`
+    : Name of the channel for a given package.
+
+## Bundle queries
+
+* Bundles in a package:
+    ``` terminal
+    curl -k 'https://localhost:8443/catalogs/operatorhubio/api/v1/metas?schema=olm.bundle&package=<package_name>'
+    ```
+
+    `<package_name>`
+    : Name of the package from the catalog you are querying.
+
+* Bundle dependencies and available APIs:
+    ``` terminal
+    curl -k 'https://localhost:8443/catalogs/operatorhubio/api/v1/metas?schema=olm.bundle&name=<bundle_name>' | jq -s '.[] | .properties[] | select(.type=="olm.gvk")'
+    ```
+
+    `<bundle_name>`
+    : Name of the bundle for a given package.