cmd: add render subcommand to be used by openshift/installer

to add the rolebindingrestriction crd as a bootstrap manifest

Signed-off-by: Bryce Palmer <[email protected]>

Author: everettraven

cmd/authentication-operator/main.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/openshift/cluster-authentication-operator/pkg/cmd/mom"
 	"github.com/openshift/cluster-authentication-operator/pkg/cmd/operator"
+	"github.com/openshift/cluster-authentication-operator/pkg/cmd/render"
 	"github.com/spf13/cobra"
 	"k8s.io/cli-runtime/pkg/genericiooptions"
 	"k8s.io/component-base/cli"
@@ -34,6 +35,7 @@ func NewAuthenticationOperatorCommand() *cobra.Command {
 	cmd.AddCommand(mom.NewApplyConfigurationCommand(ioStreams))
 	cmd.AddCommand(mom.NewInputResourcesCommand(ioStreams))
 	cmd.AddCommand(mom.NewOutputResourcesCommand(ioStreams))
+	cmd.AddCommand(render.NewRender())
 
 	return cmd
 }

go.mod

@@ -12,11 +12,13 @@ require (
 	github.com/openshift/library-go v0.0.0-20250113163708-355465391f40
 	github.com/openshift/multi-operator-manager v0.0.0-20241205181422-20aa3906b99d
 	github.com/spf13/cobra v1.8.1
+	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.9.0
 	go.etcd.io/etcd/client/v3 v3.5.14
 	golang.org/x/net v0.29.0
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.31.1
+	k8s.io/apiextensions-apiserver v0.31.1
 	k8s.io/apimachinery v0.31.1
 	k8s.io/apiserver v0.31.1
 	k8s.io/cli-runtime v0.31.1
@@ -81,7 +83,6 @@ require (
 	github.com/robfig/cron v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stoewer/go-strcase v1.2.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.etcd.io/etcd/api/v3 v3.5.14 // indirect
@@ -113,7 +114,6 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.31.1 // indirect
 	k8s.io/kms v0.31.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect

pkg/cmd/render/render.go

@@ -0,0 +1,76 @@
+package render
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/openshift/cluster-authentication-operator/bindata"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+type Permission os.FileMode
+
+const (
+	PermissionDirectoryDefault Permission = 0755
+	PermissionFileDefault      Permission = 0644
+)
+
+type AssetsFunc func(name string) ([]byte, error)
+
+type RenderOptions struct {
+	AssetOutputDir string
+	Assets         AssetsFunc
+	AssetsToRender []string
+}
+
+func (ro *RenderOptions) AddFlags(fs *pflag.FlagSet) {
+	fs.StringVar(&ro.AssetOutputDir, "asset-output-dir", ro.AssetOutputDir, "Output path for rendered manifests.")
+}
+
+func (ro *RenderOptions) Run() error {
+	err := os.MkdirAll(ro.AssetOutputDir, os.FileMode(PermissionDirectoryDefault))
+	if err != nil {
+		return fmt.Errorf("creating asset-output-dir: %w", err)
+	}
+
+	for _, assetToRender := range ro.AssetsToRender {
+		asset, err := ro.Assets(assetToRender)
+		if err != nil {
+			return fmt.Errorf("getting asset %q to be rendered: %w", assetToRender, err)
+		}
+
+		filename := filepath.Join(ro.AssetOutputDir, filepath.Base(assetToRender))
+		err = os.WriteFile(filename, asset, os.FileMode(PermissionFileDefault))
+		if err != nil {
+			return fmt.Errorf("rendering asset %q to file %q: %w ", assetToRender, filename, err)
+		}
+	}
+
+	return nil
+}
+
+// NewRender returns a cobra command responsible
+// for rendering bootstrap manifests required by the
+// cluster-authentication-operator
+func NewRender() *cobra.Command {
+	renderOpts := &RenderOptions{
+		Assets: bindata.Asset,
+		AssetsToRender: []string{
+			"oauth-openshift/authorization.openshift.io_rolebindingrestrictions.yaml",
+		},
+	}
+
+	renderCmd := &cobra.Command{
+		Use:   "render",
+		Short: "render bootstrap manifests",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return renderOpts.Run()
+		},
+	}
+
+	renderOpts.AddFlags(renderCmd.Flags())
+
+	return renderCmd
+}

pkg/cmd/render/render_test.go

@@ -0,0 +1,91 @@
+package render_test
+
+import (
+	"bytes"
+	"errors"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/openshift/cluster-authentication-operator/pkg/cmd/render"
+)
+
+func TestRenderOptionsRun(t *testing.T) {
+	type testcase struct {
+		name           string
+		assets         render.AssetsFunc
+		assetsToRender []string
+		expectedErr    error
+		expectedAssets map[string][]byte
+	}
+
+	testcases := []testcase{
+		{
+			name: "asset-output-dir can be created, fetching asset fails, error",
+			assets: func(name string) ([]byte, error) {
+				return nil, errors.New("boom")
+			},
+			assetsToRender: []string{
+				"foobar",
+			},
+			expectedAssets: make(map[string][]byte),
+			expectedErr:    errors.New("getting asset \"foobar\" to be rendered:"),
+		},
+		{
+			name: "asset-output-dir can be created, fetching asset successful, no error, manifest rendered successfully",
+			assets: func(name string) ([]byte, error) {
+				return []byte("baz"), nil
+			},
+			assetsToRender: []string{
+				"foobar",
+			},
+			expectedAssets: map[string][]byte{
+				"foobar": []byte("baz"),
+			},
+			expectedErr: nil,
+		},
+	}
+
+	for _, tc := range testcases {
+		t.Run(tc.name, func(t *testing.T) {
+			tempDir := t.TempDir()
+			renderOpts := &render.RenderOptions{
+				AssetOutputDir: tempDir,
+				Assets:         tc.assets,
+				AssetsToRender: tc.assetsToRender,
+			}
+			err := renderOpts.Run()
+			switch {
+			case err != nil && tc.expectedErr != nil:
+				if !strings.Contains(err.Error(), tc.expectedErr.Error()) {
+					t.Fatalf("received error %q does not contain expected error substring %q", err.Error(), tc.expectedErr.Error())
+				}
+			case err != nil && tc.expectedErr == nil:
+				t.Fatalf("received unexpected error %v", err)
+			case err == nil && tc.expectedErr != nil:
+				t.Fatalf("expected and error containing substring %q but did not receive an error", tc.expectedErr.Error())
+			}
+
+			for path, contents := range tc.expectedAssets {
+				file, err := os.Open(filepath.Join(tempDir, path))
+				if err != nil {
+					if os.IsNotExist(err) {
+						t.Fatalf("expected rendered manifest %q to exist in filesystem but it does not", path)
+					}
+					t.Fatalf("received unexpected error when checking for existence of rendered manifest %q in filesystem: %v", path, err)
+				}
+
+				fileContents, err := io.ReadAll(file)
+				if err != nil {
+					t.Fatalf("received unexpected error when reading contents of file %q: %v", path, err)
+				}
+
+				if !bytes.Equal(fileContents, contents) {
+					t.Fatalf("contents for rendered manifest %q do not match the expected. Rendered contents: %v, expected: %v", path, string(fileContents), string(contents))
+				}
+			}
+		})
+	}
+}