⚠️ updates from api audit (#1404)

* updates from api audit

Signed-off-by: Jordan Keister <jordan@nimblewidget.com>

* review updates

Signed-off-by: Jordan Keister <jordan@nimblewidget.com>

* e2e fixes

Signed-off-by: Jordan Keister <jordan@nimblewidget.com>

---------

Signed-off-by: Jordan Keister <jordan@nimblewidget.com>

Author: grokspawn

api/v1alpha1/clusterextension_types.go

@@ -19,6 +19,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	apimachyaml "k8s.io/apimachinery/pkg/util/yaml"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	helmclient "github.com/operator-framework/helm-operator-plugins/pkg/client"
 
@@ -56,6 +57,26 @@ type Helm struct {
 	Preflights         []Preflight
 }
 
+// shouldSkipPreflight is a helper to determine if the preflight check is CRDUpgradeSafety AND
+// if it is set to enforcement None.
+func shouldSkipPreflight(ctx context.Context, preflight Preflight, ext *ocv1alpha1.ClusterExtension, state string) bool {
+	l := log.FromContext(ctx)
+	hasCRDUpgradeSafety := ext.Spec.Install.Preflight != nil && ext.Spec.Install.Preflight.CRDUpgradeSafety != nil
+	_, isCRDUpgradeSafetyInstance := preflight.(*crdupgradesafety.Preflight)
+
+	if hasCRDUpgradeSafety && isCRDUpgradeSafetyInstance {
+		if state == StateNeedsInstall || state == StateNeedsUpgrade {
+			l.Info("crdUpgradeSafety ", "policy", ext.Spec.Install.Preflight.CRDUpgradeSafety.Enforcement)
+		}
+		if ext.Spec.Install.Preflight.CRDUpgradeSafety.Enforcement == ocv1alpha1.CRDUpgradeSafetyEnforcementNone {
+			// Skip this preflight check because it is of type *crdupgradesafety.Preflight and the CRD Upgrade Safety
+			// policy is set to None
+			return true
+		}
+	}
+	return false
+}
+
 func (h *Helm) Apply(ctx context.Context, contentFS fs.FS, ext *ocv1alpha1.ClusterExtension, objectLabels map[string]string, storageLabels map[string]string) ([]client.Object, string, error) {
 	chrt, err := convert.RegistryV1ToHelmChart(ctx, contentFS, ext.Spec.Install.Namespace, []string{corev1.NamespaceAll})
 	if err != nil {
@@ -78,12 +99,8 @@ func (h *Helm) Apply(ctx context.Context, contentFS fs.FS, ext *ocv1alpha1.Clust
 	}
 
 	for _, preflight := range h.Preflights {
-		if ext.Spec.Install.Preflight != nil && ext.Spec.Install.Preflight.CRDUpgradeSafety != nil {
-			if _, ok := preflight.(*crdupgradesafety.Preflight); ok && ext.Spec.Install.Preflight.CRDUpgradeSafety.Policy == ocv1alpha1.CRDUpgradeSafetyPolicyDisabled {
-				// Skip this preflight check because it is of type *crdupgradesafety.Preflight and the CRD Upgrade Safety
-				// preflight check has been disabled
-				continue
-			}
+		if shouldSkipPreflight(ctx, preflight, ext, state) {
+			continue
 		}
 		switch state {
 		case StateNeedsInstall:

api/v1alpha1/zz_generated.deepcopy.go

@@ -16,9 +16,27 @@ limitations under the License.
 
 package conditionsets
 
+import (
+	"github.com/operator-framework/operator-controller/api/v1alpha1"
+)
+
 // ConditionTypes is the full set of ClusterExtension condition Types.
 // ConditionReasons is the full set of ClusterExtension condition Reasons.
 //
-// NOTE: These are populated by init() in api/v1alpha1/clusterextension_types.go
-var ConditionTypes []string
-var ConditionReasons []string
+// NOTE: unit tests in clusterextension_types_test will enforce completeness.
+var ConditionTypes = []string{
+	v1alpha1.TypeInstalled,
+	v1alpha1.TypeDeprecated,
+	v1alpha1.TypePackageDeprecated,
+	v1alpha1.TypeChannelDeprecated,
+	v1alpha1.TypeBundleDeprecated,
+	v1alpha1.TypeProgressing,
+}
+
+var ConditionReasons = []string{
+	v1alpha1.ReasonSucceeded,
+	v1alpha1.ReasonDeprecated,
+	v1alpha1.ReasonFailed,
+	v1alpha1.ReasonBlocked,
+	v1alpha1.ReasonRetrying,
+}

config/base/crd/bases/olm.operatorframework.io_clusterextensions.yaml

@@ -77,7 +77,7 @@ func TestClusterExtensionSourceConfig(t *testing.T) {
 
 func TestClusterExtensionAdmissionPackageName(t *testing.T) {
 	tooLongError := "spec.source.catalog.packageName: Too long: may not be longer than 253"
-	regexMismatchError := "spec.source.catalog.packageName in body should match"
+	regexMismatchError := "packageName must be a valid DNS1123 subdomain"
 
 	testCases := []struct {
 		name    string
@@ -136,7 +136,7 @@ func TestClusterExtensionAdmissionPackageName(t *testing.T) {
 
 func TestClusterExtensionAdmissionVersion(t *testing.T) {
 	tooLongError := "spec.source.catalog.version: Too long: may not be longer than 64"
-	regexMismatchError := "spec.source.catalog.version in body should match"
+	regexMismatchError := "invalid version expression"
 
 	testCases := []struct {
 		name    string
@@ -236,7 +236,7 @@ func TestClusterExtensionAdmissionVersion(t *testing.T) {
 
 func TestClusterExtensionAdmissionChannel(t *testing.T) {
 	tooLongError := "spec.source.catalog.channels[0]: Too long: may not be longer than 253"
-	regexMismatchError := "spec.source.catalog.channels[0] in body should match"
+	regexMismatchError := "channels entries must be valid DNS1123 subdomains"
 
 	testCases := []struct {
 		name     string
@@ -293,7 +293,7 @@ func TestClusterExtensionAdmissionChannel(t *testing.T) {
 
 func TestClusterExtensionAdmissionInstallNamespace(t *testing.T) {
 	tooLongError := "spec.install.namespace: Too long: may not be longer than 63"
-	regexMismatchError := "spec.install.namespace in body should match"
+	regexMismatchError := "namespace must be a valid DNS1123 label"
 
 	testCases := []struct {
 		name      string
@@ -348,7 +348,7 @@ func TestClusterExtensionAdmissionInstallNamespace(t *testing.T) {
 
 func TestClusterExtensionAdmissionServiceAccount(t *testing.T) {
 	tooLongError := "spec.install.serviceAccount.name: Too long: may not be longer than 253"
-	regexMismatchError := "spec.install.serviceAccount.name in body should match"
+	regexMismatchError := "name must be a valid DNS1123 subdomain"
 
 	testCases := []struct {
 		name           string

docs/api-reference/operator-controller-api-reference.md

@@ -687,7 +687,7 @@ func TestClusterExtensionInstallationSucceeds(t *testing.T) {
 	t.Log("By checking the expected progressing conditions")
 	progressingCond := apimeta.FindStatusCondition(clusterExtension.Status.Conditions, ocv1alpha1.TypeProgressing)
 	require.NotNil(t, progressingCond)
-	require.Equal(t, metav1.ConditionFalse, progressingCond.Status)
+	require.Equal(t, metav1.ConditionTrue, progressingCond.Status)
 	require.Equal(t, ocv1alpha1.ReasonSucceeded, progressingCond.Reason)
 
 	require.NoError(t, cl.DeleteAllOf(ctx, &ocv1alpha1.ClusterExtension{}))

internal/applier/helm.go

@@ -83,14 +83,13 @@ func setInstallStatus(ext *ocv1alpha1.ClusterExtension, installStatus *ocv1alpha
 func setStatusProgressing(ext *ocv1alpha1.ClusterExtension, err error) {
 	progressingCond := metav1.Condition{
 		Type:               ocv1alpha1.TypeProgressing,
-		Status:             metav1.ConditionFalse,
+		Status:             metav1.ConditionTrue,
 		Reason:             ocv1alpha1.ReasonSucceeded,
 		Message:            "desired state reached",
 		ObservedGeneration: ext.GetGeneration(),
 	}
 
 	if err != nil {
-		progressingCond.Status = metav1.ConditionTrue
 		progressingCond.Reason = ocv1alpha1.ReasonRetrying
 		progressingCond.Message = err.Error()
 	}

internal/conditionsets/conditionsets.go

@@ -22,12 +22,12 @@ func TestSetStatusProgressing(t *testing.T) {
 		expected         metav1.Condition
 	}{
 		{
-			name:             "non-nil ClusterExtension, nil error, Progressing condition has status False with reason Success",
+			name:             "non-nil ClusterExtension, nil error, Progressing condition has status True with reason Success",
 			err:              nil,
 			clusterExtension: &ocv1alpha1.ClusterExtension{},
 			expected: metav1.Condition{
 				Type:    ocv1alpha1.TypeProgressing,
-				Status:  metav1.ConditionFalse,
+				Status:  metav1.ConditionTrue,
 				Reason:  ocv1alpha1.ReasonSucceeded,
 				Message: "desired state reached",
 			},