Add second implementation option

Signed-off-by: Per G. da Silva <[email protected]>

Author: perdasilva

pkg/controller/registry/reconciler/reconciler.go

@@ -122,7 +122,7 @@ func Pod(source *v1alpha1.CatalogSource, name string, image string, saName strin
 		},
 		Spec: v1.PodSpec{
 			// TODO: Remove this before merging
-			HostNetwork: true,
+			// HostNetwork: true,
 			Containers: []v1.Container{
 				{
 					Name:  name,

pkg/controller/registry/resolver/cache/predicates.go

@@ -282,6 +282,24 @@ func (p orPredicate) String() string {
 	return b.String()
 }
 
+type notPredicate struct {
+	predicate Predicate
+}
+
+func Not(predicate Predicate) Predicate {
+	return notPredicate{
+		predicate: predicate,
+	}
+}
+
+func (p notPredicate) Test(o *Entry) bool {
+	return !p.predicate.Test(o)
+}
+
+func (p notPredicate) String() string {
+	return fmt.Sprintf("not %s", p.predicate.String())
+}
+
 type booleanPredicate struct {
 	result bool
 }

pkg/controller/registry/resolver/installabletypes.go

@@ -36,6 +36,11 @@ func (i *BundleInstallable) AddConstraint(c solver.Constraint) {
 	i.constraints = append(i.constraints, c)
 }
 
+func (i *BundleInstallable) AddRuntimeConstraintFailure(message string) {
+	msg := fmt.Sprintf("%s violates a cluster runtime constraint: %s", i.identifier, message)
+	i.AddConstraint(PrettyConstraint(solver.Prohibited(), msg))
+}
+
 func (i *BundleInstallable) BundleSourceInfo() (string, string, cache.SourceKey, error) {
 	info := strings.Split(i.identifier.String(), "/")
 	// This should be enforced by Kube naming constraints

pkg/controller/registry/resolver/resolver.go

@@ -3,10 +3,14 @@ package resolver
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
+	"os"
 	"sort"
 	"strings"
 
+	"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/registry/resolver/runtime_constraints"
+
 	"github.com/blang/semver/v4"
 	"github.com/sirupsen/logrus"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
@@ -20,25 +24,42 @@ import (
 	opregistry "github.com/operator-framework/operator-registry/pkg/registry"
 )
 
+const (
+	runtimeConstraintsFilePath = "runtime_constraints.yaml"
+)
+
 type OperatorResolver interface {
 	SolveOperators(csvs []*v1alpha1.ClusterServiceVersion, subs []*v1alpha1.Subscription, add map[cache.OperatorSourceInfo]struct{}) (cache.OperatorSet, error)
 }
 
 type SatResolver struct {
-	cache cache.OperatorCacheProvider
-	log   logrus.FieldLogger
+	cache                      cache.OperatorCacheProvider
+	log                        logrus.FieldLogger
+	runtimeConstraintsProvider *runtime_constraints.RuntimeConstraintsProvider
 }
 
 func NewDefaultSatResolver(rcp cache.SourceProvider, catsrcLister v1alpha1listers.CatalogSourceLister, logger logrus.FieldLogger) *SatResolver {
-	// Get runtime constraints somehow
-	runtimeConstraints := []cache.Predicate{
-		// Only etcd can be installed on this system!
-		cache.PkgPredicate("etcd"),
+
+	runtimeConstraintProvider, err := runtime_constraints.NewFromFile(runtimeConstraintsFilePath)
+	if err != nil && !errors.Is(err, os.ErrNotExist) {
+		if errors.Is(err, os.ErrNotExist) {
+			logger.Warning("No cluster runtime constraints file found")
+		} else {
+			logger.Errorf("Error creating runtime constraints from file: %s", err)
+			panic(err)
+		}
 	}
 
+	// Two solutions:
+	// #1: Global cache filters
+	// globalFilters := cache.WithGlobalFilters(runtimeConstraintProvider.GetRuntimeConstraints()...)
+
 	return &SatResolver{
-		cache: cache.New(rcp, cache.WithLogger(logger), cache.WithCatalogSourceLister(catsrcLister), cache.WithGlobalFilters(runtimeConstraints...)),
+		cache: cache.New(rcp, cache.WithLogger(logger), cache.WithCatalogSourceLister(catsrcLister) /*, globalFilters*/),
 		log:   logger,
+		// #2: apply constraints in addInvariants
+		runtimeConstraintsProvider: runtimeConstraintProvider, // uncomment when using option #2
+		// runtimeConstraintsProvider: nil                     // uncomment when using option #1
 	}
 }
 
@@ -574,6 +595,16 @@ func (r *SatResolver) addInvariants(namespacedCache cache.MultiCatalogOperatorFi
 			}
 			packageConflictToInstallable[prop.PackageName] = append(packageConflictToInstallable[prop.PackageName], installable.Identifier())
 		}
+
+		// apply runtime constraints to packages that aren't already installed
+		if !catalog.Virtual() && r.runtimeConstraintsProvider != nil {
+			for _, predicate := range r.runtimeConstraintsProvider.GetRuntimeConstraints() {
+				if !predicate.Test(op) {
+					bundleInstallable.AddRuntimeConstraintFailure(predicate.String())
+					break
+				}
+			}
+		}
 	}
 
 	for gvk, is := range gvkConflictToInstallable {

pkg/controller/registry/resolver/resolver_test.go

@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/registry/resolver/runtime_constraints"
+
 	"github.com/blang/semver/v4"
 	"github.com/sirupsen/logrus"
 	"github.com/sirupsen/logrus/hooks/test"
@@ -83,6 +85,99 @@ func TestDisjointChannelGraph(t *testing.T) {
 	require.Error(t, err, "a unique replacement chain within a channel is required to determine the relative order between channel entries, but 2 replacement chains were found in channel \"alpha\" of package \"packageA\": packageA.side1.v2...packageA.side1.v1, packageA.side2.v2...packageA.side2.v1")
 }
 
+func TestRuntimeConstraints(t *testing.T) {
+	const namespace = "test-namespace"
+	catalog := cache.SourceKey{Name: "test-catalog", Namespace: namespace}
+
+	packageASub := newSub(namespace, "packageA", "alpha", catalog)
+	packageDSub := existingSub(namespace, "packageD.v1", "packageD", "alpha", catalog)
+
+	APISet := cache.APISet{opregistry.APIKey{Group: "g", Version: "v", Kind: "k", Plural: "ks"}: struct{}{}}
+
+	// packageA requires an API that can be provided by B or C
+	packageA := genOperator("packageA.v1", "0.0.1", "", "packageA", "alpha", catalog.Name, catalog.Namespace, APISet, nil, nil, "", false)
+	packageB := genOperator("packageB.v1", "1.0.0", "", "packageB", "alpha", catalog.Name, catalog.Namespace, nil, APISet, nil, "", false)
+	packageC := genOperator("packageC.v1", "1.0.0", "", "packageC", "alpha", catalog.Name, catalog.Namespace, nil, APISet, nil, "", false)
+	packageD := genOperator("packageD.v1", "1.0.0", "", "packageD", "alpha", catalog.Name, catalog.Namespace, nil, nil, nil, "", false)
+
+	// Existing operators
+	existingPackageD := existingOperator(namespace, "packageD.v1", "packageD", "alpha", "", nil, nil, nil, nil)
+	existingPackageD.Annotations = map[string]string{"operatorframework.io/properties": `{"properties":[{"type":"olm.package","value":{"packageName":"packageD","version":"1.0.0"}}]}`}
+
+	testCases := []struct {
+		title              string
+		runtimeConstraints []cache.Predicate
+		expectedOperators  cache.OperatorSet
+		csvs               []*v1alpha1.ClusterServiceVersion
+		subs               []*v1alpha1.Subscription
+		snapshotEntries    []*cache.Entry
+		err                string
+	}{
+		{
+			title:              "No runtime constraints",
+			snapshotEntries:    []*cache.Entry{packageA, packageB, packageC, packageD},
+			runtimeConstraints: []cache.Predicate{},
+			expectedOperators:  cache.OperatorSet{"packageA.v1": packageA, "packageB.v1": packageB},
+			csvs:               nil,
+			subs:               []*v1alpha1.Subscription{packageASub},
+			err:                "",
+		},
+		{
+			title:           "Runtime constraints only accept packages A and C",
+			snapshotEntries: []*cache.Entry{packageA, packageB, packageC, packageD},
+			runtimeConstraints: []cache.Predicate{
+				cache.Or(cache.PkgPredicate("packageA"), cache.PkgPredicate("packageC")),
+			},
+			expectedOperators: cache.OperatorSet{"packageA.v1": packageA, "packageC.v1": packageC},
+			csvs:              nil,
+			subs:              []*v1alpha1.Subscription{packageASub},
+			err:               "",
+		},
+		{
+			title:           "Existing packages are ignored",
+			snapshotEntries: []*cache.Entry{packageA, packageB, packageC, packageD},
+			runtimeConstraints: []cache.Predicate{
+				cache.Or(cache.PkgPredicate("packageA"), cache.PkgPredicate("packageC")),
+			},
+			expectedOperators: cache.OperatorSet{"packageA.v1": packageA, "packageC.v1": packageC},
+			csvs:              []*v1alpha1.ClusterServiceVersion{existingPackageD},
+			subs:              []*v1alpha1.Subscription{packageASub, packageDSub},
+			err:               "",
+		},
+		{
+			title:           "Runtime constraints don't allow A",
+			snapshotEntries: []*cache.Entry{packageA, packageB, packageC, packageD},
+			runtimeConstraints: []cache.Predicate{
+				cache.Not(cache.PkgPredicate("packageA")),
+			},
+			expectedOperators: nil,
+			csvs:              nil,
+			subs:              []*v1alpha1.Subscription{packageASub},
+			err:               "test-catalog/test-namespace/alpha/packageA.v1 violates a cluster runtime constraint: not with package: packageA",
+		},
+	}
+
+	for _, testCase := range testCases {
+		satResolver := SatResolver{
+			cache: cache.New(cache.StaticSourceProvider{
+				catalog: &cache.Snapshot{
+					Entries: testCase.snapshotEntries,
+				},
+			}),
+			log:                        logrus.New(),
+			runtimeConstraintsProvider: runtime_constraints.New(testCase.runtimeConstraints),
+		}
+		operators, err := satResolver.SolveOperators([]string{namespace}, testCase.csvs, testCase.subs)
+
+		if testCase.err != "" {
+			require.Containsf(t, err.Error(), testCase.err, "Test %s failed", testCase.title)
+		} else {
+			require.NoErrorf(t, err, "Test %s failed", testCase.title)
+		}
+		require.EqualValuesf(t, testCase.expectedOperators, operators, "Test %s failed", testCase.title)
+	}
+}
+
 func TestPropertiesAnnotationHonored(t *testing.T) {
 	const (
 		namespace = "olm"

pkg/controller/registry/resolver/runtime_constraints/provider.go

@@ -0,0 +1,80 @@
+package runtime_constraints
+
+import (
+	"encoding/json"
+	"io/ioutil"
+
+	"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/registry/resolver/cache"
+	"github.com/operator-framework/operator-registry/pkg/registry"
+	"github.com/pkg/errors"
+)
+
+const (
+	maxRuntimeConstraints = 10
+)
+
+type RuntimeConstraintsProvider struct {
+	runtimeConstraints []cache.Predicate
+}
+
+func (p *RuntimeConstraintsProvider) GetRuntimeConstraints() []cache.Predicate {
+	return p.runtimeConstraints
+}
+
+func New(runtimeConstraints []cache.Predicate) *RuntimeConstraintsProvider {
+	return &RuntimeConstraintsProvider{
+		runtimeConstraints: runtimeConstraints,
+	}
+}
+
+func NewFromFile(runtimeConstraintsFilePath string) (*RuntimeConstraintsProvider, error) {
+	propertiesFile, err := readRuntimeConstraintsYaml(runtimeConstraintsFilePath)
+	if err != nil {
+		return nil, err
+	}
+
+	// Using package type to test with
+	// We may only want to allow the generic constraint types once they are readym
+	var constraints = make([]cache.Predicate, 0)
+	for _, property := range propertiesFile.Properties {
+		rawMessage := []byte(property.Value)
+		switch property.Type {
+		case registry.PackageType:
+			dep := registry.PackageDependency{}
+			err := json.Unmarshal(rawMessage, &dep)
+			if err != nil {
+				return nil, err
+			}
+			constraints = append(constraints, cache.PkgPredicate(dep.PackageName))
+		case registry.LabelType:
+			dep := registry.LabelDependency{}
+			err := json.Unmarshal(rawMessage, &dep)
+			if err != nil {
+				return nil, err
+			}
+			constraints = append(constraints, cache.LabelPredicate(dep.Label))
+		}
+		if len(constraints) >= maxRuntimeConstraints {
+			return nil, errors.Errorf("Too many runtime constraints defined (%d/%d)", len(constraints), maxRuntimeConstraints)
+		}
+	}
+
+	return New(constraints), nil
+}
+
+func readRuntimeConstraintsYaml(yamlPath string) (*registry.PropertiesFile, error) {
+	// Read file
+	yamlFile, err := ioutil.ReadFile(yamlPath)
+	if err != nil {
+		return nil, err
+	}
+
+	// Parse yaml
+	var propertiesFile = &registry.PropertiesFile{}
+	err = json.Unmarshal(yamlFile, propertiesFile)
+	if err != nil {
+		return nil, err
+	}
+
+	return propertiesFile, nil
+}