Merge pull request #149 from infrawatch/import/stf153

Import master into stable-1.5

Author: leifmadsen

build/Dockerfile

@@ -1,4 +1,16 @@
-FROM quay.io/openshift/origin-ansible-operator:4.10
+FROM quay.io/openshift/origin-ansible-operator:4.12
 
+# temporarily switch to root user to adjust image layers
+USER 0
+
+# update the base image to allow forward-looking optimistic updates during the testing phase, with the added benefit of helping move closer to passing security scans.
+# -- excludes ansible so it remains at 2.9 tag as shipped with the base image
+# -- cleans up the cached data from dnf to keep the image as small as possible
+RUN dnf update -y --exclude=ansible* && dnf clean all && rm -rf /var/cache/dnf
+
+# switch back to user 1001 when running the base image (non-root)
+USER 1001
+
+# copy in required artifacts for the operator
 COPY roles/ ${HOME}/roles/
 COPY watches.yaml ${HOME}/watches.yaml

build/generate_bundle.sh

@@ -1,41 +1,45 @@
 #!/usr/bin/env bash
 set -e
-REL=$(dirname "$0")
+set -x
+
+LOGFILE=${LOGFILE:-/dev/null}
+# If LOGFILE is /dev/null, this command fails, so ignore that error
+truncate --size=0 ${LOGFILE} || true
+
+OPERATOR_SDK=${OPERATOR_SDK:-operator-sdk}
+REL=$( readlink -f $(dirname "$0"))
 
 # shellcheck source=build/metadata.sh
 . "${REL}/metadata.sh"
 
 generate_version() {
-    echo "-- Generating operator version"
     UNIXDATE=$(date '+%s')
     OPERATOR_BUNDLE_VERSION=${OPERATOR_CSV_MAJOR_VERSION}.${UNIXDATE}
-    echo "---- Operator Version: ${OPERATOR_BUNDLE_VERSION}"
 }
 
 create_working_dir() {
-    echo "-- Create working directory"
     WORKING_DIR=${WORKING_DIR:-"/tmp/${OPERATOR_NAME}-bundle-${OPERATOR_BUNDLE_VERSION}"}
     mkdir -p "${WORKING_DIR}"
-    echo "---- Created working directory: ${WORKING_DIR}"
 }
 
 generate_dockerfile() {
-    echo "-- Generate Dockerfile for bundle"
     sed -E "s#<<OPERATOR_BUNDLE_VERSION>>#${OPERATOR_BUNDLE_VERSION}#g;s#<<BUNDLE_CHANNELS>>#${BUNDLE_CHANNELS}#g;s#<<BUNDLE_DEFAULT_CHANNEL>>#${BUNDLE_DEFAULT_CHANNEL}#g" "${REL}/../${BUNDLE_PATH}/Dockerfile.in" > "${WORKING_DIR}/Dockerfile"
-    echo "---- Generated Dockerfile complete"
 }
 
 generate_bundle() {
-    echo "-- Generate bundle"
-    REPLACE_REGEX="s#<<CREATED_DATE>>#${CREATED_DATE}#g;s#<<OPERATOR_IMAGE>>#${OPERATOR_IMAGE}#g;s#<<OPERATOR_TAG>>#${OPERATOR_TAG}#g;s#<<RELATED_IMAGE_BRIDGE_SMARTGATEWAY>>#${RELATED_IMAGE_BRIDGE_SMARTGATEWAY}#g;s#<<RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG>>#${RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG}#g;s#<<RELATED_IMAGE_CORE_SMARTGATEWAY>>#${RELATED_IMAGE_CORE_SMARTGATEWAY}#g;s#<<RELATED_IMAGE_CORE_SMARTGATEWAY_TAG>>#${RELATED_IMAGE_CORE_SMARTGATEWAY_TAG}#g;s#<<OPERATOR_BUNDLE_VERSION>>#${OPERATOR_BUNDLE_VERSION}#g;s#1.99.0#${OPERATOR_BUNDLE_VERSION}#g;s#<<BUNDLE_OLM_SKIP_RANGE_LOWER_BOUND>>#${BUNDLE_OLM_SKIP_RANGE_LOWER_BOUND}#g"
+    REPLACE_REGEX="s#<<CREATED_DATE>>#${CREATED_DATE}#g;s#<<OPERATOR_IMAGE>>#${OPERATOR_IMAGE}#g;s#<<OPERATOR_TAG>>#${OPERATOR_TAG}#g;s#<<RELATED_IMAGE_BRIDGE_SMARTGATEWAY>>#${RELATED_IMAGE_BRIDGE_SMARTGATEWAY}#g;s#<<RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG>>#${RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG}#g;s#<<RELATED_IMAGE_CORE_SMARTGATEWAY>>#${RELATED_IMAGE_CORE_SMARTGATEWAY}#g;s#<<RELATED_IMAGE_CORE_SMARTGATEWAY_TAG>>#${RELATED_IMAGE_CORE_SMARTGATEWAY_TAG}#g;s#<<RELATED_IMAGE_OAUTH_PROXY>>#${RELATED_IMAGE_OAUTH_PROXY}#g;s#<<RELATED_IMAGE_OAUTH_PROXY_TAG>>#${RELATED_IMAGE_OAUTH_PROXY_TAG}#g;s#<<OPERATOR_BUNDLE_VERSION>>#${OPERATOR_BUNDLE_VERSION}#g;s#1.99.0#${OPERATOR_BUNDLE_VERSION}#g;s#<<BUNDLE_OLM_SKIP_RANGE_LOWER_BOUND>>#${BUNDLE_OLM_SKIP_RANGE_LOWER_BOUND}#g"
 
-    pushd "${REL}/../"
-    ${OPERATOR_SDK} generate bundle --channels ${BUNDLE_CHANNELS} --default-channel ${BUNDLE_DEFAULT_CHANNEL} --manifests --metadata --version "${OPERATOR_BUNDLE_VERSION}" --output-dir "${WORKING_DIR}"
-    popd
+    pushd "${REL}/../" > /dev/null 2>&1
+    ${OPERATOR_SDK} generate bundle --channels ${BUNDLE_CHANNELS} --default-channel ${BUNDLE_DEFAULT_CHANNEL} --manifests --metadata --version "${OPERATOR_BUNDLE_VERSION}" --output-dir "${WORKING_DIR}" >> ${LOGFILE} 2>&1
+    popd > /dev/null 2>&1
 
-    echo "---- Replacing variables in generated manifest"
     sed -i -E "${REPLACE_REGEX}" "${WORKING_DIR}/manifests/${OPERATOR_NAME}.clusterserviceversion.yaml"
-    echo "---- Generated bundle complete at ${WORKING_DIR}/manifests/${OPERATOR_NAME}.clusterserviceversion.yaml"
+}
+
+copy_extra_metadata() {
+    pushd "${REL}/../" > /dev/null 2>&1
+    cp -r ./deploy/olm-catalog/smart-gateway-operator/tests/ "${WORKING_DIR}"
+    cp ./deploy/olm-catalog/smart-gateway-operator/metadata/properties.yaml "${WORKING_DIR}/metadata/"
 }
 
 copy_extra_metadata() {
@@ -53,11 +57,14 @@ build_bundle_instructions() {
 
 
 # generate templates
-echo "## Begin bundle creation"
 generate_version
 create_working_dir
 generate_dockerfile
 generate_bundle
 copy_extra_metadata
-build_bundle_instructions
-echo "## End Bundle creation"
+#build_bundle_instructions
+
+set +x
+
+JSON_OUTPUT='{"operator_bundle_image":"%s","operator_bundle_version":"%s","operator_image":"%s","bundle_channels":"%s","bundle_default_channel":"%s","operator_tag":"%s","working_dir":"%s"}'
+printf "$JSON_OUTPUT" "$OPERATOR_BUNDLE_IMAGE" "$OPERATOR_BUNDLE_VERSION" "$OPERATOR_IMAGE" "$BUNDLE_CHANNELS" "$BUNDLE_DEFAULT_CHANNEL" "$OPERATOR_TAG" "$WORKING_DIR"

build/metadata.sh

@@ -11,6 +11,8 @@ RELATED_IMAGE_CORE_SMARTGATEWAY=${RELATED_IMAGE_CORE_SMARTGATEWAY:-quay.io/infra
 RELATED_IMAGE_CORE_SMARTGATEWAY_TAG=${RELATED_IMAGE_CORE_SMARTGATEWAY_TAG:-stable-1.5}
 RELATED_IMAGE_BRIDGE_SMARTGATEWAY=${RELATED_IMAGE_BRIDGE_SMARTGATEWAY:-quay.io/infrawatch/sg-bridge}
 RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG=${RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG:-stable-1.5}
+RELATED_IMAGE_OAUTH_PROXY=${RELATED_IMAGE_OAUTH_PROXY:-quay.io/openshift/origin-oauth-proxy}
+RELATED_IMAGE_OAUTH_PROXY_TAG=${RELATED_IMAGE_OAUTH_PROXY_TAG:-latest}
 BUNDLE_PATH=${BUNDLE_PATH:-deploy/olm-catalog/smart-gateway-operator}
 BUNDLE_CHANNELS=${BUNDLE_CHANNELS:-stable-1.5}
 BUNDLE_DEFAULT_CHANNEL=${BUNDLE_DEFAULT_CHANNEL:-stable-1.5}

deploy/olm-catalog/smart-gateway-operator/Dockerfile.in

@@ -13,7 +13,7 @@ LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
 LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v0.19.4
 LABEL operators.operatorframework.io.metrics.project_layout=ansible
 LABEL com.redhat.delivery.operator.bundle=true
-LABEL com.redhat.openshift.versions="v4.10-v4.12"
+LABEL com.redhat.openshift.versions="v4.11-v4.14"
 LABEL com.redhat.delivery.backport=false
 
 LABEL com.redhat.component="smart-gateway-operator-bundle-container" \

deploy/olm-catalog/smart-gateway-operator/manifests/smart-gateway-operator.clusterserviceversion.yaml

@@ -69,11 +69,21 @@ metadata:
     createdAt: <<CREATED_DATE>>
     description: Operator for managing the Smart Gateway Custom Resources, resulting
       in deployments of the Smart Gateway.
+    features.operators.openshift.io/cnf: "false"
+    features.operators.openshift.io/cni: "false"
+    features.operators.openshift.io/csi: "false"
+    features.operators.openshift.io/disconnected: "false"
+    features.operators.openshift.io/fips-compliant: "false"
+    features.operators.openshift.io/proxy-aware: "false"
+    features.operators.openshift.io/tls-profiles: "false"
+    features.operators.openshift.io/token-auth-aws: "false"
+    features.operators.openshift.io/token-auth-azure: "false"
+    features.operators.openshift.io/token-auth-gcp: "false"
     olm.skipRange: =><<BUNDLE_OLM_SKIP_RANGE_LOWER_BOUND>> <<<OPERATOR_BUNDLE_VERSION>>
-    operators.operatorframework.io/builder: operator-sdk-v0.19.4
-    operators.operatorframework.io/project_layout: ansible
     operators.openshift.io/valid-subscription: '["OpenStack Platform", "Cloud Infrastructure",
       "Cloud Suite"]'
+    operators.operatorframework.io/builder: operator-sdk-v0.19.4
+    operators.operatorframework.io/project_layout: ansible
     repository: https://github.com/infrawatch/smart-gateway-operator
     support: Red Hat
   name: smart-gateway-operator.v1.99.0
@@ -235,6 +245,8 @@ spec:
                   value: <<RELATED_IMAGE_CORE_SMARTGATEWAY>>:<<RELATED_IMAGE_CORE_SMARTGATEWAY_TAG>>
                 - name: RELATED_IMAGE_BRIDGE_SMARTGATEWAY_IMAGE
                   value: <<RELATED_IMAGE_BRIDGE_SMARTGATEWAY>>:<<RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG>>
+                - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE
+                  value: <<RELATED_IMAGE_OAUTH_PROXY>>:<<RELATED_IMAGE_OAUTH_PROXY_TAG>>
                 image: <<OPERATOR_IMAGE>>:<<OPERATOR_TAG>>
                 imagePullPolicy: Always
                 name: operator

deploy/olm-catalog/smart-gateway-operator/metadata/properties.yaml

@@ -1,3 +1,3 @@
 properties:
   - type: olm.maxOpenShiftVersion
-    value: "4.12"
+    value: "4.14"

deploy/operator.yaml

@@ -41,6 +41,8 @@ spec:
           value: <<RELATED_IMAGE_CORE_SMARTGATEWAY>>:<<RELATED_IMAGE_CORE_SMARTGATEWAY_TAG>>
         - name: RELATED_IMAGE_BRIDGE_SMARTGATEWAY_IMAGE
           value: <<RELATED_IMAGE_BRIDGE_SMARTGATEWAY>>:<<RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG>>
+        - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE
+          value: <<RELATED_IMAGE_OAUTH_PROXY>>:<<RELATED_IMAGE_OAUTH_PROXY_TAG>>
       volumes:
       - emptyDir: {}
         name: runner

roles/smartgateway/defaults/main.yml

@@ -11,9 +11,6 @@ exporter_port: 8081
 block_event_bus: false
 service_account_name: smart-gateway
 
-# - This image works on OCP 4.6, 4.7, and 4.8
-oauth_proxy_image: image-registry.openshift-image-registry.svc:5000/openshift/oauth-proxy:v4.4
-
 # used in conjunction with sg_vars in vars/main.yml to provide single parameter override for the dictionaries
 sg_defaults:
   bridge:

roles/smartgateway/tasks/main.yml

@@ -23,6 +23,10 @@
     bridge_container_image_path: "{{ lookup('env', 'RELATED_IMAGE_BRIDGE_SMARTGATEWAY_IMAGE') | default('quay.io/infrawatch/sg-bridge:latest', true) }}"
   when: bridge_container_image_path is undefined
 
+- name: Set OAuth Proxy image
+  set_fact:
+    oauth_proxy_image: "{{ lookup('env', 'RELATED_IMAGE_OAUTH_PROXY_IMAGE') | default('quay.io/openshift/origin-oauth-proxy:latest', true) }}"
+
 - name: Check for existing cookie secret
   k8s_info:
     api_version: v1

roles/smartgateway/templates/deployment.yaml.j2

@@ -154,7 +154,7 @@ spec:
 {% if (applications | selectattr('name','equalto','elasticsearch') | list | count > 0) %}
       - name: elastic-certs
         secret:
-          secretName: {{ tls_secret_name }}
+          secretName: {{ (applications | selectattr('name','equalto','elasticsearch') | map(attribute='config') | first | from_yaml).tlsSecretName | default(tls_secret_name)}}
 {% endif %}
       - name: session-secret
         secret: