feat: Allow configuring user namespaces with OpenShift template

Signed-off-by: Anatolii Bazko <abazko@redhat.com>

DEPENDENCIES.md

@@ -466,7 +466,7 @@
 | [go.etcd.io/etcd@dd1b699fc4895de8cc23c3cac5a428c37eee384a](https://github.com/etcd-io/etcd.git)                                                                                                  | Apache-2.0 | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23592)                                                                                         |
 | [github.com/remyoudompheng/bigfft@6a916e37a237384e18eefa3270c09247db1ecf50](https://github.com/remyoudompheng/bigfft.git)                                                                        | BSD-3-Clause | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23591)                                                                                         |
 | [github.com/operator-framework/operator-registry@v1.13.6](https://github.com/operator-framework/operator-registry.git)                                                                           | Apache-2.0 | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23590)                                                                                         |
-| [github.com/openshift/api@32369d4db2ada1c1cdb95b99b568a9925e2a4480](https://github.com/openshift/api.git)                                                                                        | Apache-2.0 | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23586)                                                                                         |
+| [github.com/openshift/api@88b476f987ed90f7b0e1fdc851859c35161b1ff5](https://github.com/openshift/api.git)                                                                                        | Apache-2.0 | [clearlydefined](https://clearlydefined.io/definitions/git/github/openshift/api/88b476f987ed90f7b0e1fdc851859c35161b1ff5)                                                                                         |
 | [github.com/chai2010/gettext-go@c6fed771bfd517099caf0f7a961671fa8ed08723](https://github.com/chai2010/gettext-go.git)                                                                            | BSD-3-Clause | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23551)                                                                                         |
 | [github.com/cloudflare/golz4@ef862a3cdc58a6f1fee4e3af3d44fbe279194cde](https://github.com/cloudflare/golz4.git)                                                                                  | BSD-3-Clause | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23552)                                                                                         |
 | [github.com/coreos/go-systemd@fd7a80b32e1fc73e890fde45604ed5009dc817a3](https://github.com/coreos/go-systemd.git)                                                                                | Apache-2.0 | [CQ](https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23553)                                                                                         |

bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml

@@ -104,7 +104,7 @@ metadata:
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
     repository: https://github.com/eclipse-che/che-operator
     support: Eclipse Foundation
-  name: eclipse-che.v7.94.0-890.next
+  name: eclipse-che.v7.94.0-892.next
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -828,7 +828,33 @@ spec:
               resources:
                 - limitranges
               verbs:
+                - create
+                - delete
+                - get
+                - update
+                - patch
+                - watch
                 - list
+            - apiGroups:
+                - ""
+              resources:
+                - resourcequotas
+              verbs:
+                - create
+                - delete
+                - get
+                - update
+                - patch
+                - watch
+                - list
+            - apiGroups:
+                - template.openshift.io
+              resources:
+                - templates
+              verbs:
+                - get
+                - list
+                - watch
             - apiGroups:
                 - monitoring.coreos.com
               resources:
@@ -1035,7 +1061,7 @@ spec:
   minKubeVersion: 1.19.0
   provider:
     name: Eclipse Foundation
-  version: 7.94.0-890.next
+  version: 7.94.0-892.next
   webhookdefinitions:
     - admissionReviewVersions:
         - v1

config/rbac/cluster_role.yaml

@@ -339,7 +339,33 @@ rules:
     resources:
       - limitranges
     verbs:
+      - create
+      - delete
+      - get
+      - update
+      - patch
+      - watch
       - list
+  - apiGroups:
+      - ""
+    resources:
+      - resourcequotas
+    verbs:
+      - create
+      - delete
+      - get
+      - update
+      - patch
+      - watch
+      - list
+  - apiGroups:
+      - template.openshift.io
+    resources:
+      - templates
+    verbs:
+      - get
+      - list
+      - watch
   - apiGroups:
       - monitoring.coreos.com
     resources:

controllers/usernamespace/workspace_cm_syncer.go

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2019-2023 Red Hat, Inc.
+// Copyright (c) 2019-2024 Red Hat, Inc.
 // This program and the accompanying materials are made
 // available under the terms of the Eclipse Public License 2.0
 // which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -14,11 +14,9 @@ package usernamespace
 
 import (
 	dwconstants "github.com/devfile/devworkspace-operator/pkg/constants"
-	"github.com/google/go-cmp/cmp"
-	"github.com/google/go-cmp/cmp/cmpopts"
+	"github.com/eclipse-che/che-operator/pkg/common/utils"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -27,64 +25,43 @@ var (
 	v1ConfigMapGKV = corev1.SchemeGroupVersion.WithKind("ConfigMap")
 )
 
-type configMapSyncer struct {
-	workspaceConfigSyncer
+type cmWorkspaceSyncObject struct {
+	WorkspaceSyncObject
+	cm *corev1.ConfigMap
 }
 
-func newConfigMapSyncer() *configMapSyncer {
-	return &configMapSyncer{}
+func newCMWorkspaceSyncObject(cm *corev1.ConfigMap) *cmWorkspaceSyncObject {
+	return &cmWorkspaceSyncObject{cm: cm}
 }
 
-func (p *configMapSyncer) gkv() schema.GroupVersionKind {
+func (p *cmWorkspaceSyncObject) getSrcObject() client.Object {
+	return p.cm
+}
+
+func (p *cmWorkspaceSyncObject) getSrcObjectGKV() schema.GroupVersionKind {
 	return v1ConfigMapGKV
 }
 
-func (p *configMapSyncer) newObjectFrom(src client.Object) client.Object {
-	dst := src.(runtime.Object).DeepCopyObject()
+func (p *cmWorkspaceSyncObject) newDstObject() client.Object {
+	dst := p.cm.DeepCopyObject()
 	dst.(*corev1.ConfigMap).ObjectMeta = metav1.ObjectMeta{
-		Name:        src.GetName(),
-		Annotations: src.GetAnnotations(),
-		Labels: mergeWorkspaceConfigObjectLabels(
-			src.GetLabels(),
-			map[string]string{
+		Name:        p.cm.GetName(),
+		Annotations: p.cm.GetAnnotations(),
+		Labels: utils.MergeMaps([]map[string]string{
+			p.cm.GetLabels(),
+			{
 				dwconstants.DevWorkspaceWatchConfigMapLabel: "true",
 				dwconstants.DevWorkspaceMountLabel:          "true",
-			},
-		),
+			}}),
 	}
 
 	return dst.(client.Object)
 }
 
-func (p *configMapSyncer) isExistedObjChanged(newObj client.Object, existedObj client.Object) bool {
-	if newObj.GetLabels() != nil {
-		for key, value := range newObj.GetLabels() {
-			if existedObj.GetLabels()[key] != value {
-				return true
-			}
-		}
-	}
-
-	if newObj.GetAnnotations() != nil {
-		for key, value := range newObj.GetAnnotations() {
-			if existedObj.GetAnnotations()[key] != value {
-				return true
-			}
-		}
-	}
-
-	return cmp.Diff(
-		newObj,
-		existedObj,
-		cmp.Options{
-			cmpopts.IgnoreFields(corev1.ConfigMap{}, "TypeMeta", "ObjectMeta"),
-		}) != ""
-}
-
-func (p *configMapSyncer) getObjectList() client.ObjectList {
-	return &corev1.ConfigMapList{}
+func (p *cmWorkspaceSyncObject) getSrcObjectVersion() string {
+	return p.cm.GetResourceVersion()
 }
 
-func (p *configMapSyncer) hasReadOnlySpec() bool {
+func (p *cmWorkspaceSyncObject) hasROSpec() bool {
 	return false
 }

controllers/usernamespace/workspace_cm_syncer_test.go

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2019-2023 Red Hat, Inc.
+// Copyright (c) 2019-2024 Red Hat, Inc.
 // This program and the accompanying materials are made
 // available under the terms of the Eclipse Public License 2.0
 // which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -67,12 +67,11 @@ func TestSyncConfigMap(t *testing.T) {
 
 	workspaceConfigReconciler := NewWorkspacesConfigReconciler(
 		deployContext.ClusterAPI.Client,
-		deployContext.ClusterAPI.NonCachingClient,
 		deployContext.ClusterAPI.Scheme,
 		NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient))
 
 	// Sync ConfigMap
-	err := workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
+	err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace)
 	assert.Nil(t, err)
 	assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
 
@@ -96,7 +95,7 @@ func TestSyncConfigMap(t *testing.T) {
 	assert.Nil(t, err)
 
 	// Sync ConfigMap
-	err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
+	err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace)
 	assert.Nil(t, err)
 	assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
 
@@ -120,7 +119,7 @@ func TestSyncConfigMap(t *testing.T) {
 	assert.Nil(t, err)
 
 	// Sync ConfigMap
-	err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
+	err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace)
 	assert.Nil(t, err)
 	assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
 
@@ -145,7 +144,7 @@ func TestSyncConfigMap(t *testing.T) {
 	assert.Nil(t, err)
 
 	// Sync ConfigMap
-	err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
+	err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace)
 	assert.Nil(t, err)
 	assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
 
@@ -167,7 +166,7 @@ func TestSyncConfigMap(t *testing.T) {
 	assert.Nil(t, err)
 
 	// Sync ConfigMap
-	err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
+	err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace)
 	assert.Nil(t, err)
 	assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
 
@@ -187,7 +186,7 @@ func TestSyncConfigMap(t *testing.T) {
 	assert.Nil(t, err)
 
 	// Sync ConfigMap
-	err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
+	err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace)
 	assert.Nil(t, err)
 	assertSyncConfig(t, workspaceConfigReconciler, 0, v1ConfigMapGKV)
 
@@ -224,12 +223,11 @@ func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) {
 
 	workspaceConfigReconciler := NewWorkspacesConfigReconciler(
 		deployContext.ClusterAPI.Client,
-		deployContext.ClusterAPI.NonCachingClient,
 		deployContext.ClusterAPI.Scheme,
 		NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient))
 
 	// Sync ConfigMap
-	err := workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
+	err := workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace)
 	assert.Nil(t, err)
 	assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
 
@@ -254,7 +252,7 @@ func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) {
 	assert.Nil(t, err)
 
 	// Sync ConfigMap
-	err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
+	err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace)
 	assert.Nil(t, err)
 	assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
 
@@ -282,7 +280,7 @@ func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) {
 	assert.Nil(t, err)
 
 	// Sync ConfigMap
-	err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
+	err = workspaceConfigReconciler.syncWorkspace(context.TODO(), userNamespace)
 	assert.Nil(t, err)
 	assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
 

controllers/usernamespace/workspace_pvc_syncer.go

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2019-2023 Red Hat, Inc.
+// Copyright (c) 2019-2024 Red Hat, Inc.
 // This program and the accompanying materials are made
 // available under the terms of the Eclipse Public License 2.0
 // which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -24,19 +24,22 @@ var (
 	v1PvcGKV = corev1.SchemeGroupVersion.WithKind("PersistentVolumeClaim")
 )
 
-type pvcSyncer struct {
-	workspaceConfigSyncer
+type pvcWorkspaceSyncObject struct {
+	WorkspaceSyncObject
+	pvc *corev1.PersistentVolumeClaim
 }
 
-func newPvcSyncer() *pvcSyncer {
-	return &pvcSyncer{}
+func newPvcWorkspaceSyncObject(pvc *corev1.PersistentVolumeClaim) *pvcWorkspaceSyncObject {
+	return &pvcWorkspaceSyncObject{
+		pvc: pvc,
+	}
 }
 
-func (p *pvcSyncer) gkv() schema.GroupVersionKind {
+func (p *pvcWorkspaceSyncObject) getSrcObjectGKV() schema.GroupVersionKind {
 	return v1PvcGKV
 }
 
-func (p *pvcSyncer) newObjectFrom(src client.Object) client.Object {
+func (p *pvcWorkspaceSyncObject) newDstObj(src client.Object) client.Object {
 	dst := src.(runtime.Object).DeepCopyObject()
 	dst.(*corev1.PersistentVolumeClaim).ObjectMeta = metav1.ObjectMeta{
 		Name:        src.GetName(),
@@ -48,14 +51,26 @@ func (p *pvcSyncer) newObjectFrom(src client.Object) client.Object {
 	return dst.(client.Object)
 }
 
-func (p *pvcSyncer) isExistedObjChanged(newObj client.Object, existedObj client.Object) bool {
-	return false
+func (p *pvcWorkspaceSyncObject) getSrcObject() client.Object {
+	return p.pvc
+}
+
+func (p *pvcWorkspaceSyncObject) newDstObject() client.Object {
+	dst := p.pvc.DeepCopyObject()
+	dst.(*corev1.PersistentVolumeClaim).ObjectMeta = metav1.ObjectMeta{
+		Name:        p.pvc.GetName(),
+		Annotations: p.pvc.GetAnnotations(),
+		Labels:      p.pvc.GetLabels(),
+	}
+	dst.(*corev1.PersistentVolumeClaim).Status = corev1.PersistentVolumeClaimStatus{}
+
+	return dst.(client.Object)
 }
 
-func (p *pvcSyncer) getObjectList() client.ObjectList {
-	return &corev1.PersistentVolumeClaimList{}
+func (p *pvcWorkspaceSyncObject) getSrcObjectVersion() string {
+	return p.pvc.GetResourceVersion()
 }
 
-func (p *pvcSyncer) hasReadOnlySpec() bool {
+func (p *pvcWorkspaceSyncObject) hasROSpec() bool {
 	return true
 }