Import master into stable-1.5

build/Dockerfile

@@ -1,4 +1,16 @@
-FROM quay.io/openshift/origin-ansible-operator:4.10
+FROM quay.io/openshift/origin-ansible-operator:4.12
 
+# temporarily switch to root user to adjust image layers
+USER 0
+
+# update the base image to allow forward-looking optimistic updates during the testing phase, with the added benefit of helping move closer to passing security scans.
+# -- excludes ansible so it remains at 2.9 tag as shipped with the base image
+# -- cleans up the cached data from dnf to keep the image as small as possible
+RUN dnf update -y --exclude=ansible* && dnf clean all && rm -rf /var/cache/dnf
+
+# switch back to user 1001 when running the base image (non-root)
+USER 1001
+
+# copy in required artifacts for the operator
 COPY roles/ ${HOME}/roles/
 COPY watches.yaml ${HOME}/watches.yaml

build/generate_bundle.sh

@@ -1,41 +1,45 @@
 #!/usr/bin/env bash
 set -e
-REL=$(dirname "$0")
+set -x
+
+LOGFILE=${LOGFILE:-/dev/null}
+# If LOGFILE is /dev/null, this command fails, so ignore that error
+truncate --size=0 ${LOGFILE} || true
+
+OPERATOR_SDK=${OPERATOR_SDK:-operator-sdk}
+REL=$( readlink -f $(dirname "$0"))
 
 # shellcheck source=build/metadata.sh
 . "${REL}/metadata.sh"
 
 generate_version() {
- echo "-- Generating operator version"
  UNIXDATE=$(date '+%s')
  OPERATOR_BUNDLE_VERSION=${OPERATOR_CSV_MAJOR_VERSION}.${UNIXDATE}
- echo "---- Operator Version: ${OPERATOR_BUNDLE_VERSION}"
 }
 
 create_working_dir() {
- echo "-- Create working directory"
  WORKING_DIR=${WORKING_DIR:-"/tmp/${OPERATOR_NAME}-bundle-${OPERATOR_BUNDLE_VERSION}"}
  mkdir -p "${WORKING_DIR}"
- echo "---- Created working directory: ${WORKING_DIR}"
 }
 
 generate_dockerfile() {
- echo "-- Generate Dockerfile for bundle"
  sed -E "s#<<OPERATOR_BUNDLE_VERSION>>#${OPERATOR_BUNDLE_VERSION}#g;s#<<BUNDLE_CHANNELS>>#${BUNDLE_CHANNELS}#g;s#<<BUNDLE_DEFAULT_CHANNEL>>#${BUNDLE_DEFAULT_CHANNEL}#g" "${REL}/../${BUNDLE_PATH}/Dockerfile.in" > "${WORKING_DIR}/Dockerfile"
- echo "---- Generated Dockerfile complete"
 }
 
 generate_bundle() {
- echo "-- Generate bundle"
- REPLACE_REGEX="s#<<CREATED_DATE>>#${CREATED_DATE}#g;s#<<OPERATOR_IMAGE>>#${OPERATOR_IMAGE}#g;s#<<OPERATOR_TAG>>#${OPERATOR_TAG}#g;s#<<RELATED_IMAGE_BRIDGE_SMARTGATEWAY>>#${RELATED_IMAGE_BRIDGE_SMARTGATEWAY}#g;s#<<RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG>>#${RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG}#g;s#<<RELATED_IMAGE_CORE_SMARTGATEWAY>>#${RELATED_IMAGE_CORE_SMARTGATEWAY}#g;s#<<RELATED_IMAGE_CORE_SMARTGATEWAY_TAG>>#${RELATED_IMAGE_CORE_SMARTGATEWAY_TAG}#g;s#<<OPERATOR_BUNDLE_VERSION>>#${OPERATOR_BUNDLE_VERSION}#g;s#1.99.0#${OPERATOR_BUNDLE_VERSION}#g;s#<<BUNDLE_OLM_SKIP_RANGE_LOWER_BOUND>>#${BUNDLE_OLM_SKIP_RANGE_LOWER_BOUND}#g"
+ REPLACE_REGEX="s#<<CREATED_DATE>>#${CREATED_DATE}#g;s#<<OPERATOR_IMAGE>>#${OPERATOR_IMAGE}#g;s#<<OPERATOR_TAG>>#${OPERATOR_TAG}#g;s#<<RELATED_IMAGE_BRIDGE_SMARTGATEWAY>>#${RELATED_IMAGE_BRIDGE_SMARTGATEWAY}#g;s#<<RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG>>#${RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG}#g;s#<<RELATED_IMAGE_CORE_SMARTGATEWAY>>#${RELATED_IMAGE_CORE_SMARTGATEWAY}#g;s#<<RELATED_IMAGE_CORE_SMARTGATEWAY_TAG>>#${RELATED_IMAGE_CORE_SMARTGATEWAY_TAG}#g;s#<<RELATED_IMAGE_OAUTH_PROXY>>#${RELATED_IMAGE_OAUTH_PROXY}#g;s#<<RELATED_IMAGE_OAUTH_PROXY_TAG>>#${RELATED_IMAGE_OAUTH_PROXY_TAG}#g;s#<<OPERATOR_BUNDLE_VERSION>>#${OPERATOR_BUNDLE_VERSION}#g;s#1.99.0#${OPERATOR_BUNDLE_VERSION}#g;s#<<BUNDLE_OLM_SKIP_RANGE_LOWER_BOUND>>#${BUNDLE_OLM_SKIP_RANGE_LOWER_BOUND}#g"
 
- pushd "${REL}/../"
- ${OPERATOR_SDK} generate bundle --channels ${BUNDLE_CHANNELS} --default-channel ${BUNDLE_DEFAULT_CHANNEL} --manifests --metadata --version "${OPERATOR_BUNDLE_VERSION}" --output-dir "${WORKING_DIR}"
- popd
+ pushd "${REL}/../" > /dev/null 2>&1
+ ${OPERATOR_SDK} generate bundle --channels ${BUNDLE_CHANNELS} --default-channel ${BUNDLE_DEFAULT_CHANNEL} --manifests --metadata --version "${OPERATOR_BUNDLE_VERSION}" --output-dir "${WORKING_DIR}" >> ${LOGFILE} 2>&1
+ popd > /dev/null 2>&1
 
- echo "---- Replacing variables in generated manifest"
  sed -i -E "${REPLACE_REGEX}" "${WORKING_DIR}/manifests/${OPERATOR_NAME}.clusterserviceversion.yaml"
- echo "---- Generated bundle complete at ${WORKING_DIR}/manifests/${OPERATOR_NAME}.clusterserviceversion.yaml"
+}
+
+copy_extra_metadata() {
+ pushd "${REL}/../" > /dev/null 2>&1
+ cp -r ./deploy/olm-catalog/smart-gateway-operator/tests/ "${WORKING_DIR}"
+ cp ./deploy/olm-catalog/smart-gateway-operator/metadata/properties.yaml "${WORKING_DIR}/metadata/"
 }
 
 copy_extra_metadata() {
@@ -53,11 +57,14 @@ build_bundle_instructions() {
 
 
 # generate templates
-echo "## Begin bundle creation"
 generate_version
 create_working_dir
 generate_dockerfile
 generate_bundle
 copy_extra_metadata
-build_bundle_instructions
-echo "## End Bundle creation"
+#build_bundle_instructions
+
+set +x
+
+JSON_OUTPUT='{"operator_bundle_image":"%s","operator_bundle_version":"%s","operator_image":"%s","bundle_channels":"%s","bundle_default_channel":"%s","operator_tag":"%s","working_dir":"%s"}'
+printf "$JSON_OUTPUT" "$OPERATOR_BUNDLE_IMAGE" "$OPERATOR_BUNDLE_VERSION" "$OPERATOR_IMAGE" "$BUNDLE_CHANNELS" "$BUNDLE_DEFAULT_CHANNEL" "$OPERATOR_TAG" "$WORKING_DIR"

build/metadata.sh

@@ -11,6 +11,8 @@ RELATED_IMAGE_CORE_SMARTGATEWAY=${RELATED_IMAGE_CORE_SMARTGATEWAY:-quay.io/infra
 RELATED_IMAGE_CORE_SMARTGATEWAY_TAG=${RELATED_IMAGE_CORE_SMARTGATEWAY_TAG:-stable-1.5}
 RELATED_IMAGE_BRIDGE_SMARTGATEWAY=${RELATED_IMAGE_BRIDGE_SMARTGATEWAY:-quay.io/infrawatch/sg-bridge}
 RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG=${RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG:-stable-1.5}
+RELATED_IMAGE_OAUTH_PROXY=${RELATED_IMAGE_OAUTH_PROXY:-quay.io/openshift/origin-oauth-proxy}
+RELATED_IMAGE_OAUTH_PROXY_TAG=${RELATED_IMAGE_OAUTH_PROXY_TAG:-latest}
 BUNDLE_PATH=${BUNDLE_PATH:-deploy/olm-catalog/smart-gateway-operator}
 BUNDLE_CHANNELS=${BUNDLE_CHANNELS:-stable-1.5}
 BUNDLE_DEFAULT_CHANNEL=${BUNDLE_DEFAULT_CHANNEL:-stable-1.5}

deploy/olm-catalog/smart-gateway-operator/Dockerfile.in

@@ -13,7 +13,7 @@ LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
 LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v0.19.4
 LABEL operators.operatorframework.io.metrics.project_layout=ansible
 LABEL com.redhat.delivery.operator.bundle=true
-LABEL com.redhat.openshift.versions="v4.10-v4.12"
+LABEL com.redhat.openshift.versions="v4.11-v4.14"
 LABEL com.redhat.delivery.backport=false
 
 LABEL com.redhat.component="smart-gateway-operator-bundle-container" \

deploy/olm-catalog/smart-gateway-operator/manifests/smart-gateway-operator.clusterserviceversion.yaml

@@ -69,11 +69,21 @@ metadata:
  createdAt: <<CREATED_DATE>>
  description: Operator for managing the Smart Gateway Custom Resources, resulting
  in deployments of the Smart Gateway.
+ features.operators.openshift.io/cnf: "false"
+ features.operators.openshift.io/cni: "false"
+ features.operators.openshift.io/csi: "false"
+ features.operators.openshift.io/disconnected: "false"
+ features.operators.openshift.io/fips-compliant: "false"
+ features.operators.openshift.io/proxy-aware: "false"
+ features.operators.openshift.io/tls-profiles: "false"
+ features.operators.openshift.io/token-auth-aws: "false"
+ features.operators.openshift.io/token-auth-azure: "false"
+ features.operators.openshift.io/token-auth-gcp: "false"
  olm.skipRange: =><<BUNDLE_OLM_SKIP_RANGE_LOWER_BOUND>> <<<OPERATOR_BUNDLE_VERSION>>
- operators.operatorframework.io/builder: operator-sdk-v0.19.4
- operators.operatorframework.io/project_layout: ansible
  operators.openshift.io/valid-subscription: '["OpenStack Platform", "Cloud Infrastructure",
  "Cloud Suite"]'
+ operators.operatorframework.io/builder: operator-sdk-v0.19.4
+ operators.operatorframework.io/project_layout: ansible
  repository: https://github.com/infrawatch/smart-gateway-operator
  support: Red Hat
  name: smart-gateway-operator.v1.99.0
@@ -235,6 +245,8 @@ spec:
  value: <<RELATED_IMAGE_CORE_SMARTGATEWAY>>:<<RELATED_IMAGE_CORE_SMARTGATEWAY_TAG>>
  - name: RELATED_IMAGE_BRIDGE_SMARTGATEWAY_IMAGE
  value: <<RELATED_IMAGE_BRIDGE_SMARTGATEWAY>>:<<RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG>>
+ - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE
+ value: <<RELATED_IMAGE_OAUTH_PROXY>>:<<RELATED_IMAGE_OAUTH_PROXY_TAG>>
  image: <<OPERATOR_IMAGE>>:<<OPERATOR_TAG>>
  imagePullPolicy: Always
  name: operator

deploy/olm-catalog/smart-gateway-operator/metadata/properties.yaml

@@ -1,3 +1,3 @@
 properties:
  - type: olm.maxOpenShiftVersion
- value: "4.12"
+ value: "4.14"

deploy/operator.yaml

@@ -41,6 +41,8 @@ spec:
  value: <<RELATED_IMAGE_CORE_SMARTGATEWAY>>:<<RELATED_IMAGE_CORE_SMARTGATEWAY_TAG>>
  - name: RELATED_IMAGE_BRIDGE_SMARTGATEWAY_IMAGE
  value: <<RELATED_IMAGE_BRIDGE_SMARTGATEWAY>>:<<RELATED_IMAGE_BRIDGE_SMARTGATEWAY_TAG>>
+ - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE
+ value: <<RELATED_IMAGE_OAUTH_PROXY>>:<<RELATED_IMAGE_OAUTH_PROXY_TAG>>
  volumes:
  - emptyDir: {}
  name: runner

roles/smartgateway/defaults/main.yml

@@ -11,9 +11,6 @@ exporter_port: 8081
 block_event_bus: false
 service_account_name: smart-gateway
 
-# - This image works on OCP 4.6, 4.7, and 4.8
-oauth_proxy_image: image-registry.openshift-image-registry.svc:5000/openshift/oauth-proxy:v4.4
-
 # used in conjunction with sg_vars in vars/main.yml to provide single parameter override for the dictionaries
 sg_defaults:
  bridge:

roles/smartgateway/tasks/main.yml

@@ -23,6 +23,10 @@
  bridge_container_image_path: "{{ lookup('env', 'RELATED_IMAGE_BRIDGE_SMARTGATEWAY_IMAGE') | default('quay.io/infrawatch/sg-bridge:latest', true) }}"
  when: bridge_container_image_path is undefined
 
+- name: Set OAuth Proxy image
+ set_fact:
+ oauth_proxy_image: "{{ lookup('env', 'RELATED_IMAGE_OAUTH_PROXY_IMAGE') | default('quay.io/openshift/origin-oauth-proxy:latest', true) }}"
+
 - name: Check for existing cookie secret
  k8s_info:
  api_version: v1

roles/smartgateway/templates/deployment.yaml.j2

@@ -154,7 +154,7 @@ spec:
 {% if (applications | selectattr('name','equalto','elasticsearch') | list | count > 0) %}
  - name: elastic-certs
  secret:
- secretName: {{ tls_secret_name }}
+ secretName: {{ (applications | selectattr('name','equalto','elasticsearch') | map(attribute='config') | first | from_yaml).tlsSecretName | default(tls_secret_name)}}
 {% endif %}
  - name: session-secret
  secret: