Update OperatorPolicy types

It was decided to use RawExtension for the "embedded" Subscription and
OperatorGroup, this can better allow for possible version skew in the
future. The CRD validation would be limited inside the policy framework
anyway because in a Policy, the raw content has no validation.

This also removes some fields which are not expected to be functional
in the initial release.

The `build*` functions have been updated to use the RawExtension, and
may have been adjusted for some other incoming changes. Some other
temporary changes were made to resolve compilation errors and unit
tests, but the OperatorPolicy "e2e" tests were not considered.

Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>

api/v1beta1/operatorpolicy_types.go

@@ -4,8 +4,8 @@
 package v1beta1
 
 import (
-	operatorv1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 
 	policyv1 "open-cluster-management.io/config-policy-controller/api/v1"
 )
@@ -36,39 +36,6 @@ const (
 	DeleteIfUnused RemovalAction = "DeleteIfUnused"
 )
 
-type TargetNsOrSelector struct {
-	// 'namespaces' and 'selector' both define an array/set of target namespaces that
-	// should be affected on the cluster. Only one of 'namespaces' or 'selector'
-	// should be specified, and if both are set then 'selector' will be omitted.
-	Namespace []string `json:"namespaces,omitempty"`
-	// 'namespaces' and 'selector' both define an array/set of target namespaces that
-	// should be affected on the cluster. Only one of 'namespaces' or 'selector'
-	// should be specified, and if both are set then 'selector' will be omitted.
-	Selector *metav1.LabelSelector `json:"selector,omitempty"`
-}
-
-// OperatorGroup specifies an OLM OperatorGroup. More info:
-// https://olm.operatorframework.io/docs/concepts/crds/operatorgroup/
-type OperatorGroup struct {
-	// Name of the referent
-	Name string `json:"name,omitempty"`
-	// Namespace of the referent
-	Namespace string `json:"namespace,omitempty"`
-	// Target namespaces of the referent
-	Target TargetNsOrSelector `json:"target,omitempty"`
-	// Name of the OLM ServiceAccount that defines permissions for member operators
-	// +optional
-	ServiceAccountName string `json:"serviceAccountName,omitempty"`
-}
-
-// SubscriptionSpec extends an OLM subscription with a namespace field. More info:
-// https://olm.operatorframework.io/docs/concepts/crds/subscription/
-type SubscriptionSpec struct {
-	operatorv1.SubscriptionSpec `json:",inline"`
-	// Namespace of the referent
-	Namespace string `json:"namespace,omitempty"`
-}
-
 // RemovalBehavior defines resource behavior when policy is removed
 type RemovalBehavior struct {
 	// Kind OperatorGroup
@@ -97,30 +64,41 @@ type StatusConfig struct {
 type OperatorPolicySpec struct {
 	Severity          policyv1.Severity          `json:"severity,omitempty"`          // low, medium, high
 	RemediationAction policyv1.RemediationAction `json:"remediationAction,omitempty"` // inform, enforce
-	ComplianceType    policyv1.ComplianceType    `json:"complianceType"`              // Compliant, NonCompliant
-	// OperatorGroup requires at least 1 of target namespaces, or label selectors
-	// to be set to scope member operators' namespaced permissions. If both are provided,
-	// only the target namespace will be used and the label selector will be omitted.
+	ComplianceType    policyv1.ComplianceType    `json:"complianceType"`              // musthave
+
+	// Include the name, namespace, and any `spec` fields for the OperatorGroup.
+	// For more info, see `kubectl explain operatorgroup.spec` or
+	// https://olm.operatorframework.io/docs/concepts/crds/operatorgroup/
+	// +kubebuilder:pruning:PreserveUnknownFields
 	// +optional
-	OperatorGroup *OperatorGroup `json:"operatorGroup,omitempty"`
-	// Subscription defines an Application that can be installed
+	OperatorGroup *runtime.RawExtension `json:"operatorGroup,omitempty"`
+
+	// Include the namespace, and any `spec` fields for the Subscription.
+	// For more info, see `kubectl explain subscription.spec` or
+	// https://olm.operatorframework.io/docs/concepts/crds/subscription/
 	// +kubebuilder:validation:Required
-	Subscription SubscriptionSpec `json:"subscription"`
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Subscription runtime.RawExtension `json:"subscription"`
+
 	// Versions is a list of nonempty strings that specifies which installed versions are compliant when
 	// in 'inform' mode, and which installPlans are approved when in 'enforce' mode
-	Versions        []policyv1.NonEmptyString `json:"versions,omitempty"`
-	RemovalBehavior RemovalBehavior           `json:"removalBehavior,omitempty"`
-	StatusConfig    StatusConfig              `json:"statusConfig,omitempty"`
+	Versions []policyv1.NonEmptyString `json:"versions,omitempty"`
+
+	// FUTURE
+	//nolint:dupword
+	// RemovalBehavior RemovalBehavior           `json:"removalBehavior,omitempty"`
+	//nolint:dupword
+	// StatusConfig    StatusConfig              `json:"statusConfig,omitempty"`
 }
 
 // OperatorPolicyStatus defines the observed state of OperatorPolicy
 type OperatorPolicyStatus struct {
 	// Most recent compliance state of the policy
 	ComplianceState policyv1.ComplianceState `json:"compliant,omitempty"`
 	// Historic details on the condition of the policy
-	Condition []metav1.Condition `json:"conditions,omitempty"`
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
 	// List of resources processed by the policy
-	RelatedObject policyv1.RelatedObject `json:"relatedObject"`
+	RelatedObjects []policyv1.RelatedObject `json:"relatedObjects"`
 }
 
 //+kubebuilder:object:root=true