Merge pull request #1491 from deads2k/remove-featureset

OCPBUGS-13547: Remove featureset flag and use only the manifest

go.mod

@@ -12,10 +12,10 @@ require (
 	github.com/google/go-cmp v0.5.9
 	github.com/imdario/mergo v0.3.8
 	github.com/miekg/dns v1.1.25
-	github.com/openshift/api v0.0.0-20230503133300-8bbcb7ca7183
+	github.com/openshift/api v0.0.0-20230509100629-894b49f57a15
 	github.com/openshift/build-machinery-go v0.0.0-20230228230858-4cd708338479
 	github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb
-	github.com/openshift/library-go v0.0.0-20230503173034-95ca3c14e50a
+	github.com/openshift/library-go v0.0.0-20230510144506-e749b54aff20
 	github.com/pkg/profile v1.5.0 // indirect
 	github.com/prometheus-operator/prometheus-operator/pkg/client v0.45.0
 	github.com/prometheus/client_golang v1.14.0

go.sum

@@ -445,14 +445,14 @@ github.com/onsi/ginkgo/v2 v2.9.1 h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=
-github.com/openshift/api v0.0.0-20230503133300-8bbcb7ca7183 h1:t/CahSnpqY46sQR01SoS+Jt0jtjgmhgE6lFmRnO4q70=
-github.com/openshift/api v0.0.0-20230503133300-8bbcb7ca7183/go.mod h1:4VWG+W22wrB4HfBL88P40DxLEpSOaiBVxUnfalfJo9k=
+github.com/openshift/api v0.0.0-20230509100629-894b49f57a15 h1:0aKQixYOtjKB3NKhNzFeQ1t0oDOkacpaAN1ztfZufB8=
+github.com/openshift/api v0.0.0-20230509100629-894b49f57a15/go.mod h1:4VWG+W22wrB4HfBL88P40DxLEpSOaiBVxUnfalfJo9k=
 github.com/openshift/build-machinery-go v0.0.0-20230228230858-4cd708338479 h1:IU2KU1kzg7/dfiZO4uPJY1G5Wp1k/IiXfYesc+quwaE=
 github.com/openshift/build-machinery-go v0.0.0-20230228230858-4cd708338479/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
 github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb h1:Nij5OnaECrkmcRQMAE9LMbQXPo95aqFnf+12B7SyFVI=
 github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb/go.mod h1:Rhb3moCqeiTuGHAbXBOlwPubUMlOZEkrEWTRjIF3jzs=
-github.com/openshift/library-go v0.0.0-20230503173034-95ca3c14e50a h1:GWDlGsHQUo2QaXG8r4nCAbAMAYNN85HOMt+vZSLBOdQ=
-github.com/openshift/library-go v0.0.0-20230503173034-95ca3c14e50a/go.mod h1:PJVatR/oS/EaFciwylyAr9hORSqQHrC+5bXf4L0wsBY=
+github.com/openshift/library-go v0.0.0-20230510144506-e749b54aff20 h1:BfL2/x2Z/N3Wc1AhovvZ1pWStxwTuQdo6A84NPhSTvY=
+github.com/openshift/library-go v0.0.0-20230510144506-e749b54aff20/go.mod h1:PJVatR/oS/EaFciwylyAr9hORSqQHrC+5bXf4L0wsBY=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=

pkg/cmd/render/render.go

@@ -27,7 +27,6 @@ import (
 	"github.com/spf13/pflag"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/util/sets"
 	kyaml "k8s.io/apimachinery/pkg/util/yaml"
 	auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
 	"k8s.io/klog/v2"
@@ -179,17 +178,17 @@ func (r *renderOpts) Run() error {
 		ShutdownDelayDuration:         "",  // do not override
 	}
 
-	featureGates, err := r.generic.FeatureGates()
+	featureGateAccessor, err := r.generic.FeatureGates()
 	if err != nil {
-		klog.Warningf(fmt.Sprintf("error getting FeatureGates: %v", err))
-		if err := setFeatureGates(&renderConfig, r); err != nil {
-			return err
-		}
+		return fmt.Errorf("error getting FeatureGates: %w", err)
+	}
+	featureGates, err := featureGateAccessor.CurrentFeatureGates()
+	if err != nil {
+		return fmt.Errorf("unable to get FeatureGates: %w", err)
+	}
 
-	} else {
-		if err := setFeatureGatesFromAccessor(&renderConfig, featureGates); err != nil {
-			return err
-		}
+	if err := setFeatureGatesFromAccessor(&renderConfig, featureGates); err != nil {
+		return err
 	}
 
 	if len(r.clusterConfigFile) > 0 {
@@ -272,11 +271,7 @@ func (r *renderOpts) Run() error {
 		return err
 	}
 
-	featureSet, err := r.generic.FeatureSetName()
-	if err != nil {
-		return err
-	}
-	defaultConfig, err := bootstrapDefaultConfig(featureSet)
+	defaultConfig, err := bootstrapDefaultConfig(featureGates)
 	if err != nil {
 		return fmt.Errorf("failed to get default config with audit policy - %s", err)
 	}
@@ -294,7 +289,7 @@ func (r *renderOpts) Run() error {
 	return genericrender.WriteFiles(&r.generic, &renderConfig.FileConfig, renderConfig)
 }
 
-func bootstrapDefaultConfig(featureSet configv1.FeatureSet) ([]byte, error) {
+func bootstrapDefaultConfig(featureGates featuregates.FeatureGate) ([]byte, error) {
 	asset := filepath.Join("assets", "config", "defaultconfig.yaml")
 	raw, err := bindata.Asset(asset)
 	if err != nil {
@@ -319,12 +314,7 @@ func bootstrapDefaultConfig(featureSet configv1.FeatureSet) ([]byte, error) {
 		return nil, fmt.Errorf("failed to add audit policy into default config - %s", err)
 	}
 
-	// modify config for TechPreviewNoUpgrade here.
-	disabledFeatures := sets.New[configv1.FeatureGateName]()
-	for _, curr := range configv1.FeatureSets[featureSet].Disabled {
-		disabledFeatures.Insert(curr.FeatureGateAttributes.Name)
-	}
-	if disabledFeatures.Has(configv1.FeatureGateOpenShiftPodSecurityAdmission) {
+	if !featureGates.Enabled(configv1.FeatureGateOpenShiftPodSecurityAdmission) {
 		if err := auth.SetPodSecurityAdmissionToEnforcePrivileged(defaultConfig); err != nil {
 			return nil, err
 		}
@@ -498,30 +488,10 @@ func discoverCIDRsFromClusterAPI(clusterConfigFileData []byte, renderConfig *Tem
 	return nil
 }
 
-func setFeatureGates(renderConfig *TemplateData, opts *renderOpts) error {
-	featureSet, ok := configv1.FeatureSets[configv1.FeatureSet(opts.generic.FeatureSet)]
-	if !ok {
-		return fmt.Errorf("featureSet %q not found", featureSet)
-	}
-	allGates := []string{}
-	for _, enabled := range featureSet.Enabled {
-		allGates = append(allGates, fmt.Sprintf("%v=true", enabled.FeatureGateAttributes.Name))
-	}
-	for _, disabled := range featureSet.Disabled {
-		allGates = append(allGates, fmt.Sprintf("%v=false", disabled.FeatureGateAttributes.Name))
-	}
-	renderConfig.FeatureGates = allGates
-	return nil
-}
-
-func setFeatureGatesFromAccessor(renderConfig *TemplateData, featureGates featuregates.FeatureGateAccess) error {
-	currFeatureGates, err := featureGates.CurrentFeatureGates()
-	if err != nil {
-		return fmt.Errorf("unable to get FeatureGates: %w", err)
-	}
+func setFeatureGatesFromAccessor(renderConfig *TemplateData, featureGates featuregates.FeatureGate) error {
 	allGates := []string{}
-	for _, featureGateName := range currFeatureGates.KnownFeatures() {
-		if currFeatureGates.Enabled(featureGateName) {
+	for _, featureGateName := range featureGates.KnownFeatures() {
+		if featureGates.Enabled(featureGateName) {
 			allGates = append(allGates, fmt.Sprintf("%v=true", featureGateName))
 		} else {
 			allGates = append(allGates, fmt.Sprintf("%v=false", featureGateName))

pkg/cmd/render/render_test.go

@@ -11,18 +11,17 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/stretchr/testify/require"
-
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/equality"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"k8s.io/apimachinery/pkg/util/sets"
-
 	configv1 "github.com/openshift/api/config/v1"
 	kubecontrolplanev1 "github.com/openshift/api/kubecontrolplane/v1"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/configobservation/configobservercontroller"
 	libgoaudit "github.com/openshift/library-go/pkg/operator/apiserver/audit"
+	"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
 	genericrenderoptions "github.com/openshift/library-go/pkg/operator/render/options"
+	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/equality"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/util/sets"
 	kyaml "k8s.io/apimachinery/pkg/util/yaml"
 )
 
@@ -235,6 +234,8 @@ func TestRenderCommand(t *testing.T) {
 		tempDisabledFeatureGates = sets.New[configv1.FeatureGateName]()
 	}
 
+	defaultFGDir := filepath.Join("testdata", "rendered", "default-fg")
+
 	tests := []struct {
 		// note the name is used as a name for a temporary directory
 		name            string
@@ -250,29 +251,15 @@ func TestRenderCommand(t *testing.T) {
 				"--templates-input-dir=" + templateDir,
 				"--asset-output-dir=",
 				"--config-output-file=",
+				"--payload-version=test",
+				"--rendered-manifest-files=" + defaultFGDir,
 			},
 			testFunction: func(cfg *kubecontrolplanev1.KubeAPIServerConfig) error {
 				actualGates, ok := cfg.APIServerArguments["feature-gates"]
 				if !ok {
 					return fmt.Errorf("missing \"feature-gates\" entry in APIServerArguments")
 				}
-				defaultFG, ok := configv1.FeatureSets[configv1.Default]
-				if !ok {
-					t.Fatalf("configv1.FeatureSets doesn't contain entries under %s (Default) key", configv1.Default)
-				}
-				expectedGates := []string{}
-				for _, enabledFG := range defaultFG.Enabled {
-					if tempDisabledFeatureGates.Has(enabledFG.FeatureGateAttributes.Name) {
-						continue
-					}
-					expectedGates = append(expectedGates, fmt.Sprintf("%s=true", enabledFG.FeatureGateAttributes.Name))
-				}
-				for _, disabledFG := range defaultFG.Disabled {
-					if tempDisabledFeatureGates.Has(disabledFG.FeatureGateAttributes.Name) {
-						continue
-					}
-					expectedGates = append(expectedGates, fmt.Sprintf("%s=false", disabledFG.FeatureGateAttributes.Name))
-				}
+				expectedGates := []string{"Bar=false", "Foo=true", "OpenShiftPodSecurityAdmission=true"}
 				if len(actualGates) != len(expectedGates) {
 					return fmt.Errorf("expected to get exactly %d feature gates but found %d: expected=%v got=%v", len(expectedGates), len(actualGates), expectedGates, actualGates)
 				}
@@ -300,6 +287,8 @@ func TestRenderCommand(t *testing.T) {
 				"--cluster-config-file=" + filepath.Join(assetsInputDir, "config-v6.yaml"),
 				"--asset-output-dir=",
 				"--config-output-file=",
+				"--payload-version=test",
+				"--rendered-manifest-files=" + defaultFGDir,
 			},
 			setupFunction: func() error {
 				return ioutil.WriteFile(filepath.Join(assetsInputDir, "config-v6.yaml"), []byte(networkConfigV6), 0644)
@@ -322,6 +311,8 @@ func TestRenderCommand(t *testing.T) {
 				"--cluster-config-file=" + filepath.Join(assetsInputDir, "config-dual.yaml"),
 				"--asset-output-dir=",
 				"--config-output-file=",
+				"--payload-version=test",
+				"--rendered-manifest-files=" + defaultFGDir,
 			},
 			setupFunction: func() error {
 				return ioutil.WriteFile(filepath.Join(assetsInputDir, "config-dual.yaml"), []byte(networkConfigDual), 0644)
@@ -347,6 +338,8 @@ func TestRenderCommand(t *testing.T) {
 				"--cluster-auth-file=" + filepath.Join(assetsInputDir, "authentication.yaml"),
 				"--asset-output-dir=",
 				"--config-output-file=",
+				"--payload-version=test",
+				"--rendered-manifest-files=" + defaultFGDir,
 			},
 			testFunction: func(cfg *kubecontrolplanev1.KubeAPIServerConfig) error {
 				issuer := cfg.APIServerArguments["service-account-issuer"]
@@ -365,6 +358,8 @@ func TestRenderCommand(t *testing.T) {
 				"--cluster-auth-file=" + filepath.Join(assetsInputDir, "authentication.yaml"),
 				"--asset-output-dir=",
 				"--config-output-file=",
+				"--payload-version=test",
+				"--rendered-manifest-files=" + defaultFGDir,
 			},
 			setupFunction: func() error {
 				data := ``
@@ -387,6 +382,8 @@ func TestRenderCommand(t *testing.T) {
 				"--cluster-auth-file=" + filepath.Join(assetsInputDir, "authentication.yaml"),
 				"--asset-output-dir=",
 				"--config-output-file=",
+				"--payload-version=test",
+				"--rendered-manifest-files=" + defaultFGDir,
 			},
 			setupFunction: func() error {
 				data := `apiVersion: config.openshift.io/v1
@@ -413,6 +410,8 @@ spec: {}`
 				"--cluster-auth-file=" + filepath.Join(assetsInputDir, "authentication.yaml"),
 				"--asset-output-dir=",
 				"--config-output-file=",
+				"--payload-version=test",
+				"--rendered-manifest-files=" + defaultFGDir,
 			},
 			setupFunction: func() error {
 				data := `apiVersion: config.openshift.io/v1
@@ -440,6 +439,8 @@ spec:
 				"--templates-input-dir=" + templateDir,
 				"--asset-output-dir=",
 				"--config-output-file=",
+				"--payload-version=test",
+				"--rendered-manifest-files=" + defaultFGDir,
 			},
 		},
 		{
@@ -449,6 +450,8 @@ spec:
 				"--templates-input-dir=" + templateDir,
 				"--asset-output-dir=",
 				"--config-output-file=",
+				"--payload-version=test",
+				"--rendered-manifest-files=" + defaultFGDir,
 			},
 			setupFunction: func() error {
 				data := `DUMMY DATA`
@@ -486,6 +489,8 @@ spec:
 				"--templates-input-dir=" + templateDir,
 				"--asset-output-dir=",
 				"--config-output-file=",
+				"--payload-version=test",
+				"--rendered-manifest-files=" + defaultFGDir,
 			},
 			testFunction: func(cfg *kubecontrolplanev1.KubeAPIServerConfig) error {
 				if len(cfg.APIServerArguments["shutdown-delay-duration"]) == 0 {
@@ -514,6 +519,8 @@ spec:
 				"--asset-output-dir=",
 				"--config-output-file=",
 				"--infra-config-file=" + filepath.Join(assetsInputDir, "infrastructure.yaml"),
+				"--payload-version=test",
+				"--rendered-manifest-files=" + defaultFGDir,
 			},
 			setupFunction: func() error {
 				return ioutil.WriteFile(filepath.Join(assetsInputDir, "infrastructure.yaml"), []byte(infrastructureHA), 0644)
@@ -545,6 +552,8 @@ spec:
 				"--asset-output-dir=",
 				"--config-output-file=",
 				"--infra-config-file=" + filepath.Join(assetsInputDir, "infrastructure.yaml"),
+				"--payload-version=test",
+				"--rendered-manifest-files=" + defaultFGDir,
 			},
 			setupFunction: func() error {
 				return ioutil.WriteFile(filepath.Join(assetsInputDir, "infrastructure.yaml"), []byte(infrastructureSNO), 0644)
@@ -624,7 +633,7 @@ spec:
 }
 
 func TestGetDefaultConfigWithAuditPolicy(t *testing.T) {
-	raw, err := bootstrapDefaultConfig(configv1.Default)
+	raw, err := bootstrapDefaultConfig(featuregates.NewFeatureGate([]configv1.FeatureGateName{configv1.FeatureGateOpenShiftPodSecurityAdmission}, nil))
 	require.NoError(t, err)
 	require.True(t, len(raw) > 0)
 

pkg/cmd/render/testdata/rendered/default-fg/featuregate.yaml

@@ -0,0 +1,12 @@
+apiVersion: config.openshift.io/v1
+kind: FeatureGate
+metadata:
+  name: cluster
+status:
+  featureGates:
+  - version: "test"
+    enabled:
+    - name: Foo
+    - name: OpenShiftPodSecurityAdmission
+    disabled:
+    - name: Bar

pkg/operator/starter.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
 	"math/rand"
 	"os"
 	"time"
@@ -37,6 +36,7 @@ import (
 	"github.com/openshift/library-go/pkg/controller/controllercmd"
 	"github.com/openshift/library-go/pkg/operator/apiserver/controller/auditpolicy"
 	"github.com/openshift/library-go/pkg/operator/certrotation"
+	"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
 	"github.com/openshift/library-go/pkg/operator/encryption"
 	"github.com/openshift/library-go/pkg/operator/encryption/controllers/migrators"
 	encryptiondeployer "github.com/openshift/library-go/pkg/operator/encryption/deployer"
@@ -52,7 +52,6 @@ import (
 	"github.com/openshift/library-go/pkg/operator/staticresourcecontroller"
 	"github.com/openshift/library-go/pkg/operator/status"
 	"github.com/openshift/library-go/pkg/operator/v1helpers"
-
 	corev1 "k8s.io/api/core/v1"
 	apiextensionsclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
 	apiextensionsinformers "k8s.io/apiextensions-apiserver/pkg/client/informers/externalversions"