Changed regoRuleReference to optional and default to config-spec (#188)

## Description - updated snafu 0.6 -> 0.7 - updated dependencies - adapted config-spec (removed port) and example Co-authored-by: Malte Sander <malte.sander.it@gmail.com>
stackabletech · Jan 24, 2022 · 3fdba8f · 3fdba8f
1 parent 82b4782
commit 3fdba8f
Show file tree

Hide file tree

Showing 9 changed files with 64 additions and 78 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,16 +6,19 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 - BREAKING: STFU rework ([#146]).
+- BREAKING: regoRuleReference in config now optional ([#188]).
 - Version now a String instead of enum ([#156]).
 - `operator-rs` `0.6.0` → `0.8.0` ([#177]).
 - Custom resource example now points to regorule-operator service ([#177]).
+- `snafu` `0.6.0` → `0.7.0` ([#188]).
 
 ### Removed 
-- Configurable Port from code and product config ([#156]).
+- Configurable Port from code and product config ([#188]).
 
 [#146]: https://github.com/stackabletech/opa-operator/pull/146
 [#156]: https://github.com/stackabletech/opa-operator/pull/156
 [#177]: https://github.com/stackabletech/opa-operator/pull/177
+[#188]: https://github.com/stackabletech/opa-operator/pull/188
 
 ## [0.6.0] - 2021-12-06
 

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/deploy/config-spec/properties.yaml b/deploy/config-spec/properties.yaml
@@ -6,30 +6,8 @@ spec:
         regex: "^((https?|ftp|file)://)?[-a-zA-Z0-9+&@#}/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]"
         examples:
           - "https://www.stackable.de/blog/"
-    - unit: &unitPort
-        name: "port"
-        regex: "^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$"
 
 properties:
-  - property: &opaPort
-      propertyNames:
-        - name: "port"
-          kind:
-            type: "cli"
-      datatype:
-        type: "integer"
-        min: "1024"
-        max: "65535"
-        unit: *unitPort
-      defaultValues:
-        - fromVersion: "0.0.0"
-          value: "8081"
-      roles:
-        - name: "server"
-          required: false
-      asOfVersion: "0.0.0"
-      description: "Start the OPA server on a different port (default: 8081)"
-
   - property: &opaRegoRuleReference
       propertyNames:
         - name: "regoRuleReference"
@@ -39,6 +17,9 @@ properties:
       datatype:
         type: "string"
         unit: *unitUrl
+      defaultValues:
+        - fromVersion: "0.0.0"
+          value: "http://regorule-operator:3030/opa/v1"
       roles:
         - name: "server"
           required: true

diff --git a/deploy/crd/openpolicyagent.crd.yaml b/deploy/crd/openpolicyagent.crd.yaml
@@ -33,9 +33,8 @@ spec:
                       default: {}
                       properties:
                         regoRuleReference:
+                          nullable: true
                           type: string
-                      required:
-                        - regoRuleReference
                       type: object
                     configOverrides:
                       additionalProperties:
@@ -61,9 +60,8 @@ spec:
                             default: {}
                             properties:
                               regoRuleReference:
+                                nullable: true
                                 type: string
-                            required:
-                              - regoRuleReference
                             type: object
                           configOverrides:
                             additionalProperties:

diff --git a/examples/simple-opacluster.yaml b/examples/simple-opacluster.yaml
@@ -12,4 +12,5 @@ spec:
             kubernetes.io/os: linux
         config:
           # access the regorule-operator cluster ip service
+          # defaults to "http://regorule-operator:3030/opa/v1"
           regoRuleReference: "http://regorule-operator:3030/opa/v1"
diff --git a/rust/crd/src/lib.rs b/rust/crd/src/lib.rs
@@ -36,7 +36,7 @@ pub struct OpaSpec {
 #[derive(Clone, Debug, Default, Deserialize, Eq, JsonSchema, PartialEq, Serialize)]
 #[serde(rename_all = "camelCase")]
 pub struct OpaConfig {
-    pub rego_rule_reference: String,
+    pub rego_rule_reference: Option<String>,
 }
 
 impl Configuration for OpaConfig {
@@ -67,10 +67,9 @@ impl Configuration for OpaConfig {
         let mut config = BTreeMap::new();
 
         if file == CONFIG_FILE {
-            config.insert(
-                REGO_RULE_REFERENCE.to_string(),
-                Some(self.rego_rule_reference.clone()),
-            );
+            if let Some(rego) = &self.rego_rule_reference {
+                config.insert(REGO_RULE_REFERENCE.to_string(), Some(rego.to_string()));
+            }
         } else {
             error!(
                 "Did not find any properties matching config file [{}]. This should not happen.",

diff --git a/rust/operator-binary/Cargo.toml b/rust/operator-binary/Cargo.toml
@@ -20,7 +20,7 @@ semver = "1.0"
 serde = "1.0"
 serde_json = "1.0"
 serde_yaml = "0.8"
-snafu = "0.6"
+snafu = "0.7"
 strum = "0.22"
 strum_macros = "0.22"
 tokio = { version = "1.12", features = ["full"] }

diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs
@@ -113,12 +113,12 @@ pub async fn reconcile_opa(opa: OpenPolicyAgent, ctx: Context<Ctx>) -> Result<Re
             )]
             .into(),
         )
-        .context(ProductConfigTransform)?,
+        .context(ProductConfigTransformSnafu)?,
         &ctx.get_ref().product_config,
         false,
         false,
     )
-    .context(InvalidProductConfig)?;
+    .context(InvalidProductConfigSnafu)?;
     let role_server_config = validated_config
         .get(&OpaRole::Server.to_string())
         .map(Cow::Borrowed)
@@ -132,7 +132,7 @@ pub async fn reconcile_opa(opa: OpenPolicyAgent, ctx: Context<Ctx>) -> Result<Re
             &server_role_service,
         )
         .await
-        .context(ApplyRoleService)?;
+        .context(ApplyRoleServiceSnafu)?;
     for (rolegroup_name, rolegroup_config) in role_server_config.iter() {
         let rolegroup = RoleGroupRef {
             cluster: opa_ref.clone(),
@@ -145,24 +145,24 @@ pub async fn reconcile_opa(opa: OpenPolicyAgent, ctx: Context<Ctx>) -> Result<Re
         client
             .apply_patch(FIELD_MANAGER_SCOPE, &rg_configmap, &rg_configmap)
             .await
-            .with_context(|| ApplyRoleGroupConfig {
+            .with_context(|_| ApplyRoleGroupConfigSnafu {
                 rolegroup: rolegroup.clone(),
             })?;
         client
             .apply_patch(FIELD_MANAGER_SCOPE, &rg_daemonset, &rg_daemonset)
             .await
-            .with_context(|| ApplyRoleGroupDaemonSet {
+            .with_context(|_| ApplyRoleGroupDaemonSetSnafu {
                 rolegroup: rolegroup.clone(),
             })?;
     }
 
     for discovery_cm in build_discovery_configmaps(&opa, &opa, &server_role_service)
-        .context(BuildDiscoveryConfig)?
+        .context(BuildDiscoveryConfigSnafu)?
     {
         client
             .apply_patch(FIELD_MANAGER_SCOPE, &discovery_cm, &discovery_cm)
             .await
-            .context(ApplyDiscoveryConfig)?;
+            .context(ApplyDiscoveryConfigSnafu)?;
     }
 
     Ok(ReconcilerAction {
@@ -176,13 +176,13 @@ pub fn build_server_role_service(opa: &OpenPolicyAgent) -> Result<Service> {
     let role_name = OpaRole::Server.to_string();
     let role_svc_name = opa
         .server_role_service_name()
-        .context(RoleServiceNameNotFound)?;
+        .context(RoleServiceNameNotFoundSnafu)?;
     Ok(Service {
         metadata: ObjectMetaBuilder::new()
             .name_and_namespace(opa)
             .name(&role_svc_name)
             .ownerreference_from_resource(opa, None, Some(true))
-            .context(ObjectMissingMetadataForOwnerRef)?
+            .context(ObjectMissingMetadataForOwnerRefSnafu)?
             .with_recommended_labels(opa, APP_NAME, opa_version(opa)?, &role_name, "global")
             .build(),
         spec: Some(ServiceSpec {
@@ -216,7 +216,7 @@ fn build_server_rolegroup_config_map(
             .name_and_namespace(opa)
             .name(rolegroup.object_name())
             .ownerreference_from_resource(opa, None, Some(true))
-            .context(ObjectMissingMetadataForOwnerRef)?
+            .context(ObjectMissingMetadataForOwnerRefSnafu)?
             .with_recommended_labels(
                 opa,
                 APP_NAME,
@@ -229,7 +229,7 @@ fn build_server_rolegroup_config_map(
     if let Some(rego_reference) = config.get(REGO_RULE_REFERENCE) {
         cm.add_data(CONFIG_FILE, build_config_file(rego_reference));
     }
-    cm.build().with_context(|| BuildRoleGroupConfig {
+    cm.build().with_context(|_| BuildRoleGroupConfigSnafu {
         rolegroup: rolegroup.clone(),
     })
 }
@@ -270,7 +270,7 @@ fn build_server_rolegroup_daemonset(
             .name_and_namespace(opa)
             .name(&rolegroup_ref.object_name())
             .ownerreference_from_resource(opa, None, Some(true))
-            .context(ObjectMissingMetadataForOwnerRef)?
+            .context(ObjectMissingMetadataForOwnerRefSnafu)?
             .with_recommended_labels(
                 opa,
                 APP_NAME,
@@ -316,7 +316,7 @@ fn build_server_rolegroup_daemonset(
 }
 
 pub fn opa_version(opa: &OpenPolicyAgent) -> Result<&str> {
-    opa.spec.version.as_deref().context(ObjectHasNoVersion)
+    opa.spec.version.as_deref().context(ObjectHasNoVersionSnafu)
 }
 
 pub fn error_policy(_error: &Error, _ctx: Context<Ctx>) -> ReconcilerAction {