Configure bundle to helm converter based on feature flags

Signed-off-by: Per G. da Silva <[email protected]>

Author: Per G. da Silva

cmd/operator-controller/main.go

@@ -67,6 +67,8 @@ import (
 	"github.com/operator-framework/operator-controller/internal/operator-controller/resolve"
 	"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/convert"
 	"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/preflights/crdupgradesafety"
+	"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/render"
+	"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/render/certproviders"
 	"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/render/registryv1"
 	"github.com/operator-framework/operator-controller/internal/operator-controller/scheme"
 	fsutil "github.com/operator-framework/operator-controller/internal/shared/util/fs"
@@ -190,7 +192,7 @@ func run() error {
 		secretParts := strings.Split(cfg.globalPullSecret, "/")
 		if len(secretParts) != 2 {
 			err := fmt.Errorf("incorrect number of components")
-			setupLog.Error(err, "value of global-pull-secret should be of the format <namespace>/<name>")
+			setupLog.Error(err, "Value of global-pull-secret should be of the format <namespace>/<name>")
 			return err
 		}
 		globalPullSecretKey = &k8stypes.NamespacedName{Name: secretParts[1], Namespace: secretParts[0]}
@@ -422,12 +424,23 @@ func run() error {
 		preAuth = authorization.NewRBACPreAuthorizer(mgr.GetClient())
 	}
 
+	// determine if a certificate provider should be set in the bundle renderer and feature support for the provider
+	// based on the feature flag
+	var certProvider render.CertificateProvider
+	var isWebhookSupportEnabled bool
+	if features.OperatorControllerFeatureGate.Enabled(features.WebhookProviderCertManager) {
+		certProvider = certproviders.CertManagerCertificateProvider{}
+		isWebhookSupportEnabled = true
+	}
+
 	// now initialize the helmApplier, assigning the potentially nil preAuth
 	helmApplier := &applier.Helm{
 		ActionClientGetter: acg,
 		Preflights:         preflights,
 		BundleToHelmChartConverter: &convert.BundleToHelmChartConverter{
-			BundleRenderer: registryv1.Renderer,
+			BundleRenderer:          registryv1.Renderer,
+			CertificateProvider:     certProvider,
+			IsWebhookSupportEnabled: isWebhookSupportEnabled,
 		},
 		PreAuthorizer: preAuth,
 	}

internal/operator-controller/rukpak/convert/helm.go

@@ -12,8 +12,9 @@ import (
 )
 
 type BundleToHelmChartConverter struct {
-	BundleRenderer      render.BundleRenderer
-	CertificateProvider render.CertificateProvider
+	BundleRenderer          render.BundleRenderer
+	CertificateProvider     render.CertificateProvider
+	IsWebhookSupportEnabled bool
 }
 
 func (r *BundleToHelmChartConverter) ToHelmChart(bundle source.BundleSource, installNamespace string, watchNamespace string) (*chart.Chart, error) {
@@ -26,6 +27,14 @@ func (r *BundleToHelmChartConverter) ToHelmChart(bundle source.BundleSource, ins
 		return nil, fmt.Errorf("unsupported bundle: apiServiceDefintions are not supported")
 	}
 
+	if len(rv1.CSV.Spec.WebhookDefinitions) > 0 {
+		if !r.IsWebhookSupportEnabled {
+			return nil, fmt.Errorf("unsupported bundle: webhookDefinitions are not supported")
+		} else if r.CertificateProvider == nil {
+			return nil, fmt.Errorf("unsupported bundle: webhookDefinitions are not supported: certificate provider is nil")
+		}
+	}
+
 	if r.CertificateProvider == nil && len(rv1.CSV.Spec.WebhookDefinitions) > 0 {
 		return nil, fmt.Errorf("unsupported bundle: webhookDefinitions are not supported")
 	}

internal/operator-controller/rukpak/convert/helm_test.go

@@ -66,7 +66,25 @@ func Test_BundleToHelmChartConverter_ToHelmChart_NoAPIServiceDefinitions(t *test
 }
 
 func Test_BundleToHelmChartConverter_ToHelmChart_NoWebhooksWithoutCertProvider(t *testing.T) {
-	converter := convert.BundleToHelmChartConverter{}
+	converter := convert.BundleToHelmChartConverter{
+		IsWebhookSupportEnabled: true,
+	}
+
+	b := source.FromBundle(
+		bundle.RegistryV1{
+			CSV: MakeCSV(WithWebhookDefinitions(v1alpha1.WebhookDescription{})),
+		},
+	)
+
+	_, err := converter.ToHelmChart(b, "install-namespace", "")
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "webhookDefinitions are not supported")
+}
+
+func Test_BundleToHelmChartConverter_ToHelmChart_WebhooksSupportDisabled(t *testing.T) {
+	converter := convert.BundleToHelmChartConverter{
+		IsWebhookSupportEnabled: false,
+	}
 
 	b := source.FromBundle(
 		bundle.RegistryV1{
@@ -76,12 +94,13 @@ func Test_BundleToHelmChartConverter_ToHelmChart_NoWebhooksWithoutCertProvider(t
 
 	_, err := converter.ToHelmChart(b, "install-namespace", "")
 	require.Error(t, err)
-	require.Contains(t, err.Error(), "unsupported bundle: webhookDefinitions are not supported")
+	require.Contains(t, err.Error(), "webhookDefinitions are not supported")
 }
 
 func Test_BundleToHelmChartConverter_ToHelmChart_WebhooksWithCertProvider(t *testing.T) {
 	converter := convert.BundleToHelmChartConverter{
-		CertificateProvider: FakeCertProvider{},
+		CertificateProvider:     FakeCertProvider{},
+		IsWebhookSupportEnabled: true,
 	}
 
 	b := source.FromBundle(