feat(resolver): support generic constraint using CEL

Introduce the new type of constraint that uses CEL (Common Expression Language)
as an expression language to define the constraint in a generic way.
This type of constraint will allow operator authors to specify a dependency
on any arbitrary properties in the bundle. This constraint also supports
logical operator such as AND and OR in the CEL expression.

Signed-off-by: Vu Dinh <[email protected]>

Author: dinhxuanvu

go.mod

@@ -14,6 +14,7 @@ require (
 	github.com/go-bindata/go-bindata/v3 v3.1.3
 	github.com/go-logr/logr v0.4.0
 	github.com/golang/mock v1.5.0
+	github.com/google/cel-go v0.9.0
 	github.com/google/go-cmp v0.5.6
 	github.com/googleapis/gnostic v0.5.5
 	github.com/itchyny/gojq v0.11.0
@@ -38,6 +39,7 @@ require (
 	github.com/stretchr/testify v1.7.0
 	golang.org/x/net v0.0.0-20210825183410-e898025ed96a
 	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
+	google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2
 	google.golang.org/grpc v1.40.0
 	gopkg.in/yaml.v2 v2.4.0
 	helm.sh/helm/v3 v3.6.1

go.sum

@@ -130,6 +130,7 @@ github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPp
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e h1:GCzyKMDDjSGnlpl3clrdAK7I1AaVoaiKDOYkUzChZzg=
 github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
 github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
@@ -553,6 +554,7 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
+github.com/google/cel-go v0.9.0 h1:u1hg7lcZ/XWw2d3aV1jFS30ijQQ6q0/h1C2ZBeBD1gY=
 github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w=
 github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -1075,6 +1077,7 @@ github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
+github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=

pkg/controller/registry/resolver/cache/predicates.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/blang/semver/v4"
 
+	"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/registry/resolver/constraints"
 	opregistry "github.com/operator-framework/operator-registry/pkg/registry"
 )
 
@@ -329,3 +330,41 @@ func (c countingPredicate) String() string {
 func CountingPredicate(p Predicate, n *int) Predicate {
 	return countingPredicate{p: p, n: n}
 }
+
+type evaluatorPredicate struct {
+	evaluator constraints.Evaluator
+	rule      string
+	message   string
+}
+
+func (ep *evaluatorPredicate) Test(entry *Entry) bool {
+	props := make([]map[string]interface{}, len(entry.Properties))
+	for i, p := range entry.Properties {
+		var v interface{}
+		if err := json.Unmarshal([]byte(p.Value), &v); err != nil {
+			continue
+		}
+		props[i] = map[string]interface{}{
+			"type":  p.Type,
+			"value": v,
+		}
+	}
+
+	ok, err := ep.evaluator.Evaluate(map[string]interface{}{"properties": props})
+	if err != nil {
+		return false
+	}
+	return ok
+}
+
+func EvaluatorPredicate(provider constraints.EvaluatorProvider, rule, message string) (Predicate, error) {
+	eval, err := provider.Evaluator(rule)
+	if err != nil {
+		return nil, err
+	}
+	return &evaluatorPredicate{evaluator: eval, rule: rule, message: message}, nil
+}
+
+func (ep *evaluatorPredicate) String() string {
+	return fmt.Sprintf("with constraint: %q and message: %q", ep.rule, ep.message)
+}

pkg/controller/registry/resolver/constraints/cel.go

@@ -0,0 +1,113 @@
+package constraints
+
+import (
+	"fmt"
+
+	"github.com/google/cel-go/cel"
+	"github.com/google/cel-go/checker/decls"
+	"github.com/google/cel-go/common/types"
+	"github.com/google/cel-go/common/types/ref"
+	"github.com/google/cel-go/interpreter/functions"
+	exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1"
+
+	"github.com/blang/semver/v4"
+)
+
+type Cel struct {
+	Rule string
+}
+
+type Evaluator interface {
+	Evaluate(env map[string]interface{}) (bool, error)
+}
+
+type EvaluatorProvider interface {
+	Evaluator(rule string) (Evaluator, error)
+}
+
+func NewCelEvaluatorProvider() *celEvaluatorProvider {
+	env, err := cel.NewEnv(cel.Declarations(
+		decls.NewVar("properties", decls.NewListType(decls.NewMapType(decls.String, decls.Any)))),
+		cel.Lib(semverLib{}),
+	)
+	if err != nil {
+		panic(err)
+	}
+	return &celEvaluatorProvider{
+		env: env,
+	}
+}
+
+type celEvaluatorProvider struct {
+	env *cel.Env
+}
+
+type celEvaluator struct {
+	p cel.Program
+}
+
+type semverLib struct{}
+
+func (semverLib) CompileOptions() []cel.EnvOption {
+	return []cel.EnvOption{
+		cel.Declarations(
+			decls.NewFunction("semver_compare",
+				decls.NewOverload("semver_compare",
+					[]*exprpb.Type{decls.Any, decls.Any},
+					decls.Int))),
+	}
+}
+
+func (semverLib) ProgramOptions() []cel.ProgramOption {
+	return []cel.ProgramOption{
+		cel.Functions(
+			&functions.Overload{
+				Operator: "semver_compare",
+				Binary:   semverCompare,
+			},
+		),
+	}
+}
+
+func (e celEvaluator) Evaluate(env map[string]interface{}) (bool, error) {
+	result, _, err := e.p.Eval(env)
+	if err != nil {
+		return false, err
+	}
+
+	// we should have already ensured that this will be types.Bool during compilation
+	if b, ok := result.Value().(bool); ok {
+		return b, nil
+	}
+	return false, fmt.Errorf("cel expression evalutated to %T, not bool", result.Value())
+}
+
+func (e *celEvaluatorProvider) Evaluator(rule string) (Evaluator, error) {
+	ast, issues := e.env.Compile(rule)
+	if err := issues.Err(); err != nil {
+		return nil, err
+	}
+
+	if ast.ResultType() != decls.Bool {
+		return nil, fmt.Errorf("cel expressions must have type Bool")
+	}
+
+	p, err := e.env.Program(ast)
+	if err != nil {
+		return nil, err
+	}
+	return celEvaluator{p: p}, nil
+}
+
+func semverCompare(val1, val2 ref.Val) ref.Val {
+	v1, err := semver.ParseTolerant(fmt.Sprint(val1.Value()))
+	if err != nil {
+		return types.ValOrErr(val1, "unable to parse '%v' to semver format", val1.Value())
+	}
+
+	v2, err := semver.ParseTolerant(fmt.Sprint(val2.Value()))
+	if err != nil {
+		return types.ValOrErr(val2, "unable to parse '%v' to semver format", val2.Value())
+	}
+	return types.Int(v1.Compare(v2))
+}

pkg/controller/registry/resolver/resolver.go

@@ -14,6 +14,7 @@ import (
 	"github.com/operator-framework/api/pkg/operators/v1alpha1"
 	v1alpha1listers "github.com/operator-framework/operator-lifecycle-manager/pkg/api/client/listers/operators/v1alpha1"
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/registry/resolver/cache"
+	"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/registry/resolver/constraints"
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/registry/resolver/projection"
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/registry/resolver/solver"
 	"github.com/operator-framework/operator-registry/pkg/api"
@@ -25,14 +26,16 @@ type OperatorResolver interface {
 }
 
 type SatResolver struct {
-	cache cache.OperatorCacheProvider
-	log   logrus.FieldLogger
+	cache             cache.OperatorCacheProvider
+	log               logrus.FieldLogger
+	evaluatorProvider constraints.EvaluatorProvider
 }
 
 func NewDefaultSatResolver(rcp cache.SourceProvider, catsrcLister v1alpha1listers.CatalogSourceLister, logger logrus.FieldLogger) *SatResolver {
 	return &SatResolver{
-		cache: cache.New(rcp, cache.WithLogger(logger), cache.WithCatalogSourceLister(catsrcLister)),
-		log:   logger,
+		cache:             cache.New(rcp, cache.WithLogger(logger), cache.WithCatalogSourceLister(catsrcLister)),
+		log:               logger,
+		evaluatorProvider: constraints.NewCelEvaluatorProvider(),
 	}
 }
 
@@ -343,6 +346,30 @@ func (r *SatResolver) getBundleInstallables(preferredNamespace string, bundleSta
 			continue
 		}
 
+		for _, prop := range bundle.Properties {
+			if prop.Type != "olm.constraint" {
+				continue
+			}
+
+			var val struct {
+				Message string           `json:"message"`
+				Cel     *constraints.Cel `json:"cel"`
+			}
+
+			if err := json.Unmarshal([]byte(prop.Value), &val); err != nil {
+				errs = append(errs, err)
+				continue
+			}
+
+			pred, err := cache.EvaluatorPredicate(r.evaluatorProvider, val.Cel.Rule, val.Message)
+			if err != nil {
+				errs = append(errs, err)
+				continue
+			}
+
+			dependencyPredicates = append(dependencyPredicates, pred)
+		}
+
 		for _, d := range dependencyPredicates {
 			sourcePredicate := cache.False()
 			// Build a filter matching all (catalog,