feat(resolver): support generic constraint using CEL (#2506)

dinhxuanvu · web-flow · commit e3dfbc50dc67 · 2021-12-14T17:30:58.000+01:00
* feat(resolver): support generic constraint using CEL

Introduce the new type of constraint that uses CEL (Common Expression Language)
as an expression language to define the constraint in a generic way.
This type of constraint will allow operator authors to specify a dependency
on any arbitrary properties in the bundle. This constraint also supports
logical operator such as AND and OR in the CEL expression.

Signed-off-by: Vu Dinh &lt;vudinh@outlook.com&gt;

* Add unit test for generic constraint and add some context on CEL library

Add unit test cases for generic constraint using CEL to ensure it works
properly in the resolver.

Add some context for the custom library for semver comparison in CEL.

Signed-off-by: Vu Dinh &lt;vudinh@outlook.com&gt;

* Use constraints library from api with simplified CEL library

Signed-off-by: Vu Dinh &lt;vudinh@outlook.com&gt;

* Rebase against master to use property converter interface

Signed-off-by: Vu Dinh &lt;vudinh@outlook.com&gt;
diff --git a/pkg/controller/registry/resolver/cache/predicates.go b/pkg/controller/registry/resolver/cache/predicates.go
@@ -6,6 +6,8 @@ import (
 	"fmt"
 
 	"github.com/blang/semver/v4"
+
+	"github.com/operator-framework/api/pkg/constraints"
 	opregistry "github.com/operator-framework/operator-registry/pkg/registry"
 )
 
@@ -354,3 +356,41 @@ func (c countingPredicate) String() string {
 func CountingPredicate(p Predicate, n *int) Predicate {
 	return countingPredicate{p: p, n: n}
 }
+
+type celPredicate struct {
+	program constraints.CelProgram
+	rule    string
+	message string
+}
+
+func (cp *celPredicate) Test(entry *Entry) bool {
+	props := make([]map[string]interface{}, len(entry.Properties))
+	for i, p := range entry.Properties {
+		var v interface{}
+		if err := json.Unmarshal([]byte(p.Value), &v); err != nil {
+			continue
+		}
+		props[i] = map[string]interface{}{
+			"type":  p.Type,
+			"value": v,
+		}
+	}
+
+	ok, err := cp.program.Evaluate(map[string]interface{}{"properties": props})
+	if err != nil {
+		return false
+	}
+	return ok
+}
+
+func CreateCelPredicate(env *constraints.CelEnvironment, rule string, message string) (Predicate, error) {
+	prog, err := env.Validate(rule)
+	if err != nil {
+		return nil, err
+	}
+	return &celPredicate{program: prog, rule: rule, message: message}, nil
+}
+
+func (cp *celPredicate) String() string {
+	return fmt.Sprintf("with constraint: %q and message: %q", cp.rule, cp.message)
+}
diff --git a/pkg/controller/registry/resolver/resolver.go b/pkg/controller/registry/resolver/resolver.go
@@ -35,7 +35,9 @@ func NewDefaultSatResolver(rcp cache.SourceProvider, catsrcLister v1alpha1lister
 	return &SatResolver{
 		cache: cache.New(rcp, cache.WithLogger(logger), cache.WithCatalogSourceLister(catsrcLister)),
 		log:   logger,
-		pc:    &predicateConverter{},
+		pc: &predicateConverter{
+			celEnv: constraints.NewCelEnvironment(),
+		},
 	}
 }
 
@@ -737,7 +739,9 @@ func sortChannel(bundles []*cache.Entry) ([]*cache.Entry, error) {
 }
 
 // predicateConverter configures olm.constraint value -> predicate conversion for the resolver.
-type predicateConverter struct{}
+type predicateConverter struct {
+	celEnv *constraints.CelEnvironment
+}
 
 // convertDependencyProperties converts all known constraint properties to predicates.
 func (pc *predicateConverter) convertDependencyProperties(properties []*api.Property) ([]cache.Predicate, error) {
@@ -814,6 +818,8 @@ func (pc *predicateConverter) convertConstraints(constraints ...constraints.Cons
 		case constraint.None != nil:
 			subs, perr := pc.convertConstraints(constraint.None.Constraints...)
 			preds[i], err = cache.Not(subs...), perr
+		case constraint.Cel != nil:
+			preds[i], err = cache.CreateCelPredicate(pc.celEnv, constraint.Cel.Rule, constraint.Message)
 		default:
 			// Unknown constraint types are handled by constraints.Parse(),
 			// but parsed constraints may be empty.
diff --git a/pkg/controller/registry/resolver/resolver_test.go b/pkg/controller/registry/resolver/resolver_test.go
@@ -2380,3 +2380,126 @@ func TestNewOperatorFromCSV(t *testing.T) {
 		})
 	}
 }
+
+func TestSolveOperators_GenericConstraint(t *testing.T) {
+	Provides1 := cache.APISet{opregistry.APIKey{"g", "v", "k", "ks"}: struct{}{}}
+	namespace := "olm"
+	catalog := cache.SourceKey{Name: "community", Namespace: namespace}
+
+	deps1 := []*api.Dependency{
+		{
+			Type: "olm.constraint",
+			Value: `{"message":"gvk-constraint",
+				"cel":{"rule":"properties.exists(p, p.type == 'olm.gvk' && p.value == {'group': 'g', 'version': 'v', 'kind': 'k'})"}}`,
+		},
+	}
+	deps2 := []*api.Dependency{
+		{
+			Type: "olm.constraint",
+			Value: `{"message":"gvk2-constraint",
+				"cel":{"rule":"properties.exists(p, p.type == 'olm.gvk' && p.value == {'group': 'g2', 'version': 'v', 'kind': 'k'})"}}`,
+		},
+	}
+	deps3 := []*api.Dependency{
+		{
+			Type: "olm.constraint",
+			Value: `{"message":"package-constraint",
+				"cel":{"rule":"properties.exists(p, p.type == 'olm.package' && p.value.packageName == 'packageB' && (semver_compare(p.value.version, '1.0.1') == 0))"}}`,
+		},
+	}
+
+	tests := []struct {
+		name     string
+		isErr    bool
+		subs     []*v1alpha1.Subscription
+		catalog  cache.Source
+		expected cache.OperatorSet
+		message  string
+	}{
+		{
+			// generic constraint for satisfiable gvk dependency
+			name:  "Generic Constraint/Satisfiable GVK Dependency",
+			isErr: false,
+			subs: []*v1alpha1.Subscription{
+				newSub(namespace, "packageA", "stable", catalog),
+			},
+			catalog: &cache.Snapshot{
+				Entries: []*cache.Entry{
+					genOperator("opA.v1.0.0", "1.0.0", "", "packageA", "stable", catalog.Name, catalog.Namespace, nil, nil, deps1, "", false),
+					genOperator("opB.v1.0.0", "1.0.0", "", "packageB", "stable", catalog.Name, catalog.Namespace, nil, Provides1, nil, "stable", false),
+				},
+			},
+			expected: cache.OperatorSet{
+				"opA.v1.0.0": genOperator("opA.v1.0.0", "1.0.0", "", "packageA", "stable", catalog.Name, catalog.Namespace, nil, nil, deps1, "", false),
+				"opB.v1.0.0": genOperator("opB.v1.0.0", "1.0.0", "", "packageB", "stable", catalog.Name, catalog.Namespace, nil, Provides1, nil, "stable", false),
+			},
+		},
+		{
+			// generic constraint for NotSatisfiable gvk dependency
+			name:  "Generic Constraint/NotSatisfiable GVK Dependency",
+			isErr: true,
+			subs: []*v1alpha1.Subscription{
+				newSub(namespace, "packageA", "stable", catalog),
+			},
+			catalog: &cache.Snapshot{
+				Entries: []*cache.Entry{
+					genOperator("opA.v1.0.0", "1.0.0", "", "packageA", "stable", catalog.Name, catalog.Namespace, nil, nil, deps2, "", false),
+					genOperator("opB.v1.0.0", "1.0.0", "", "packageB", "stable", catalog.Name, catalog.Namespace, nil, Provides1, nil, "", false),
+				},
+			},
+			// unable to find satisfiable gvk dependency
+			// resolve into nothing
+			expected: cache.OperatorSet{},
+			message:  "gvk2-constraint",
+		},
+		{
+			// generic constraint for package constraint
+			name:  "Generic Constraint/Satisfiable Package Dependency",
+			isErr: false,
+			subs: []*v1alpha1.Subscription{
+				newSub(namespace, "packageA", "stable", catalog),
+			},
+			catalog: &cache.Snapshot{
+				Entries: []*cache.Entry{
+					genOperator("opA.v1.0.0", "1.0.0", "", "packageA", "stable", catalog.Name, catalog.Namespace, nil, nil, deps3, "", false),
+					genOperator("opB.v1.0.0", "1.0.0", "", "packageB", "stable", catalog.Name, catalog.Namespace, nil, nil, nil, "", false),
+					genOperator("opB.v1.0.1", "1.0.1", "opB.v1.0.0", "packageB", "stable", catalog.Name, catalog.Namespace, nil, nil, nil, "stable", false),
+					genOperator("opB.v1.0.2", "1.0.2", "opB.v1.0.1", "packageB", "stable", catalog.Name, catalog.Namespace, nil, nil, nil, "stable", false),
+				},
+			},
+			expected: cache.OperatorSet{
+				"opA.v1.0.0": genOperator("opA.v1.0.1", "1.0.1", "", "packageA", "stable", catalog.Name, catalog.Namespace, nil, nil, deps3, "", false),
+				"opB.v1.0.1": genOperator("opB.v1.0.1", "1.0.1", "opB.v1.0.0", "packageB", "stable", catalog.Name, catalog.Namespace, nil, nil, nil, "stable", false),
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var err error
+			var operators cache.OperatorSet
+			satResolver := SatResolver{
+				cache: cache.New(cache.StaticSourceProvider{
+					catalog: tt.catalog,
+				}),
+				log: logrus.New(),
+				pc: &predicateConverter{
+					celEnv: constraints.NewCelEnvironment(),
+				},
+			}
+
+			operators, err = satResolver.SolveOperators([]string{namespace}, nil, tt.subs)
+			if tt.isErr {
+				assert.Error(t, err)
+				assert.Contains(t, err.Error(), tt.message)
+			} else {
+				assert.NoError(t, err)
+				for k := range tt.expected {
+					require.NotNil(t, operators[k])
+					assert.EqualValues(t, k, operators[k].Name)
+				}
+			}
+			assert.Equal(t, len(tt.expected), len(operators))
+		})
+	}
+}
diff --git a/pkg/controller/registry/resolver/source_registry.go b/pkg/controller/registry/resolver/source_registry.go
@@ -233,6 +233,11 @@ func legacyDependenciesToProperties(dependencies []*api.Dependency) ([]*api.Prop
 				Type:  "olm.label.required",
 				Value: dependency.Value,
 			})
+		case "olm.constraint":
+			result = append(result, &api.Property{
+				Type:  "olm.constraint",
+				Value: dependency.Value,
+			})
 		}
 	}
 	return result, nil

Original file line number	Diff line number	Diff line change
`@@ -233,6 +233,11 @@ func legacyDependenciesToProperties(dependencies []api.Dependency) ([]api.Prop`
`233`	`233`	`Type: "olm.label.required",`
`234`	`234`	`Value: dependency.Value,`
`235`	`235`	`})`
	`236`	`+ case "olm.constraint":`
	`237`	`+ result = append(result, &api.Property{`
	`238`	`+ Type: "olm.constraint",`
	`239`	`+ Value: dependency.Value,`
	`240`	`+ })`
`236`	`241`	`}`
`237`	`242`	`}`
`238`	`243`	`return result, nil`