Revise branding mechanism for Console Operator

Dockerfile

@@ -1,8 +1,7 @@
 FROM registry.svc.ci.openshift.org/openshift/release:golang-1.10 AS builder
-# create a work dir and copy local files in
 WORKDIR /go/src/github.com/openshift/console-operator
 COPY . .
-RUN make build
+RUN ADDITIONAL_GOTAGS="ocp" make build WHAT="cmd/console"
 
 FROM registry.svc.ci.openshift.org/openshift/origin-v4.0:base
 RUN useradd console-operator
@@ -19,8 +18,3 @@ LABEL io.k8s.display-name="OpenShift console-operator" \
 
 LABEL io.openshift.release.operator true
 
-# entrypoint specified in 03-operator.yaml as `console-operator`
-# CMD ["/usr/bin/console", "operator", "--kubeconfig", "path/to/config", "--config", "./install/config.yaml", "--v", "4"]
-# CMD ["/usr/bin/console", "operator", "--v", "4"]
-
-

manifests/03-rbac-role-ns-openshift-config-managed.yaml

@@ -0,0 +1,14 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: console-operator
+  namespace: openshift-config-managed
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch

manifests/04-rbac-rolebinding.yaml

@@ -37,3 +37,17 @@ subjects:
 - kind: ServiceAccount
   name: console-operator
   namespace: openshift-console-operator
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: console-operator
+  namespace: openshift-config-managed
+roleRef:
+  kind: Role
+  name: console-operator
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: console-operator
+    namespace: openshift-console-operator

pkg/api/api.go

@@ -16,4 +16,5 @@ const (
 	OpenShiftConsoleServiceName       = OpenShiftConsoleName
 	OpenShiftConsoleRouteName         = OpenShiftConsoleName
 	OAuthClientName                   = OpenShiftConsoleName
+	OpenshiftConfigManagedNamespace   = "openshift-config-managed"
 )

pkg/console/operator/operator.go

@@ -77,6 +77,7 @@ func NewConsoleOperator(
 	configInformer configinformer.SharedInformerFactory,
 
 	coreV1 corev1.Interface,
+	managedCoreV1 corev1.Interface,
 	deployments appsinformersv1.DeploymentInformer,
 	routes routesinformersv1.RouteInformer,
 	oauthClients oauthinformersv1.OAuthClientInformer,
@@ -113,6 +114,7 @@ func NewConsoleOperator(
 
 	secretsInformer := coreV1.Secrets()
 	configMapInformer := coreV1.ConfigMaps()
+	managedConfigMapInformer := managedCoreV1.ConfigMaps()
 	serviceInformer := coreV1.Services()
 	configV1Informers := configInformer.Config().V1()
 
@@ -131,6 +133,7 @@ func NewConsoleOperator(
 		operator.WithInformer(oauthClients, targetNameFilter),
 		// special resources with unique names
 		operator.WithInformer(configMapInformer, operator.FilterByNames(configmap.ConsoleConfigMapName, configmap.ServiceCAConfigMapName)),
+		operator.WithInformer(managedConfigMapInformer, operator.FilterByNames(configmap.ConsoleConfigMapName)),
 		operator.WithInformer(secretsInformer, operator.FilterByNames(deployment.ConsoleOauthConfigName)),
 	)
 }

pkg/console/operator/sync_v400.go

@@ -7,10 +7,6 @@ import (
 	"reflect"
 	"strings"
 
-	"github.com/openshift/console-operator/pkg/console/subresource/util"
-
-	"github.com/openshift/console-operator/pkg/api"
-
 	// 3rd party
 	"github.com/sirupsen/logrus"
 	// kube
@@ -24,6 +20,8 @@ import (
 	// openshift
 	configv1 "github.com/openshift/api/config/v1"
 	operatorv1 "github.com/openshift/api/operator/v1"
+	"github.com/openshift/console-operator/pkg/api"
+	"github.com/openshift/console-operator/pkg/console/subresource/util"
 	"github.com/openshift/console-operator/pkg/crypto"
 	"github.com/openshift/library-go/pkg/operator/events"
 	"github.com/openshift/library-go/pkg/operator/resource/resourceapply"
@@ -249,11 +247,16 @@ func SyncSecret(co *consoleOperator, recorder events.Recorder, operatorConfig *o
 func SyncConfigMap(co *consoleOperator, recorder events.Recorder, operatorConfig *operatorv1.Console, consoleConfig *configv1.Console, infrastructureConfig *configv1.Infrastructure, rt *routev1.Route) (*corev1.ConfigMap, bool, error) {
 	logrus.Printf("validating console configmap...")
 
-	defaultConfigmap, _, err := configmapsub.DefaultConfigMap(operatorConfig, consoleConfig, infrastructureConfig, rt)
+	managedConfig, mcErr := co.configMapClient.ConfigMaps(api.OpenshiftConfigManagedNamespace).Get(api.OpenShiftConsoleConfigMapName, metav1.GetOptions{})
+	if mcErr != nil && !apierrors.IsNotFound(mcErr) {
+		logrus.Errorf("managed config error: %v \n", mcErr)
+		return nil, false, mcErr
+	}
+
+	defaultConfigmap, _, err := configmapsub.DefaultConfigMap(operatorConfig, consoleConfig, managedConfig, infrastructureConfig, rt)
 	if err != nil {
 		return nil, false, err
 	}
-
 	cm, cmChanged, cmErr := resourceapply.ApplyConfigMap(co.configMapClient, recorder, defaultConfigmap)
 	if cmErr != nil {
 		logrus.Errorf("%q: %v \n", "configmap", cmErr)

pkg/console/starter/starter.go

@@ -83,6 +83,11 @@ func RunOperator(ctx *controllercmd.ControllerContext) error {
 		informers.WithNamespace(api.TargetNamespace),
 	)
 
+	kubeInformersManagedNamespaced := informers.NewSharedInformerFactoryWithOptions(
+		kubeClient,
+		resync,
+		informers.WithNamespace(api.OpenshiftConfigManagedNamespace),
+	)
 	// configs are all named "cluster", but our clusteroperator is named "console"
 	configInformers := configinformers.NewSharedInformerFactoryWithOptions(
 		configClient,
@@ -108,13 +113,13 @@ func RunOperator(ctx *controllercmd.ControllerContext) error {
 		oauthinformers.WithTweakListOptions(tweakListOptionsForOAuth),
 	)
 
-	recorder := ctx.EventRecorder
-
 	operatorClient := &operatorclient.OperatorClient{
 		Informers: operatorConfigInformers,
 		Client:    operatorConfigClient.OperatorV1(),
 	}
 
+	recorder := ctx.EventRecorder
+
 	versionGetter := status.NewVersionGetter()
 
 	// TODO: rearrange these into informer,client pairs, NOT separated.
@@ -123,6 +128,7 @@ func RunOperator(ctx *controllercmd.ControllerContext) error {
 		operatorConfigInformers.Operator().V1().Consoles(), // OperatorConfig
 		configInformers,                                    // ConsoleConfig
 		kubeInformersNamespaced.Core().V1(),                // Secrets, ConfigMaps, Service
+		kubeInformersManagedNamespaced.Core().V1(),         // Managed ConfigMaps
 		kubeInformersNamespaced.Apps().V1().Deployments(),  // Deployments
 		routesInformersNamespaced.Route().V1().Routes(),    // Route
 		oauthInformers.Oauth().V1().OAuthClients(),         // OAuth clients
@@ -163,11 +169,18 @@ func RunOperator(ctx *controllercmd.ControllerContext) error {
 
 	configUpgradeableController := unsupportedconfigoverridescontroller.NewUnsupportedConfigOverridesController(operatorClient, ctx.EventRecorder)
 
-	kubeInformersNamespaced.Start(ctx.Done())
-	operatorConfigInformers.Start(ctx.Done())
-	configInformers.Start(ctx.Done())
-	routesInformersNamespaced.Start(ctx.Done())
-	oauthInformers.Start(ctx.Done())
+	for _, informer := range []interface {
+		Start(stopCh <-chan struct{})
+	}{
+		kubeInformersNamespaced,
+		kubeInformersManagedNamespaced,
+		operatorConfigInformers,
+		configInformers,
+		routesInformersNamespaced,
+		oauthInformers,
+	} {
+		informer.Start(ctx.Done())
+	}
 
 	go consoleOperator.Run(ctx.Done())
 	go clusterOperatorStatus.Run(1, ctx.Done())

pkg/console/subresource/configmap/configmap.go

@@ -2,11 +2,10 @@ package configmap
 
 import (
 	"fmt"
-
 	"github.com/sirupsen/logrus"
 
 	yaml2 "github.com/ghodss/yaml"
-	yaml "gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v2"
 
 	corev1 "k8s.io/api/core/v1"
 
@@ -65,7 +64,7 @@ func getApiUrl(infrastructureConfig *configv1.Infrastructure) string {
 // - a new configmap,
 // - a bool indicating if config was merged (unsupportedConfigOverrides)
 // - an error
-func DefaultConfigMap(operatorConfig *operatorv1.Console, consoleConfig *configv1.Console, infrastructureConfig *configv1.Infrastructure, rt *routev1.Route) (*corev1.ConfigMap, bool, error) {
+func DefaultConfigMap(operatorConfig *operatorv1.Console, consoleConfig *configv1.Console, managedConfig *corev1.ConfigMap, infrastructureConfig *configv1.Infrastructure, rt *routev1.Route) (*corev1.ConfigMap, bool, error) {
 	logoutRedirect := getLogoutRedirect(consoleConfig)
 	brand := getBrand(operatorConfig)
 	docURL := getDocURL(operatorConfig)
@@ -77,11 +76,12 @@ func DefaultConfigMap(operatorConfig *operatorv1.Console, consoleConfig *configv
 	configMap := Stub()
 	configMap.Data = map[string]string{}
 	unsupportedRaw := operatorConfig.Spec.UnsupportedConfigOverrides.Raw
+	newConfig := extractYAML(managedConfig)
 
 	// merge config overrides, if we have them
-	mergedConfig, err := resourcemerge.MergeProcessConfig(nil, config, unsupportedRaw)
+	mergedConfig, err := resourcemerge.MergeProcessConfig(nil, config, newConfig, unsupportedRaw)
 	if err != nil {
-		logrus.Errorf("failed to generate configmap: %v \n", err)
+		logrus.Errorf("failed to merge configmap: %v \n", err)
 		return nil, false, err
 	}
 
@@ -193,3 +193,13 @@ func authServerYaml(logoutRedirect string) yaml.MapSlice {
 func consoleBaseAddr(host string) string {
 	return util.HTTPS(host)
 }
+
+// Helper function that pulls the yaml struct out of the data section of a configmap yaml
+func extractYAML(managedConfig *corev1.ConfigMap) []byte {
+	data := managedConfig.Data
+	for _, v := range data {
+		return []byte(v)
+	}
+
+	return []byte{}
+}