diff --git a/Makefile b/Makefile index ea3eeb654b..2456426991 100644 --- a/Makefile +++ b/Makefile @@ -77,8 +77,8 @@ generate-rosa-brand-logo: .PHONY: generate-hive-templates generate-hive-templates: generate-oauth-templates if [ -z ${IN_CONTAINER} ]; then \ - $(CONTAINER_ENGINE) run $(CONTAINER_RUN_FLAGS) registry.access.redhat.com/ubi8/python-39 /bin/bash -xc "cd `pwd -P`; pip install --disable-pip-version-check oyaml; curl -sSL https://github.com/open-cluster-management-io/policy-generator-plugin/releases/download/${POLICYGEN_VERSION}/linux-amd64-PolicyGenerator --output /opt/app-root/bin/PolicyGenerator; chmod +x /opt/app-root/bin/PolicyGenerator; ${GEN_POLICY_CONFIG}; ${GEN_POLICY_CONFIG_SP}; ${GEN_POLICY}; ${GEN_CMO_CONFIG}";\ - $(CONTAINER_ENGINE) run $(CONTAINER_RUN_FLAGS) registry.access.redhat.com/ubi8/python-39 /bin/bash -xc "cd `pwd -P`; pip install --disable-pip-version-check oyaml; ${GEN_TEMPLATE}"; \ + $(CONTAINER_ENGINE) run $(CONTAINER_RUN_FLAGS) registry.access.redhat.com/ubi9/python-312 /bin/bash -xc "cd `pwd -P`; pip install --disable-pip-version-check oyaml; curl -sSL https://github.com/open-cluster-management-io/policy-generator-plugin/releases/download/${POLICYGEN_VERSION}/linux-amd64-PolicyGenerator --output /opt/app-root/bin/PolicyGenerator; chmod +x /opt/app-root/bin/PolicyGenerator; ${GEN_POLICY_CONFIG}; ${GEN_POLICY_CONFIG_SP}; ${GEN_POLICY}; ${GEN_CMO_CONFIG}";\ + $(CONTAINER_ENGINE) run $(CONTAINER_RUN_FLAGS) registry.access.redhat.com/ubi9/python-312 /bin/bash -xc "cd `pwd -P`; pip install --disable-pip-version-check oyaml; ${GEN_TEMPLATE}"; \ else \ ${GEN_POLICY_CONFIG};\ ${GEN_POLICY_CONFIG_SP};\ diff --git a/deploy/osd-fedramp-machineconfig/stg/pre-4.15/config.yaml b/deploy/osd-fedramp-machineconfig/stg/pre-4.15/config.yaml index ae85cd3dc6..5c6d12b7ce 100644 --- a/deploy/osd-fedramp-machineconfig/stg/pre-4.15/config.yaml +++ b/deploy/osd-fedramp-machineconfig/stg/pre-4.15/config.yaml @@ -9,7 +9,6 @@ selectorSyncSet: operator: In values: - "staging" - - "stage" - key: hive.openshift.io/version-major-minor operator: In values: ["4.11", "4.12", "4.13", "4.14", "4.15", "4.16"] diff --git a/hack/00-osd-managed-cluster-config-integration.yaml.tmpl b/hack/00-osd-managed-cluster-config-integration.yaml.tmpl index fa122cb913..ec114ee920 100644 --- a/hack/00-osd-managed-cluster-config-integration.yaml.tmpl +++ b/hack/00-osd-managed-cluster-config-integration.yaml.tmpl @@ -40493,7 +40493,6 @@ objects: operator: In values: - staging - - stage - key: hive.openshift.io/version-major-minor operator: In values: diff --git a/hack/00-osd-managed-cluster-config-production.yaml.tmpl b/hack/00-osd-managed-cluster-config-production.yaml.tmpl index fa122cb913..ec114ee920 100644 --- a/hack/00-osd-managed-cluster-config-production.yaml.tmpl +++ b/hack/00-osd-managed-cluster-config-production.yaml.tmpl @@ -40493,7 +40493,6 @@ objects: operator: In values: - staging - - stage - key: hive.openshift.io/version-major-minor operator: In values: diff --git a/hack/00-osd-managed-cluster-config-stage.yaml.tmpl b/hack/00-osd-managed-cluster-config-stage.yaml.tmpl index fa122cb913..ec114ee920 100644 --- a/hack/00-osd-managed-cluster-config-stage.yaml.tmpl +++ b/hack/00-osd-managed-cluster-config-stage.yaml.tmpl @@ -40493,7 +40493,6 @@ objects: operator: In values: - staging - - stage - key: hive.openshift.io/version-major-minor operator: In values: diff --git a/scripts/generate_template.py b/scripts/generate_template.py index 193eb0c453..4ccf8d86b5 100755 --- a/scripts/generate_template.py +++ b/scripts/generate_template.py @@ -7,9 +7,12 @@ import argparse import copy import re +from typing import Any cluster_platform_ann = "hive.openshift.io/cluster-platform" config_filename = "config.yaml" +environment_selector = "api.openshift.com/environment" +valid_environments = ["production", "staging", "integration"] data_sss = [] data_resources = { @@ -96,6 +99,7 @@ def add_sss_for(name, directory, config): # collect the new sss for later processing data_sss.append(o) + if __name__ == '__main__': #Argument parser parser = argparse.ArgumentParser(description="template generation tool", usage='%(prog)s [options]') @@ -127,7 +131,7 @@ def add_sss_for(name, directory, config): deploymentMode = "SelectorSyncSet" if "deploymentMode" in config: - deploymentMode = config["deploymentMode"] + deploymentMode: str = config["deploymentMode"] # skip any directory only containing governance policies, as they are only for hypershift if deploymentMode == "Policy": @@ -159,6 +163,24 @@ def add_sss_for(name, directory, config): print("The selectorsyncset name should be lowercase. Found selectorsyncset with name " + sss_name) sys.exit(1) + # Verify that environment selectors make sense + sss = config["selectorSyncSet"] + expressions: list[dict[str, Any]] = sss.get("matchExpressions", []) if sss else [] + for expression in expressions: + if not expression["key"] == environment_selector: + continue + values: str|list[str] = expression["values"] + match values: + case list(x): + for value in x: + if value not in valid_environments: + raise RuntimeError(f"The environment value {value} for {dirpath} does not match a known environment: must be one of {valid_environments}") + case str(x): + if x not in valid_environments: + raise RuntimeError(f"The environment value {values} for {dirpath} does not match a known environment: must be one of {valid_environments}") + case _: + raise RuntimeError(f"Received invalid values {values} for {dirpath} for key: {environment_selector}") + # If no matchLabelsApplyMode, process as nornmal if "matchLabelsApplyMode" in config["selectorSyncSet"] and config["selectorSyncSet"]["matchLabelsApplyMode"] == "OR": # generate new SSS per matchLabels line