Add support for generating placement with raw data

Placements can now be generated by nesting a full labelSelector or clusterSelector YAML under the `placement` key, in addition to the legacy method of listing key/value pairs under `placement`. This allows users to specify multiple clusters in the values array of a placement or placementRule, and to use matchLabels instead of matchExpressions (only supported by placement).

Signed-off-by: Will Kutler <[email protected]>

Author: willkutler

internal/plugin.go

@@ -1529,33 +1529,29 @@ func (p *Plugin) createPlacement(
 			return
 		}
 
+		if len(placementConfig.ClusterSelectors) > 0 && len(placementConfig.ClusterSelector) > 0 {
+			return "", fmt.Errorf("cannot use both clusterSelectors and clusterSelector in placement config")
+		}
+
 		// Determine which selectors to use
-		var resolvedSelectors map[string]string
+		var resolvedSelectors map[string]interface{}
 		if len(placementConfig.ClusterSelectors) > 0 {
 			resolvedSelectors = placementConfig.ClusterSelectors
+		} else if len(placementConfig.ClusterSelector) > 0 {
+			resolvedSelectors = placementConfig.ClusterSelector
 		} else if len(placementConfig.LabelSelector) > 0 {
 			resolvedSelectors = placementConfig.LabelSelector
 		}
 
-		// Sort the keys so that the match expressions can be ordered based on the label name
+		// build cluster selector object
 		keys := make([]string, 0, len(resolvedSelectors))
 		for key := range resolvedSelectors {
 			keys = append(keys, key)
 		}
-		sort.Strings(keys)
 
-		matchExpressions := []map[string]interface{}{}
-		for _, label := range keys {
-			matchExpression := map[string]interface{}{
-				"key": label,
-			}
-			if resolvedSelectors[label] == "" {
-				matchExpression["operator"] = "Exists"
-			} else {
-				matchExpression["operator"] = "In"
-				matchExpression["values"] = []string{resolvedSelectors[label]}
-			}
-			matchExpressions = append(matchExpressions, matchExpression)
+		selectorObj, err := p.generateClusterSelector(resolvedSelectors, keys)
+		if err != nil {
+			return "", err
 		}
 
 		if p.usingPlR {
@@ -1567,9 +1563,7 @@ func (p *Plugin) createPlacement(
 					"namespace": p.PolicyDefaults.Namespace,
 				},
 				"spec": map[string]interface{}{
-					"clusterSelector": map[string]interface{}{
-						"matchExpressions": matchExpressions,
-					},
+					"clusterSelector": selectorObj,
 				},
 			}
 		} else {
@@ -1584,9 +1578,7 @@ func (p *Plugin) createPlacement(
 					"predicates": []map[string]interface{}{
 						{
 							"requiredClusterSelector": map[string]interface{}{
-								"labelSelector": map[string]interface{}{
-									"matchExpressions": matchExpressions,
-								},
+								"labelSelector": selectorObj,
 							},
 						},
 					},
@@ -1621,6 +1613,127 @@ func (p *Plugin) createPlacement(
 	return
 }
 
+func (p *Plugin) generateClusterSelector(
+	resolvedSelectors map[string]interface{},
+	keys []string,
+) (map[string]interface{}, error) {
+	// Determine cluster selector type
+	var selectorType string
+	var usedSelectors []string
+	var legacy bool
+
+	for key := range resolvedSelectors {
+		if key == "matchExpressions" {
+			usedSelectors = append(usedSelectors, key)
+		} else if key == "matchLabels" {
+			usedSelectors = append(usedSelectors, key)
+		} else if !legacy {
+			usedSelectors = append(usedSelectors, "legacy")
+			legacy = true
+		}
+	}
+
+	// Determine cluster selector type
+	if len(usedSelectors) > 1 {
+		return nil, fmt.Errorf("too many placement selectors: %s", strings.Join(usedSelectors, ", "))
+	} else if len(usedSelectors) == 1 {
+		selectorType = usedSelectors[0]
+	}
+
+	if selectorType == "matchLabels" && p.usingPlR {
+		return nil, fmt.Errorf("placementRule does not support matchLabels")
+	}
+
+	// build cluster selector object
+	var selector interface{}
+
+	if selectorType == "matchExpressions" {
+		matchExpressions := []map[string]interface{}{}
+		// complete selector provided, so just verify it casts properly
+		for _, matchExpression := range resolvedSelectors[selectorType].([]interface{}) {
+			matchExpression, ok := matchExpression.(map[string]interface{})
+			if !ok {
+				return nil,
+					fmt.Errorf(
+						"%s selector has non-map value in list: %s",
+						selectorType,
+						fmt.Sprint(resolvedSelectors[selectorType]),
+					)
+			}
+
+			// verify matchExpressions matches desired format
+			_, keyExists := matchExpression["key"].(string)
+			_, opExists := matchExpression["operator"].(string)
+
+			if !keyExists || !opExists {
+				return nil,
+					fmt.Errorf(
+						"matchExpression formatted incorrectly: %s",
+						fmt.Sprint(matchExpression),
+					)
+			}
+
+			_, valExists := matchExpression["values"]
+			if valExists {
+				_, valFormat := matchExpression["values"].([]string)
+				if !valFormat {
+					return nil,
+						fmt.Errorf(
+							"matchExpression formatted incorrectly: %s",
+							fmt.Sprint(matchExpression),
+						)
+				}
+			}
+
+			matchExpressions = append(matchExpressions, matchExpression)
+		}
+
+		selector = matchExpressions
+	} else if selectorType == "matchLabels" {
+		// complete selector provided, so just verify it casts properly
+		matchLabels, ok := resolvedSelectors[selectorType].(map[string]interface{})
+		if !ok {
+			return nil,
+				fmt.Errorf(
+					"%s selector has non-map value: %s",
+					selectorType,
+					fmt.Sprint(resolvedSelectors[selectorType]),
+				)
+		}
+		selector = matchLabels
+	} else { // legacy cluster selection method, convert key/val to matchExpressions
+		// Sort the keys so that the match expressions can be ordered based on the label name
+		sort.Strings(keys)
+		matchExpressions := []map[string]interface{}{}
+
+		for _, label := range keys {
+			matchExpression := map[string]interface{}{
+				"key": label,
+			}
+			if resolvedSelectors[label] == "" {
+				matchExpression["operator"] = "Exists"
+			} else {
+				matchExpression["operator"] = "In"
+				value, ok := resolvedSelectors[label].(string)
+				if !ok {
+					return nil,
+						fmt.Errorf(
+							"legacy placement value has non-string type as value: %s",
+							fmt.Sprint(resolvedSelectors[label]),
+						)
+				}
+				matchExpression["values"] = []string{value}
+			}
+			matchExpressions = append(matchExpressions, matchExpression)
+		}
+		// legacy selector has been converted to matchExpressions
+		selectorType = "matchExpressions"
+		selector = matchExpressions
+	}
+
+	return map[string]interface{}{selectorType: selector}, nil
+}
+
 // createPlacementBinding creates a placement binding for the input placement, policies and policy sets by
 // writing it to the policy generator's output buffer. An error is returned if the placement binding
 // cannot be created.

internal/plugin_config_test.go

@@ -135,7 +135,7 @@ policies:
 	assertReflectEqual(
 		t,
 		p.PolicyDefaults.Placement.ClusterSelectors,
-		map[string]string{"cloud": "red hat"},
+		map[string]interface{}{"cloud": "red hat"},
 	)
 	assertEqual(t, len(p.PolicyDefaults.Placement.LabelSelector), 0)
 	assertEqual(t, p.PolicyDefaults.RemediationAction, "enforce")
@@ -162,7 +162,7 @@ policies:
 	assertReflectEqual(
 		t,
 		policy1.Placement.ClusterSelectors,
-		map[string]string{"cloud": "red hat"},
+		map[string]interface{}{"cloud": "red hat"},
 	)
 	assertEqual(t, policy1.RemediationAction, "inform")
 	assertEqual(t, policy1.Severity, "medium")
@@ -184,7 +184,7 @@ policies:
 	assertReflectEqual(
 		t,
 		policy2.Placement.ClusterSelectors,
-		map[string]string{"cloud": "weather"},
+		map[string]interface{}{"cloud": "weather"},
 	)
 	assertEqual(t, policy2.RemediationAction, "enforce")
 	assertEqual(t, policy2.Severity, "medium")
@@ -1240,7 +1240,7 @@ func TestPolicySetConfig(t *testing.T) {
 						PolicySetOptions: types.PolicySetOptions{
 							Placement: types.PlacementConfig{
 								Name:             "policyset-placement",
-								ClusterSelectors: map[string]string{"my": "app"},
+								ClusterSelectors: map[string]interface{}{"my": "app"},
 							},
 						},
 					},
@@ -1306,8 +1306,8 @@ func TestPolicySetConfig(t *testing.T) {
 						Name: "my-policyset",
 						PolicySetOptions: types.PolicySetOptions{
 							Placement: types.PlacementConfig{
-								LabelSelector:    map[string]string{"cloud": "red hat"},
-								ClusterSelectors: map[string]string{"cloud": "red hat"},
+								LabelSelector:    map[string]interface{}{"cloud": "red hat"},
+								ClusterSelectors: map[string]interface{}{"cloud": "red hat"},
 							},
 						},
 					},
@@ -1325,7 +1325,7 @@ func TestPolicySetConfig(t *testing.T) {
 						PolicySetOptions: types.PolicySetOptions{
 							Placement: types.PlacementConfig{
 								PlacementPath:    "../config/plc.yaml",
-								ClusterSelectors: map[string]string{"cloud": "red hat"},
+								ClusterSelectors: map[string]interface{}{"cloud": "red hat"},
 							},
 						},
 					},
@@ -1343,7 +1343,7 @@ func TestPolicySetConfig(t *testing.T) {
 						PolicySetOptions: types.PolicySetOptions{
 							Placement: types.PlacementConfig{
 								PlacementName:    "plexistingname",
-								ClusterSelectors: map[string]string{"cloud": "red hat"},
+								ClusterSelectors: map[string]interface{}{"cloud": "red hat"},
 							},
 						},
 					},
@@ -1361,7 +1361,7 @@ func TestPolicySetConfig(t *testing.T) {
 						PolicySetOptions: types.PolicySetOptions{
 							Placement: types.PlacementConfig{
 								PlacementPath: "../config/plc.yaml",
-								LabelSelector: map[string]string{"cloud": "red hat"},
+								LabelSelector: map[string]interface{}{"cloud": "red hat"},
 							},
 						},
 					},
@@ -1379,7 +1379,7 @@ func TestPolicySetConfig(t *testing.T) {
 						PolicySetOptions: types.PolicySetOptions{
 							Placement: types.PlacementConfig{
 								PlacementName: "plexistingname",
-								LabelSelector: map[string]string{"cloud": "red hat"},
+								LabelSelector: map[string]interface{}{"cloud": "red hat"},
 							},
 						},
 					},
@@ -1397,7 +1397,7 @@ func TestPolicySetConfig(t *testing.T) {
 						PolicySetOptions: types.PolicySetOptions{
 							Placement: types.PlacementConfig{
 								PlacementRulePath: "../config/plc.yaml",
-								ClusterSelectors:  map[string]string{"cloud": "red hat"},
+								ClusterSelectors:  map[string]interface{}{"cloud": "red hat"},
 							},
 						},
 					},
@@ -1415,7 +1415,7 @@ func TestPolicySetConfig(t *testing.T) {
 						PolicySetOptions: types.PolicySetOptions{
 							Placement: types.PlacementConfig{
 								PlacementRuleName: "plrexistingname",
-								ClusterSelectors:  map[string]string{"cloud": "red hat"},
+								ClusterSelectors:  map[string]interface{}{"cloud": "red hat"},
 							},
 						},
 					},
@@ -1433,7 +1433,7 @@ func TestPolicySetConfig(t *testing.T) {
 						PolicySetOptions: types.PolicySetOptions{
 							Placement: types.PlacementConfig{
 								PlacementRulePath: "../config/plc.yaml",
-								LabelSelector:     map[string]string{"cloud": "red hat"},
+								LabelSelector:     map[string]interface{}{"cloud": "red hat"},
 							},
 						},
 					},
@@ -1451,7 +1451,7 @@ func TestPolicySetConfig(t *testing.T) {
 						PolicySetOptions: types.PolicySetOptions{
 							Placement: types.PlacementConfig{
 								PlacementRuleName: "plrexistingname",
-								LabelSelector:     map[string]string{"cloud": "red hat"},
+								LabelSelector:     map[string]interface{}{"cloud": "red hat"},
 							},
 						},
 					},
@@ -1497,14 +1497,14 @@ func TestPolicySetConfig(t *testing.T) {
 			name: "Placement and PlacementRule can't be mixed",
 			setupFunc: func(p *Plugin) {
 				p.Policies[0].Placement = types.PlacementConfig{
-					LabelSelector: map[string]string{"cloud": "red hat"},
+					LabelSelector: map[string]interface{}{"cloud": "red hat"},
 				}
 				p.PolicySets = []types.PolicySetConfig{
 					{
 						Name: "my-policyset",
 						PolicySetOptions: types.PolicySetOptions{
 							Placement: types.PlacementConfig{
-								ClusterSelectors: map[string]string{"cloud": "red hat"},
+								ClusterSelectors: map[string]interface{}{"cloud": "red hat"},
 							},
 						},
 					},