From acd66166f6e3b440963a6761b0622d2fb61ee7f6 Mon Sep 17 00:00:00 2001
From: Disaiah Bennett <dbennett@redhat.com>
Date: Tue, 2 Jul 2024 18:30:15 -0400
Subject: [PATCH] [ACM-12485] Added support for overriding oauth-proxy image
 (#1601)

* added support for overriding oauth-proxy image

Signed-off-by: Disaiah Bennett <dbennett@redhat.com>

* added new image tags to test images

Signed-off-by: Disaiah Bennett <dbennett@redhat.com>

* removed unused dependency

Signed-off-by: Disaiah Bennett <dbennett@redhat.com>

---------

Signed-off-by: Disaiah Bennett <dbennett@redhat.com>
---
 controllers/multiclusterhub_controller.go | 43 +++++++++++++++++++++++
 pkg/utils/utils.go                        | 11 +++---
 2 files changed, 49 insertions(+), 5 deletions(-)

diff --git a/controllers/multiclusterhub_controller.go b/controllers/multiclusterhub_controller.go
index bde98f1bd0..88c02fab3c 100644
--- a/controllers/multiclusterhub_controller.go
+++ b/controllers/multiclusterhub_controller.go
@@ -27,6 +27,7 @@ import (
 	"reflect"
 	"time"
 
+	"github.com/Masterminds/semver/v3"
 	promv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
 	operatorv1 "github.com/stolostron/multiclusterhub-operator/api/v1"
 	"github.com/stolostron/multiclusterhub-operator/pkg/deploying"
@@ -214,6 +215,12 @@ func (r *MultiClusterHubReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		return ctrl.Result{}, nil
 	}
 
+	imageOverrides, err = r.overrideOauthImage(ctx, imageOverrides)
+	if err != nil {
+		r.Log.Error(err, "Could not override oauth image")
+		return ctrl.Result{}, err
+	}
+
 	// Apply image repository override from annotation if present.
 	if imageRepo := utils.GetImageRepository(multiClusterHub); imageRepo != "" {
 		r.Log.Info(fmt.Sprintf("Overriding Image Repository from annotation: %s", imageRepo))
@@ -1537,3 +1544,39 @@ func (r *MultiClusterHubReconciler) CheckDeprecatedFieldUsage(m *operatorv1.Mult
 		}
 	}
 }
+
+/*
+overrideOauthImage select the oauth image to use for the given build.
+Select oauth proxy image to use. If OCP 4.15 use old version. If OCP 4.16+ use new version. Set with key oauth_proxy
+before applying overrides.
+*/
+func (r *MultiClusterHubReconciler) overrideOauthImage(ctx context.Context, imageOverrides map[string]string) (
+	map[string]string, error) {
+	ocpVersion, err := r.getClusterVersion(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	semverVersion, err := semver.NewVersion(ocpVersion)
+	if err != nil {
+		return nil, fmt.Errorf("failed to convert ocp version to semver compatible version: %v", err)
+	}
+
+	constraint, err := semver.NewConstraint(">= 4.16.0-0")
+	if err != nil {
+		return nil, fmt.Errorf("failed to set ocp version constraint: %v", err)
+	}
+
+	oauthKey := "oauth_proxy"
+	oauthKeyOld := "oauth_proxy_415_and_below"
+	oauthKeyNew := "oauth_proxy_416_and_up"
+
+	if constraint.Check(semverVersion) { // use newer ouath image
+		imageOverrides[oauthKey] = imageOverrides[oauthKeyNew]
+
+	} else { // use older ouath image
+		imageOverrides[oauthKey] = imageOverrides[oauthKeyOld]
+	}
+
+	return imageOverrides, nil
+}
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index a28a7eba1f..172fff5b80 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -322,14 +322,15 @@ func GetTestImages() []string {
 		"MULTICLUSTER_OPERATORS_APPLICATION", "MULTICLUSTER_OPERATORS_CHANNEL", "MULTICLUSTER_OPERATORS_SUBSCRIPTION",
 		"MULTICLUSTERHUB_OPERATOR", "MULTICLUSTERHUB_OPERATOR_TESTS", "MULTICLUSTERHUB_REPO", "MUST_GATHER",
 		"NODE_EXPORTER", "OBSERVABILITY_E2E_TEST", "OBSERVATORIUM", "OBSERVATORIUM_OPERATOR", "OAUTH_PROXY",
-		"OAUTH_PROXY_48", "OAUTH_PROXY_49_AND_UP", "POSTGRESQL_12", "POSTGRESQL_13", "PROMETHEUS", "PROMETHEUS_ALERTMANAGER",
+		"OAUTH_PROXY_48", "OAUTH_PROXY_49_AND_UP", "OAUTH_PROXY_415_AND_BELOW", "OAUTH_PROXY_416_AND_UP",
+		"POSTGRESQL_12", "POSTGRESQL_13", "PROMETHEUS", "PROMETHEUS_ALERTMANAGER",
 		"PROMETHEUS_CONFIG_RELOADER", "PROMETHEUS_OPERATOR", "RBAC_QUERY_PROXY", "REDISGRAPH_TLS",
 		"SEARCH_AGGREGATOR", "SEARCH_API", "SEARCH_COLLECTOR", "SEARCH_E2E", "SEARCH_INDEXER", "SEARCH_OPERATOR",
 		"SEARCH_V2_API", "SUBMARINER_ADDON", "THANOS", "VOLSYNC", "VOLSYNC_ADDON_CONTROLLER", "VOLSYNC_MOVER_RCLONE",
-		"VOLSYNC_MOVER_RESTIC", "VOLSYNC_MOVER_RSYNC", "CLUSTER_PERMISSION", "kube_rbac_proxy", "insights_metrics", "insights_client",
-		"search_collector", "search_indexer", "search_v2_api", "postgresql_13", "search_v2_operator", "klusterlet_addon_controller",
-		"governance_policy_propagator", "governance_policy_addon_controller", "cert_policy_controller",
-		"config_policy_controller", "governance_policy_framework_addon",
+		"VOLSYNC_MOVER_RESTIC", "VOLSYNC_MOVER_RSYNC", "CLUSTER_PERMISSION", "kube_rbac_proxy", "insights_metrics",
+		"insights_client", "search_collector", "search_indexer", "search_v2_api", "postgresql_13", "search_v2_operator",
+		"klusterlet_addon_controller", "governance_policy_propagator", "governance_policy_addon_controller",
+		"cert_policy_controller", "config_policy_controller", "governance_policy_framework_addon",
 		"cluster_backup_controller", "console", "volsync_addon_controller", "multicluster_operators_application",
 		"multicloud_integrations", "multicluster_operators_channel", "multicluster_operators_subscription",
 		"multicluster_observability_operator", "cluster_permission", "submariner_addon",