Add config support with jsonschema validation

Signed-off-by: Per Goncalves da Silva <pegoncal@redhat.com>

Author: Per Goncalves da Silva

go.mod

@@ -16,14 +16,16 @@ require (
 	github.com/google/go-containerregistry v0.20.6
 	github.com/google/renameio/v2 v2.0.0
 	github.com/gorilla/handlers v1.5.2
+	github.com/invopop/jsonschema v0.13.0
 	github.com/klauspost/compress v1.18.0
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.1
 	github.com/operator-framework/api v0.34.0
 	github.com/operator-framework/helm-operator-plugins v0.8.0
 	github.com/operator-framework/operator-registry v1.57.0
-	github.com/prometheus/client_golang v1.23.2
-	github.com/prometheus/common v0.66.1
+	github.com/prometheus/client_golang v1.23.0
+	github.com/prometheus/common v0.65.0
+	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
 	github.com/spf13/cobra v1.10.1
 	github.com/stretchr/testify v1.11.1
 	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b
@@ -68,7 +70,9 @@ require (
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+	github.com/bahlo/generic-list-go v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/buger/jsonparser v1.1.1 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.2 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
@@ -182,7 +186,6 @@ require (
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rubenv/sql-migrate v1.8.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
 	github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/sigstore/fulcio v1.7.1 // indirect
@@ -199,6 +202,7 @@ require (
 	github.com/ulikunitz/xz v0.5.14 // indirect
 	github.com/vbatts/tar-split v0.12.1 // indirect
 	github.com/vbauerster/mpb/v8 v8.10.2 // indirect
+	github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.etcd.io/bbolt v1.4.3 // indirect

go.sum

@@ -38,12 +38,16 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk=
+github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
+github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
+github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/cenkalti/backoff/v5 v5.0.2 h1:rIfFVxEf1QsI7E1ZHfp/B4DF/6QBAUhmgkxc0H7Zss8=
 github.com/cenkalti/backoff/v5 v5.0.2/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -271,6 +275,8 @@ github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI
 github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/invopop/jsonschema v0.13.0 h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcIi21E=
+github.com/invopop/jsonschema v0.13.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs=
@@ -399,13 +405,13 @@ github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
 github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
 github.com/proglottis/gpgme v0.1.4 h1:3nE7YNA70o2aLjcg63tXMOhPD7bplfE5CBdV+hLAm2M=
 github.com/proglottis/gpgme v0.1.4/go.mod h1:5LoXMgpE4bttgwwdv9bLs/vwqv3qV7F4glEEZ7mRKrM=
-github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
-github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
+github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc=
+github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
 github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
-github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs=
-github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA=
+github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE=
+github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
 github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
 github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
 github.com/redis/go-redis/extra/rediscmd/v9 v9.10.0 h1:uTiEyEyfLhkw678n6EulHVto8AkcXVr8zUcBJNZ0ark=
@@ -473,6 +479,8 @@ github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnn
 github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA=
 github.com/vbauerster/mpb/v8 v8.10.2 h1:2uBykSHAYHekE11YvJhKxYmLATKHAGorZwFlyNw4hHM=
 github.com/vbauerster/mpb/v8 v8.10.2/go.mod h1:+Ja4P92E3/CorSZgfDtK46D7AVbDqmBQRTmyTqPElo0=
+github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc=
+github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=

internal/operator-controller/rukpak/bundle/config.go

@@ -0,0 +1,241 @@
+package bundle
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/invopop/jsonschema"
+	schemavalidation "github.com/santhosh-tekuri/jsonschema/v6"
+	"github.com/santhosh-tekuri/jsonschema/v6/kind"
+	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/apimachinery/pkg/util/validation"
+
+	"github.com/operator-framework/api/pkg/operators/v1alpha1"
+)
+
+const (
+	dns1123SubdomainFormat = "Namespace"
+	notOwnNamespaceFormat  = "NotOwnNamespace"
+)
+
+var (
+	// unsupportedInstallModes set of unsupported ClusterServiceVersion install modes
+	unsupportedInstallModes = sets.New[v1alpha1.InstallModeType](v1alpha1.InstallModeTypeMultiNamespace)
+
+	// dnsFormat checks conformity to RFC1213 lowercase dns subdomain format by any field with format 'RFC-1123'
+	dnsFormat = &schemavalidation.Format{
+		Name: dns1123SubdomainFormat,
+		Validate: func(v any) error {
+			if v == nil {
+				return nil
+			}
+			s, ok := v.(string)
+			if !ok {
+				return fmt.Errorf("invalid type %T, expected string", v)
+			}
+			errs := validation.IsDNS1123Subdomain(s)
+			if len(errs) > 0 {
+				return fmt.Errorf("%q is not a valid namespace name: %s", v, strings.Join(errs, ", "))
+			}
+			return nil
+		},
+	}
+)
+
+// Config is a registry+v1 bundle configuration surface
+type Config struct {
+	// WatchNamespace is supported for certain bundles to allow the user to configure installation in Single- or OwnNamespace modes
+	// The validation behavior of this field is determined by the install modes supported by the bundle, e.g.:
+	// - If a bundle only supports AllNamespaces mode (or only OwnNamespace mode): this field will be unknown
+	// - If a bundle supports AllNamespaces and SingleNamespace install modes: this field is optional
+	// - If a bundle supports AllNamespaces and OwnNamespace: this field is optional, but if set must be equal to the install namespace
+	WatchNamespace string `json:"watchNamespace,omitempty"`
+}
+
+// ValidatedBundleConfigFromRaw returns a validated Config struct from the values given in rawConfig.
+// The applied validation will be determined by the install modes supported by the bundle
+func ValidatedBundleConfigFromRaw(rv1 RegistryV1, installNamespace string, rawConfig map[string]interface{}) (*Config, error) {
+	if len(rawConfig) == 0 {
+		return nil, nil
+	}
+
+	rawSchema := bundleConfigSchema(rv1, installNamespace)
+	customFormats := []*schemavalidation.Format{
+		dnsFormat,
+		notOwnNamespaceFmt(installNamespace),
+	}
+
+	if err := validateBundleConfig(rawSchema, customFormats, rawConfig); err != nil {
+		return nil, fmt.Errorf("invalid configuration: %v", err)
+	}
+
+	return toConfig(rawConfig)
+}
+
+// bundleConfigSchema generates a jsonschema used to validate bundle configuration
+func bundleConfigSchema(rv1 RegistryV1, installNamespace string) []byte {
+	// configure reflector
+	r := new(jsonschema.Reflector)
+	r.ExpandedStruct = true
+	r.AllowAdditionalProperties = false
+
+	// generate base schema
+	schema := r.Reflect(&Config{})
+
+	// apply bundle rawConfig based mutations for watchNamespace
+	configureWatchNamespaceProperty(rv1, installNamespace, schema)
+
+	// return schema
+	out, err := schema.MarshalJSON()
+	if err != nil {
+		panic(err)
+	}
+	return out
+}
+
+// configureWatchNamespaceProperty modifies schema to configure the watchNamespace config property based on
+// the install modes supported by the bundle marking the field required or optional, or restricting the possible values
+// it can take
+func configureWatchNamespaceProperty(rv1 RegistryV1, installNamespace string, schema *jsonschema.Schema) {
+	supportedInstallModes := sets.New[v1alpha1.InstallModeType]()
+	for _, im := range rv1.CSV.Spec.InstallModes {
+		if im.Supported && !unsupportedInstallModes.Has(im.Type) {
+			supportedInstallModes.Insert(im.Type)
+		}
+	}
+
+	allSupported := supportedInstallModes.Has(v1alpha1.InstallModeTypeAllNamespaces)
+	singleSupported := supportedInstallModes.Has(v1alpha1.InstallModeTypeSingleNamespace)
+	ownSupported := supportedInstallModes.Has(v1alpha1.InstallModeTypeOwnNamespace)
+
+	if len(supportedInstallModes) == 0 {
+		panic("bundle does not support any supported install modes")
+	}
+
+	// no watchNamespace rawConfig parameter if bundle only supports AllNamespaces or OwnNamespace install modes
+	if len(supportedInstallModes) == 1 && (allSupported || ownSupported) {
+		schema.Properties.Delete("watchNamespace")
+		return
+	}
+
+	watchNamespaceProperty, ok := schema.Properties.Get("watchNamespace")
+	if !ok {
+		panic("watchNamespace not found in schema")
+	}
+
+	watchNamespaceProperty.Format = dns1123SubdomainFormat
+
+	// required or optional
+	if !allSupported && singleSupported {
+		schema.Required = append(schema.Required, "watchNamespace")
+	} else {
+		// note: the library currently doesn't support jsonschema.Types
+		// this is the current workaround for declaring optional/nullable fields
+		// https://github.com/invopop/jsonschema/issues/115
+		watchNamespaceProperty.Extras = map[string]any{
+			"type": []string{"string", "null"},
+		}
+		if !ownSupported {
+			// if own namespace is not supported validate that it is not being used
+			watchNamespaceProperty.Format = notOwnNamespaceFormat
+		}
+	}
+
+	// must be the install namespace
+	if allSupported && ownSupported && !singleSupported {
+		watchNamespaceProperty.Enum = []any{
+			installNamespace,
+			nil,
+		}
+	}
+}
+
+// validateBundleConfig validates the bundle rawConfig
+func validateBundleConfig(rawSchema []byte, customFormats []*schemavalidation.Format, rawConfig map[string]interface{}) error {
+	schema, err := schemavalidation.UnmarshalJSON(strings.NewReader(string(rawSchema)))
+	if err != nil {
+		return err
+	}
+
+	compiler := schemavalidation.NewCompiler()
+	for _, format := range customFormats {
+		compiler.RegisterFormat(format)
+	}
+	compiler.AssertFormat()
+	if err := compiler.AddResource("schema.json", schema); err != nil {
+		return err
+	}
+	compiledSchema, err := compiler.Compile("schema.json")
+	if err != nil {
+		return err
+	}
+
+	return formatJSONSchemaValidationError(compiledSchema.Validate(rawConfig))
+}
+
+// toConfig converts rawConfig into a Config struct
+func toConfig(rawConfig map[string]interface{}) (*Config, error) {
+	cfg := Config{}
+	dataBytes, err := json.Marshal(rawConfig)
+	if err != nil {
+		return nil, err
+	}
+	err = json.Unmarshal(dataBytes, &cfg)
+	if err != nil {
+		return nil, err
+	}
+
+	return &cfg, nil
+}
+
+// formatJSONSchemaValidationError extracts and formats the jsonschema validation errors given by the underlying library
+func formatJSONSchemaValidationError(err error) error {
+	var validationErr *schemavalidation.ValidationError
+	if !errors.As(err, &validationErr) {
+		return err
+	}
+	var errs []error
+	for _, cause := range validationErr.Causes {
+		if cause == nil || cause.ErrorKind == nil {
+			continue
+		}
+
+		var errMsg string
+		switch e := cause.ErrorKind.(type) {
+		case *kind.Format:
+			errMsg = e.Err.Error()
+		default:
+			errMsg = cause.Error()
+		}
+
+		instanceLocation := "." + strings.Join(cause.InstanceLocation, ".")
+		if instanceLocation == "." {
+			errs = append(errs, fmt.Errorf("%v", errMsg))
+		} else {
+			errs = append(errs, fmt.Errorf("at path %q: %s", instanceLocation, errMsg))
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+	return err
+}
+
+// notOwnNamespaceFmt returns a dynamically generated format specifically for the case where
+// a bundle does not support own namespace installation but a watch namespace can be optionally given
+func notOwnNamespaceFmt(installNamespace string) *schemavalidation.Format {
+	return &schemavalidation.Format{
+		Name: notOwnNamespaceFormat,
+		Validate: func(v any) error {
+			if err := dnsFormat.Validate(v); err != nil {
+				return err
+			}
+			if v == installNamespace {
+				return fmt.Errorf("unsupported value %q, watchNamespace cannot be install namespace", v)
+			}
+			return nil
+		},
+	}
+}