From 0d7bbc52900cb53d439adfc01b7ee1ea8cf18212 Mon Sep 17 00:00:00 2001
From: Jason Montleon <jmontleo@redhat.com>
Date: Wed, 6 Oct 2021 09:50:14 -0400
Subject: [PATCH] Add AOS 3.7 support

---
 connect/tunnel_api/tunnel_api.go | 180 +++++++++++++++++++++----------
 1 file changed, 124 insertions(+), 56 deletions(-)

diff --git a/connect/tunnel_api/tunnel_api.go b/connect/tunnel_api/tunnel_api.go
index 7c34b51..f1ec19b 100644
--- a/connect/tunnel_api/tunnel_api.go
+++ b/connect/tunnel_api/tunnel_api.go
@@ -19,6 +19,7 @@ import (
 	dhparam "github.com/Luzifer/go-dhparam"
 	securityv1 "github.com/openshift/api/security/v1"
 	appsv1 "k8s.io/api/apps/v1"
+	appsv1beta1 "k8s.io/api/apps/v1beta1"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
@@ -66,11 +67,13 @@ key /certs/server.key
 )
 
 type Tunnel struct {
-	DstClient client.Client
-	DstConfig *rest.Config
-	SrcClient client.Client
-	SrcConfig *rest.Config
-	Options   Options
+	DstClient       client.Client
+	DstConfig       *rest.Config
+	DstVersionMinor int
+	SrcClient       client.Client
+	SrcConfig       *rest.Config
+	SrcVersionMinor int
+	Options         Options
 }
 
 type Options struct {
@@ -129,6 +132,9 @@ func Openvpn(tunnel Tunnel) error {
 	if err := appsv1.AddToScheme(scheme); err != nil {
 		return err
 	}
+	if err := appsv1beta1.AddToScheme(scheme); err != nil {
+		return err
+	}
 	if err := corev1.AddToScheme(scheme); err != nil {
 		return err
 	}
@@ -143,9 +149,39 @@ func Openvpn(tunnel Tunnel) error {
 	if err != nil {
 		return err
 	}
+
 	tunnel.DstClient = dstClient
 	tunnel.SrcClient = srcClient
 
+	srcDiscoveryClient, err := dapi.NewDiscoveryClientForConfig(tunnel.SrcConfig)
+	if err != nil {
+		return err
+	}
+	srcVersion, err := srcDiscoveryClient.ServerVersion()
+	if err != nil {
+		return err
+	}
+	srcMinor, err := strconv.Atoi(strings.Trim(srcVersion.Minor, "+"))
+	if err != nil {
+		return err
+	}
+
+	dstDiscoveryClient, err := dapi.NewDiscoveryClientForConfig(tunnel.DstConfig)
+	if err != nil {
+		return err
+	}
+	dstVersion, err := dstDiscoveryClient.ServerVersion()
+	if err != nil {
+		return err
+	}
+	dstMinor, err := strconv.Atoi(strings.Trim(dstVersion.Minor, "+"))
+	if err != nil {
+		return err
+	}
+
+	tunnel.DstVersionMinor = dstMinor
+	tunnel.SrcVersionMinor = srcMinor
+
 	err = createOpenVPNServer(&tunnel)
 	if err != nil {
 		return err
@@ -313,22 +349,20 @@ func createOpenVPNServer(tunnel *Tunnel) error {
 		Volumes:            volumes,
 	}
 
-	deployment := &appsv1.Deployment{
+	deploymentMeta := metav1.ObjectMeta{
+		Name:      serviceName,
+		Namespace: *&tunnel.Options.Namespace,
+	}
+
+	deploymentSelector := &metav1.LabelSelector{
+		MatchLabels: deploymentLabels,
+	}
+
+	podTemplateSpec := v1.PodTemplateSpec{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      serviceName,
-			Namespace: *&tunnel.Options.Namespace,
-		},
-		Spec: appsv1.DeploymentSpec{
-			Selector: &metav1.LabelSelector{
-				MatchLabels: deploymentLabels,
-			},
-			Template: v1.PodTemplateSpec{
-				ObjectMeta: metav1.ObjectMeta{
-					Labels: deploymentLabels,
-				},
-				Spec: podSpec,
-			},
+			Labels: deploymentLabels,
 		},
+		Spec: podSpec,
 	}
 
 	err = tunnel.DstClient.Create(context.TODO(), namespace, &client.CreateOptions{})
@@ -355,9 +389,33 @@ func createOpenVPNServer(tunnel *Tunnel) error {
 	if err != nil {
 		return err
 	}
-	err = tunnel.DstClient.Create(context.TODO(), deployment, &client.CreateOptions{})
-	if err != nil {
-		return err
+
+	if tunnel.DstVersionMinor < 9 {
+		deploymentBeta := &appsv1beta1.Deployment{
+			ObjectMeta: deploymentMeta,
+			Spec: appsv1beta1.DeploymentSpec{
+				Selector: deploymentSelector,
+				Template: podTemplateSpec,
+			},
+		}
+
+		err = tunnel.DstClient.Create(context.TODO(), deploymentBeta, &client.CreateOptions{})
+		if err != nil {
+			return err
+		}
+	} else {
+		deployment := &appsv1.Deployment{
+			ObjectMeta: deploymentMeta,
+			Spec: appsv1.DeploymentSpec{
+				Selector: deploymentSelector,
+				Template: podTemplateSpec,
+			},
+		}
+
+		err = tunnel.DstClient.Create(context.TODO(), deployment, &client.CreateOptions{})
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }
@@ -467,22 +525,20 @@ func createOpenVPNClient(tunnel *Tunnel) error {
 		Volumes:            volumes,
 	}
 
-	deployment := &appsv1.Deployment{
+	deploymentMeta := metav1.ObjectMeta{
+		Name:      serviceName,
+		Namespace: *&tunnel.Options.Namespace,
+	}
+
+	deploymentSelector := &metav1.LabelSelector{
+		MatchLabels: deploymentLabels,
+	}
+
+	podTemplateSpec := v1.PodTemplateSpec{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      serviceName,
-			Namespace: *&tunnel.Options.Namespace,
-		},
-		Spec: appsv1.DeploymentSpec{
-			Selector: &metav1.LabelSelector{
-				MatchLabels: deploymentLabels,
-			},
-			Template: v1.PodTemplateSpec{
-				ObjectMeta: metav1.ObjectMeta{
-					Labels: deploymentLabels,
-				},
-				Spec: podSpec,
-			},
+			Labels: deploymentLabels,
 		},
+		Spec: podSpec,
 	}
 
 	err = tunnel.SrcClient.Create(context.TODO(), namespace, &client.CreateOptions{})
@@ -497,48 +553,60 @@ func createOpenVPNClient(tunnel *Tunnel) error {
 	if err != nil {
 		return err
 	}
-	err = tunnel.SrcClient.Create(context.TODO(), deployment, &client.CreateOptions{})
-	if err != nil {
-		return err
+
+	if tunnel.SrcVersionMinor < 9 {
+		deploymentBeta := &appsv1beta1.Deployment{
+			ObjectMeta: deploymentMeta,
+			Spec: appsv1beta1.DeploymentSpec{
+				Selector: deploymentSelector,
+				Template: podTemplateSpec,
+			},
+		}
+
+		err = tunnel.SrcClient.Create(context.TODO(), deploymentBeta, &client.CreateOptions{})
+		if err != nil {
+			return err
+		}
+	} else {
+		deployment := &appsv1.Deployment{
+			ObjectMeta: deploymentMeta,
+			Spec: appsv1.DeploymentSpec{
+				Selector: deploymentSelector,
+				Template: podTemplateSpec,
+			},
+		}
+
+		err = tunnel.SrcClient.Create(context.TODO(), deployment, &client.CreateOptions{})
+		if err != nil {
+			return err
+		}
 	}
+
 	return nil
 }
 
 func createRBAC(tunnel *Tunnel, cluster string) error {
 	var c client.Client
-	var config *rest.Config
+	var minor int
 
 	switch cluster {
 	case "src":
 		c = tunnel.SrcClient
-		config = tunnel.SrcConfig
+		minor = tunnel.SrcVersionMinor
 	case "dst":
 		c = tunnel.DstClient
-		config = tunnel.DstConfig
+		minor = tunnel.DstVersionMinor
 	default:
 		return fmt.Errorf("Cannot create RBAC rules for unknown cluster %s", cluster)
 	}
 
-	dapiClient, err := dapi.NewDiscoveryClientForConfig(config)
-	if err != nil {
-		return err
-	}
-	version, err := dapiClient.ServerVersion()
-	if err != nil {
-		return err
-	}
-	minor, err := strconv.Atoi(strings.Trim(version.Minor, "+"))
-	if err != nil {
-		return err
-	}
-
 	serviceAccount := &v1.ServiceAccount{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      serviceName,
 			Namespace: *&tunnel.Options.Namespace,
 		},
 	}
-	err = c.Create(context.TODO(), serviceAccount, &client.CreateOptions{})
+	err := c.Create(context.TODO(), serviceAccount, &client.CreateOptions{})
 	if err != nil {
 		return err
 	}