refactor operator group cluster role name

Signed-off-by: Per Goncalves da Silva <[email protected]>

Author: Per Goncalves da Silva

Diff for: go.mod

@@ -14,6 +14,7 @@ require (
 	github.com/go-logr/logr v1.2.4
 	github.com/golang/mock v1.6.0
 	github.com/google/go-cmp v0.5.9
+	github.com/google/uuid v1.3.0
 	github.com/googleapis/gnostic v0.5.5
 	github.com/itchyny/gojq v0.11.0
 	github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2
@@ -124,7 +125,6 @@ require (
 	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
 	github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.3.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect

Diff for: pkg/controller/operators/olm/operator_test.go

@@ -8,6 +8,7 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"math"
 	"math/big"
@@ -51,6 +52,9 @@ import (
 
 	operatorsv1 "github.com/operator-framework/api/pkg/operators/v1"
 	"github.com/operator-framework/api/pkg/operators/v1alpha1"
+	opregistry "github.com/operator-framework/operator-registry/pkg/registry"
+	clienttesting "k8s.io/client-go/testing"
+
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/api/client/clientset/versioned"
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/api/client/clientset/versioned/fake"
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/certs"
@@ -65,8 +69,6 @@ import (
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/ownerutil"
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/queueinformer"
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/scoped"
-	opregistry "github.com/operator-framework/operator-registry/pkg/registry"
-	clienttesting "k8s.io/client-go/testing"
 )
 
 type TestStrategy struct{}
@@ -4518,6 +4520,304 @@ func TestSyncOperatorGroups(t *testing.T) {
 				LastUpdated: &now,
 			},
 		},
+		{
+			name:          "MatchingNamespace/NoCSVs/CreatesClusterRoles",
+			expectedEqual: true,
+			initial: initial{
+				operatorGroup: &operatorsv1.OperatorGroup{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "operator-group-1",
+						Namespace: operatorNamespace,
+					},
+					Spec: operatorsv1.OperatorGroupSpec{
+						Selector: &metav1.LabelSelector{
+							MatchLabels: map[string]string{"app": "app-a"},
+						},
+					},
+				},
+				k8sObjs: []runtime.Object{
+					&corev1.Namespace{
+						ObjectMeta: metav1.ObjectMeta{
+							Name: operatorNamespace,
+						},
+					},
+					&corev1.Namespace{
+						ObjectMeta: metav1.ObjectMeta{
+							Name:   targetNamespace,
+							Labels: map[string]string{"app": "app-a"},
+						},
+					},
+				},
+			},
+			expectedStatus: operatorsv1.OperatorGroupStatus{
+				Namespaces:  []string{targetNamespace},
+				LastUpdated: &now,
+			},
+			final: final{objects: map[string][]runtime.Object{
+				"": {
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "olm.operatorgroup.admin-aaaaa",
+							Labels: map[string]string{
+								"olm.owner":                   "operator-group-1",
+								"olm.owner.namespace":         "operator-ns",
+								"olm.owner.kind":              "OperatorGroup",
+								"olm.operatorgroup.rolelevel": "admin",
+							},
+						},
+					},
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "olm.operatorgroup.edit-aaaaa",
+							Labels: map[string]string{
+								"olm.owner":                   "operator-group-1",
+								"olm.owner.namespace":         "operator-ns",
+								"olm.owner.kind":              "OperatorGroup",
+								"olm.operatorgroup.rolelevel": "edit",
+							},
+						},
+					},
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "olm.operatorgroup.view-aaaaa",
+							Labels: map[string]string{
+								"olm.owner":                   "operator-group-1",
+								"olm.owner.namespace":         "operator-ns",
+								"olm.owner.kind":              "OperatorGroup",
+								"olm.operatorgroup.rolelevel": "view",
+							},
+						},
+					},
+				},
+			}},
+		},
+		{
+			// check that even if old cluster roles exist, we create the new ones and leave the old ones unchanged
+			name:          "MatchingNamespace/NoCSVs/UpdatesOldClusterRoles",
+			expectedEqual: true,
+			initial: initial{
+				operatorGroup: &operatorsv1.OperatorGroup{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "operator-group-1",
+						Namespace: operatorNamespace,
+					},
+					Spec: operatorsv1.OperatorGroupSpec{
+						Selector: &metav1.LabelSelector{
+							MatchLabels: map[string]string{"app": "app-a"},
+						},
+					},
+				},
+				k8sObjs: []runtime.Object{
+					&corev1.Namespace{
+						ObjectMeta: metav1.ObjectMeta{
+							Name: operatorNamespace,
+						},
+					},
+					&corev1.Namespace{
+						ObjectMeta: metav1.ObjectMeta{
+							Name:   targetNamespace,
+							Labels: map[string]string{"app": "app-a"},
+						},
+					},
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "operator-group-1-admin",
+							Labels: map[string]string{
+								"olm.owner":           "operator-group-1",
+								"olm.owner.namespace": "operator-ns",
+								"olm.owner.kind":      "OperatorGroup",
+							},
+						},
+					},
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "operator-group-1-view",
+							Labels: map[string]string{
+								"olm.owner":           "operator-group-1",
+								"olm.owner.namespace": "operator-ns",
+								"olm.owner.kind":      "OperatorGroup",
+							},
+						},
+					},
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "operator-group-1-edit",
+							Labels: map[string]string{
+								"olm.owner":           "operator-group-1",
+								"olm.owner.namespace": "operator-ns",
+								"olm.owner.kind":      "OperatorGroup",
+							},
+						},
+					},
+				},
+			},
+			expectedStatus: operatorsv1.OperatorGroupStatus{
+				Namespaces:  []string{targetNamespace},
+				LastUpdated: &now,
+			},
+			final: final{objects: map[string][]runtime.Object{
+				"": {
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "olm.operatorgroup.admin-aaaaa",
+							Labels: map[string]string{
+								"olm.owner":                   "operator-group-1",
+								"olm.owner.namespace":         "operator-ns",
+								"olm.owner.kind":              "OperatorGroup",
+								"olm.operatorgroup.rolelevel": "admin",
+							},
+						},
+					},
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "olm.operatorgroup.edit-aaaaa",
+							Labels: map[string]string{
+								"olm.owner":                   "operator-group-1",
+								"olm.owner.namespace":         "operator-ns",
+								"olm.owner.kind":              "OperatorGroup",
+								"olm.operatorgroup.rolelevel": "edit",
+							},
+						},
+					},
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "olm.operatorgroup.view-aaaaa",
+							Labels: map[string]string{
+								"olm.owner":                   "operator-group-1",
+								"olm.owner.namespace":         "operator-ns",
+								"olm.owner.kind":              "OperatorGroup",
+								"olm.operatorgroup.rolelevel": "view",
+							},
+						},
+					},
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "operator-group-1-admin",
+							Labels: map[string]string{
+								"olm.owner":           "operator-group-1",
+								"olm.owner.namespace": "operator-ns",
+								"olm.owner.kind":      "OperatorGroup",
+							},
+						},
+					},
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "operator-group-1-view",
+							Labels: map[string]string{
+								"olm.owner":           "operator-group-1",
+								"olm.owner.namespace": "operator-ns",
+								"olm.owner.kind":      "OperatorGroup",
+							},
+						},
+					},
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "operator-group-1-edit",
+							Labels: map[string]string{
+								"olm.owner":           "operator-group-1",
+								"olm.owner.namespace": "operator-ns",
+								"olm.owner.kind":      "OperatorGroup",
+							},
+						},
+					},
+				},
+			}},
+		},
+		{
+			name: "MatchingNamespace/NoCSVs/Updates" +
+				"" +
+				"" +
+				"" +
+				"" +
+				"" +
+				"" +
+				"" +
+				"ClusterRoles",
+			expectedEqual: true,
+			initial: initial{
+				operatorGroup: &operatorsv1.OperatorGroup{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "operator-group-1",
+						Namespace: operatorNamespace,
+						UID:       "1234",
+					},
+					Spec: operatorsv1.OperatorGroupSpec{
+						Selector: &metav1.LabelSelector{
+							MatchLabels: map[string]string{"app": "app-a"},
+						},
+					},
+				},
+				k8sObjs: []runtime.Object{
+					&corev1.Namespace{
+						ObjectMeta: metav1.ObjectMeta{
+							Name: operatorNamespace,
+						},
+					},
+					&corev1.Namespace{
+						ObjectMeta: metav1.ObjectMeta{
+							Name:   targetNamespace,
+							Labels: map[string]string{"app": "app-a"},
+						},
+					},
+				},
+			},
+			expectedStatus: operatorsv1.OperatorGroupStatus{
+				Namespaces:  []string{targetNamespace},
+				LastUpdated: &now,
+			},
+			final: final{objects: map[string][]runtime.Object{
+				"": {
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "olm.operatorgroup.admin-aaaaa",
+							Labels: map[string]string{
+								"olm.owner":                   "1234",
+								"olm.owner.namespace":         "operator-ns",
+								"olm.owner.kind":              "OperatorGroup",
+								"olm.operatorgroup.rolelevel": "admin",
+							},
+						},
+					},
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "olm.operatorgroup.edit-aaaaa",
+							Labels: map[string]string{
+								"olm.owner":                   "1234",
+								"olm.owner.namespace":         "operator-ns",
+								"olm.owner.kind":              "OperatorGroup",
+								"olm.operatorgroup.rolelevel": "edit",
+							},
+						},
+					},
+					&rbacv1.ClusterRole{
+						ObjectMeta: metav1.ObjectMeta{
+							ResourceVersion: "",
+							Name:            "olm.operatorgroup.view-aaaaa",
+							Labels: map[string]string{
+								"olm.owner":                   "1234",
+								"olm.owner.namespace":         "operator-ns",
+								"olm.owner.kind":              "OperatorGroup",
+								"olm.operatorgroup.rolelevel": "view",
+							},
+						},
+					},
+				},
+			}},
+		},
 		{
 			name:          "MatchingNamespace/CSVPresent/Found",
 			expectedEqual: true,
@@ -4967,6 +5267,10 @@ func TestSyncOperatorGroups(t *testing.T) {
 		return copied
 	}
 
+	// change the genName function to return a predictable value
+	genName = func(prefix string) string {
+		return fmt.Sprintf("%saaaaa", prefix)
+	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			// Pick out Namespaces
@@ -5106,7 +5410,10 @@ func TestSyncOperatorGroups(t *testing.T) {
 				for namespace, objects := range tt.final.objects {
 					if err := RequireObjectsInCache(t, op.lister, namespace, objects, true); err != nil {
 						foundErr = err
-						return false, nil
+						if apierrors.IsNotFound(err) {
+							return false, nil
+						}
+						return false, err
 					}
 				}
 
@@ -5349,7 +5656,10 @@ func RequireObjectsInCache(t *testing.T, lister operatorlister.OperatorLister, n
 			require.Failf(t, "couldn't find expected object", "%#v", object)
 		}
 		if err != nil {
-			return fmt.Errorf("namespace: %v, error: %v", namespace, err)
+			if apierrors.IsNotFound(err) {
+				return err
+			}
+			return errors.Join(err, fmt.Errorf("namespace: %v, error: %v", namespace, err))
 		}
 		if doCompare {
 			if !reflect.DeepEqual(object, fetched) {