fixes

Signed-off-by: Per Goncalves da Silva <[email protected]>

Author: Per Goncalves da Silva

.bingo/Variables.mk

@@ -41,11 +41,11 @@ $(KIND): $(BINGO_DIR)/kind.mod
 	@echo "(re)installing $(GOBIN)/kind-v0.23.0"
 	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=kind.mod -o=$(GOBIN)/kind-v0.23.0 "sigs.k8s.io/kind"
 
-SETUP_ENVTEST := $(GOBIN)/setup-envtest-v0.0.0-20240522175850-2e9781e9fc60
+SETUP_ENVTEST := $(GOBIN)/setup-envtest-v0.0.0-20240813183042-b901db121e1f
 $(SETUP_ENVTEST): $(BINGO_DIR)/setup-envtest.mod
 	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
-	@echo "(re)installing $(GOBIN)/setup-envtest-v0.0.0-20240522175850-2e9781e9fc60"
-	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=setup-envtest.mod -o=$(GOBIN)/setup-envtest-v0.0.0-20240522175850-2e9781e9fc60 "sigs.k8s.io/controller-runtime/tools/setup-envtest"
+	@echo "(re)installing $(GOBIN)/setup-envtest-v0.0.0-20240813183042-b901db121e1f"
+	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=setup-envtest.mod -o=$(GOBIN)/setup-envtest-v0.0.0-20240813183042-b901db121e1f "sigs.k8s.io/controller-runtime/tools/setup-envtest"
 
 YQ := $(GOBIN)/yq-v3.0.0-20201202084205-8846255d1c37
 $(YQ): $(BINGO_DIR)/yq.mod

.bingo/setup-envtest.mod

@@ -4,4 +4,4 @@ go 1.22.0
 
 toolchain go1.22.3
 
-require sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240522175850-2e9781e9fc60
+require sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240813183042-b901db121e1f

.bingo/setup-envtest.sum

@@ -2,8 +2,11 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
@@ -27,12 +30,18 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240522175850-2e9781e9fc60 h1:ihaeBTCFuEYPL1T1/FqAavDY7z5UcKSnWpnb+I3DYeM=
 sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240522175850-2e9781e9fc60/go.mod h1:4+4tM2Es0ycqPedATtzPer5RTrUq3Xab59BYogt0mCE=
+sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240813183042-b901db121e1f h1:RIqUbZQO5yizUt9nozxQdzyLRD1sG6s2oi/QZrlg/hs=
+sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240813183042-b901db121e1f/go.mod h1:IaDsO8xSPRxRG1/rm9CP7+jPmj0nMNAuNi/yiHnLX8k=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=

.bingo/variables.env

@@ -16,7 +16,7 @@ HELM="${GOBIN}/helm-v3.15.1"
 
 KIND="${GOBIN}/kind-v0.23.0"
 
-SETUP_ENVTEST="${GOBIN}/setup-envtest-v0.0.0-20240522175850-2e9781e9fc60"
+SETUP_ENVTEST="${GOBIN}/setup-envtest-v0.0.0-20240813183042-b901db121e1f"
 
 YQ="${GOBIN}/yq-v3.0.0-20201202084205-8846255d1c37"
 

go.mod

@@ -48,7 +48,7 @@ require (
 	k8s.io/kube-aggregator v0.31.0
 	k8s.io/kube-openapi v0.0.0-20240816214639-573285566f34
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
-	sigs.k8s.io/controller-runtime v0.18.5
+	sigs.k8s.io/controller-runtime v0.19.0
 	sigs.k8s.io/controller-tools v0.16.1
 )
 
@@ -180,10 +180,10 @@ require (
 
 // pin to v1.18.0 until k8s.io/component-base updates its prometheus dependency
 // issue: https://github.com/operator-framework/operator-lifecycle-manager/issues/3283
-replace (
-	github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0
-	github.com/prometheus/common => github.com/prometheus/common v0.47.0
-)
+//replace (
+//	github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0
+//	github.com/prometheus/common => github.com/prometheus/common v0.47.0
+//)
 
 // v1.64.0 breaks our e2e tests as it affects the grpc connection state transition
 // issue: https://github.com/operator-framework/operator-lifecycle-manager/issues/3284

go.sum

@@ -1842,17 +1842,17 @@ github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qR
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk=
-github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
 github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
 github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
 github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
-github.com/prometheus/common v0.47.0 h1:p5Cz0FNHo7SnWOmWmoRozVcjEp0bIVU8cV7OShpjL1k=
-github.com/prometheus/common v0.47.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho=
@@ -2916,8 +2916,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
-sigs.k8s.io/controller-runtime v0.18.5 h1:nTHio/W+Q4aBlQMgbnC5hZb4IjIidyrizMai9P6n4Rk=
-sigs.k8s.io/controller-runtime v0.18.5/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
+sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q=
+sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4=
 sigs.k8s.io/controller-tools v0.16.1 h1:gvIsZm+2aimFDIBiDKumR7EBkc+oLxljoUVfRbDI6RI=
 sigs.k8s.io/controller-tools v0.16.1/go.mod h1:0I0xqjR65YTfoO12iR+mZR6s6UAVcUARgXRlsu0ljB0=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=

pkg/controller/install/attributes_util.go

@@ -1,6 +1,8 @@
 package install
 
 import (
+	"fmt"
+
 	log "github.com/sirupsen/logrus"
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
@@ -12,7 +14,7 @@ import (
 // toAttributesSet converts the given user, namespace, and PolicyRule into a set of Attributes expected. This is useful for checking
 // if a composed set of Roles/RoleBindings satisfies a PolicyRule.
 func toAttributesSet(user user.Info, namespace string, rule rbacv1.PolicyRule) []authorizer.Attributes {
-	set := map[authorizer.AttributesRecord]struct{}{}
+	set := map[string]authorizer.Attributes{}
 
 	// add empty string for empty groups, resources, resource names, and non resource urls
 	groups := rule.APIGroups
@@ -37,18 +39,18 @@ func toAttributesSet(user user.Info, namespace string, rule rbacv1.PolicyRule) [
 			for _, resource := range resources {
 				for _, name := range names {
 					for _, nonResourceURL := range nonResourceURLs {
-						set[attributesRecord(user, namespace, verb, group, resource, name, nonResourceURL)] = struct{}{}
+						attr := attributesRecord(user, namespace, verb, group, resource, name, nonResourceURL)
+						key := attributesKey(user, namespace, verb, group, resource, name, nonResourceURL)
+						set[key] = attr
 					}
 				}
 			}
 		}
 	}
 
-	attributes := make([]authorizer.Attributes, len(set))
-	i := 0
-	for attribute := range set {
-		attributes[i] = attribute
-		i++
+	attributes := make([]authorizer.Attributes, 0, len(set))
+	for _, attribute := range set {
+		attributes = append(attributes, attribute)
 	}
 	log.Debugf("attributes set %+v", attributes)
 
@@ -77,3 +79,16 @@ func toDefaultInfo(sa *corev1.ServiceAccount) *user.DefaultInfo {
 		UID:  string(sa.GetUID()),
 	}
 }
+
+func attributesKey(user user.Info, namespace, verb, apiGroup, resource, name, path string) string {
+	return fmt.Sprintf("%s|%s|%s|%s|%s|%s|%s|%s",
+		user.GetName(),
+		verb,
+		namespace,
+		apiGroup,
+		resource,
+		name,
+		resource,
+		path,
+	)
+}

pkg/controller/install/attributes_util_test.go

@@ -19,7 +19,7 @@ func TestToAttributeSet(t *testing.T) {
 	tests := []struct {
 		description        string
 		rule               rbacv1.PolicyRule
-		expectedAttributes map[authorizer.AttributesRecord]struct{}
+		expectedAttributes map[string]authorizer.AttributesRecord
 	}{
 		{
 			description: "SimpleRule",
@@ -28,8 +28,8 @@ func TestToAttributeSet(t *testing.T) {
 				APIGroups: []string{"*"},
 				Resources: []string{"*"},
 			},
-			expectedAttributes: map[authorizer.AttributesRecord]struct{}{
-				attributesRecord(user, namespace, "*", "*", "*", "", ""): {},
+			expectedAttributes: map[string]authorizer.AttributesRecord{
+				attributesKey(user, namespace, "*", "*", "*", "", ""): attributesRecord(user, namespace, "*", "*", "*", "", ""),
 			},
 		},
 		{
@@ -38,8 +38,8 @@ func TestToAttributeSet(t *testing.T) {
 				Verbs:           []string{"*"},
 				NonResourceURLs: []string{"/api"},
 			},
-			expectedAttributes: map[authorizer.AttributesRecord]struct{}{
-				attributesRecord(user, namespace, "*", "", "", "", "/api"): {},
+			expectedAttributes: map[string]authorizer.AttributesRecord{
+				attributesKey(user, namespace, "*", "", "", "", "/api"): attributesRecord(user, namespace, "*", "", "", "", "/api"),
 			},
 		},
 		{
@@ -49,9 +49,9 @@ func TestToAttributeSet(t *testing.T) {
 				APIGroups: []string{"*"},
 				Resources: []string{"*"},
 			},
-			expectedAttributes: map[authorizer.AttributesRecord]struct{}{
-				attributesRecord(user, namespace, "create", "*", "*", "", ""): {},
-				attributesRecord(user, namespace, "delete", "*", "*", "", ""): {},
+			expectedAttributes: map[string]authorizer.AttributesRecord{
+				attributesKey(user, namespace, "create", "*", "*", "", ""): attributesRecord(user, namespace, "create", "*", "*", "", ""),
+				attributesKey(user, namespace, "delete", "*", "*", "", ""): attributesRecord(user, namespace, "delete", "*", "*", "", ""),
 			},
 		},
 		{
@@ -60,11 +60,11 @@ func TestToAttributeSet(t *testing.T) {
 				Verbs:     []string{"get", "update"},
 				Resources: []string{"donuts", "coffee"},
 			},
-			expectedAttributes: map[authorizer.AttributesRecord]struct{}{
-				attributesRecord(user, namespace, "get", "", "donuts", "", ""):    {},
-				attributesRecord(user, namespace, "update", "", "donuts", "", ""): {},
-				attributesRecord(user, namespace, "get", "", "coffee", "", ""):    {},
-				attributesRecord(user, namespace, "update", "", "coffee", "", ""): {},
+			expectedAttributes: map[string]authorizer.AttributesRecord{
+				attributesKey(user, namespace, "get", "", "donuts", "", ""):    attributesRecord(user, namespace, "get", "", "donuts", "", ""),
+				attributesKey(user, namespace, "update", "", "donuts", "", ""): attributesRecord(user, namespace, "update", "", "donuts", "", ""),
+				attributesKey(user, namespace, "get", "", "coffee", "", ""):    attributesRecord(user, namespace, "get", "", "coffee", "", ""),
+				attributesKey(user, namespace, "update", "", "coffee", "", ""): attributesRecord(user, namespace, "update", "", "coffee", "", ""),
 			},
 		},
 		{
@@ -73,9 +73,9 @@ func TestToAttributeSet(t *testing.T) {
 				Verbs:           []string{"*"},
 				NonResourceURLs: []string{"/capybaras", "/caviidaes"},
 			},
-			expectedAttributes: map[authorizer.AttributesRecord]struct{}{
-				attributesRecord(user, namespace, "*", "", "", "", "/capybaras"): {},
-				attributesRecord(user, namespace, "*", "", "", "", "/caviidaes"): {},
+			expectedAttributes: map[string]authorizer.AttributesRecord{
+				attributesKey(user, namespace, "*", "", "", "", "/capybaras"): attributesRecord(user, namespace, "*", "", "", "", "/capybaras"),
+				attributesKey(user, namespace, "*", "", "", "", "/caviidaes"): attributesRecord(user, namespace, "*", "", "", "", "/caviidaes"),
 			},
 		},
 		{
@@ -85,11 +85,11 @@ func TestToAttributeSet(t *testing.T) {
 				Resources:     []string{"donuts", "coffee"},
 				ResourceNames: []string{"nyc"},
 			},
-			expectedAttributes: map[authorizer.AttributesRecord]struct{}{
-				attributesRecord(user, namespace, "get", "", "donuts", "nyc", ""):    {},
-				attributesRecord(user, namespace, "update", "", "donuts", "nyc", ""): {},
-				attributesRecord(user, namespace, "get", "", "coffee", "nyc", ""):    {},
-				attributesRecord(user, namespace, "update", "", "coffee", "nyc", ""): {},
+			expectedAttributes: map[string]authorizer.AttributesRecord{
+				attributesKey(user, namespace, "get", "", "donuts", "nyc", ""):    attributesRecord(user, namespace, "get", "", "donuts", "nyc", ""),
+				attributesKey(user, namespace, "update", "", "donuts", "nyc", ""): attributesRecord(user, namespace, "update", "", "donuts", "nyc", ""),
+				attributesKey(user, namespace, "get", "", "coffee", "nyc", ""):    attributesRecord(user, namespace, "get", "", "coffee", "nyc", ""),
+				attributesKey(user, namespace, "update", "", "coffee", "nyc", ""): attributesRecord(user, namespace, "update", "", "coffee", "nyc", ""),
 			},
 		},
 		{
@@ -100,21 +100,21 @@ func TestToAttributeSet(t *testing.T) {
 				APIGroups:     []string{"apps.coreos.com", "apps.redhat.com"},
 				ResourceNames: []string{"nyc"},
 			},
-			expectedAttributes: map[authorizer.AttributesRecord]struct{}{
-				attributesRecord(user, namespace, "get", "apps.coreos.com", "donuts", "nyc", ""):    {},
-				attributesRecord(user, namespace, "update", "apps.coreos.com", "donuts", "nyc", ""): {},
-				attributesRecord(user, namespace, "get", "apps.coreos.com", "coffee", "nyc", ""):    {},
-				attributesRecord(user, namespace, "update", "apps.coreos.com", "coffee", "nyc", ""): {},
-				attributesRecord(user, namespace, "get", "apps.redhat.com", "donuts", "nyc", ""):    {},
-				attributesRecord(user, namespace, "update", "apps.redhat.com", "donuts", "nyc", ""): {},
-				attributesRecord(user, namespace, "get", "apps.redhat.com", "coffee", "nyc", ""):    {},
-				attributesRecord(user, namespace, "update", "apps.redhat.com", "coffee", "nyc", ""): {},
+			expectedAttributes: map[string]authorizer.AttributesRecord{
+				attributesKey(user, namespace, "get", "apps.coreos.com", "donuts", "nyc", ""):    attributesRecord(user, namespace, "get", "apps.coreos.com", "donuts", "nyc", ""),
+				attributesKey(user, namespace, "update", "apps.coreos.com", "donuts", "nyc", ""): attributesRecord(user, namespace, "update", "apps.coreos.com", "donuts", "nyc", ""),
+				attributesKey(user, namespace, "get", "apps.coreos.com", "coffee", "nyc", ""):    attributesRecord(user, namespace, "get", "apps.coreos.com", "coffee", "nyc", ""),
+				attributesKey(user, namespace, "update", "apps.coreos.com", "coffee", "nyc", ""): attributesRecord(user, namespace, "update", "apps.coreos.com", "coffee", "nyc", ""),
+				attributesKey(user, namespace, "get", "apps.redhat.com", "donuts", "nyc", ""):    attributesRecord(user, namespace, "get", "apps.redhat.com", "donuts", "nyc", ""),
+				attributesKey(user, namespace, "update", "apps.redhat.com", "donuts", "nyc", ""): attributesRecord(user, namespace, "update", "apps.redhat.com", "donuts", "nyc", ""),
+				attributesKey(user, namespace, "get", "apps.redhat.com", "coffee", "nyc", ""):    attributesRecord(user, namespace, "get", "apps.redhat.com", "coffee", "nyc", ""),
+				attributesKey(user, namespace, "update", "apps.redhat.com", "coffee", "nyc", ""): attributesRecord(user, namespace, "update", "apps.redhat.com", "coffee", "nyc", ""),
 			},
 		},
 		{
 			description:        "NoVerbs",
 			rule:               rbacv1.PolicyRule{},
-			expectedAttributes: map[authorizer.AttributesRecord]struct{}{},
+			expectedAttributes: map[string]authorizer.AttributesRecord{},
 		},
 	}
 
@@ -130,11 +130,12 @@ func TestToAttributeSet(t *testing.T) {
 				require.True(t, ok, "type assertion for attributes failed")
 
 				// make sure we're expecting the attribute
-				_, exists := tt.expectedAttributes[a]
+				key := attributesKey(a.GetUser(), a.GetNamespace(), a.GetVerb(), a.GetAPIGroup(), a.GetResource(), a.GetName(), a.GetPath())
+				_, exists := tt.expectedAttributes[key]
 				require.True(t, exists, fmt.Sprintf("found unexpected attributes %v", attributes))
 
 				// ensure each expected attribute only appears once
-				delete(tt.expectedAttributes, a)
+				delete(tt.expectedAttributes, key)
 			}
 
 			// check that all expected have been found

pkg/controller/operators/operatorconditiongenerator_controller.go

@@ -62,6 +62,7 @@ func (r *OperatorConditionGeneratorReconciler) SetupWithManager(mgr ctrl.Manager
 	}
 
 	return ctrl.NewControllerManagedBy(mgr).
+		Named("operator-condition-generator").
 		For(&operatorsv1alpha1.ClusterServiceVersion{}, builder.WithPredicates(p)).
 		Watches(&operatorsv2.OperatorCondition{}, handler).
 		Complete(r)