Merge pull request #204 from thomasmckay/fix-scorecard

fix failing scorecard tests

Makefile

@@ -276,6 +276,11 @@ bundle: operator-sdk manifests kustomize ## Generate bundle manifests and metada
 	sed -i 's/mediatype: \"\"/mediatype: \"image\/svg+xml\"/g' bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml
 	$(OPERATOR_SDK) bundle validate ./bundle
 
+# Requires running cluster (for example through 'make test-cluster')
+.PHONY: scorecard
+scorecard: bundle
+	$(OPERATOR_SDK) scorecard ./bundle
+
 .PHONY: bundle-build
 bundle-build: ## Build the bundle image.
 	$(DOCKER) build -f bundle.Dockerfile -t $(BUNDLE_IMG) .

api/v1alpha1/gatekeeper_types.go

@@ -30,22 +30,39 @@ type GatekeeperSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Image Configuration"
 	// +optional
 	Image *ImageConfig `json:"image,omitempty"`
+
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Audit Configuration"
 	// +optional
 	Audit *AuditConfig `json:"audit,omitempty"`
+
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Validating Webhook"
 	// +optional
 	ValidatingWebhook *WebhookMode `json:"validatingWebhook,omitempty"`
+
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Mutating Webhook"
 	// +optional
 	MutatingWebhook *WebhookMode `json:"mutatingWebhook,omitempty"`
+
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Webhook Config"
 	// +optional
 	Webhook *WebhookConfig `json:"webhook,omitempty"`
+
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Node Selector"
 	// +optional
 	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Affinity"
 	// +optional
 	Affinity *corev1.Affinity `json:"affinity,omitempty"`
+
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Tolerations"
 	// +optional
 	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
+
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Pod Annotations"
 	// +optional
 	PodAnnotations map[string]string `json:"podAnnotations,omitempty"`
 }
@@ -144,9 +161,14 @@ type GatekeeperStatus struct {
 	// Important: Run "make" to regenerate code after modifying this file
 
 	// ObservedGeneration is the generation as observed by the operator consuming this API.
-	ObservedGeneration int64             `json:"observedGeneration"`
-	AuditConditions    []StatusCondition `json:"auditConditions"`
-	WebhookConditions  []StatusCondition `json:"webhookConditions"`
+	// +operator-sdk:csv:customresourcedefinitions:type=status,displayName="Observed Generation"
+	ObservedGeneration int64 `json:"observedGeneration"`
+
+	// +operator-sdk:csv:customresourcedefinitions:type=status,displayName="Audit Conditions"
+	AuditConditions []StatusCondition `json:"auditConditions"`
+
+	// +operator-sdk:csv:customresourcedefinitions:type=status,displayName="Webhook Conditions"
+	WebhookConditions []StatusCondition `json:"webhookConditions"`
 }
 
 // StatusCondition describes the current state of a component.
@@ -183,6 +205,7 @@ const (
 //// +kubebuilder:printcolumn:name="Audit Status",type=string,JSONPath=`.status.auditConditions[0].type`,description="The status of the Gatekeeper Audit"
 //// +kubebuilder:printcolumn:name="Webhook Status",type=string,JSONPath=`.status.webhookConditions[0].type`,description="The status of the Gatekeeper Webhook"
 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+// +operator-sdk:csv:customresourcedefinitions:displayName="Gatekeeper",resources={{Deployment,v1,gatekeeper-deployment}}
 
 // Gatekeeper is the Schema for the gatekeepers API
 type Gatekeeper struct {

bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml

@@ -10,7 +10,9 @@ metadata:
           "metadata": {
             "name": "gatekeeper"
           },
-          "spec": null
+          "spec": {
+            "validatingWebhook": "Enabled"
+          }
         }
       ]
     capabilities: Basic Install
@@ -26,6 +28,38 @@ spec:
       displayName: Gatekeeper
       kind: Gatekeeper
       name: gatekeepers.operator.gatekeeper.sh
+      resources:
+      - kind: Deployment
+        name: gatekeeper-deployment
+        version: v1
+      specDescriptors:
+      - displayName: Affinity
+        path: affinity
+      - displayName: Audit Configuration
+        path: audit
+      - displayName: Image Configuration
+        path: image
+      - displayName: Mutating Webhook
+        path: mutatingWebhook
+      - displayName: Node Selector
+        path: nodeSelector
+      - displayName: Pod Annotations
+        path: podAnnotations
+      - displayName: Tolerations
+        path: tolerations
+      - displayName: Validating Webhook
+        path: validatingWebhook
+      - displayName: Webhook Config
+        path: webhook
+      statusDescriptors:
+      - displayName: Audit Conditions
+        path: auditConditions
+      - description: ObservedGeneration is the generation as observed by the operator
+          consuming this API.
+        displayName: Observed Generation
+        path: observedGeneration
+      - displayName: Webhook Conditions
+        path: webhookConditions
       version: v1alpha1
   description: Operator for OPA Gatekeeper
   displayName: Gatekeeper Operator

config/manifests/bases/gatekeeper-operator.clusterserviceversion.yaml

@@ -16,6 +16,38 @@ spec:
       displayName: Gatekeeper
       kind: Gatekeeper
       name: gatekeepers.operator.gatekeeper.sh
+      resources:
+      - kind: Deployment
+        name: gatekeeper-deployment
+        version: v1
+      specDescriptors:
+      - displayName: Affinity
+        path: affinity
+      - displayName: Audit Configuration
+        path: audit
+      - displayName: Image Configuration
+        path: image
+      - displayName: Mutating Webhook
+        path: mutatingWebhook
+      - displayName: Node Selector
+        path: nodeSelector
+      - displayName: Pod Annotations
+        path: podAnnotations
+      - displayName: Tolerations
+        path: tolerations
+      - displayName: Validating Webhook
+        path: validatingWebhook
+      - displayName: Webhook Config
+        path: webhook
+      statusDescriptors:
+      - displayName: Audit Conditions
+        path: auditConditions
+      - description: ObservedGeneration is the generation as observed by the operator
+          consuming this API.
+        displayName: Observed Generation
+        path: observedGeneration
+      - displayName: Webhook Conditions
+        path: webhookConditions
       version: v1alpha1
   description: Operator for OPA Gatekeeper
   displayName: Gatekeeper Operator

config/samples/gatekeeper_empty.yaml

@@ -0,0 +1,6 @@
+apiVersion: operator.gatekeeper.sh/v1alpha1
+kind: Gatekeeper
+metadata:
+  name: gatekeeper
+spec:
+  # Empty

config/samples/gatekeeper_with_all_values.yaml

@@ -3,7 +3,6 @@ kind: Gatekeeper
 metadata:
   name: gatekeeper
 spec:
-  # Add fields here
   image:
     image: docker.io/openpolicyagent/gatekeeper:v3.5.2
     imagePullPolicy: Always
@@ -23,6 +22,7 @@ spec:
         cpu: 100m
         memory: 20Mi
   validatingWebhook: Enabled
+  mutatingWebhook: Enabled
   webhook:
     replicas: 2
     logLevel: ERROR
@@ -57,3 +57,4 @@ spec:
   podAnnotations:
     some-annotation: "this is a test"
     other-annotation: "another test"
+

config/samples/operator_v1alpha1_gatekeeper.yaml

@@ -3,4 +3,4 @@ kind: Gatekeeper
 metadata:
   name: gatekeeper
 spec:
-  # Add fields here
+  validatingWebhook: Enabled

test/e2e/gatekeeper_controller.go

@@ -109,7 +109,7 @@ var _ = Describe("Gatekeeper", func() {
 	Describe("Overriding CR", func() {
 		It("Creating an empty gatekeeper contains default values", func() {
 			gatekeeper := emptyGatekeeper()
-			err := loadGatekeeperFromFile(gatekeeper, "operator_v1alpha1_gatekeeper.yaml")
+			err := loadGatekeeperFromFile(gatekeeper, "gatekeeper_empty.yaml")
 			Expect(err).ToNot(HaveOccurred())
 
 			By("Creating Gatekeeper resource", func() {