Resolved issues and made improvements to the operator

Author: sabre1041

.gitignore

@@ -11,6 +11,9 @@ testbin/*
 bundle
 bundle.Dockerfile
 
+#Packagemanifests
+packagemanifests
+
 # Binaries for programs and plugins
 *.exe
 *.exe~

Makefile

@@ -28,6 +28,18 @@ BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL)
 endif
 BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
 
+# Options for "packagemanifests".
+ifneq ($(origin FROM_VERSION), undefined)
+PKG_FROM_VERSION := --from-version=$(FROM_VERSION)
+endif
+ifneq ($(origin CHANNEL), undefined)
+PKG_CHANNELS := --channel=$(CHANNEL)
+endif
+ifeq ($(IS_CHANNEL_DEFAULT), 1)
+PKG_IS_DEFAULT_CHANNEL := --default-channel
+endif
+PKG_MAN_OPTS ?= $(FROM_VERSION) $(PKG_CHANNELS) $(PKG_IS_DEFAULT_CHANNEL)
+
 # Image URL to use all building/pushing image targets
 IMG ?= quay.io/redhat-cop/group-sync-operator:$(VERSION)
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
@@ -150,3 +162,9 @@ bundle: manifests
 .PHONY: bundle-build
 bundle-build:
 	docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
+
+# Generate package manifests.
+packagemanifests: kustomize manifests
+	$(OPERATOR_SDK) generate kustomize manifests -q
+	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
+	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate packagemanifests -q --version $(VERSION) $(PKG_MAN_OPTS)

README.md

@@ -8,7 +8,7 @@ Synchronizes groups from external providers into OpenShift
 
 ## Overview
 
-The OpenShift Container Platform contains functionality to synchronize groups found in external identity providers into the platform. Currently, this functionality is limited to LDAP only. This operator is designed to integrate with external providers in order to provide new solutions.
+The OpenShift Container Platform contains functionality to synchronize groups found in external identity providers into the platform. Currently, the functionality that is included in OpenShift to limited to synchronizing LDAP only. This operator is designed to integrate with external providers in order to provide new solutions.
 
 Group Synchronization is facilitated by creating a `GroupSync` resource. The following describes the high level schema for this resource:
 
@@ -448,6 +448,6 @@ go mod vendor
 Using the [operator-sdk](https://github.com/operator-framework/operator-sdk), run the operator locally:
 
 ```shell
-oc apply -f deploy/crds/redhatcop.redhat.io_groupsyncs_crd.yaml
-OPERATOR_NAME='group-sync-operator' operator-sdk run --local --watch-namespace ""
+make install
+OPERATOR_NAME='group-sync-operator' make run ENABLE_WEBHOOKS=false
 ```

config/crd/bases/redhatcop.redhat.io_groupsyncs.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.3.0
+    controller-gen.kubebuilder.io/version: v0.4.0
   creationTimestamp: null
   name: groupsyncs.redhatcop.redhat.io
 spec:
@@ -696,45 +696,7 @@ spec:
           description: GroupSyncStatus defines the observed state of GroupSync
           properties:
             conditions:
-              description: Conditions is a set of Condition instances.
-              items:
-                description: "Condition represents an observation of an object's state.
-                  Conditions are an extension mechanism intended to be used when the
-                  details of an observation are not a priori known or would not apply
-                  to all instances of a given Kind. \n Conditions should be added
-                  to explicitly convey properties that users and components care about
-                  rather than requiring those properties to be inferred from other
-                  observations. Once defined, the meaning of a Condition can not be
-                  changed arbitrarily - it becomes part of the API, and has the same
-                  backwards- and forwards-compatibility concerns of any other part
-                  of the API."
-                properties:
-                  lastTransitionTime:
-                    format: date-time
-                    type: string
-                  message:
-                    type: string
-                  reason:
-                    description: ConditionReason is intended to be a one-word, CamelCase
-                      representation of the category of cause of the current status.
-                      It is intended to be used in concise output, such as one-line
-                      kubectl get output, and in summarizing occurrences of causes.
-                    type: string
-                  status:
-                    type: string
-                  type:
-                    description: "ConditionType is the type of the condition and is
-                      typically a CamelCased word or short phrase. \n Condition types
-                      should indicate state in the \"abnormal-true\" polarity. For
-                      example, if the condition indicates when a policy is invalid,
-                      the \"is valid\" case is probably the norm, so the condition
-                      should be called \"Invalid\"."
-                    type: string
-                required:
-                - status
-                - type
-                type: object
-              type: array
+              type: Any
             lastSyncSuccessTime:
               description: LastSyncSuccessTime represents the time last synchronization
                 completed successfully

config/default/kustomization.yaml

@@ -16,6 +16,7 @@ bases:
 - ../crd
 - ../rbac
 - ../manager
+- serviceaccount.yaml
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- ../webhook
@@ -29,6 +30,7 @@ patchesStrategicMerge:
   # If you want your controller-manager to expose the /metrics
   # endpoint w/o any authn/z, please comment the following line.
 - manager_auth_proxy_patch.yaml
+- serviceaccount_patch.yaml
 
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml

config/default/serviceaccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: controller-manager
+  namespace: system

config/default/serviceaccount_patch.yaml

@@ -0,0 +1,9 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      serviceAccountName: controller-manager

config/manager/kustomization.yaml

@@ -5,4 +5,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: quay.io/redhat-cop/group-sync-operator
-  newTag: v0.0.7
+  newTag: v0.0.8

config/manifests/bases/group-sync-operator.clusterserviceversion.yaml

@@ -3,9 +3,16 @@ kind: ClusterServiceVersion
 metadata:
   annotations:
     alm-examples: '[]'
-    capabilities: Basic Install
+    capabilities: Full Lifecycle
+    categories: Security
+    certified: "false"
+    containerImage: quay.io/redhat-cop/group-sync-operator:latest
+    createdAt: "2020-12-17T13:26:12Z"
+    description: Synchronize groups and users from external providers
     operators.operatorframework.io/builder: operator-sdk-v1.2.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v2
+    repository: https://github.com/redhat-cop/group-sync-operator
+    support: Red Hat Community of Practice
   name: group-sync-operator.vX.Y.Z
   namespace: placeholder
 spec:
@@ -389,7 +396,7 @@ spec:
 
     ## Overview
 
-    The OpenShift Container Platform contains functionality to synchronize groups found in external identity providers into the platform. Currently, this functionality is limited to LDAP only. This operator is designed to integrate with external providers in order to provide new solutions.
+    The OpenShift Container Platform contains functionality to synchronize groups found in external identity providers into the platform. Currently, the functionality that is included in OpenShift to limited to synchronizing LDAP only. This operator is designed to integrate with external providers in order to provide new solutions.
 
     Group Synchronization is facilitated by creating a `GroupSync` resource. The following describes the high level schema for this resource:
 
@@ -809,6 +816,53 @@ spec:
     mediatype: image/png
   install:
     spec:
+      clusterPermissions:
+      - rules:
+        - apiGroups:
+          - ""
+          resources:
+          - events
+          verbs:
+          - get
+          - list
+          - watch
+          - create
+          - patch
+        - apiGroups:
+          - ""
+          resources:
+          - secrets
+          verbs:
+          - get
+          - list
+          - watch
+        - apiGroups:
+          - user.openshift.io
+          resources:
+          - groups
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        - apiGroups:
+          - redhatcop.redhat.io
+          resources:
+          - groupsyncs
+          - groupsyncs/status
+          - groupsyncs/finalizers
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        serviceAccountName: controller-manager
       deployments: null
     strategy: ""
   installModes:
@@ -834,6 +888,5 @@ spec:
   maturity: alpha
   provider:
     name: Red Hat Community of Practice
-    url: https://redhat-cop.github.io/
   replaces: 0.0.6
   version: 0.0.0

config/rbac/role_binding.yaml

@@ -8,5 +8,5 @@ roleRef:
   name: manager-role
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: controller-manager
   namespace: system