🪛 permissions to update kuadrant finalizer 🔙

[eguzki]

What

On Openshift, when the Kuadrant CR is created, limitador and authorino are not deployed. On trying to create limitador and authorino resources, the operator logs the error:

{"level":"error","ts":"2024-11-11T16:57:46Z","logger":"kuadrant-operator.AuthorinoReconciler","msg":"failed to create authorino resource","status":"error","error":"authorinos.operator.authorino.kuadrant.io \"authorino\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>","stacktrace":"github.com/kuadrant/kuadrant-operator/controllers.(*AuthorinoReconciler).Reconcile\n\t/remote-source/app/controllers/authorino_reconciler.go:112\ngithub.com/kuadrant/policy-machinery/controller.Subscription.Reconcile\n\t/remote-source/deps/gomod/pkg/mod/github.com/kuadrant/policy-machinery@v0.6.4/controller/subscriber.go:34\ngithub.com/kuadrant/policy-machinery/controller.(*Workflow).Run.func1\n\t/remote-source/deps/gomod/pkg/mod/github.com/kuadrant/policy-machinery@v0.6.4/controller/workflow.go:42\ngolang.org/x/sync/errgroup.(*Group).Go.func1\n\t/remote-source/deps/gomod/pkg/mod/golang.org/x/sync@v0.8.0/errgroup/errgroup.go:78"}

Important bits:

authorinos.operator.authorino.kuadrant.io \"authorino\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on

Openshift has admission controller that rejects adding ownerefs with blockOwnerDeletion: true when the controller does not have permission to add finalizer on the owner object.

In the PR https://github.com/Kuadrant/kuadrant-operator/pull/992 a 🐛 🪲 was introduced, creating a regression, which removed permissions to add finalizers to Kuadrant CR's. Thus, the operator cannot create resources with ownerrefs to Kuadrant CR like the Limtador CR and Authorino CR managed by the operator.

This PR adds the permissions to update finalizers on the Kuadrant CR.

Additionally, the Kuadrant CR status it does not reported the error (the creation of limitador and authorino CR's fail) and reports "READY". It is left as TODO to fix the error reporting, catching error on creating limitador and authorino resources and report back on the status.

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 83.89%. Comparing base (cc1b41f) to head (724e7a1). Report is 21 commits behind head on main.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1003 +/- ## ========================================== + Coverage 76.15% 83.89% +7.74% ========================================== Files 111 81 -30 Lines 8986 6632 -2354 ========================================== - Hits 6843 5564 -1279 + Misses 1852 857 -995 + Partials 291 211 -80 ``` | [Flag](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | Coverage Δ | | |---|---|---| | [bare-k8s-integration](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `14.64% <ø> (+3.77%)` | :arrow_up: | | [controllers-integration](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `76.45% <ø> (+17.59%)` | :arrow_up: | | [envoygateway-integration](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `41.13% <ø> (+8.63%)` | :arrow_up: | | [gatewayapi-integration](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `16.29% <ø> (+2.85%)` | :arrow_up: | | [istio-integration](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `43.56% <ø> (+9.23%)` | :arrow_up: | | [unit](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `17.03% <ø> (-8.34%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant#carryforward-flags-in-the-pull-request-comment) to find out more. | [Components](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/components?src=pr&el=components&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | Coverage Δ | | |---|---|---| | [api/v1beta1 (u)](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `90.00% <100.00%> (-2.19%)` | :arrow_down: | | [api/v1beta2 (u)](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `∅ <ø> (∅)` | | | [pkg/common (u)](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `∅ <ø> (∅)` | | | [pkg/istio (u)](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `62.06% <ø> (+15.03%)` | :arrow_up: | | [pkg/log (u)](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `93.18% <ø> (ø)` | | | [pkg/reconcilers (u)](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `24.67% <ø> (∅)` | | | [pkg/rlptools (u)](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `∅ <ø> (∅)` | | | [controllers (i)](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `86.75% <91.24%> (+2.33%)` | :arrow_up: | | [Files with missing lines](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | Coverage Δ | | |---|---|---| | [controllers/state\_of\_the\_world.go](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003?src=pr&el=tree&filepath=controllers%2Fstate_of_the_world.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant#diff-Y29udHJvbGxlcnMvc3RhdGVfb2ZfdGhlX3dvcmxkLmdv) | `92.19% <ø> (+0.02%)` | :arrow_up: | ... and [24 files with indirect coverage changes](https://app.codecov.io/gh/Kuadrant/kuadrant-operator/pull/1003/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant)

[guicassolato]

Nice catch, @eguzki. Thank you!

Maybe make generate manifests bundle helm-build

[eguzki]

I always forget helm charts :facepalm:

[eguzki]

Happy that I added a test to blame me