ROX-19820: Address feedback from gitops meeting

[ludydoo]

Description

ROX-19820

Addressing issues and feedback from the gitops meeting

• Do not use templating for specifying the CRD base url.Directly specify as such. Simpler than using a template.
• Add flags disableCentralReconciler and disableSecuredClusterReconciler on the operator
• Drop Git References. Necessary to accommodate the Dogfood instance. The gitRef abstraction is not sufficient/flexible enough.
• align the gitops operator config with the helm values

Checklist (Definition of Done)

• Unit and integration tests added
• Added test description under Test manual
• Documentation added if necessary (i.e. changes to dev setup, test execution, ...)
• CI and all relevant tests are passing
• Add the ticket number to the PR title if available, i.e. ROX-12345: ...
• Discussed security and business related topics privately. Will move any security and business related topics that arise to private communication channel.
• Add secret to app-interface Vault or Secrets Manager if necessary
• RDS changes were e2e tested manually
• Check AWS limits are reasonable for changes provisioning new resources

Test manual

TODO: Add manual testing efforts

# To run tests locally run:
make db/teardown db/setup db/migrate
make ocm/setup OCM_OFFLINE_TOKEN=<ocm-offline-token> OCM_ENV=development
make verify lint binary test test/integration

[ludydoo]

moved checking that 2 operators were deployed before asserting their properties

[ludydoo]

moved checking that only 1 operator deployment is present before asserting its properties

[ludydoo]

Added an assertion to check the presence of 1 operator deployment

[ludydoo]

there will be both a centralLabelSelector and securedClusterLabelSelector hence the renaming

[ludydoo]

Moved to validation.go with all validation methods

[ludydoo]

Changed to map[string]interface{} so that it is compatible with helm values

[ludydoo]

Added getters to simplify accessing properties of the map[string]interface{} with known keys

[ludydoo]

Per feedback that raw urls were preferrable

[ludydoo]

Removed as this is now a []string

[ludydoo]

Moved to validation_test.go

[ludydoo]

Moved validation logic to validation.go

[kurlov]

Looks nice!

[kurlov]

nit: dots are allowed in deployment name if they are not in the end

[ludydoo]

waaat?

[kurlov]

I meant that rhacs-operator-4.2.0 is a valid deployment name but rhacs-operator-4.2.0. is not

[kurlov]

Just a thought: Should we replace list of URLs with two values? CentralCRDURL and SecuredClusterCRDURL

[ludydoo]

I don't mind either way

[ludydoo]

Though, this will get passed to helm directly. Its function is not to install CRDs per se, but it can install any yaml resource.

• Rename to additionalResources, and allow any yaml to be specified there.
• Either keep CrdUrls or split into CentralCRDUrl or SecuredClusterCRDUrl, and validate that these files actually contain only 1 valid kind: CustomResourceDefinition

[SimonBaeumer]

Great job here @ludydoo and @kurlov 👊

[SimonBaeumer]

nit: instead of disableSecuredClusterReconciler it should be securedClusterReconcilerEnabled: false. Double-negations are often done wrong.
Fred and me had it yesterday where we wanted to enable delegated scanning but disabled it:
ROX_DELEGATED_SCANNING_DISABLED=true.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kurlov, ludydoo, SimonBaeumer

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [SimonBaeumer,kurlov]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment