Refactoring

CATALOG.md

@@ -7,7 +7,7 @@ Depending on the workload type, not all tests are required to pass to satisfy be
 
 ## Test cases summary
 
-### Total test cases: 116
+### Total test cases: 117
 
 ### Total suites: 10
 
@@ -19,7 +19,7 @@ Depending on the workload type, not all tests are required to pass to satisfy be
 |manageability|2|
 |networking|12|
 |observability|5|
-|operator|10|
+|operator|11|
 |performance|6|
 |platform-alteration|13|
 |preflight|17|
@@ -36,11 +36,11 @@ Depending on the workload type, not all tests are required to pass to satisfy be
 |---|---|
 |8|1|
 
-### Non-Telco specific tests only: 68
+### Non-Telco specific tests only: 69
 
 |Mandatory|Optional|
 |---|---|
-|43|25|
+|44|25|
 
 ### Telco specific tests only: 27
 
@@ -1346,6 +1346,22 @@ Tags|common,operator
 |Non-Telco|Mandatory|
 |Telco|Mandatory|
 
+#### operator-valid-installation-tenant-namespace
+
+Property|Description
+---|---
+Unique ID|operator-valid-installation-tenant-namespace
+Description|Tests whether operator installation is valid in tenant namespace.
+Suggested Remediation|Ensure that operator with install mode SingleNamespace only is installed in the tenant namespace.
+Best Practice Reference|https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-cnf-operator-requirements
+Exception Process|No exceptions
+Tags|common,operator
+|**Scenario**|**Optional/Mandatory**|
+|Extended|Mandatory|
+|Far-Edge|Mandatory|
+|Non-Telco|Mandatory|
+|Telco|Mandatory|
+
 ### performance
 
 #### performance-exclusive-cpu-pool

tests/operator/helper.go

@@ -23,6 +23,7 @@ package operator
 import (
 	"strings"
 
+	v1 "github.com/operator-framework/api/pkg/operators/v1"
 	"github.com/operator-framework/api/pkg/operators/v1alpha1"
 )
 
@@ -50,11 +51,33 @@ func SplitCsv(csv string) CsvResult {
 	return result
 }
 
-func IsInstallModeSingleNamespace(installModes []v1alpha1.InstallMode) bool {
+func isInstallModeSingleNamespace(installModes []v1alpha1.InstallMode) bool {
 	for i := 0; i < len(installModes); i++ {
 		if installModes[i].Type == v1alpha1.InstallModeTypeSingleNamespace {
 			return true
 		}
 	}
 	return false
 }
+
+func findOperatorGroup(name, namespace string, groups []*v1.OperatorGroup) *v1.OperatorGroup {
+	for _, group := range groups {
+		if group.Name == name && group.Namespace == namespace {
+			return group
+		}
+	}
+	return nil
+}
+
+func checkOperatorInstallationCompliance(operatorGroup *v1.OperatorGroup, operatorNamespace string, targetNamespaces []string, isSingleNamespaceInstallMode bool) bool {
+	opGroupTargetNamespaces := operatorGroup.Spec.TargetNamespaces
+	if isSingleNamespaceInstallMode {
+		return len(opGroupTargetNamespaces) == 1 && len(targetNamespaces) == 1 && opGroupTargetNamespaces[0] == targetNamespaces[0]
+	}
+	for _, ns := range opGroupTargetNamespaces {
+		if ns == operatorNamespace {
+			return false
+		}
+	}
+	return true
+}

tests/operator/suite.go

@@ -17,6 +17,7 @@
 package operator
 
 import (
+	"fmt"
 	"strings"
 
 	"github.com/redhat-best-practices-for-k8s/certsuite/tests/common"
@@ -28,8 +29,6 @@ import (
 	"github.com/redhat-best-practices-for-k8s/certsuite/pkg/provider"
 	"github.com/redhat-best-practices-for-k8s/certsuite/pkg/testhelper"
 	"github.com/redhat-best-practices-for-k8s/certsuite/pkg/versions"
-
-	v1 "github.com/operator-framework/api/pkg/operators/v1"
 )
 
 var (
@@ -141,59 +140,38 @@ func testOperatorInstallationInTenantNamespace(check *checksdb.Check,
 	var nonCompliantObjects []*testhelper.ReportObject
 
 	for _, operator := range env.Operators {
-		check.LogInfo("Checking crd %s in namespace %s ", operator.Name, operator.Namespace)
+		check.LogInfo("Checking operator %s in namespace %s ", operator.Name, operator.Namespace)
 
 		csv := operator.Csv
 
 		operatorNamespace := csv.Annotations["olm.operatorNamespace"]
-		operatorGroupName := csv.Annotations["olm.operatorGroup"]
-
 		targetNamespacesStr := csv.Annotations["olm.targetNamespaces"]
 		operatorTargetNamespaces := strings.Split(targetNamespacesStr, ",")
-		check.LogInfo("operatorNamespace %s, targetNamespaces %v", operatorNamespace, operatorTargetNamespaces)
+		operatorGroup := findOperatorGroup(csv.Annotations["olm.operatorGroup"], operator.Namespace, env.OperatorGroups)
 
-		var operatorGroup *v1.OperatorGroup
-		for _, opGroup := range env.OperatorGroups {
-			if opGroup.Name == operatorGroupName && opGroup.Namespace == operator.Namespace {
-				operatorGroup = opGroup
-				break
-			}
-		}
+		check.LogInfo("operatorNamespace %s, targetNamespaces %v, operatorGroup %s", operatorNamespace,
+			operatorTargetNamespaces, operatorGroup.Name)
 
-		opGroupTargetNamespaces := operatorGroup.Spec.TargetNamespaces // array of strings
-
-		if IsInstallModeSingleNamespace(csv.Spec.InstallModes) {
-			// checks opgroup targetnamespace matches with csv targetnamespace
-			if len(opGroupTargetNamespaces) == 1 && len(operatorTargetNamespaces) == 1 {
-				if opGroupTargetNamespaces[0] == operatorTargetNamespaces[0] {
-					check.LogInfo("Operator %s with SingleInstallMode is installed in tenant namespace ", operator.Name)
-					compliantObjects = append(compliantObjects, testhelper.NewOperatorReportObject(operator.Namespace, operator.Name,
-						"Operator with SingleInstallMode is not installed in tenant namespace ", true).AddField(testhelper.OperatorName, operator.Name))
-				} else {
-					check.LogInfo("Operator %s with SingleInstallMode is not installed in tenant namespace ", operator.Name)
-					nonCompliantObjects = append(nonCompliantObjects, testhelper.NewOperatorReportObject(operator.Namespace, operator.Name,
-						"Operator with SingleInstallMode is not installed in tenant namespace ", false).AddField(testhelper.OperatorName, operator.Name))
-				}
-			}
-		} else {
-			// The operator must not be installed inside the targetNamespaces
-			var isOperatorInstalledInTargetNamespaces bool
-			for _, opGroupTargetNamespace := range opGroupTargetNamespaces {
-				if opGroupTargetNamespace == operatorNamespace {
-					isOperatorInstalledInTargetNamespaces = true
-					break
-				}
-			}
+		isSingleNamespaceInstallMode := isInstallModeSingleNamespace(csv.Spec.InstallModes)
+		isCompliant := checkOperatorInstallationCompliance(operatorGroup, operatorNamespace, operatorTargetNamespaces, isSingleNamespaceInstallMode)
 
-			if !isOperatorInstalledInTargetNamespaces {
-				check.LogInfo("Operator %s with non-SingleInstallMode is not installed in the tenant namespace ", operator.Name)
-				compliantObjects = append(compliantObjects, testhelper.NewOperatorReportObject(operator.Namespace, operator.Name,
-					"Operator with non-SingleInstallMode is not installed in tenant namespace ", true).AddField(testhelper.OperatorName, operator.Name))
-			} else {
-				check.LogInfo("Operator %s with non-SingleInstallMode is installed in the tenant namespace ", operator.Name)
-				nonCompliantObjects = append(nonCompliantObjects, testhelper.NewOperatorReportObject(operator.Namespace, operator.Name,
-					"Operator with non-SingleInstallMode is installed in tenant namespace ", false).AddField(testhelper.OperatorName, operator.Name))
-			}
+		message := "Operator with%s is %sinstalled in tenant namespace "
+		mode := "SingleNamespace InstallMode"
+		if !isSingleNamespaceInstallMode {
+			mode = "no SingleNamespace InstallMode"
+		}
+		status := "not "
+		if isCompliant {
+			status = ""
+			msg := fmt.Sprintf(message, mode, status)
+			check.LogInfo(msg)
+			compliantObjects = append(compliantObjects, testhelper.NewOperatorReportObject(operator.Namespace, operator.Name,
+				msg, true).AddField(testhelper.OperatorName, operator.Name))
+		} else {
+			msg := fmt.Sprintf(message, mode, status)
+			check.LogInfo(msg)
+			nonCompliantObjects = append(nonCompliantObjects, testhelper.NewOperatorReportObject(operator.Namespace, operator.Name,
+				msg, false).AddField(testhelper.OperatorName, operator.Name))
 		}
 	}