feat : Valid (SingleNamespaced) Operator Installation in tenant namespace

CATALOG.md

@@ -7,7 +7,7 @@ Depending on the workload type, not all tests are required to pass to satisfy be
 
 ## Test cases summary
 
-### Total test cases: 117
+### Total test cases: 118
 
 ### Total suites: 10
 
@@ -19,7 +19,7 @@ Depending on the workload type, not all tests are required to pass to satisfy be
 |manageability|2|
 |networking|12|
 |observability|5|
-|operator|11|
+|operator|12|
 |performance|6|
 |platform-alteration|13|
 |preflight|18|
@@ -36,11 +36,11 @@ Depending on the workload type, not all tests are required to pass to satisfy be
 |---|---|
 |8|1|
 
-### Non-Telco specific tests only: 69
+### Non-Telco specific tests only: 70
 
 |Mandatory|Optional|
 |---|---|
-|43|26|
+|44|26|
 
 ### Telco specific tests only: 27
 
@@ -1298,6 +1298,22 @@ Tags|common,operator
 |Non-Telco|Optional|
 |Telco|Optional|
 
+#### operator-only-single-namespace-mode-allowed-in-tenant-namespaces
+
+Property|Description
+---|---
+Unique ID|operator-only-single-namespace-mode-allowed-in-tenant-namespaces
+Description|Verifies that only single-namespace operators are installed in a tenant-dedicated namespace. The test fails if this namespace contains all-namespaced operators, cluster-wide operators, or pods unrelated to any operator.
+Suggested Remediation|Ensure that operator with install mode SingleNamespace only is installed in the tenant namespace. Any other operator with install mode AllNamespace, cluster-wide operator or pods not belonging to any operator must not be present in this namespace.
+Best Practice Reference|https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-cnf-operator-requirements
+Exception Process|No exceptions
+Tags|common,operator
+|**Scenario**|**Optional/Mandatory**|
+|Extended|Mandatory|
+|Far-Edge|Mandatory|
+|Non-Telco|Mandatory|
+|Telco|Mandatory|
+
 #### operator-pods-no-hugepages
 
 Property|Description

Makefile

@@ -83,7 +83,7 @@ lint:
 	typos
 	markdownlint '**/*.md'
 	yamllint --no-warnings .
-	shellcheck --format=gcc ${BASH_SCRIPTS}
+	shellcheck --nocomments --format=gcc ${BASH_SCRIPTS}
 
 # Builds and runs unit tests
 test: coverage-qe

expected_results.yaml

@@ -59,6 +59,13 @@ testCases:
     - observability-termination-policy
     - operator-crd-versioning
     - operator-crd-openapi-schema
+    - operator-install-source
+    - operator-install-status-no-privileges
+    - operator-install-status-succeeded
+    - operator-semantic-versioning
+    - operator-single-crd-owner
+    - operator-pods-no-hugepages
+    - operator-multiple-same-operators
     - performance-exclusive-cpu-pool
     - performance-max-resources-exec-probes
     - platform-alteration-isredhat-release
@@ -81,6 +88,7 @@ testCases:
     - operator-install-status-no-privileges
     - operator-install-status-succeeded
     - operator-olm-skip-range
+    - operator-only-single-namespace-mode-allowed-in-tenant-namespaces
     - operator-semantic-versioning
     - operator-single-crd-owner
     - operator-pods-no-hugepages

pkg/autodiscover/autodiscover_operators.go

@@ -135,6 +135,7 @@ func getAllNamespaces(oc corev1client.CoreV1Interface) (allNs []string, err erro
 	}
 	return allNs, nil
 }
+
 func getAllOperators(olmClient v1alpha1.OperatorsV1alpha1Interface) ([]*olmv1Alpha.ClusterServiceVersion, error) {
 	csvs := []*olmv1Alpha.ClusterServiceVersion{}
 

pkg/stringhelper/stringhelper.go

@@ -22,9 +22,9 @@ import (
 )
 
 // StringInSlice checks a slice for a given string.
-func StringInSlice[T ~string](s []T, str T, contains bool) bool {
+func StringInSlice[T ~string](s []T, str T, containsCheck bool) bool {
 	for _, v := range s {
-		if !contains {
+		if !containsCheck {
 			if strings.TrimSpace(string(v)) == string(str) {
 				return true
 			}

pkg/stringhelper/stringhelper_test.go

@@ -72,6 +72,22 @@ func TestStringInSlice(t *testing.T) {
 			containsFeature: false, // Note: Turn 'off' the contains check
 			expected:        false,
 		},
+		{
+			testSlice: []string{
+				"oneapple",
+			},
+			testString:      "apple",
+			containsFeature: false, // Note: Turn 'off' the contains check
+			expected:        false,
+		},
+		{
+			testSlice: []string{
+				"apples",
+			},
+			testString:      "twoapples",
+			containsFeature: false, // Note: Turn 'off' the contains check
+			expected:        false,
+		},
 	}
 
 	for _, tc := range testCases {
@@ -126,6 +142,14 @@ func TestStringInSlice_other(t *testing.T) {
 			containsFeature: false, // Note: Turn 'off' the contains check
 			expected:        false,
 		},
+		{
+			testSlice: []otherString{
+				"intreeintreeintree",
+			},
+			testString:      "intree",
+			containsFeature: false, // Note: Turn 'off' the contains check
+			expected:        false,
+		},
 	}
 
 	for _, tc := range testCases {

tests/identifiers/doclinks.go

@@ -102,22 +102,24 @@ const (
 	TestRtAppNoExecProbesDocLink                = NoDocLinkFarEdge
 
 	// Operator Test Suite
-	DocOperatorRequirement                                = "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-cnf-operator-requirements"
-	TestOperatorInstallStatusSucceededIdentifierDocLink   = DocOperatorRequirement
-	TestOperatorNoPrivilegesDocLink                       = DocOperatorRequirement
-	TestOperatorIsCertifiedIdentifierDocLink              = DocOperatorRequirement
-	TestOperatorIsInstalledViaOLMIdentifierDocLink        = DocOperatorRequirement
-	TestOperatorHasSemanticVersioningIdentifierDocLink    = DocOperatorRequirement
-	TestOperatorCrdSchemaIdentifierDocLink                = DocOperatorRequirement
-	TestOperatorCrdVersioningIdentifierDocLink            = DocOperatorRequirement
-	TestOperatorSingleCrdOwnerIdentifierDocLink           = DocOperatorRequirement
-	TestOperatorRunAsNonRootDocLink                       = DocOperatorRequirement
-	TestOperatorAutomountTokensDocLink                    = DocOperatorRequirement
-	TestOperatorReadOnlyFilesystemDocLink                 = DocOperatorRequirement
-	TestOperatorPodsNoHugepagesDocLink                    = DocOperatorRequirement
-	TestOperatorCatalogSourceBundleCountIdentifierDocLink = DocOperatorRequirement
-	TestOperatorOlmSkipRangeDocLink                       = DocOperatorRequirement
-	TestMultipleSameOperatorsIdentifierDocLink            = DocOperatorRequirement
+	DocOperatorRequirement                                           = "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-cnf-operator-requirements"
+	TestOperatorInstallStatusSucceededIdentifierDocLink              = DocOperatorRequirement
+	TestOperatorNoPrivilegesDocLink                                  = DocOperatorRequirement
+	TestOperatorIsCertifiedIdentifierDocLink                         = DocOperatorRequirement
+	TestOperatorIsInstalledViaOLMIdentifierDocLink                   = DocOperatorRequirement
+	TestSingleNamespacedOperatorInstallationInTenantNamespaceDocLink = DocOperatorRequirement
+	TestOperatorHasSemanticVersioningIdentifierDocLink               = DocOperatorRequirement
+	TestOperatorCrdSchemaIdentifierDocLink                           = DocOperatorRequirement
+	TestOperatorCrdVersioningIdentifierDocLink                       = DocOperatorRequirement
+	TestOperatorSingleCrdOwnerIdentifierDocLink                      = DocOperatorRequirement
+	TestOperatorRunAsUserIDDocLink                                   = DocOperatorRequirement
+	TestOperatorRunAsNonRootDocLink                                  = DocOperatorRequirement
+	TestOperatorAutomountTokensDocLink                               = DocOperatorRequirement
+	TestOperatorReadOnlyFilesystemDocLink                            = DocOperatorRequirement
+	TestOperatorPodsNoHugepagesDocLink                               = DocOperatorRequirement
+	TestOperatorCatalogSourceBundleCountIdentifierDocLink            = DocOperatorRequirement
+	TestOperatorOlmSkipRangeDocLink                                  = DocOperatorRequirement
+	TestMultipleSameOperatorsIdentifierDocLink                       = DocOperatorRequirement
 
 	// Observability Test Suite
 	TestLoggingIdentifierDocLink                            = "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-logging"