[release-4.8] Bug 1977342: Fix obfuscation translation table secret 4.8

.editorconfig

@@ -18,4 +18,7 @@ indent_style = tab
 indent_style = tab
 
 [*.go]
-indent_style = tab
+indent_style = tab
+
+[*.yaml]
+indent_size = 2

manifests/03-clusterrole.yaml

@@ -228,31 +228,40 @@ kind: Role
 metadata:
   name: insights-operator-obfuscation-secret
   namespace: openshift-insights
+  annotations:
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/single-node-developer: "true"
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - create
-  - update
-  - delete
+  - apiGroups:
+      - ''
+    resources:
+      - secrets
+    verbs:
+      - create
+      - get
+      - watch
+      - list
+      - delete
+      - update
 
 ---
-apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: insights-operator-obfuscation-secret
   namespace: openshift-insights
+  annotations:
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/single-node-developer: "true"
+subjects:
+  - kind: ServiceAccount
+    name: operator
+    namespace: openshift-insights
 roleRef:
   kind: Role
   name: insights-operator-obfuscation-secret
-subjects:
-- kind: ServiceAccount
-  name: gather
-  namespace: openshift-insights
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1

manifests/image-references

@@ -3,6 +3,6 @@ apiVersion: image.openshift.io/v1
 spec:
   tags:
   - name: insights-operator
-    from: 
+    from:
       kind: "DockerImage"
       name: "quay.io/openshift/origin-insights-operator:latest"

pkg/anonymization/anonymizer.go

@@ -113,6 +113,7 @@ func NewAnonymizer(clusterBaseDomain string, networks []string, secretsClient co
 func NewAnonymizerFromConfigClient(
 	ctx context.Context,
 	kubeClient kubernetes.Interface,
+	gatherKubeClient kubernetes.Interface,
 	configClient configv1client.ConfigV1Interface,
 	networkClient networkv1client.NetworkV1Interface,
 ) (*Anonymizer, error) {
@@ -135,7 +136,7 @@ func NewAnonymizerFromConfigClient(
 	networks = append(networks, networksConfig.Spec.ExternalIP.Policy.AllowedCIDRs...)
 	networks = append(networks, networksConfig.Spec.ExternalIP.Policy.RejectedCIDRs...)
 
-	clusterConfigV1, err := kubeClient.CoreV1().ConfigMaps("kube-system").Get(ctx, "cluster-config-v1", metav1.GetOptions{})
+	clusterConfigV1, err := gatherKubeClient.CoreV1().ConfigMaps("kube-system").Get(ctx, "cluster-config-v1", metav1.GetOptions{})
 	if err != nil {
 		return nil, err
 	}
@@ -183,24 +184,29 @@ func NewAnonymizerFromConfigClient(
 
 // NewAnonymizerFromConfig creates a new instance of anonymizer with a provided kubeconfig
 func NewAnonymizerFromConfig(
-	ctx context.Context, kubeConfig *rest.Config, protoKubeConfig *rest.Config,
+	ctx context.Context, gatherKubeConfig *rest.Config, gatherProtoKubeConfig *rest.Config, protoKubeConfig *rest.Config,
 ) (*Anonymizer, error) {
 	kubeClient, err := kubernetes.NewForConfig(protoKubeConfig)
 	if err != nil {
 		return nil, err
 	}
 
-	configClient, err := configv1client.NewForConfig(kubeConfig)
+	gatherKubeClient, err := kubernetes.NewForConfig(gatherProtoKubeConfig)
 	if err != nil {
 		return nil, err
 	}
 
-	networkClient, err := networkv1client.NewForConfig(kubeConfig)
+	configClient, err := configv1client.NewForConfig(gatherKubeConfig)
 	if err != nil {
 		return nil, err
 	}
 
-	return NewAnonymizerFromConfigClient(ctx, kubeClient, configClient, networkClient)
+	networkClient, err := networkv1client.NewForConfig(gatherKubeConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewAnonymizerFromConfigClient(ctx, kubeClient, gatherKubeClient, configClient, networkClient)
 }
 
 // AnonymizeMemoryRecord takes record.MemoryRecord, removes the sensitive data from it and returns the same object

pkg/anonymization/anonymizer_test.go

@@ -318,6 +318,7 @@ func TestAnonymizer_NewAnonymizerFromConfigClient(t *testing.T) {
 	anonymizer, err := NewAnonymizerFromConfigClient(
 		context.TODO(),
 		kubeClient,
+		kubeClient,
 		configClient,
 		networkClient,
 	)

pkg/controller/gather_job.go

@@ -69,7 +69,7 @@ func (d *GatherJob) Gather(ctx context.Context, kubeConfig, protoKubeConfig *res
 	var anonymizer *anonymization.Anonymizer
 	if anonymization.IsObfuscationEnabled(configObserver) {
 		// anonymizer is responsible for anonymizing sensitive data, it can be configured to disable specific anonymization
-		anonymizer, err = anonymization.NewAnonymizerFromConfig(ctx, gatherKubeConfig, gatherProtoKubeConfig)
+		anonymizer, err = anonymization.NewAnonymizerFromConfig(ctx, gatherKubeConfig, gatherProtoKubeConfig, protoKubeConfig)
 		if err != nil {
 			return err
 		}

pkg/controller/operator.go

@@ -106,7 +106,7 @@ func (s *Operator) Run(ctx context.Context, controller *controllercmd.Controller
 	var anonymizer *anonymization.Anonymizer
 	if anonymization.IsObfuscationEnabled(configObserver) {
 		// anonymizer is responsible for anonymizing sensitive data, it can be configured to disable specific anonymization
-		anonymizer, err = anonymization.NewAnonymizerFromConfig(ctx, gatherKubeConfig, gatherProtoKubeConfig)
+		anonymizer, err = anonymization.NewAnonymizerFromConfig(ctx, gatherKubeConfig, gatherProtoKubeConfig, controller.ProtoKubeConfig)
 		if err != nil {
 			// in case of an error anonymizer will be nil and anonymization will be just skipped
 			klog.Errorf(anonymization.UnableToCreateAnonymizerErrorMessage, err)

pkg/gatherers/clusterconfig/clusterconfig_gatherer.go

@@ -46,7 +46,7 @@ func failableFunc(function gathererFuncPtr) gatheringFunction {
 }
 
 var gatheringFunctions = map[string]gatheringFunction{
-	"pdbs":                              importantFunc((*Gatherer).GatherPodDisruptionBudgets),
+	"pdbs":                              failableFunc((*Gatherer).GatherPodDisruptionBudgets),
 	"metrics":                           failableFunc((*Gatherer).GatherMostRecentMetrics),
 	"operators":                         importantFunc((*Gatherer).GatherClusterOperators),
 	"operators_pods_and_events":         importantFunc((*Gatherer).GatherClusterOperatorPodsAndEvents),