fix: Let pubsub config controller only watch specified configmap

[Mattes83]

Signed-off-by: Matthias Teich [email protected]

What this PR does / why we need it:
Currently the pubsub config controller logs errors about every configmap located in the gatekeeper namespace which does not have a provider field. This should be limited to the configmap which is configured via audit-connection flag.

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):
Fixes #

Special notes for your reviewer:

[maxsmythe]

Thanks for the PR!

This works for the current story of "pubsub only for audit", but will get more complicated when we allow multiple pubsub configs.

@JaydipGabani this is another argument for having a dedicated K8s kind for configuring pubsub (in addition to RBAC and avoiding unnecessary caching of configmaps). Is that something we are working on?

[Mattes83]

I guess using a CRD here is a good idea!
The CR could reference a secret for connection credentials. Currently for eg a RabbitMQ Stream I'd have to write a connectionstring with credentials into a configmap.

[JaydipGabani]

Thanks for the PR!

This works for the current story of "pubsub only for audit", but will get more complicated when we allow multiple pubsub configs.

@JaydipGabani this is another argument for having a dedicated K8s kind for configuring pubsub (in addition to RBAC and avoiding unnecessary caching of configmaps). Is that something we are working on?

I am not actively working on this right now, but we can discuss this again in a community meeting and figure out a road map from there if we want to. I have opened up an issue for this one though - #2802

[codecov-commenter]

Codecov Report

Attention: 5 lines in your changes are missing coverage. Please review.

Comparison is base (f905e30) 52.51% compared to head (3e6f97d) 52.57%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2959      +/-   ##
==========================================
+ Coverage   52.51%   52.57%   +0.05%     
==========================================
  Files         134      134              
  Lines       11886    11886              
==========================================
+ Hits         6242     6249       +7     
+ Misses       5154     5149       -5     
+ Partials      490      488       -2     

Flag	Coverage Δ
unittests	52.57% <0.00%> (+0.05%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
pkg/audit/manager.go	9.83% <0.00%> (ø)
pkg/controller/pubsub/pubsub_config_controller.go	12.50% <0.00%> (ø)

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ritazh]

Per last community call, we want to support pubsub configs as a CRD eventually, but in the meantime, let's get this PR reviewed and merged first to reduce impact on users.

[ritazh]

Please check nil before dereferencing
e.g. AuditConnection != nil && e.Object.GetName() == *AuditConnection

[Mattes83]

I rebased and added the nil checks

[JaydipGabani]

@Mattes83 Please signoff commits to resolve CI error to merge the PR

[sozercan]

ping @Mattes83

[sozercan]

@Mattes83 looks like DCO is missing, can you add this when you get a chance please? https://open-policy-agent.github.io/gatekeeper/website/docs/help/#developer-certification-of-origin-dco

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

[ritazh]

@Mattes83 are you still interested in this PR? How can we help?