can't load security-profiles-operator as dependancy of another operator

[Billy99]

What type of PR is this?

/kind bug

What this PR does / why we need it:

For #2699
When loaded through OperatorHub as a dependency of another operator, security-profiles-operator is loaded in the namespace of the other operator. When this happens, any created SelinuxProfile stays in the Pending State.

It appears that the function getDS() is searching for the DaemonSet with a label of "spod". However, the r.client.List() call is returning all DaemonSets in the Namespace and bailing because it found more than one.

This commit changes the logic to call Get() instead of GetList().

While trying to verify the above, ran into issues with the move of SelinuxProfile from namespace scoped to cluster scoped (#2745). Recently SelinuxProfile was moved from Namespace scoped to cluster scoped. Some of the code was still using the Namespace as part of the generation of the "Usage" string. The Namespace was blank, so the usage string just ended in an "_", something like "policyName_.process". However, workloadannotator was using the application pods namespace and the code to strip the "_namspace.process" off the usage string to get the actual profile name was failing. So just removed all the logic was appending "_namespace" to the profile name in the Usage since namespace is no longer used.

Which issue(s) this PR fixes:

Fixes #2699
Fixes #2745

Does this PR have test?

No, but the linked issues describe how to reproduce.

Special notes for your reviewer:

Does this PR introduce a user-facing change?

The Usage should no longer have an "_" after the profile name.

[k8s-ci-robot]

Welcome @Billy99!

It looks like this is your first PR to kubernetes-sigs/security-profiles-operator 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/security-profiles-operator has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @Billy99. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[saschagrunert]

/ok-to-test

[saschagrunert]

/lgtm cancel

CI is not happy:

internal/pkg/manager/nodestatus/nodestatus.go:268:3: return with no blank line before (nlreturn)
		return nil, fmt.Errorf("cannot Get DS: %w", err)

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 11.11111% with 8 lines in your changes missing coverage. Please review.

Project coverage is 23.31%. Comparing base (11d77f4) to head (03083bb).
Report is 743 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #2746       +/-   ##
===========================================
- Coverage   45.50%   23.31%   -22.19%     
===========================================
  Files          79      117       +38     
  Lines        7782    19711    +11929     
===========================================
+ Hits         3541     4596     +1055     
- Misses       4099    14897    +10798     
- Partials      142      218       +76     

[saschagrunert]

@Billy99 do you mind fixing the commit message?

[Billy99]

@Billy99 do you mind fixing the commit message?

Sure, what would you like fixed?

[saschagrunert]

Keywords which can automatically close issues and at(@) or hashtag(#) mentions are not allowed in commit messages.

The list of commits with invalid commit messages:

• 5d27dc8 can't load security-profiles-operator as dependancy of another operator
• 1a64f22 after moving to cluster scoped, namesapce still used

@Billy99 👆

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Billy99, ccojocar, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ccojocar,saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Billy99]

@saschagrunert On Friday e2e-seccomp-profile was failing, but today e2e-ubuntu is failing. Is there something with my code I need to be investigating or is this typical for a PR merging?

[saschagrunert]

@Billy99 this looks like a flake, let me restart the test