PoC constructor coverage refactor

Author: tbavelier

internal/controller/datadogagent/component/agent/rbac.go

@@ -14,6 +14,49 @@ import (
 
 // RBAC for Agent
 
+var (
+	agentMetricsEndpointPolicyRule = rbacv1.PolicyRule{
+		NonResourceURLs: []string{
+			rbac.MetricsURL,
+			rbac.MetricsSLIsURL,
+		},
+		Verbs: []string{rbac.GetVerb},
+	}
+	agentFineGrainedKubeletPolicyRule = rbacv1.PolicyRule{
+		APIGroups: []string{rbac.CoreAPIGroup},
+		Resources: []string{
+			rbac.NodeMetricsResource,
+			rbac.NodeSpecResource,
+			rbac.NodeStats,
+			rbac.NodePodsResource,
+			rbac.NodeHealthzResource,
+			rbac.NodeConfigzResource,
+			rbac.NodeLogsResource,
+		},
+		Verbs: []string{rbac.GetVerb},
+	}
+	agentKubeletPolicyRule = rbacv1.PolicyRule{
+		APIGroups: []string{rbac.CoreAPIGroup},
+		Resources: []string{
+			rbac.NodeMetricsResource,
+			rbac.NodeSpecResource,
+			rbac.NodeProxyResource,
+			rbac.NodeStats,
+		},
+		Verbs: []string{rbac.GetVerb},
+	}
+	agentEndpointPolicyRule = rbacv1.PolicyRule{
+		APIGroups: []string{rbac.CoreAPIGroup},
+		Resources: []string{rbac.EndpointsResource},
+		Verbs:     []string{rbac.GetVerb},
+	}
+	agentLeaderElectionPolicyRule = rbacv1.PolicyRule{
+		APIGroups: []string{rbac.CoordinationAPIGroup},
+		Resources: []string{rbac.LeasesResource},
+		Verbs:     []string{rbac.GetVerb},
+	}
+)
+
 // GetDefaultAgentClusterRolePolicyRules returns the default policy rules for the Agent cluster role
 func GetDefaultAgentClusterRolePolicyRules(excludeNonResourceRules bool, useFineGrainedAuthorization bool) []rbacv1.PolicyRule {
 	policyRule := []rbacv1.PolicyRule{
@@ -31,55 +74,21 @@ func GetDefaultAgentClusterRolePolicyRules(excludeNonResourceRules bool, useFine
 }
 
 func getMetricsEndpointPolicyRule() rbacv1.PolicyRule {
-	return rbacv1.PolicyRule{
-		NonResourceURLs: []string{
-			rbac.MetricsURL,
-			rbac.MetricsSLIsURL,
-		},
-		Verbs: []string{rbac.GetVerb},
-	}
+	return rbac.ClonePolicyRule(agentMetricsEndpointPolicyRule)
 }
 
 func getKubeletPolicyRule(useFineGrainedAuthorization bool) rbacv1.PolicyRule {
-	var resources []string
 	if useFineGrainedAuthorization {
-		resources = []string{
-			rbac.NodeMetricsResource,
-			rbac.NodeSpecResource,
-			rbac.NodeStats,
-			rbac.NodePodsResource,
-			rbac.NodeHealthzResource,
-			rbac.NodeConfigzResource,
-			rbac.NodeLogsResource,
-		}
-	} else {
-		resources = []string{
-			rbac.NodeMetricsResource,
-			rbac.NodeSpecResource,
-			rbac.NodeProxyResource,
-			rbac.NodeStats,
-		}
+		return rbac.ClonePolicyRule(agentFineGrainedKubeletPolicyRule)
 	}
 
-	return rbacv1.PolicyRule{
-		APIGroups: []string{rbac.CoreAPIGroup},
-		Resources: resources,
-		Verbs:     []string{rbac.GetVerb},
-	}
+	return rbac.ClonePolicyRule(agentKubeletPolicyRule)
 }
 
 func getEndpointsPolicyRule() rbacv1.PolicyRule {
-	return rbacv1.PolicyRule{
-		APIGroups: []string{rbac.CoreAPIGroup},
-		Resources: []string{rbac.EndpointsResource},
-		Verbs:     []string{rbac.GetVerb},
-	}
+	return rbac.ClonePolicyRule(agentEndpointPolicyRule)
 }
 
 func getLeaderElectionPolicyRule() rbacv1.PolicyRule {
-	return rbacv1.PolicyRule{
-		APIGroups: []string{rbac.CoordinationAPIGroup},
-		Resources: []string{rbac.LeasesResource},
-		Verbs:     []string{rbac.GetVerb},
-	}
+	return rbac.ClonePolicyRule(agentLeaderElectionPolicyRule)
 }

internal/controller/datadogagent/component/clusterchecksrunner/rbac.go

@@ -17,9 +17,8 @@ import (
 
 // RBAC for Cluster Checks Runner
 
-// GetDefaultClusterChecksRunnerClusterRolePolicyRules returns the default Cluster Role Policy Rules for the Cluster Checks Runner
-func GetDefaultClusterChecksRunnerClusterRolePolicyRules(dda metav1.Object, excludeNonResourceRules bool) []rbacv1.PolicyRule {
-	policyRule := []rbacv1.PolicyRule{
+var (
+	clusterChecksRunnerClusterRolePolicyRulesBeforeLeaderElection = []rbacv1.PolicyRule{
 		{
 			APIGroups: []string{rbac.CoreAPIGroup},
 			Resources: []string{
@@ -47,19 +46,9 @@ func GetDefaultClusterChecksRunnerClusterRolePolicyRules(dda metav1.Object, excl
 				rbac.CreateVerb,
 			},
 		},
-		{
-			APIGroups: []string{rbac.CoreAPIGroup},
-			Resources: []string{
-				rbac.ConfigMapsResource,
-			},
-			ResourceNames: []string{
-				utils.GetDatadogLeaderElectionResourceName(dda),
-			},
-			Verbs: []string{
-				rbac.GetVerb,
-				rbac.UpdateVerb,
-			},
-		},
+	}
+
+	clusterChecksRunnerClusterRolePolicyRulesAfterLeaderElection = []rbacv1.PolicyRule{
 		{
 			APIGroups: []string{rbac.OpenShiftQuotaAPIGroup},
 			Resources: []string{
@@ -118,15 +107,40 @@ func GetDefaultClusterChecksRunnerClusterRolePolicyRules(dda metav1.Object, excl
 		component.GetEKSControlPlaneMetricsPolicyRule(),
 	}
 
+	clusterChecksRunnerMetricsEndpointPolicyRule = rbacv1.PolicyRule{
+		NonResourceURLs: []string{
+			rbac.MetricsURL,
+			rbac.MetricsSLIsURL,
+		},
+		Verbs: []string{rbac.GetVerb},
+	}
+)
+
+// GetDefaultClusterChecksRunnerClusterRolePolicyRules returns the default Cluster Role Policy Rules for the Cluster Checks Runner.
+func GetDefaultClusterChecksRunnerClusterRolePolicyRules(dda metav1.Object, excludeNonResourceRules bool) []rbacv1.PolicyRule {
+	policyRule := rbac.ClonePolicyRules(clusterChecksRunnerClusterRolePolicyRulesBeforeLeaderElection)
+	policyRule = append(policyRule, clusterChecksRunnerLeaderElectionPolicyRule(dda))
+	policyRule = append(policyRule, rbac.ClonePolicyRules(clusterChecksRunnerClusterRolePolicyRulesAfterLeaderElection)...)
+
 	if !excludeNonResourceRules {
-		policyRule = append(policyRule, rbacv1.PolicyRule{
-			NonResourceURLs: []string{
-				rbac.MetricsURL,
-				rbac.MetricsSLIsURL,
-			},
-			Verbs: []string{rbac.GetVerb},
-		})
+		policyRule = append(policyRule, rbac.ClonePolicyRule(clusterChecksRunnerMetricsEndpointPolicyRule))
 	}
 
 	return policyRule
 }
+
+func clusterChecksRunnerLeaderElectionPolicyRule(dda metav1.Object) rbacv1.PolicyRule {
+	return rbacv1.PolicyRule{
+		APIGroups: []string{rbac.CoreAPIGroup},
+		Resources: []string{
+			rbac.ConfigMapsResource,
+		},
+		ResourceNames: []string{
+			utils.GetDatadogLeaderElectionResourceName(dda),
+		},
+		Verbs: []string{
+			rbac.GetVerb,
+			rbac.UpdateVerb,
+		},
+	}
+}

internal/controller/datadogagent/component/otelagentgateway/rbac.go

@@ -14,34 +14,34 @@ import (
 
 // RBAC for OTel Agent Gateway
 
-// GetDefaultOtelAgentGatewayClusterRolePolicyRules returns the default Cluster Role Policy Rules for the OTel Agent Gateway
-// These rules support the k8sattributes processor for enriching telemetry with Kubernetes metadata
-func GetDefaultOtelAgentGatewayClusterRolePolicyRules(dda metav1.Object, excludeNonResourceRules bool) []rbacv1.PolicyRule {
-	policyRule := []rbacv1.PolicyRule{
-		{
-			APIGroups: []string{rbac.CoreAPIGroup},
-			Resources: []string{
-				rbac.PodsResource,
-				rbac.NamespaceResource,
-			},
-			Verbs: []string{
-				rbac.GetVerb,
-				rbac.WatchVerb,
-				rbac.ListVerb,
-			},
+var defaultOtelAgentGatewayClusterRolePolicyRules = []rbacv1.PolicyRule{
+	{
+		APIGroups: []string{rbac.CoreAPIGroup},
+		Resources: []string{
+			rbac.PodsResource,
+			rbac.NamespaceResource,
 		},
-		{
-			APIGroups: []string{rbac.AppsAPIGroup},
-			Resources: []string{
-				rbac.ReplicasetsResource,
-			},
-			Verbs: []string{
-				rbac.GetVerb,
-				rbac.ListVerb,
-				rbac.WatchVerb,
-			},
+		Verbs: []string{
+			rbac.GetVerb,
+			rbac.WatchVerb,
+			rbac.ListVerb,
 		},
-	}
+	},
+	{
+		APIGroups: []string{rbac.AppsAPIGroup},
+		Resources: []string{
+			rbac.ReplicasetsResource,
+		},
+		Verbs: []string{
+			rbac.GetVerb,
+			rbac.ListVerb,
+			rbac.WatchVerb,
+		},
+	},
+}
 
-	return policyRule
+// GetDefaultOtelAgentGatewayClusterRolePolicyRules returns the default Cluster Role Policy Rules for the OTel Agent Gateway.
+// These rules support the k8sattributes processor for enriching telemetry with Kubernetes metadata.
+func GetDefaultOtelAgentGatewayClusterRolePolicyRules(_ metav1.Object, _ bool) []rbacv1.PolicyRule {
+	return rbac.ClonePolicyRules(defaultOtelAgentGatewayClusterRolePolicyRules)
 }