add config map service account

Author: ehearne-redhat

pkg/controller/bundle/bundle_unpacker.go

@@ -337,6 +337,7 @@ type ConfigMapUnpacker struct {
 	podLister     listerscorev1.PodLister
 	roleLister    listersrbacv1.RoleLister
 	rbLister      listersrbacv1.RoleBindingLister
+	saLister      listerscorev1.ServiceAccountLister
 	loader        *configmap.BundleLoader
 	now           func() metav1.Time
 	unpackTimeout time.Duration
@@ -424,6 +425,12 @@ func WithRoleBindingLister(rbLister listersrbacv1.RoleBindingLister) ConfigMapUn
 	}
 }
 
+func WithServiceAccountLister(saLister listerscorev1.ServiceAccountLister) ConfigMapUnpackerOption {
+	return func(unpacker *ConfigMapUnpacker) {
+		unpacker.saLister = saLister
+	}
+}
+
 func WithNow(now func() metav1.Time) ConfigMapUnpackerOption {
 	return func(unpacker *ConfigMapUnpacker) {
 		unpacker.now = now
@@ -536,6 +543,11 @@ func (c *ConfigMapUnpacker) UnpackBundle(lookup *operatorsv1alpha1.BundleLookup,
 		return
 	}
 
+	_, err = c.ensureServiceAccount(cmRef)
+	if err != nil {
+		return
+	}
+
 	_, err = c.ensureRoleBinding(cmRef)
 	if err != nil {
 		return
@@ -791,13 +803,39 @@ func (c *ConfigMapUnpacker) ensureRole(cmRef *corev1.ObjectReference) (role *rba
 	return
 }
 
+func (c *ConfigMapUnpacker) ensureServiceAccount(cmRef *corev1.ObjectReference) (serviceAccount *corev1.ServiceAccount, err error) {
+
+	fresh := &corev1.ServiceAccount{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      cmRef.Name,
+			Namespace: cmRef.Namespace,
+		},
+	}
+
+	fresh.SetNamespace(cmRef.Namespace)
+	fresh.SetName(cmRef.Name)
+	fresh.SetOwnerReferences([]metav1.OwnerReference{ownerRef(cmRef)})
+	fresh.SetLabels(map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue})
+
+	serviceAccount, err = c.saLister.ServiceAccounts(fresh.GetNamespace()).Get(fresh.GetName())
+
+	if err != nil {
+		if apierrors.IsNotFound(err) {
+			serviceAccount, err = c.client.CoreV1().ServiceAccounts(fresh.GetNamespace()).Create(context.TODO(), fresh, metav1.CreateOptions{})
+		}
+		return
+	}
+
+	return
+}
+
 func (c *ConfigMapUnpacker) ensureRoleBinding(cmRef *corev1.ObjectReference) (roleBinding *rbacv1.RoleBinding, err error) {
 	fresh := &rbacv1.RoleBinding{
 		Subjects: []rbacv1.Subject{
 			{
 				Kind:      "ServiceAccount",
 				APIGroup:  "",
-				Name:      "default",
+				Name:      cmRef.Name,
 				Namespace: cmRef.Namespace,
 			},
 		},

pkg/controller/bundle/bundle_unpacker_test.go

@@ -450,7 +450,7 @@ func TestConfigMapUnpacker(t *testing.T) {
 							{
 								Kind:      "ServiceAccount",
 								APIGroup:  "",
-								Name:      "default",
+								Name:      pathHash,
 								Namespace: "ns-a",
 							},
 						},
@@ -941,7 +941,7 @@ func TestConfigMapUnpacker(t *testing.T) {
 							{
 								Kind:      "ServiceAccount",
 								APIGroup:  "",
-								Name:      "default",
+								Name:      digestHash,
 								Namespace: "ns-a",
 							},
 						},
@@ -1618,6 +1618,7 @@ func TestConfigMapUnpacker(t *testing.T) {
 			podLister := factory.Core().V1().Pods().Lister()
 			roleLister := factory.Rbac().V1().Roles().Lister()
 			rbLister := factory.Rbac().V1().RoleBindings().Lister()
+			saLister := factory.Core().V1().ServiceAccounts().Lister()
 
 			stop := make(chan struct{})
 			defer close(stop)
@@ -1639,6 +1640,7 @@ func TestConfigMapUnpacker(t *testing.T) {
 				WithPodLister(podLister),
 				WithRoleLister(roleLister),
 				WithRoleBindingLister(rbLister),
+				WithServiceAccountLister(saLister),
 				WithOPMImage(opmImage),
 				WithUtilImage(utilImage),
 				WithNow(now),