Improve checking of availability of securityContextConfig (#148)

Co-authored-by: Moritz Clasmeier <mclasmeier@redhat.com>

Author: mclasmeier

internal/deployer/operator_olm.go

@@ -127,13 +127,6 @@ func (d *Deployer) getOperatorIndexImage() string {
 func (d *Deployer) createCatalogSource(ctx context.Context, indexImage string) error {
 	d.logger.Info("Creating CatalogSource...")
 
-	// Check if CatalogSource CRD supports securityContextConfig (OCP 4.14+).
-	hasSecurityContextConfig, err := d.catalogSourceSupportsSecurityContextConfig(ctx)
-	if err != nil {
-		d.logger.Warning("Could not check CatalogSource CRD capabilities, proceeding without securityContextConfig")
-		hasSecurityContextConfig = false
-	}
-
 	catalogSource := map[string]interface{}{
 		"apiVersion": "operators.coreos.com/v1alpha1",
 		"kind":       "CatalogSource",
@@ -145,24 +138,21 @@ func (d *Deployer) createCatalogSource(ctx context.Context, indexImage string) e
 			"sourceType":  "grpc",
 			"image":       indexImage,
 			"displayName": "StackRox Operator Index",
+			"grpcPodConfig": map[string]interface{}{
+				"securityContextConfig": "restricted",
+			},
 		},
 	}
 
-	// TODO(ROX-34499): Add security context config if supported.
-	if hasSecurityContextConfig {
-		spec := catalogSource["spec"].(map[string]interface{})
-		spec["grpcPodConfig"] = map[string]interface{}{
-			"securityContextConfig": "restricted",
-		}
-	}
-
 	yamlData, err := yaml.Marshal(catalogSource)
 	if err != nil {
 		return fmt.Errorf("failed to marshal CatalogSource: %w", err)
 	}
 
 	_, err = d.runKubectl(ctx, k8s.KubectlOptions{
-		Args:  []string{"apply", "-f", "-"},
+		// Apply with --validate=ignore because securityContextConfig may not
+		// be in the CatalogSource CRD schema.
+		Args:  []string{"apply", "--validate=ignore", "-f", "-"},
 		Stdin: bytes.NewReader(yamlData),
 	})
 	if err != nil {
@@ -173,20 +163,6 @@ func (d *Deployer) createCatalogSource(ctx context.Context, indexImage string) e
 	return nil
 }
 
-// catalogSourceSupportsSecurityContextConfig checks if the CatalogSource CRD supports securityContextConfig.
-func (d *Deployer) catalogSourceSupportsSecurityContextConfig(ctx context.Context) (bool, error) {
-	result, err := d.runKubectl(ctx, k8s.KubectlOptions{
-		Args: []string{"get", "crd", "catalogsources.operators.coreos.com", "-o", "yaml"},
-	})
-	if err != nil {
-		return false, err
-	}
-
-	// TODO(ROX-34499): this is overly optimistic and would incorrectly succeed if an api version
-	// that contains this had "serving: false"
-	return strings.Contains(result.Stdout, "securityContextConfig"), nil
-}
-
 // createOperatorGroup creates the OperatorGroup.
 func (d *Deployer) createOperatorGroup(ctx context.Context) error {
 	d.logger.Info("Creating OperatorGroup...")