selinux: Print status and usage of RawSelinux

[jhrozek]

What type of PR is this?

/kind bug

What this PR does / why we need it:

The nodestatus controller didn't handle the rawselinux policy at all.
Let's handle the kind in the nodestatus and add a very basic test for
the rawselinuxprofile so that we are sure it works at all.

Which issue(s) this PR fixes:

None

Does this PR have test?

Yes

Special notes for your reviewer:

I have not ran the tests yet :-)

Does this PR introduce a user-facing change?

Fixed reporting of status and the policy usage string for RawSelinuxProfile CRs

[JAORMX]

Oops! This was a bug from the cut-over to the new policy format. Thanks for addressing this!

/lgtm

[jhrozek]

Huh the e2e tests fail, but for some reason only in the CI environment, directly in-cluster on OCP everything works fine. I'm getting:

E0223 14:35:39.233379       1 controller.go:326]  "msg"="Reconciler error" "error"="getting owner profile: default/raw-errorlogger: cache had type *v1alpha2.SelinuxProfile, but *v1alpha2.RawSelinuxProfile was asked for" "SecurityProfileNodeStatus"={"name":"raw-errorlogger-127.0.0.1","namespace":"default"} "controller"="nodestatus" "controllerGroup"="security-profiles-operator.x-k8s.io" "controllerKind"="SecurityProfileNodeStatus" "name"="raw-errorlogger-127.0.0.1" "namespace"="default" "reconcileID"="56cf8fbe-d1c5-4070-9314-25716dd9a291"

Does anyone know what does the error mean?

[JAORMX]

@jhrozek sounds to me like there's something wrong or hardcoded in the node status controller: cache had type *v1alpha2.SelinuxProfile, but *v1alpha2.RawSelinuxProfile was asked for

[saschagrunert]

@jhrozek do you mind a rebase?

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Mark this PR as fresh with /remove-lifecycle stale
• Close this PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[saschagrunert]

Oh:

not enough arguments in call to e.getSELinuxPolicyUsage

[jhrozek]

oops, let's see how the tests go before another review

[saschagrunert]

/lgtm

[saschagrunert]

/test pull-security-profiles-operator-test-e2e

[saschagrunert]

/test pull-security-profiles-operator-verify

[saschagrunert]

/test pull-security-profiles-operator-verify

[saschagrunert]

@jhrozek may I ask you to rebase please?

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Mark this PR as fresh with /remove-lifecycle rotten
• Close this PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ccojocar, JAORMX, jhrozek, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [JAORMX,ccojocar,jhrozek,saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment