Bug 1945548: Filter secret names for registry pod's sa

[hasbro17]

Description of the change:
During the registry server sync the image pull secrets from the catalogsource's spec.secrets are passed
unfiltered to the serviceaccount for the registry pod.

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ditto-index
  namespace: default
spec:
  sourceType: grpc
  image: quay.io/haseeb_tariq/index-image:ditto-index-0.1
  secrets:
    - ""

Passing an empty string in the secrets list breaks serverside apply for the registry pod which gets created without the metadata.managedFields when it has an empty element in the imagePullSecrets list:

kind: Pod
apiVersion: v1
metadata:
  generateName: ditto-index-
  ...
  # No managedFields on resource
spec:
  imagePullSecrets:
    - {}
    - name: ditto-index-dockercfg-djmz7
...

This prevents the registry pod from being promoted via the SSA client when
there is an update to the index image:

    couldn't ensure registry server - error ensuring updated catalog source pod:
    : detected imageID change: error during update: failed to create manager for
    existing fields: failed to convert new object (/v1, Kind=Pod) to smd typed:
    .spec.imagePullSecrets: element 0: associative list with keys has an element
    that omits key field "name" (and doesn't have default value)

To fix this, the image pull secrets list is filtered for empty strings
before being set on the serviceaccount.

Motivation for the change:
Fix for: https://bugzilla.redhat.com/show_bug.cgi?id=1945548

Similar to kubernetes-sigs/structured-merge-diff#130

Upstream-commit: ee40fd9b8495ea23fc34daef74c689aad942fd2f
Upstream-repository: operator-lifecycle-manager
Upstream PR: operator-framework/operator-lifecycle-manager#2165

[openshift-ci]

@hasbro17: This pull request references Bugzilla bug 1945548, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.8.0) matches configured target release for branch (4.8.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

No GitHub users were found matching the public email listed for the QA contact in Bugzilla ([email protected]), skipping review request.

In response to this:

Bug 1945548: Filter secret names for registry pod's sa

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[dinhxuanvu]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dinhxuanvu, hasbro17

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [dinhxuanvu,hasbro17]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[hasbro17]

/retest

[hasbro17]

/retest

[openshift-ci]

@hasbro17: All pull requests linked via external trackers have merged:

• openshift/operator-framework-olm#83

Bugzilla bug 1945548 has been moved to the MODIFIED state.

In response to this:

Bug 1945548: Filter secret names for registry pod's sa

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.