Fix GRPC CheckRegistryServer function (#2756)

Problem: The CheckRegistryServer function used by grpc catalogSources
does not confirm that the serviceAccount associated with the
catalogSource exists.

Solution: Update the GRPC CheckRegistryServer function to check if the
serviceAccount exists.

Signed-off-by: Alexander Greene <[email protected]>

Upstream-repository: operator-lifecycle-manager
Upstream-commit: 7e8e9f77d08d1bf451ce61b7bb2610473e793ded

Author: awgreene

staging/operator-lifecycle-manager/pkg/controller/operators/catalog/operator_test.go

@@ -1039,6 +1039,7 @@ func TestSyncCatalogSources(t *testing.T) {
 			k8sObjs: []runtime.Object{
 				pod(*grpcCatalog),
 				service(grpcCatalog.GetName(), grpcCatalog.GetNamespace()),
+				serviceAccount(grpcCatalog.GetName(), grpcCatalog.GetNamespace(), "", objectReference("init secret")),
 			},
 			existingSources: []sourceAddress{
 				{

staging/operator-lifecycle-manager/pkg/controller/registry/reconciler/grpc.go

@@ -146,6 +146,16 @@ func (c *GrpcRegistryReconciler) currentService(source grpcCatalogSourceDecorato
 	return service
 }
 
+func (c *GrpcRegistryReconciler) currentServiceAccount(source grpcCatalogSourceDecorator) *corev1.ServiceAccount {
+	serviceAccountName := source.ServiceAccount().GetName()
+	serviceAccount, err := c.Lister.CoreV1().ServiceAccountLister().ServiceAccounts(source.GetNamespace()).Get(serviceAccountName)
+	if err != nil {
+		logrus.WithField("service", serviceAccount).Debug("couldn't find service in cache")
+		return nil
+	}
+	return serviceAccount
+}
+
 func (c *GrpcRegistryReconciler) currentPods(source grpcCatalogSourceDecorator) []*corev1.Pod {
 	pods, err := c.Lister.CoreV1().PodLister().Pods(source.GetNamespace()).List(source.Selector())
 	if err != nil {
@@ -441,7 +451,7 @@ func (c *GrpcRegistryReconciler) CheckRegistryServer(catalogSource *v1alpha1.Cat
 	// Check on registry resources
 	// TODO: add gRPC health check
 	if len(c.currentPodsWithCorrectImageAndSpec(source, source.ServiceAccount().GetName())) < 1 ||
-		c.currentService(source) == nil {
+		c.currentService(source) == nil || c.currentServiceAccount(source) == nil {
 		healthy = false
 		return
 	}

staging/operator-lifecycle-manager/pkg/controller/registry/reconciler/grpc_test.go

@@ -485,6 +485,18 @@ func TestGrpcRegistryChecker(t *testing.T) {
 				healthy: false,
 			},
 		},
+		{
+			testName: "Grpc/ExistingRegistry/Image/BadServiceAccount",
+			in: in{
+				cluster: cluster{
+					k8sObjs: modifyObjName(objectsForCatalogSource(validGrpcCatalogSource("test-img", "")), &corev1.ServiceAccount{}, "badName"),
+				},
+				catsrc: validGrpcCatalogSource("test-img", ""),
+			},
+			out: out{
+				healthy: false,
+			},
+		},
 		{
 			testName: "Grpc/ExistingRegistry/Image/BadPod",
 			in: in{