From c7009a4bb984501e08d860ef0be3bfefd4ef2ca7 Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Mon, 29 Aug 2022 13:53:54 -0400
Subject: [PATCH 01/14] Add configmap tests and update e2e.sh

---
 .../configmap/00-assert.yaml                  |  4 ++
 .../configmap/00-liberty.yaml                 |  9 ++++
 .../scorecard/kuttl/configmap/00-assert.yaml  |  4 ++
 .../scorecard/kuttl/configmap/00-liberty.yaml |  9 ++++
 scripts/e2e.sh                                | 51 ++++++++++++-------
 5 files changed, 60 insertions(+), 17 deletions(-)
 create mode 100644 bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-assert.yaml
 create mode 100644 bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-liberty.yaml
 create mode 100644 bundle/tests/scorecard/kuttl/configmap/00-assert.yaml
 create mode 100644 bundle/tests/scorecard/kuttl/configmap/00-liberty.yaml

diff --git a/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-assert.yaml b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-assert.yaml
new file mode 100644
index 00000000..f300c3ea
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-assert.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: websphere-liberty-operator
\ No newline at end of file
diff --git a/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-liberty.yaml b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-liberty.yaml
new file mode 100644
index 00000000..9f4c6d1c
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-liberty.yaml
@@ -0,0 +1,9 @@
+apiVersion: liberty.websphere.ibm.com/v1
+kind: WebSphereLibertyApplication
+metadata:
+  name: configmap-wsliberty-app
+spec:
+  applicationImage: icr.io/appcafe/websphere-liberty:full-java8-openj9-ubi
+  license:
+    accept: true
+  replicas: 1
\ No newline at end of file
diff --git a/bundle/tests/scorecard/kuttl/configmap/00-assert.yaml b/bundle/tests/scorecard/kuttl/configmap/00-assert.yaml
new file mode 100644
index 00000000..f300c3ea
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl/configmap/00-assert.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: websphere-liberty-operator
\ No newline at end of file
diff --git a/bundle/tests/scorecard/kuttl/configmap/00-liberty.yaml b/bundle/tests/scorecard/kuttl/configmap/00-liberty.yaml
new file mode 100644
index 00000000..9f4c6d1c
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl/configmap/00-liberty.yaml
@@ -0,0 +1,9 @@
+apiVersion: liberty.websphere.ibm.com/v1
+kind: WebSphereLibertyApplication
+metadata:
+  name: configmap-wsliberty-app
+spec:
+  applicationImage: icr.io/appcafe/websphere-liberty:full-java8-openj9-ubi
+  license:
+    accept: true
+  replicas: 1
\ No newline at end of file
diff --git a/scripts/e2e.sh b/scripts/e2e.sh
index d87a115b..76a41e95 100755
--- a/scripts/e2e.sh
+++ b/scripts/e2e.sh
@@ -60,6 +60,30 @@ push_images() {
     }
 }
 
+install_bundle_and_run_scorecard_tests() {
+  echo "****** Installing bundle in $1 mode..."
+  operator-sdk run bundle --install-mode $1 --pull-secret-name regcred "${BUNDLE_IMAGE}" --timeout 5m || {
+      echo "****** Installing bundle failed..."
+      exit 1
+  }
+
+  # Wait for operator deployment to be ready
+  while [[ $(oc get deploy "${CONTROLLER_MANAGER_NAME}" -o jsonpath='{ .status.readyReplicas }') -ne "1" ]]; do
+      echo "****** Waiting for ${CONTROLLER_MANAGER_NAME} to be ready..."
+      sleep 10
+  done
+
+  echo "****** ${CONTROLLER_MANAGER_NAME} deployment is ready..."
+
+  echo "****** Starting scorecard tests..."
+  operator-sdk scorecard --verbose --selector=suite=kuttlsuite --namespace "${TEST_NAMESPACE}" --service-account scorecard-kuttl --wait-time 30m ./bundle || {
+      echo "****** Scorecard tests failed..."
+      exit 1
+  }
+  result=$?
+  exit result
+}
+
 main() {
     parse_args "$@"
 
@@ -106,27 +130,20 @@ main() {
     echo "****** Pushing operator and operator bundle images into registry..."
     push_images
 
-    echo "****** Installing bundle..."
-    operator-sdk run bundle --install-mode OwnNamespace --pull-secret-name regcred "${BUNDLE_IMAGE}" --timeout 5m || {
-        echo "****** Installing bundle failed..."
-        exit 1
-    }
+    # Run scorecard tests in kuttl folder using OwnNamespace
+    install_bundle_and_run_scorecard_tests "OwnNamespace"
 
-    # Wait for operator deployment to be ready
-    while [[ $(oc get deploy "${CONTROLLER_MANAGER_NAME}" -o jsonpath='{ .status.readyReplicas }') -ne "1" ]]; do
-        echo "****** Waiting for ${CONTROLLER_MANAGER_NAME} to be ready..."
-        sleep 10
-    done
+    operator-sdk cleanup "${BUNDLE_IMAGE}"
 
-    echo "****** ${CONTROLLER_MANAGER_NAME} deployment is ready..."
+    # Run scorecard tests in kuttl-all-namespaces folder using AllNamespaces
+    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-temp 
+    mv bundle/tests/scorecard/kuttl-all-namespaces bundle/tests/scorecard/kuttl
 
-    echo "****** Starting scorecard tests..."
-    operator-sdk scorecard --verbose --selector=suite=kuttlsuite --namespace "${TEST_NAMESPACE}" --service-account scorecard-kuttl --wait-time 30m ./bundle || {
-        echo "****** Scorecard tests failed..."
-        exit 1
-    }
-    result=$?
+    install_bundle_and_run_scorecard_tests "AllNamespaces"
 
+    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-all-namespaces
+    mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl 
+  
     echo "****** Cleaning up test environment..."
     cleanup_env
 

From 3d199bb8e7b133e1be2139c1754b102706efd511 Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Tue, 30 Aug 2022 05:53:55 -0700
Subject: [PATCH 02/14] Update fyre-e2e.sh and RBAC to allow configmaps
 get/list

---
 config/rbac/kuttl-rbac.yaml  |  1 +
 scripts/pipeline/fyre-e2e.sh | 61 ++++++++++++++++++++++++++++++------
 2 files changed, 53 insertions(+), 9 deletions(-)

diff --git a/config/rbac/kuttl-rbac.yaml b/config/rbac/kuttl-rbac.yaml
index b174b710..e137b6b9 100644
--- a/config/rbac/kuttl-rbac.yaml
+++ b/config/rbac/kuttl-rbac.yaml
@@ -38,6 +38,7 @@ rules:
   - namespaces
   - pods
   - routes
+  - configmaps
   verbs:
   - get
   - list
diff --git a/scripts/pipeline/fyre-e2e.sh b/scripts/pipeline/fyre-e2e.sh
index 97e67cde..005d5df1 100755
--- a/scripts/pipeline/fyre-e2e.sh
+++ b/scripts/pipeline/fyre-e2e.sh
@@ -148,8 +148,36 @@ main() {
     echo "Updating global pull secret"
     oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=/tmp/pull-secret-merged.yaml
 
+    # Run scorecard tests in kuttl folder using OwnNamespace
+    install_operator_and_run_scorecard_tests "OwnNamespace"
+    result=$?
+    if [[ $result != 0 ]]; then
+        return $result
+    fi
+
+    uninstall_operator
+
+    # Run scorecard tests in kuttl-all-namespaces folder using AllNamespaces
+    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-temp
+    mv bundle/tests/scorecard/kuttl-all-namespaces bundle/tests/scorecard/kuttl
+    mv bundle/tests/scorecard/kuttl-temp/kuttl-test.yaml bundle/tests/scorecard/kuttl
+
+    install_operator_and_run_scorecard_tests "AllNamespaces"
+    result=$?
+
+    mv bundle/tests/scorecard/kuttl/kuttl-test.yaml bundle/tests/scorecard/kuttl-temp
+    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-all-namespaces
+    mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl
+
+    echo "****** Cleaning up test environment..."
+    cleanup_env
+
+    return $result
+}
+
+install_operator_and_run_scorecard_tests() {
     echo "****** Installing operator from catalog: ${CATALOG_IMAGE}"
-    install_operator
+    install_operator $1
 
     # Wait for operator deployment to be ready
     while [[ $(oc get deploy "${CONTROLLER_MANAGER_NAME}" -o jsonpath='{ .status.readyReplicas }') -ne "1" ]]; do
@@ -164,12 +192,6 @@ main() {
        echo "****** Scorecard tests failed..."
        exit 1
     }
-    result=$?
-
-    echo "****** Cleaning up test environment..."
-    cleanup_env
-
-    return $result
 }
 
 install_operator() {
@@ -188,8 +210,20 @@ spec:
   publisher: IBM
 EOF
 
-    echo "****** Applying the operator group..."
-    cat <<EOF | oc apply -f -
+    echo "****** Applying the operator group to $1..."
+    if [ "$1" == "AllNamespaces" ]; then
+      cat <<EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: websphere-operator-group
+  namespace: $TEST_NAMESPACE
+spec:
+  targetNamespaces:
+    - ""
+EOF
+    else
+      cat <<EOF | oc apply -f -
 apiVersion: operators.coreos.com/v1
 kind: OperatorGroup
 metadata:
@@ -199,6 +233,7 @@ spec:
   targetNamespaces:
     - $TEST_NAMESPACE
 EOF
+    fi
 
     echo "****** Applying the subscription..."
     cat <<EOF | oc apply -f -
@@ -216,6 +251,14 @@ spec:
 EOF
 }
 
+uninstall_operator() {
+    currentCSV=$(oc get subscription websphere-liberty-operator-subscription -o yaml | grep currentCSV)
+    oc delete clusterserviceversion $currentCSV
+    oc delete catalogsource websphere-liberty-catalog
+    oc delete operatorgroup websphere-operator-group
+    oc delete subscription websphere-liberty-operator-subscription
+}
+
 parse_args() {
   while [ $# -gt 0 ]; do
     case "$1" in

From 42b7e6a62ed80dc6ee7de4883a54ea7bc1cd4c67 Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Wed, 31 Aug 2022 09:09:58 -0700
Subject: [PATCH 03/14] Add AllNamespaces tests and run once in fyre-e2e.sh

---
 .../configmap/00-assert.yaml                  |  10 +-
 .../configmap/00-dry-run.yaml                 |   9 ++
 .../configmap/01-delete.yaml                  |   5 +
 .../configmap/01-errors.yaml                  |   5 +
 .../configmap/02-assert.yaml                  |   5 +
 .../{00-liberty.yaml => 02-liberty.yaml}      |   0
 config/rbac/kuttl-rbac-all-namespaces.yaml    | 142 ++++++++++++++++++
 scripts/pipeline/fyre-e2e.sh                  |  81 +++++++---
 8 files changed, 237 insertions(+), 20 deletions(-)
 create mode 100644 bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-dry-run.yaml
 create mode 100644 bundle/tests/scorecard/kuttl-all-namespaces/configmap/01-delete.yaml
 create mode 100644 bundle/tests/scorecard/kuttl-all-namespaces/configmap/01-errors.yaml
 create mode 100644 bundle/tests/scorecard/kuttl-all-namespaces/configmap/02-assert.yaml
 rename bundle/tests/scorecard/kuttl-all-namespaces/configmap/{00-liberty.yaml => 02-liberty.yaml} (100%)
 create mode 100644 config/rbac/kuttl-rbac-all-namespaces.yaml

diff --git a/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-assert.yaml b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-assert.yaml
index f300c3ea..57820b89 100644
--- a/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-assert.yaml
+++ b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-assert.yaml
@@ -1,4 +1,8 @@
-apiVersion: v1
-kind: ConfigMap
+apiVersion: apps/v1
+kind: Deployment
 metadata:
-  name: websphere-liberty-operator
\ No newline at end of file
+  name: configmap-wsliberty-app
+status:
+  replicas: 1
+  readyReplicas: 1
+  updatedReplicas: 1
diff --git a/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-dry-run.yaml b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-dry-run.yaml
new file mode 100644
index 00000000..3c0876f7
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-dry-run.yaml
@@ -0,0 +1,9 @@
+apiVersion: liberty.websphere.ibm.com/v1
+kind: WebSphereLibertyApplication
+metadata:
+  name: configmap-wsliberty-app
+spec:
+  applicationImage: icr.io/appcafe/websphere-liberty:full-java8-openj9-ubi
+  license:
+    accept: true
+  replicas: 1
diff --git a/bundle/tests/scorecard/kuttl-all-namespaces/configmap/01-delete.yaml b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/01-delete.yaml
new file mode 100644
index 00000000..755b0d8e
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/01-delete.yaml
@@ -0,0 +1,5 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: kubectl delete webspherelibertyapplications --all --all-namespaces
+  - command: kubectl delete configmap websphere-liberty-operator -n openshift-operators
diff --git a/bundle/tests/scorecard/kuttl-all-namespaces/configmap/01-errors.yaml b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/01-errors.yaml
new file mode 100644
index 00000000..3ef7c21f
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/01-errors.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: websphere-liberty-operator
+  namespace: openshift-operators
diff --git a/bundle/tests/scorecard/kuttl-all-namespaces/configmap/02-assert.yaml b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/02-assert.yaml
new file mode 100644
index 00000000..3ef7c21f
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/02-assert.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: websphere-liberty-operator
+  namespace: openshift-operators
diff --git a/bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-liberty.yaml b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/02-liberty.yaml
similarity index 100%
rename from bundle/tests/scorecard/kuttl-all-namespaces/configmap/00-liberty.yaml
rename to bundle/tests/scorecard/kuttl-all-namespaces/configmap/02-liberty.yaml
diff --git a/config/rbac/kuttl-rbac-all-namespaces.yaml b/config/rbac/kuttl-rbac-all-namespaces.yaml
new file mode 100644
index 00000000..7cf991b5
--- /dev/null
+++ b/config/rbac/kuttl-rbac-all-namespaces.yaml
@@ -0,0 +1,142 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: scorecard-kuttl-all-namespaces
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: scorecard-kuttl-all-namespaces
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: scorecard-kuttl-all-namespaces
+subjects:
+- kind: ServiceAccount
+  name: scorecard-kuttl-all-namespaces
+  namespace: wlo-ns
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: scorecard-kuttl-all-namespaces
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - serviceaccounts
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - create
+  - delete
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - pods
+  - routes
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - delete
+- apiGroups:
+    - ""
+  resources:
+    - services
+  verbs:
+    - get
+    - list
+    - patch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - statefulsets
+  verbs:
+  - get
+  - create
+  - patch
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - get
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - get
+- apiGroups:
+  - image.openshift.io
+  resources:
+  - imagestreams
+  verbs:
+  - get
+  - list
+  - create
+  - patch
+  - delete
+- apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - serving.knative.dev
+  resources:
+  - services
+  verbs:
+  - get
+- apiGroups:
+  - liberty.websphere.ibm.com
+  resources:
+  - webspherelibertyapplications
+  - webspherelibertydumps
+  - webspherelibertytraces
+  verbs:
+  - get
+  - list
+  - create
+  - patch
+  - delete
+- apiGroups:
+    - route.openshift.io
+  resources:
+    - routes
+  verbs:
+    - get
+    - list
+    - delete
+- apiGroups:
+    - networking.k8s.io
+  resources:
+    - networkpolicies
+  verbs:
+    - get
+    - list
+    - create
+    - patch
+    - delete
+- apiGroups:
+  - cert-manager.io
+  resources:
+  - issuers
+  - certificates
+  verbs:
+  - get
+  - list
diff --git a/scripts/pipeline/fyre-e2e.sh b/scripts/pipeline/fyre-e2e.sh
index 005d5df1..0c092de3 100755
--- a/scripts/pipeline/fyre-e2e.sh
+++ b/scripts/pipeline/fyre-e2e.sh
@@ -23,6 +23,9 @@ setup_env() {
 
     ## Create service account for Kuttl tests
     oc apply -f config/rbac/kuttl-rbac.yaml
+    cp config/rbac/kuttl-rbac-all-namespaces.yaml ./
+    sed -i "s/wlo-ns/${TEST_NAMESPACE}/" kuttl-rbac-all-namespaces.yaml 
+    oc apply -f kuttl-rbac-all-namespaces.yaml 
 }
 
 ## cleanup_env : Delete generated resources that are not bound to a test TEST_NAMESPACE.
@@ -30,6 +33,20 @@ cleanup_env() {
   oc delete project "${TEST_NAMESPACE}"
 }
 
+restart_env() {
+  oc delete project "${TEST_NAMESPACE}"
+
+  # Wait for namespace to be deleted
+  while [[ $(oc get namespace ${TEST_NAMESPACE} -o name) == "namespace/${TEST_NAMESPACE}" ]]; do
+    echo "****** Waiting for ${TEST_NAMESPACE} to be deleted..."
+    sleep 5
+  done
+
+  oc project default
+  oc new-project "${TEST_NAMESPACE}"
+  oc project "${TEST_NAMESPACE}"
+}
+
 ## trap_cleanup : Call cleanup_env and exit. For use by a trap to detect if the script is exited at any point.
 trap_cleanup() {
   last_status=$?
@@ -179,16 +196,24 @@ install_operator_and_run_scorecard_tests() {
     echo "****** Installing operator from catalog: ${CATALOG_IMAGE}"
     install_operator $1
 
+    if [ "$1" == "AllNamespaces" ]; then
+        CONTROLLER_MANAGER_NAMESPACE="openshift-operators"
+        SERVICE_ACCOUNT_NAME="scorecard-kuttl-all-namespaces"
+    else
+	CONTROLLER_MANAGER_NAMESPACE=${TEST_NAMESPACE}
+	SERVICE_ACCOUNT_NAME="scorecard-kuttl"
+    fi
+
     # Wait for operator deployment to be ready
-    while [[ $(oc get deploy "${CONTROLLER_MANAGER_NAME}" -o jsonpath='{ .status.readyReplicas }') -ne "1" ]]; do
-        echo "****** Waiting for ${CONTROLLER_MANAGER_NAME} to be ready..."
+    while [[ $(oc get deploy "${CONTROLLER_MANAGER_NAME}" -n ${CONTROLLER_MANAGER_NAMESPACE} -o jsonpath='{ .status.readyReplicas }') -ne "1" ]]; do
+        echo "****** Waiting for ${CONTROLLER_MANAGER_NAME} in namespace ${CONTROLLER_MANAGER_NAMESPACE} to be ready..."
         sleep 10
     done
 
     echo "****** ${CONTROLLER_MANAGER_NAME} deployment is ready..."
 
     echo "****** Starting scorecard tests..."
-    operator-sdk scorecard --verbose --kubeconfig  ${HOME}/.kube/config --selector=suite=kuttlsuite --namespace="${TEST_NAMESPACE}" --service-account="scorecard-kuttl" --wait-time 30m ./bundle || {
+    operator-sdk scorecard --verbose --kubeconfig  ${HOME}/.kube/config --selector=suite=kuttlsuite --namespace="${TEST_NAMESPACE}" --service-account="${SERVICE_ACCOUNT_NAME}" --wait-time 30m ./bundle || {
        echo "****** Scorecard tests failed..."
        exit 1
     }
@@ -197,32 +222,36 @@ install_operator_and_run_scorecard_tests() {
 install_operator() {
     # Apply the catalog
     echo "****** Applying the catalog source..."
-    cat <<EOF | oc apply -f -
+    if [ "$1" == "AllNamespaces" ]; then
+      cat <<EOF | oc apply -f -
 apiVersion: operators.coreos.com/v1alpha1
 kind: CatalogSource
 metadata:
   name: websphere-liberty-catalog
-  namespace: $TEST_NAMESPACE
+  namespace: openshift-operators
 spec:
   sourceType: grpc
   image: $CATALOG_IMAGE
   displayName: WebSphere Liberty Catalog
   publisher: IBM
 EOF
-
-    echo "****** Applying the operator group to $1..."
-    if [ "$1" == "AllNamespaces" ]; then
+    else
       cat <<EOF | oc apply -f -
-apiVersion: operators.coreos.com/v1
-kind: OperatorGroup
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
 metadata:
-  name: websphere-operator-group
+  name: websphere-liberty-catalog
   namespace: $TEST_NAMESPACE
 spec:
-  targetNamespaces:
-    - ""
+  sourceType: grpc
+  image: $CATALOG_IMAGE
+  displayName: WebSphere Liberty Catalog
+  publisher: IBM
 EOF
-    else
+    fi
+
+    if [ "$1" != "AllNamespaces" ]; then
+      echo "****** Applying the operator group to $1..."
       cat <<EOF | oc apply -f -
 apiVersion: operators.coreos.com/v1
 kind: OperatorGroup
@@ -233,10 +262,27 @@ spec:
   targetNamespaces:
     - $TEST_NAMESPACE
 EOF
+    else
+      echo "****** Skipping operator group creation since AllNamespaces is selected..."
     fi
 
     echo "****** Applying the subscription..."
-    cat <<EOF | oc apply -f -
+    if [ "$1" == "AllNamespaces" ]; then
+      cat <<EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: websphere-liberty-operator-subscription
+  namespace: openshift-operators
+spec:
+  channel: $DEFAULT_CHANNEL
+  name: ibm-websphere-liberty
+  source: websphere-liberty-catalog
+  sourceNamespace: openshift-operators
+  installPlanApproval: Automatic
+EOF
+    else
+      cat <<EOF | oc apply -f -
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
@@ -249,14 +295,15 @@ spec:
   sourceNamespace: $TEST_NAMESPACE
   installPlanApproval: Automatic
 EOF
+    fi
 }
 
 uninstall_operator() {
-    currentCSV=$(oc get subscription websphere-liberty-operator-subscription -o yaml | grep currentCSV)
+    currentCSV=$(oc get clusterserviceversion | grep ibm-websphere-liberty | cut -d ' ' -f1 )
     oc delete clusterserviceversion $currentCSV
     oc delete catalogsource websphere-liberty-catalog
     oc delete operatorgroup websphere-operator-group
-    oc delete subscription websphere-liberty-operator-subscription
+    restart_env
 }
 
 parse_args() {

From 997a6f01b6c9a49eda34b6d7ff9ab00d2f683cdb Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Wed, 31 Aug 2022 14:21:28 -0700
Subject: [PATCH 04/14] Add SingleNamespace tests and update fyre-e2e.sh

---
 .../configmap/00-assert.yaml                  |  8 +++
 .../configmap/00-dry-run.yaml                 |  9 +++
 .../configmap/01-delete.yaml                  |  7 +++
 .../configmap/01-errors.yaml                  |  4 ++
 .../configmap/02-assert.yaml                  |  4 ++
 .../configmap/02-liberty.yaml}                |  0
 .../scorecard/kuttl/configmap/00-assert.yaml  | 10 +++-
 .../scorecard/kuttl/configmap/00-dry-run.yaml |  9 +++
 .../scorecard/kuttl/configmap/01-delete.yaml  |  7 +++
 .../scorecard/kuttl/configmap/01-errors.yaml  |  4 ++
 .../scorecard/kuttl/configmap/02-assert.yaml  |  4 ++
 .../scorecard/kuttl/configmap/02-liberty.yaml |  9 +++
 config/rbac/kuttl-rbac-all-namespaces.yaml    |  1 +
 config/rbac/kuttl-rbac.yaml                   |  7 +++
 scripts/pipeline/fyre-e2e.sh                  | 56 +++++++++++++++++--
 15 files changed, 130 insertions(+), 9 deletions(-)
 create mode 100644 bundle/tests/scorecard/kuttl-single-namespace/configmap/00-assert.yaml
 create mode 100644 bundle/tests/scorecard/kuttl-single-namespace/configmap/00-dry-run.yaml
 create mode 100644 bundle/tests/scorecard/kuttl-single-namespace/configmap/01-delete.yaml
 create mode 100644 bundle/tests/scorecard/kuttl-single-namespace/configmap/01-errors.yaml
 create mode 100644 bundle/tests/scorecard/kuttl-single-namespace/configmap/02-assert.yaml
 rename bundle/tests/scorecard/{kuttl/configmap/00-liberty.yaml => kuttl-single-namespace/configmap/02-liberty.yaml} (100%)
 create mode 100644 bundle/tests/scorecard/kuttl/configmap/00-dry-run.yaml
 create mode 100644 bundle/tests/scorecard/kuttl/configmap/01-delete.yaml
 create mode 100644 bundle/tests/scorecard/kuttl/configmap/01-errors.yaml
 create mode 100644 bundle/tests/scorecard/kuttl/configmap/02-assert.yaml
 create mode 100644 bundle/tests/scorecard/kuttl/configmap/02-liberty.yaml

diff --git a/bundle/tests/scorecard/kuttl-single-namespace/configmap/00-assert.yaml b/bundle/tests/scorecard/kuttl-single-namespace/configmap/00-assert.yaml
new file mode 100644
index 00000000..57820b89
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl-single-namespace/configmap/00-assert.yaml
@@ -0,0 +1,8 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: configmap-wsliberty-app
+status:
+  replicas: 1
+  readyReplicas: 1
+  updatedReplicas: 1
diff --git a/bundle/tests/scorecard/kuttl-single-namespace/configmap/00-dry-run.yaml b/bundle/tests/scorecard/kuttl-single-namespace/configmap/00-dry-run.yaml
new file mode 100644
index 00000000..3c0876f7
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl-single-namespace/configmap/00-dry-run.yaml
@@ -0,0 +1,9 @@
+apiVersion: liberty.websphere.ibm.com/v1
+kind: WebSphereLibertyApplication
+metadata:
+  name: configmap-wsliberty-app
+spec:
+  applicationImage: icr.io/appcafe/websphere-liberty:full-java8-openj9-ubi
+  license:
+    accept: true
+  replicas: 1
diff --git a/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-delete.yaml b/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-delete.yaml
new file mode 100644
index 00000000..0d9b0784
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-delete.yaml
@@ -0,0 +1,7 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: kubectl delete webspherelibertyapplications --all
+    namespaced: true
+  - command: kubectl delete configmap websphere-liberty-operator
+    namespaced: true
diff --git a/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-errors.yaml b/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-errors.yaml
new file mode 100644
index 00000000..db216f7b
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-errors.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: websphere-liberty-operator
diff --git a/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-assert.yaml b/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-assert.yaml
new file mode 100644
index 00000000..db216f7b
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-assert.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: websphere-liberty-operator
diff --git a/bundle/tests/scorecard/kuttl/configmap/00-liberty.yaml b/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-liberty.yaml
similarity index 100%
rename from bundle/tests/scorecard/kuttl/configmap/00-liberty.yaml
rename to bundle/tests/scorecard/kuttl-single-namespace/configmap/02-liberty.yaml
diff --git a/bundle/tests/scorecard/kuttl/configmap/00-assert.yaml b/bundle/tests/scorecard/kuttl/configmap/00-assert.yaml
index f300c3ea..57820b89 100644
--- a/bundle/tests/scorecard/kuttl/configmap/00-assert.yaml
+++ b/bundle/tests/scorecard/kuttl/configmap/00-assert.yaml
@@ -1,4 +1,8 @@
-apiVersion: v1
-kind: ConfigMap
+apiVersion: apps/v1
+kind: Deployment
 metadata:
-  name: websphere-liberty-operator
\ No newline at end of file
+  name: configmap-wsliberty-app
+status:
+  replicas: 1
+  readyReplicas: 1
+  updatedReplicas: 1
diff --git a/bundle/tests/scorecard/kuttl/configmap/00-dry-run.yaml b/bundle/tests/scorecard/kuttl/configmap/00-dry-run.yaml
new file mode 100644
index 00000000..3c0876f7
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl/configmap/00-dry-run.yaml
@@ -0,0 +1,9 @@
+apiVersion: liberty.websphere.ibm.com/v1
+kind: WebSphereLibertyApplication
+metadata:
+  name: configmap-wsliberty-app
+spec:
+  applicationImage: icr.io/appcafe/websphere-liberty:full-java8-openj9-ubi
+  license:
+    accept: true
+  replicas: 1
diff --git a/bundle/tests/scorecard/kuttl/configmap/01-delete.yaml b/bundle/tests/scorecard/kuttl/configmap/01-delete.yaml
new file mode 100644
index 00000000..0d9b0784
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl/configmap/01-delete.yaml
@@ -0,0 +1,7 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: kubectl delete webspherelibertyapplications --all
+    namespaced: true
+  - command: kubectl delete configmap websphere-liberty-operator
+    namespaced: true
diff --git a/bundle/tests/scorecard/kuttl/configmap/01-errors.yaml b/bundle/tests/scorecard/kuttl/configmap/01-errors.yaml
new file mode 100644
index 00000000..db216f7b
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl/configmap/01-errors.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: websphere-liberty-operator
diff --git a/bundle/tests/scorecard/kuttl/configmap/02-assert.yaml b/bundle/tests/scorecard/kuttl/configmap/02-assert.yaml
new file mode 100644
index 00000000..db216f7b
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl/configmap/02-assert.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: websphere-liberty-operator
diff --git a/bundle/tests/scorecard/kuttl/configmap/02-liberty.yaml b/bundle/tests/scorecard/kuttl/configmap/02-liberty.yaml
new file mode 100644
index 00000000..9f4c6d1c
--- /dev/null
+++ b/bundle/tests/scorecard/kuttl/configmap/02-liberty.yaml
@@ -0,0 +1,9 @@
+apiVersion: liberty.websphere.ibm.com/v1
+kind: WebSphereLibertyApplication
+metadata:
+  name: configmap-wsliberty-app
+spec:
+  applicationImage: icr.io/appcafe/websphere-liberty:full-java8-openj9-ubi
+  license:
+    accept: true
+  replicas: 1
\ No newline at end of file
diff --git a/config/rbac/kuttl-rbac-all-namespaces.yaml b/config/rbac/kuttl-rbac-all-namespaces.yaml
index 7cf991b5..69a9ec18 100644
--- a/config/rbac/kuttl-rbac-all-namespaces.yaml
+++ b/config/rbac/kuttl-rbac-all-namespaces.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: scorecard-kuttl-all-namespaces
+  namespace: wlo-ns
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
diff --git a/config/rbac/kuttl-rbac.yaml b/config/rbac/kuttl-rbac.yaml
index e137b6b9..da38dc5d 100644
--- a/config/rbac/kuttl-rbac.yaml
+++ b/config/rbac/kuttl-rbac.yaml
@@ -38,10 +38,17 @@ rules:
   - namespaces
   - pods
   - routes
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
   - configmaps
   verbs:
   - get
   - list
+  - delete
 - apiGroups:
     - ""
   resources:
diff --git a/scripts/pipeline/fyre-e2e.sh b/scripts/pipeline/fyre-e2e.sh
index 0c092de3..eb02e310 100755
--- a/scripts/pipeline/fyre-e2e.sh
+++ b/scripts/pipeline/fyre-e2e.sh
@@ -22,10 +22,7 @@ setup_env() {
     oc new-project "${TEST_NAMESPACE}" || oc project "${TEST_NAMESPACE}"
 
     ## Create service account for Kuttl tests
-    oc apply -f config/rbac/kuttl-rbac.yaml
-    cp config/rbac/kuttl-rbac-all-namespaces.yaml ./
-    sed -i "s/wlo-ns/${TEST_NAMESPACE}/" kuttl-rbac-all-namespaces.yaml 
-    oc apply -f kuttl-rbac-all-namespaces.yaml 
+    oc apply -f config/rbac/kuttl-rbac.yaml -n ${TEST_NAMESPACE}
 }
 
 ## cleanup_env : Delete generated resources that are not bound to a test TEST_NAMESPACE.
@@ -179,6 +176,10 @@ main() {
     mv bundle/tests/scorecard/kuttl-all-namespaces bundle/tests/scorecard/kuttl
     mv bundle/tests/scorecard/kuttl-temp/kuttl-test.yaml bundle/tests/scorecard/kuttl
 
+    cp config/rbac/kuttl-rbac-all-namespaces.yaml ./
+    sed -i "s/wlo-ns/${TEST_NAMESPACE}/" kuttl-rbac-all-namespaces.yaml
+    oc apply -f kuttl-rbac-all-namespaces.yaml -n ${TEST_NAMESPACE}
+
     install_operator_and_run_scorecard_tests "AllNamespaces"
     result=$?
 
@@ -186,6 +187,22 @@ main() {
     mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-all-namespaces
     mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl
 
+    uninstall_operator
+    
+    # Run scorecard tests in kuttl-single-namespace folder using SingleNamespace
+    oc apply -f config/rbac/kuttl-rbac.yaml -n ${TEST_NAMESPACE}
+
+    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-temp
+    mv bundle/tests/scorecard/kuttl-single-namespace bundle/tests/scorecard/kuttl
+    mv bundle/tests/scorecard/kuttl-temp/kuttl-test.yaml bundle/tests/scorecard/kuttl
+
+    install_operator_and_run_scorecard_tests "SingleNamespace"
+    result=$?
+
+    mv bundle/tests/scorecard/kuttl/kuttl-test.yaml bundle/tests/scorecard/kuttl-temp
+    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-single-namespace
+    mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl
+
     echo "****** Cleaning up test environment..."
     cleanup_env
 
@@ -200,7 +217,7 @@ install_operator_and_run_scorecard_tests() {
         CONTROLLER_MANAGER_NAMESPACE="openshift-operators"
         SERVICE_ACCOUNT_NAME="scorecard-kuttl-all-namespaces"
     else
-	CONTROLLER_MANAGER_NAMESPACE=${TEST_NAMESPACE}
+	CONTROLLER_MANAGER_NAMESPACE="${TEST_NAMESPACE}"
 	SERVICE_ACCOUNT_NAME="scorecard-kuttl"
     fi
 
@@ -234,6 +251,19 @@ spec:
   image: $CATALOG_IMAGE
   displayName: WebSphere Liberty Catalog
   publisher: IBM
+EOF
+    elif [ "$1" == "SingleNamespace" ]; then
+      cat <<EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+  name: websphere-liberty-catalog
+  namespace: openshift-marketplace
+spec:
+  sourceType: grpc
+  image: $CATALOG_IMAGE
+  displayName: WebSphere Liberty Catalog
+  publisher: IBM
 EOF
     else
       cat <<EOF | oc apply -f -
@@ -250,7 +280,7 @@ spec:
 EOF
     fi
 
-    if [ "$1" != "AllNamespaces" ]; then
+    if [ "$1" == "OwnNamespace" || "$1" == "SingleNamespace" ]; then
       echo "****** Applying the operator group to $1..."
       cat <<EOF | oc apply -f -
 apiVersion: operators.coreos.com/v1
@@ -280,6 +310,20 @@ spec:
   source: websphere-liberty-catalog
   sourceNamespace: openshift-operators
   installPlanApproval: Automatic
+EOF
+    elif [ "$1" == "SingleNamespace" ]; then
+      cat <<EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: websphere-liberty-operator-subscription
+  namespace: $TEST_NAMESPACE
+spec:
+  channel: $DEFAULT_CHANNEL
+  name: ibm-websphere-liberty
+  source: websphere-liberty-catalog
+  sourceNamespace: openshift-marketplace
+  installPlanApproval: Automatic
 EOF
     else
       cat <<EOF | oc apply -f -

From a606f8a76c8b48de4a1b0ad7f691c85806a779ad Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Thu, 1 Sep 2022 11:02:17 -0700
Subject: [PATCH 05/14] Support all install modes in fyre-e2e.sh

---
 .../configmap/01-delete.yaml                  |  3 +-
 .../configmap/01-errors.yaml                  |  1 +
 .../configmap/02-assert.yaml                  |  1 +
 scripts/pipeline/fyre-e2e.sh                  | 57 ++++++++++++++++---
 4 files changed, 53 insertions(+), 9 deletions(-)

diff --git a/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-delete.yaml b/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-delete.yaml
index 0d9b0784..77c2ea6b 100644
--- a/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-delete.yaml
+++ b/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-delete.yaml
@@ -3,5 +3,4 @@ kind: TestStep
 commands:
   - command: kubectl delete webspherelibertyapplications --all
     namespaced: true
-  - command: kubectl delete configmap websphere-liberty-operator
-    namespaced: true
+  - command: kubectl delete configmap websphere-liberty-operator -n openshift-marketplace
diff --git a/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-errors.yaml b/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-errors.yaml
index db216f7b..54d2ec6e 100644
--- a/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-errors.yaml
+++ b/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-errors.yaml
@@ -2,3 +2,4 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: websphere-liberty-operator
+  namespace: openshift-marketplace
diff --git a/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-assert.yaml b/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-assert.yaml
index db216f7b..54d2ec6e 100644
--- a/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-assert.yaml
+++ b/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-assert.yaml
@@ -2,3 +2,4 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: websphere-liberty-operator
+  namespace: openshift-marketplace
diff --git a/scripts/pipeline/fyre-e2e.sh b/scripts/pipeline/fyre-e2e.sh
index eb02e310..b86cf045 100755
--- a/scripts/pipeline/fyre-e2e.sh
+++ b/scripts/pipeline/fyre-e2e.sh
@@ -182,15 +182,20 @@ main() {
 
     install_operator_and_run_scorecard_tests "AllNamespaces"
     result=$?
+    if [[ $result != 0 ]]; then
+        return $result
+    fi
 
     mv bundle/tests/scorecard/kuttl/kuttl-test.yaml bundle/tests/scorecard/kuttl-temp
     mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-all-namespaces
     mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl
 
     uninstall_operator
-    
+
     # Run scorecard tests in kuttl-single-namespace folder using SingleNamespace
-    oc apply -f config/rbac/kuttl-rbac.yaml -n ${TEST_NAMESPACE}
+    cp config/rbac/kuttl-rbac-all-namespaces.yaml ./
+    sed -i "s/wlo-ns/${TEST_NAMESPACE}/" kuttl-rbac-all-namespaces.yaml
+    oc apply -f kuttl-rbac-all-namespaces.yaml -n ${TEST_NAMESPACE}
 
     mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-temp
     mv bundle/tests/scorecard/kuttl-single-namespace bundle/tests/scorecard/kuttl
@@ -198,11 +203,16 @@ main() {
 
     install_operator_and_run_scorecard_tests "SingleNamespace"
     result=$?
+    if [[ $result != 0 ]]; then
+        return $result
+    fi
 
     mv bundle/tests/scorecard/kuttl/kuttl-test.yaml bundle/tests/scorecard/kuttl-temp
     mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-single-namespace
     mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl
 
+    uninstall_operator
+
     echo "****** Cleaning up test environment..."
     cleanup_env
 
@@ -210,12 +220,16 @@ main() {
 }
 
 install_operator_and_run_scorecard_tests() {
+    INSTALL_MODE=$1
     echo "****** Installing operator from catalog: ${CATALOG_IMAGE}"
     install_operator $1
 
     if [ "$1" == "AllNamespaces" ]; then
         CONTROLLER_MANAGER_NAMESPACE="openshift-operators"
         SERVICE_ACCOUNT_NAME="scorecard-kuttl-all-namespaces"
+    elif [ "$1" == "SingleNamespace" ]; then
+        CONTROLLER_MANAGER_NAMESPACE="openshift-marketplace"
+        SERVICE_ACCOUNT_NAME="scorecard-kuttl-all-namespaces"
     else
 	CONTROLLER_MANAGER_NAMESPACE="${TEST_NAMESPACE}"
 	SERVICE_ACCOUNT_NAME="scorecard-kuttl"
@@ -280,7 +294,7 @@ spec:
 EOF
     fi
 
-    if [ "$1" == "OwnNamespace" || "$1" == "SingleNamespace" ]; then
+    if [ "$1" == "OwnNamespace" ]; then
       echo "****** Applying the operator group to $1..."
       cat <<EOF | oc apply -f -
 apiVersion: operators.coreos.com/v1
@@ -291,6 +305,18 @@ metadata:
 spec:
   targetNamespaces:
     - $TEST_NAMESPACE
+EOF
+    elif [ "$1" == "SingleNamespace" ]; then
+      echo "****** Applying the operator group to $1..."
+      cat <<EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: websphere-operator-group
+  namespace: openshift-marketplace
+spec:
+  targetNamespaces:
+    - $TEST_NAMESPACE
 EOF
     else
       echo "****** Skipping operator group creation since AllNamespaces is selected..."
@@ -317,7 +343,7 @@ apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
   name: websphere-liberty-operator-subscription
-  namespace: $TEST_NAMESPACE
+  namespace: openshift-marketplace
 spec:
   channel: $DEFAULT_CHANNEL
   name: ibm-websphere-liberty
@@ -343,10 +369,27 @@ EOF
 }
 
 uninstall_operator() {
+    if [ "$INSTALL_MODE" == "OwnNamespace" ]; then
+      CATALOG_SOURCE_NAMESPACE="${TEST_NAMESPACE}"
+      CSV_NAMESPACE="${TEST_NAMESPACE}"
+    elif [ "$INSTALL_MODE" == "SingleNamespace" ]; then
+      CATALOG_SOURCE_NAMESPACE="openshift-marketplace"
+      CSV_NAMESPACE="${TEST_NAMESPACE}"
+    elif [ "$INSTALL_MODE" == "AllNamespaces" ]; then
+      CATALOG_SOURCE_NAMESPACE="openshift-operators"
+      CSV_NAMESPACE="openshift-operators"
+    fi
+
+    oc delete subscription.operators.coreos.com websphere-liberty-operator-subscription -n ${CATALOG_SOURCE_NAMESPACE}
+    
     currentCSV=$(oc get clusterserviceversion | grep ibm-websphere-liberty | cut -d ' ' -f1 )
-    oc delete clusterserviceversion $currentCSV
-    oc delete catalogsource websphere-liberty-catalog
-    oc delete operatorgroup websphere-operator-group
+    oc delete clusterserviceversion $currentCSV -n ${CSV_NAMESPACE}
+
+    oc delete catalogsource websphere-liberty-catalog -n ${CATALOG_SOURCE_NAMESPACE} 
+    if [ "$INSTALL_MODE" != "AllNamespaces" ]; then
+        oc delete operatorgroup websphere-operator-group -n ${CATALOG_SOURCE_NAMESPACE}
+    fi
+    
     restart_env
 }
 

From 787752e1234e8855f1e29da17db003e2ea709930 Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Fri, 2 Sep 2022 07:58:49 -0700
Subject: [PATCH 06/14] Add helper functions to fyre-e2e.sh

---
 scripts/pipeline/fyre-e2e.sh | 269 ++++++++++++-----------------------
 1 file changed, 94 insertions(+), 175 deletions(-)

diff --git a/scripts/pipeline/fyre-e2e.sh b/scripts/pipeline/fyre-e2e.sh
index b86cf045..81a17543 100755
--- a/scripts/pipeline/fyre-e2e.sh
+++ b/scripts/pipeline/fyre-e2e.sh
@@ -20,9 +20,6 @@ setup_env() {
 
     echo "****** Creating test namespace: ${TEST_NAMESPACE} for release ${RELEASE}"
     oc new-project "${TEST_NAMESPACE}" || oc project "${TEST_NAMESPACE}"
-
-    ## Create service account for Kuttl tests
-    oc apply -f config/rbac/kuttl-rbac.yaml -n ${TEST_NAMESPACE}
 }
 
 ## cleanup_env : Delete generated resources that are not bound to a test TEST_NAMESPACE.
@@ -30,20 +27,6 @@ cleanup_env() {
   oc delete project "${TEST_NAMESPACE}"
 }
 
-restart_env() {
-  oc delete project "${TEST_NAMESPACE}"
-
-  # Wait for namespace to be deleted
-  while [[ $(oc get namespace ${TEST_NAMESPACE} -o name) == "namespace/${TEST_NAMESPACE}" ]]; do
-    echo "****** Waiting for ${TEST_NAMESPACE} to be deleted..."
-    sleep 5
-  done
-
-  oc project default
-  oc new-project "${TEST_NAMESPACE}"
-  oc project "${TEST_NAMESPACE}"
-}
-
 ## trap_cleanup : Call cleanup_env and exit. For use by a trap to detect if the script is exited at any point.
 trap_cleanup() {
   last_status=$?
@@ -162,56 +145,10 @@ main() {
     echo "Updating global pull secret"
     oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=/tmp/pull-secret-merged.yaml
 
-    # Run scorecard tests in kuttl folder using OwnNamespace
-    install_operator_and_run_scorecard_tests "OwnNamespace"
-    result=$?
-    if [[ $result != 0 ]]; then
-        return $result
-    fi
-
-    uninstall_operator
-
-    # Run scorecard tests in kuttl-all-namespaces folder using AllNamespaces
-    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-temp
-    mv bundle/tests/scorecard/kuttl-all-namespaces bundle/tests/scorecard/kuttl
-    mv bundle/tests/scorecard/kuttl-temp/kuttl-test.yaml bundle/tests/scorecard/kuttl
-
-    cp config/rbac/kuttl-rbac-all-namespaces.yaml ./
-    sed -i "s/wlo-ns/${TEST_NAMESPACE}/" kuttl-rbac-all-namespaces.yaml
-    oc apply -f kuttl-rbac-all-namespaces.yaml -n ${TEST_NAMESPACE}
-
-    install_operator_and_run_scorecard_tests "AllNamespaces"
-    result=$?
-    if [[ $result != 0 ]]; then
-        return $result
-    fi
-
-    mv bundle/tests/scorecard/kuttl/kuttl-test.yaml bundle/tests/scorecard/kuttl-temp
-    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-all-namespaces
-    mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl
-
-    uninstall_operator
-
-    # Run scorecard tests in kuttl-single-namespace folder using SingleNamespace
-    cp config/rbac/kuttl-rbac-all-namespaces.yaml ./
-    sed -i "s/wlo-ns/${TEST_NAMESPACE}/" kuttl-rbac-all-namespaces.yaml
-    oc apply -f kuttl-rbac-all-namespaces.yaml -n ${TEST_NAMESPACE}
-
-    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-temp
-    mv bundle/tests/scorecard/kuttl-single-namespace bundle/tests/scorecard/kuttl
-    mv bundle/tests/scorecard/kuttl-temp/kuttl-test.yaml bundle/tests/scorecard/kuttl
-
-    install_operator_and_run_scorecard_tests "SingleNamespace"
-    result=$?
-    if [[ $result != 0 ]]; then
-        return $result
-    fi
-
-    mv bundle/tests/scorecard/kuttl/kuttl-test.yaml bundle/tests/scorecard/kuttl-temp
-    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-single-namespace
-    mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl
-
-    uninstall_operator
+    # Run Kuttl scorecard tests
+    run_kuttl_tests "OwnNamespace"
+    run_kuttl_tests "AllNamespaces"
+    run_kuttl_tests "SingleNamespace"
 
     echo "****** Cleaning up test environment..."
     cleanup_env
@@ -220,21 +157,27 @@ main() {
 }
 
 install_operator_and_run_scorecard_tests() {
-    INSTALL_MODE=$1
-    echo "****** Installing operator from catalog: ${CATALOG_IMAGE}"
-    install_operator $1
-
-    if [ "$1" == "AllNamespaces" ]; then
+    if [ "$INSTALL_MODE" == "AllNamespaces" ]; then
         CONTROLLER_MANAGER_NAMESPACE="openshift-operators"
         SERVICE_ACCOUNT_NAME="scorecard-kuttl-all-namespaces"
-    elif [ "$1" == "SingleNamespace" ]; then
+        OPERATOR_GROUP_TARGET_NAMESPACE="openshift-operators" # used for CSV cleanup
+    elif [ "$INSTALL_MODE" == "SingleNamespace" ]; then
         CONTROLLER_MANAGER_NAMESPACE="openshift-marketplace"
         SERVICE_ACCOUNT_NAME="scorecard-kuttl-all-namespaces"
-    else
+	OPERATOR_GROUP_NAMESPACE="openshift-marketplace"
+        OPERATOR_GROUP_TARGET_NAMESPACE="${TEST_NAMESPACE}"
+    elif [ "$INSTALL_MODE" == "OwnNamespace" ]; then
 	CONTROLLER_MANAGER_NAMESPACE="${TEST_NAMESPACE}"
 	SERVICE_ACCOUNT_NAME="scorecard-kuttl"
+	OPERATOR_GROUP_NAMESPACE="${TEST_NAMESPACE}"
+        OPERATOR_GROUP_TARGET_NAMESPACE="${TEST_NAMESPACE}"
     fi
 
+    # Delete subscriptions that may be blocking the install
+    oc delete subscription.operators.coreos.com websphere-liberty-operator-subscription -n ${CONTROLLER_MANAGER_NAMESPACE}
+
+    install_operator
+
     # Wait for operator deployment to be ready
     while [[ $(oc get deploy "${CONTROLLER_MANAGER_NAME}" -n ${CONTROLLER_MANAGER_NAMESPACE} -o jsonpath='{ .status.readyReplicas }') -ne "1" ]]; do
         echo "****** Waiting for ${CONTROLLER_MANAGER_NAME} in namespace ${CONTROLLER_MANAGER_NAMESPACE} to be ready..."
@@ -242,7 +185,7 @@ install_operator_and_run_scorecard_tests() {
     done
 
     echo "****** ${CONTROLLER_MANAGER_NAME} deployment is ready..."
-
+ 
     echo "****** Starting scorecard tests..."
     operator-sdk scorecard --verbose --kubeconfig  ${HOME}/.kube/config --selector=suite=kuttlsuite --namespace="${TEST_NAMESPACE}" --service-account="${SERVICE_ACCOUNT_NAME}" --wait-time 30m ./bundle || {
        echo "****** Scorecard tests failed..."
@@ -250,147 +193,123 @@ install_operator_and_run_scorecard_tests() {
     }
 }
 
+set_rbac() {
+    if [ "$INSTALL_MODE" == "OwnNamespace" ]; then
+        oc apply -f config/rbac/kuttl-rbac.yaml -n ${TEST_NAMESPACE}
+    else 
+        cp config/rbac/kuttl-rbac-all-namespaces.yaml ./
+        sed -i "s/wlo-ns/${TEST_NAMESPACE}/" kuttl-rbac-all-namespaces.yaml
+        oc apply -f kuttl-rbac-all-namespaces.yaml -n ${TEST_NAMESPACE}
+    fi
+}
+
+unset_rbac() {
+    if [ "$INSTALL_MODE" == "OwnNamespace" ]; then
+        oc delete -f config/rbac/kuttl-rbac.yaml -n ${TEST_NAMESPACE}
+    else 
+        oc delete -f kuttl-rbac-all-namespaces.yaml -n ${TEST_NAMESPACE}
+	rm kuttl-rbac-all-namespaces.yaml
+    fi
+}
+
+run_kuttl_tests() {
+    INSTALL_MODE=$1
+    if [ "$INSTALL_MODE" == "SingleNamespace" ]; then
+        set_kuttl_test_dir "kuttl-single-namespace"
+    elif [ "$INSTALL_MODE" == "AllNamespaces" ]; then
+	set_kuttl_test_dir "kuttl-all-namespaces"
+    fi
+
+    set_rbac
+    install_operator_and_run_scorecard_tests
+    result=$?
+    if [[ $result != 0 ]]; then
+        return $result
+    fi
+
+    if [ "$INSTALL_MODE" == "SingleNamespace" ]; then
+	unset_kuttl_test_dir "kuttl-single-namespace"
+    elif [ "$INSTALL_MODE" == "AllNamespaces" ]; then
+        unset_kuttl_test_dir "kuttl-all-namespaces"
+    fi
+    unset_rbac
+    uninstall_operator	
+}
+
+set_kuttl_test_dir() {
+    TEST_DIR=$1
+    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-temp
+    mv bundle/tests/scorecard/${TEST_DIR} bundle/tests/scorecard/kuttl
+    mv bundle/tests/scorecard/kuttl-temp/kuttl-test.yaml bundle/tests/scorecard/kuttl 
+}
+
+unset_kuttl_test_dir() {
+    TEST_DIR=$1
+    mv bundle/tests/scorecard/kuttl/kuttl-test.yaml bundle/tests/scorecard/kuttl-temp
+    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/${TEST_DIR}
+    mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl
+}
+
 install_operator() {
-    # Apply the catalog
-    echo "****** Applying the catalog source..."
-    if [ "$1" == "AllNamespaces" ]; then
-      cat <<EOF | oc apply -f -
-apiVersion: operators.coreos.com/v1alpha1
-kind: CatalogSource
-metadata:
-  name: websphere-liberty-catalog
-  namespace: openshift-operators
-spec:
-  sourceType: grpc
-  image: $CATALOG_IMAGE
-  displayName: WebSphere Liberty Catalog
-  publisher: IBM
-EOF
-    elif [ "$1" == "SingleNamespace" ]; then
-      cat <<EOF | oc apply -f -
-apiVersion: operators.coreos.com/v1alpha1
-kind: CatalogSource
-metadata:
-  name: websphere-liberty-catalog
-  namespace: openshift-marketplace
-spec:
-  sourceType: grpc
-  image: $CATALOG_IMAGE
-  displayName: WebSphere Liberty Catalog
-  publisher: IBM
-EOF
-    else
-      cat <<EOF | oc apply -f -
+    echo "****** Installing the operator in ${INSTALL_MODE} mode..."
+
+    echo "****** Applying catalog source..."
+    cat <<EOF | oc apply -f -
 apiVersion: operators.coreos.com/v1alpha1
 kind: CatalogSource
 metadata:
   name: websphere-liberty-catalog
-  namespace: $TEST_NAMESPACE
+  namespace: $CONTROLLER_MANAGER_NAMESPACE
 spec:
   sourceType: grpc
   image: $CATALOG_IMAGE
   displayName: WebSphere Liberty Catalog
   publisher: IBM
 EOF
-    fi
 
-    if [ "$1" == "OwnNamespace" ]; then
-      echo "****** Applying the operator group to $1..."
+    if [ "$1" != "AllNamespaces" ]; then
+      echo "****** Applying the OperatorGroup supporting $1..."
       cat <<EOF | oc apply -f -
 apiVersion: operators.coreos.com/v1
 kind: OperatorGroup
 metadata:
   name: websphere-operator-group
-  namespace: $TEST_NAMESPACE
+  namespace: $OPERATOR_GROUP_NAMESPACE
 spec:
   targetNamespaces:
-    - $TEST_NAMESPACE
-EOF
-    elif [ "$1" == "SingleNamespace" ]; then
-      echo "****** Applying the operator group to $1..."
-      cat <<EOF | oc apply -f -
-apiVersion: operators.coreos.com/v1
-kind: OperatorGroup
-metadata:
-  name: websphere-operator-group
-  namespace: openshift-marketplace
-spec:
-  targetNamespaces:
-    - $TEST_NAMESPACE
+    - $OPERATOR_GROUP_TARGET_NAMESPACE
 EOF
     else
-      echo "****** Skipping operator group creation since AllNamespaces is selected..."
+      echo "****** Skipping OperatorGroup creation since AllNamespaces is selected..."
     fi
 
-    echo "****** Applying the subscription..."
-    if [ "$1" == "AllNamespaces" ]; then
-      cat <<EOF | oc apply -f -
+    echo "****** Applying the Subscription..."
+    cat <<EOF | oc apply -f -
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
   name: websphere-liberty-operator-subscription
-  namespace: openshift-operators
+  namespace: $CONTROLLER_MANAGER_NAMESPACE
 spec:
   channel: $DEFAULT_CHANNEL
   name: ibm-websphere-liberty
   source: websphere-liberty-catalog
-  sourceNamespace: openshift-operators
+  sourceNamespace: $CONTROLLER_MANAGER_NAMESPACE
   installPlanApproval: Automatic
 EOF
-    elif [ "$1" == "SingleNamespace" ]; then
-      cat <<EOF | oc apply -f -
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: websphere-liberty-operator-subscription
-  namespace: openshift-marketplace
-spec:
-  channel: $DEFAULT_CHANNEL
-  name: ibm-websphere-liberty
-  source: websphere-liberty-catalog
-  sourceNamespace: openshift-marketplace
-  installPlanApproval: Automatic
-EOF
-    else
-      cat <<EOF | oc apply -f -
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: websphere-liberty-operator-subscription
-  namespace: $TEST_NAMESPACE
-spec:
-  channel: $DEFAULT_CHANNEL
-  name: ibm-websphere-liberty
-  source: websphere-liberty-catalog
-  sourceNamespace: $TEST_NAMESPACE
-  installPlanApproval: Automatic
-EOF
-    fi
 }
 
 uninstall_operator() {
-    if [ "$INSTALL_MODE" == "OwnNamespace" ]; then
-      CATALOG_SOURCE_NAMESPACE="${TEST_NAMESPACE}"
-      CSV_NAMESPACE="${TEST_NAMESPACE}"
-    elif [ "$INSTALL_MODE" == "SingleNamespace" ]; then
-      CATALOG_SOURCE_NAMESPACE="openshift-marketplace"
-      CSV_NAMESPACE="${TEST_NAMESPACE}"
-    elif [ "$INSTALL_MODE" == "AllNamespaces" ]; then
-      CATALOG_SOURCE_NAMESPACE="openshift-operators"
-      CSV_NAMESPACE="openshift-operators"
-    fi
+    echo "****** Uninstalling the operator..."
+    oc delete subscription.operators.coreos.com websphere-liberty-operator-subscription -n ${CONTROLLER_MANAGER_NAMESPACE}
 
-    oc delete subscription.operators.coreos.com websphere-liberty-operator-subscription -n ${CATALOG_SOURCE_NAMESPACE}
-    
     currentCSV=$(oc get clusterserviceversion | grep ibm-websphere-liberty | cut -d ' ' -f1 )
-    oc delete clusterserviceversion $currentCSV -n ${CSV_NAMESPACE}
+    oc delete clusterserviceversion $currentCSV -n ${OPERATOR_GROUP_TARGET_NAMESPACE}
 
-    oc delete catalogsource websphere-liberty-catalog -n ${CATALOG_SOURCE_NAMESPACE} 
+    oc delete catalogsource websphere-liberty-catalog -n ${CONTROLLER_MANAGER_NAMESPACE} 
     if [ "$INSTALL_MODE" != "AllNamespaces" ]; then
-        oc delete operatorgroup websphere-operator-group -n ${CATALOG_SOURCE_NAMESPACE}
+        oc delete operatorgroup websphere-operator-group -n ${CONTROLLER_MANAGER_NAMESPACE}
     fi
-    
-    restart_env
 }
 
 parse_args() {

From 2e3198e3f2eb2f83aaa3a1587d96974bf7581276 Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Fri, 2 Sep 2022 08:02:49 -0700
Subject: [PATCH 07/14] Revert e2e.sh

---
 scripts/e2e.sh | 51 +++++++++++++++++---------------------------------
 1 file changed, 17 insertions(+), 34 deletions(-)

diff --git a/scripts/e2e.sh b/scripts/e2e.sh
index 76a41e95..d87a115b 100755
--- a/scripts/e2e.sh
+++ b/scripts/e2e.sh
@@ -60,30 +60,6 @@ push_images() {
     }
 }
 
-install_bundle_and_run_scorecard_tests() {
-  echo "****** Installing bundle in $1 mode..."
-  operator-sdk run bundle --install-mode $1 --pull-secret-name regcred "${BUNDLE_IMAGE}" --timeout 5m || {
-      echo "****** Installing bundle failed..."
-      exit 1
-  }
-
-  # Wait for operator deployment to be ready
-  while [[ $(oc get deploy "${CONTROLLER_MANAGER_NAME}" -o jsonpath='{ .status.readyReplicas }') -ne "1" ]]; do
-      echo "****** Waiting for ${CONTROLLER_MANAGER_NAME} to be ready..."
-      sleep 10
-  done
-
-  echo "****** ${CONTROLLER_MANAGER_NAME} deployment is ready..."
-
-  echo "****** Starting scorecard tests..."
-  operator-sdk scorecard --verbose --selector=suite=kuttlsuite --namespace "${TEST_NAMESPACE}" --service-account scorecard-kuttl --wait-time 30m ./bundle || {
-      echo "****** Scorecard tests failed..."
-      exit 1
-  }
-  result=$?
-  exit result
-}
-
 main() {
     parse_args "$@"
 
@@ -130,20 +106,27 @@ main() {
     echo "****** Pushing operator and operator bundle images into registry..."
     push_images
 
-    # Run scorecard tests in kuttl folder using OwnNamespace
-    install_bundle_and_run_scorecard_tests "OwnNamespace"
+    echo "****** Installing bundle..."
+    operator-sdk run bundle --install-mode OwnNamespace --pull-secret-name regcred "${BUNDLE_IMAGE}" --timeout 5m || {
+        echo "****** Installing bundle failed..."
+        exit 1
+    }
 
-    operator-sdk cleanup "${BUNDLE_IMAGE}"
+    # Wait for operator deployment to be ready
+    while [[ $(oc get deploy "${CONTROLLER_MANAGER_NAME}" -o jsonpath='{ .status.readyReplicas }') -ne "1" ]]; do
+        echo "****** Waiting for ${CONTROLLER_MANAGER_NAME} to be ready..."
+        sleep 10
+    done
 
-    # Run scorecard tests in kuttl-all-namespaces folder using AllNamespaces
-    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-temp 
-    mv bundle/tests/scorecard/kuttl-all-namespaces bundle/tests/scorecard/kuttl
+    echo "****** ${CONTROLLER_MANAGER_NAME} deployment is ready..."
 
-    install_bundle_and_run_scorecard_tests "AllNamespaces"
+    echo "****** Starting scorecard tests..."
+    operator-sdk scorecard --verbose --selector=suite=kuttlsuite --namespace "${TEST_NAMESPACE}" --service-account scorecard-kuttl --wait-time 30m ./bundle || {
+        echo "****** Scorecard tests failed..."
+        exit 1
+    }
+    result=$?
 
-    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-all-namespaces
-    mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl 
-  
     echo "****** Cleaning up test environment..."
     cleanup_env
 

From 0cad87ae648988c9a851a1e59e5e59fc1b5f9888 Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Fri, 2 Sep 2022 08:19:35 -0700
Subject: [PATCH 08/14] Update RBAC config name

---
 ...paces.yaml => kuttl-rbac-cluster-wide.yaml} | 10 +++++-----
 scripts/pipeline/fyre-e2e.sh                   | 18 +++++++++---------
 2 files changed, 14 insertions(+), 14 deletions(-)
 rename config/rbac/{kuttl-rbac-all-namespaces.yaml => kuttl-rbac-cluster-wide.yaml} (90%)

diff --git a/config/rbac/kuttl-rbac-all-namespaces.yaml b/config/rbac/kuttl-rbac-cluster-wide.yaml
similarity index 90%
rename from config/rbac/kuttl-rbac-all-namespaces.yaml
rename to config/rbac/kuttl-rbac-cluster-wide.yaml
index 69a9ec18..4b5d2381 100644
--- a/config/rbac/kuttl-rbac-all-namespaces.yaml
+++ b/config/rbac/kuttl-rbac-cluster-wide.yaml
@@ -1,26 +1,26 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: scorecard-kuttl-all-namespaces
+  name: scorecard-kuttl-cluster-wide
   namespace: wlo-ns
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: scorecard-kuttl-all-namespaces
+  name: scorecard-kuttl-cluster-wide
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: scorecard-kuttl-all-namespaces
+  name: scorecard-kuttl-cluster-wide
 subjects:
 - kind: ServiceAccount
-  name: scorecard-kuttl-all-namespaces
+  name: scorecard-kuttl-cluster-wide
   namespace: wlo-ns
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: scorecard-kuttl-all-namespaces
+  name: scorecard-kuttl-cluster-wide
 rules:
 - apiGroups:
   - ""
diff --git a/scripts/pipeline/fyre-e2e.sh b/scripts/pipeline/fyre-e2e.sh
index 81a17543..7e97af44 100755
--- a/scripts/pipeline/fyre-e2e.sh
+++ b/scripts/pipeline/fyre-e2e.sh
@@ -159,11 +159,11 @@ main() {
 install_operator_and_run_scorecard_tests() {
     if [ "$INSTALL_MODE" == "AllNamespaces" ]; then
         CONTROLLER_MANAGER_NAMESPACE="openshift-operators"
-        SERVICE_ACCOUNT_NAME="scorecard-kuttl-all-namespaces"
+        SERVICE_ACCOUNT_NAME="scorecard-kuttl-cluster-wide"
         OPERATOR_GROUP_TARGET_NAMESPACE="openshift-operators" # used for CSV cleanup
     elif [ "$INSTALL_MODE" == "SingleNamespace" ]; then
         CONTROLLER_MANAGER_NAMESPACE="openshift-marketplace"
-        SERVICE_ACCOUNT_NAME="scorecard-kuttl-all-namespaces"
+        SERVICE_ACCOUNT_NAME="scorecard-kuttl-cluster-wide"
 	OPERATOR_GROUP_NAMESPACE="openshift-marketplace"
         OPERATOR_GROUP_TARGET_NAMESPACE="${TEST_NAMESPACE}"
     elif [ "$INSTALL_MODE" == "OwnNamespace" ]; then
@@ -195,20 +195,20 @@ install_operator_and_run_scorecard_tests() {
 
 set_rbac() {
     if [ "$INSTALL_MODE" == "OwnNamespace" ]; then
-        oc apply -f config/rbac/kuttl-rbac.yaml -n ${TEST_NAMESPACE}
+        oc apply -f config/rbac/kuttl-rbac.yaml
     else 
-        cp config/rbac/kuttl-rbac-all-namespaces.yaml ./
-        sed -i "s/wlo-ns/${TEST_NAMESPACE}/" kuttl-rbac-all-namespaces.yaml
-        oc apply -f kuttl-rbac-all-namespaces.yaml -n ${TEST_NAMESPACE}
+        cp config/rbac/kuttl-rbac-cluster-wide.yaml ./
+        sed -i "s/wlo-ns/${TEST_NAMESPACE}/" kuttl-rbac-cluster-wide.yaml
+        oc apply -f kuttl-rbac-cluster-wide.yaml
     fi
 }
 
 unset_rbac() {
     if [ "$INSTALL_MODE" == "OwnNamespace" ]; then
-        oc delete -f config/rbac/kuttl-rbac.yaml -n ${TEST_NAMESPACE}
+        oc delete -f config/rbac/kuttl-rbac.yaml
     else 
-        oc delete -f kuttl-rbac-all-namespaces.yaml -n ${TEST_NAMESPACE}
-	rm kuttl-rbac-all-namespaces.yaml
+        oc delete -f kuttl-rbac-cluster-wide.yaml
+	rm kuttl-rbac-cluster-wide.yaml
     fi
 }
 

From 732b416f25923290e65b51d37708aa216b131c3f Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Fri, 2 Sep 2022 10:46:06 -0700
Subject: [PATCH 09/14] Cleanup fyre-e2e.sh

---
 scripts/pipeline/fyre-e2e.sh | 70 ++++++++++++++++--------------------
 1 file changed, 31 insertions(+), 39 deletions(-)

diff --git a/scripts/pipeline/fyre-e2e.sh b/scripts/pipeline/fyre-e2e.sh
index 7e97af44..45532509 100755
--- a/scripts/pipeline/fyre-e2e.sh
+++ b/scripts/pipeline/fyre-e2e.sh
@@ -146,9 +146,9 @@ main() {
     oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=/tmp/pull-secret-merged.yaml
 
     # Run Kuttl scorecard tests
-    run_kuttl_tests "OwnNamespace"
-    run_kuttl_tests "AllNamespaces"
-    run_kuttl_tests "SingleNamespace"
+    run_scorecard "OwnNamespace"
+    run_scorecard "AllNamespaces"
+    run_scorecard "SingleNamespace"
 
     echo "****** Cleaning up test environment..."
     cleanup_env
@@ -156,24 +156,28 @@ main() {
     return $result
 }
 
-install_operator_and_run_scorecard_tests() {
+run_scorecard() {
+    INSTALL_MODE=$1
     if [ "$INSTALL_MODE" == "AllNamespaces" ]; then
-        CONTROLLER_MANAGER_NAMESPACE="openshift-operators"
+        KUTTL_TEST_DIR="kuttl-all-namespaces"
+	CONTROLLER_MANAGER_NAMESPACE="openshift-operators"
         SERVICE_ACCOUNT_NAME="scorecard-kuttl-cluster-wide"
         OPERATOR_GROUP_TARGET_NAMESPACE="openshift-operators" # used for CSV cleanup
     elif [ "$INSTALL_MODE" == "SingleNamespace" ]; then
+	KUTTL_TEST_DIR="kuttl-single-namespace"
         CONTROLLER_MANAGER_NAMESPACE="openshift-marketplace"
         SERVICE_ACCOUNT_NAME="scorecard-kuttl-cluster-wide"
 	OPERATOR_GROUP_NAMESPACE="openshift-marketplace"
         OPERATOR_GROUP_TARGET_NAMESPACE="${TEST_NAMESPACE}"
     elif [ "$INSTALL_MODE" == "OwnNamespace" ]; then
+	KUTTL_TEST_DIR="kuttl"
 	CONTROLLER_MANAGER_NAMESPACE="${TEST_NAMESPACE}"
 	SERVICE_ACCOUNT_NAME="scorecard-kuttl"
 	OPERATOR_GROUP_NAMESPACE="${TEST_NAMESPACE}"
         OPERATOR_GROUP_TARGET_NAMESPACE="${TEST_NAMESPACE}"
     fi
 
-    # Delete subscriptions that may be blocking the install
+    # Delete a subscription that may be blocking the install
     oc delete subscription.operators.coreos.com websphere-liberty-operator-subscription -n ${CONTROLLER_MANAGER_NAMESPACE}
 
     install_operator
@@ -187,10 +191,20 @@ install_operator_and_run_scorecard_tests() {
     echo "****** ${CONTROLLER_MANAGER_NAME} deployment is ready..."
  
     echo "****** Starting scorecard tests..."
+    set_rbac
+    set_kuttl_test_dir
+    TESTS_FAILED=false
     operator-sdk scorecard --verbose --kubeconfig  ${HOME}/.kube/config --selector=suite=kuttlsuite --namespace="${TEST_NAMESPACE}" --service-account="${SERVICE_ACCOUNT_NAME}" --wait-time 30m ./bundle || {
        echo "****** Scorecard tests failed..."
-       exit 1
+       TESTS_FAILED=true
     }
+    echo "****** Starting cluster cleanup..."
+    unset_kuttl_test_dir
+    unset_rbac
+    uninstall_operator
+    if $TESTS_FAILED ; then 
+        exit 1 
+    fi
 }
 
 set_rbac() {
@@ -212,42 +226,20 @@ unset_rbac() {
     fi
 }
 
-run_kuttl_tests() {
-    INSTALL_MODE=$1
-    if [ "$INSTALL_MODE" == "SingleNamespace" ]; then
-        set_kuttl_test_dir "kuttl-single-namespace"
-    elif [ "$INSTALL_MODE" == "AllNamespaces" ]; then
-	set_kuttl_test_dir "kuttl-all-namespaces"
-    fi
-
-    set_rbac
-    install_operator_and_run_scorecard_tests
-    result=$?
-    if [[ $result != 0 ]]; then
-        return $result
-    fi
-
-    if [ "$INSTALL_MODE" == "SingleNamespace" ]; then
-	unset_kuttl_test_dir "kuttl-single-namespace"
-    elif [ "$INSTALL_MODE" == "AllNamespaces" ]; then
-        unset_kuttl_test_dir "kuttl-all-namespaces"
-    fi
-    unset_rbac
-    uninstall_operator	
-}
-
 set_kuttl_test_dir() {
-    TEST_DIR=$1
-    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-temp
-    mv bundle/tests/scorecard/${TEST_DIR} bundle/tests/scorecard/kuttl
-    mv bundle/tests/scorecard/kuttl-temp/kuttl-test.yaml bundle/tests/scorecard/kuttl 
+    if [ "$KUTTL_TEST_DIR" != "kuttl" ]; then
+        mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-temp
+        mv bundle/tests/scorecard/${KUTTL_TEST_DIR} bundle/tests/scorecard/kuttl
+        mv bundle/tests/scorecard/kuttl-temp/kuttl-test.yaml bundle/tests/scorecard/kuttl 
+    fi
 }
 
 unset_kuttl_test_dir() {
-    TEST_DIR=$1
-    mv bundle/tests/scorecard/kuttl/kuttl-test.yaml bundle/tests/scorecard/kuttl-temp
-    mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/${TEST_DIR}
-    mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl
+    if [ "$KUTTL_TEST_DIR" != "kuttl" ]; then
+        mv bundle/tests/scorecard/kuttl/kuttl-test.yaml bundle/tests/scorecard/kuttl-temp
+        mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/${KUTTL_TEST_DIR}
+        mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl
+    fi
 }
 
 install_operator() {

From d297e36bf154ed40274557e744d6111f91301ec8 Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Fri, 2 Sep 2022 11:20:26 -0700
Subject: [PATCH 10/14] Fix OperatorGroup bug for AllNamespaces in fyre-e2e.sh

---
 scripts/pipeline/fyre-e2e.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/scripts/pipeline/fyre-e2e.sh b/scripts/pipeline/fyre-e2e.sh
index 45532509..01b389f1 100755
--- a/scripts/pipeline/fyre-e2e.sh
+++ b/scripts/pipeline/fyre-e2e.sh
@@ -158,6 +158,7 @@ main() {
 
 run_scorecard() {
     INSTALL_MODE=$1
+    echo "****** Provisioning the cluster to setup operator in ${INSTALL_MODE} mode..."
     if [ "$INSTALL_MODE" == "AllNamespaces" ]; then
         KUTTL_TEST_DIR="kuttl-all-namespaces"
 	CONTROLLER_MANAGER_NAMESPACE="openshift-operators"
@@ -190,7 +191,7 @@ run_scorecard() {
 
     echo "****** ${CONTROLLER_MANAGER_NAME} deployment is ready..."
  
-    echo "****** Starting scorecard tests..."
+    echo "****** Starting scorecard tests in the '${KUTTL_TEST_DIR}' directory..."
     set_rbac
     set_kuttl_test_dir
     TESTS_FAILED=false
@@ -259,8 +260,8 @@ spec:
   publisher: IBM
 EOF
 
-    if [ "$1" != "AllNamespaces" ]; then
-      echo "****** Applying the OperatorGroup supporting $1..."
+    if [ "$INSTALL_MODE" != "AllNamespaces" ]; then
+      echo "****** Applying the OperatorGroup supporting $INSTALL_MODE..."
       cat <<EOF | oc apply -f -
 apiVersion: operators.coreos.com/v1
 kind: OperatorGroup

From 42fdce6c8f80ce1b5a41a0f53f3549fe1381b380 Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Mon, 17 Oct 2022 06:44:38 -0700
Subject: [PATCH 11/14] Add permissions for watch all/another namespace

---
 .../configmap/02-liberty.yaml                 |   2 +-
 .../configmap/01-delete.yaml                  |   2 +-
 .../configmap/01-errors.yaml                  |   2 +-
 .../configmap/02-assert.yaml                  |   2 +-
 .../configmap/02-liberty.yaml                 |   2 +-
 ...er-wide.yaml => kuttl-rbac-watch-all.yaml} |  14 +-
 config/rbac/kuttl-rbac-watch-another.yaml     | 261 ++++++++++++++++++
 config/rbac/kuttl-rbac-watcher.yaml           | 136 +++++++++
 scripts/pipeline/fyre-e2e.sh                  |  56 ++--
 9 files changed, 449 insertions(+), 28 deletions(-)
 rename config/rbac/{kuttl-rbac-cluster-wide.yaml => kuttl-rbac-watch-all.yaml} (87%)
 create mode 100644 config/rbac/kuttl-rbac-watch-another.yaml
 create mode 100644 config/rbac/kuttl-rbac-watcher.yaml

diff --git a/bundle/tests/scorecard/kuttl-all-namespaces/configmap/02-liberty.yaml b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/02-liberty.yaml
index 9f4c6d1c..3c0876f7 100644
--- a/bundle/tests/scorecard/kuttl-all-namespaces/configmap/02-liberty.yaml
+++ b/bundle/tests/scorecard/kuttl-all-namespaces/configmap/02-liberty.yaml
@@ -6,4 +6,4 @@ spec:
   applicationImage: icr.io/appcafe/websphere-liberty:full-java8-openj9-ubi
   license:
     accept: true
-  replicas: 1
\ No newline at end of file
+  replicas: 1
diff --git a/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-delete.yaml b/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-delete.yaml
index 77c2ea6b..34bdcb03 100644
--- a/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-delete.yaml
+++ b/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-delete.yaml
@@ -3,4 +3,4 @@ kind: TestStep
 commands:
   - command: kubectl delete webspherelibertyapplications --all
     namespaced: true
-  - command: kubectl delete configmap websphere-liberty-operator -n openshift-marketplace
+  - command: kubectl delete configmap websphere-liberty-operator -n WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE
diff --git a/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-errors.yaml b/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-errors.yaml
index 54d2ec6e..f0d57a75 100644
--- a/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-errors.yaml
+++ b/bundle/tests/scorecard/kuttl-single-namespace/configmap/01-errors.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: websphere-liberty-operator
-  namespace: openshift-marketplace
+  namespace: WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE
diff --git a/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-assert.yaml b/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-assert.yaml
index 54d2ec6e..f0d57a75 100644
--- a/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-assert.yaml
+++ b/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-assert.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: websphere-liberty-operator
-  namespace: openshift-marketplace
+  namespace: WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE
diff --git a/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-liberty.yaml b/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-liberty.yaml
index 9f4c6d1c..3c0876f7 100644
--- a/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-liberty.yaml
+++ b/bundle/tests/scorecard/kuttl-single-namespace/configmap/02-liberty.yaml
@@ -6,4 +6,4 @@ spec:
   applicationImage: icr.io/appcafe/websphere-liberty:full-java8-openj9-ubi
   license:
     accept: true
-  replicas: 1
\ No newline at end of file
+  replicas: 1
diff --git a/config/rbac/kuttl-rbac-cluster-wide.yaml b/config/rbac/kuttl-rbac-watch-all.yaml
similarity index 87%
rename from config/rbac/kuttl-rbac-cluster-wide.yaml
rename to config/rbac/kuttl-rbac-watch-all.yaml
index 4b5d2381..2f54e07c 100644
--- a/config/rbac/kuttl-rbac-cluster-wide.yaml
+++ b/config/rbac/kuttl-rbac-watch-all.yaml
@@ -1,26 +1,26 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: scorecard-kuttl-cluster-wide
-  namespace: wlo-ns
+  name: scorecard-kuttl-watch-all
+  namespace: WEBSPHERE_LIBERTY_WATCH_NAMESPACE
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: scorecard-kuttl-cluster-wide
+  name: scorecard-kuttl-watch-all
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: scorecard-kuttl-cluster-wide
+  name: scorecard-kuttl-watch-all
 subjects:
 - kind: ServiceAccount
-  name: scorecard-kuttl-cluster-wide
-  namespace: wlo-ns
+  name: scorecard-kuttl-watch-all
+  namespace: WEBSPHERE_LIBERTY_WATCH_NAMESPACE
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: scorecard-kuttl-cluster-wide
+  name: scorecard-kuttl-watch-all
 rules:
 - apiGroups:
   - ""
diff --git a/config/rbac/kuttl-rbac-watch-another.yaml b/config/rbac/kuttl-rbac-watch-another.yaml
new file mode 100644
index 00000000..ebf6003c
--- /dev/null
+++ b/config/rbac/kuttl-rbac-watch-another.yaml
@@ -0,0 +1,261 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: scorecard-kuttl-watch-another
+  namespace: WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/instance: websphere-liberty-operator
+    app.kubernetes.io/managed-by: olm
+    app.kubernetes.io/name: websphere-liberty-operator
+  name: wlo-leader-election-role
+  namespace: WEBSPHERE_LIBERTY_WATCH_NAMESPACE
+rules:
+  - apiGroups:
+      - ""
+      - coordination.k8s.io
+    resources:
+      - configmaps
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: websphere-liberty-operator
+    app.kubernetes.io/managed-by: olm
+    app.kubernetes.io/name: websphere-liberty-operator
+  name: wlo-manager-role
+  namespace: WEBSPHERE_LIBERTY_WATCH_NAMESPACE
+rules:
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - statefulsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments/finalizers
+  - statefulsets
+  verbs:
+  - update
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - cert-manager.io
+  resources:
+  - certificates
+  - issuers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - persistentvolumeclaims
+  - secrets
+  - serviceaccounts
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/exec
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - image.openshift.io
+  resources:
+  - imagestreams
+  - imagestreamtags
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - liberty.websphere.ibm.com
+  resources:
+  - webspherelibertyapplications
+  - webspherelibertyapplications/finalizers
+  - webspherelibertyapplications/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - liberty.websphere.ibm.com
+  resources:
+  - webspherelibertydumps
+  - webspherelibertydumps/finalizers
+  - webspherelibertydumps/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - liberty.websphere.ibm.com
+  resources:
+  - webspherelibertytraces
+  - webspherelibertytraces/finalizers
+  - webspherelibertytraces/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  - networkpolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  - routes/custom-host
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - security.openshift.io
+  resourceNames:
+  - restricted
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - use
+- apiGroups:
+  - serving.knative.dev
+  resources:
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: websphere-liberty-operator
+    app.kubernetes.io/managed-by: olm
+    app.kubernetes.io/name: websphere-liberty-operator
+  name: wlo-leader-election-rolebinding
+  namespace: WEBSPHERE_LIBERTY_WATCH_NAMESPACE
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: wlo-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: scorecard-kuttl-watch-another
+  namespace: WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/instance: websphere-liberty-operator
+    app.kubernetes.io/managed-by: olm
+    app.kubernetes.io/name: websphere-liberty-operator
+  name: wlo-manager-rolebinding
+  namespace: WEBSPHERE_LIBERTY_WATCH_NAMESPACE
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: wlo-manager-role
+subjects:
+- kind: ServiceAccount
+  name: scorecard-kuttl-watch-another
+  namespace: WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE
diff --git a/config/rbac/kuttl-rbac-watcher.yaml b/config/rbac/kuttl-rbac-watcher.yaml
new file mode 100644
index 00000000..4649b3c2
--- /dev/null
+++ b/config/rbac/kuttl-rbac-watcher.yaml
@@ -0,0 +1,136 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: scorecard-kuttl
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: scorecard-kuttl
+subjects:
+- kind: ServiceAccount
+  name: scorecard-kuttl-watch-another
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: scorecard-kuttl
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - serviceaccounts
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - create
+  - delete
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - pods
+  - routes
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - delete
+- apiGroups:
+    - ""
+  resources:
+    - services
+  verbs:
+    - get
+    - list
+    - patch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - statefulsets
+  verbs:
+  - get
+  - create
+  - patch
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - get
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - get
+- apiGroups:
+  - image.openshift.io
+  resources:
+  - imagestreams
+  verbs:
+  - get
+  - list
+  - create
+  - patch
+  - delete
+- apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - serving.knative.dev
+  resources:
+  - services
+  verbs:
+  - get
+- apiGroups:
+  - liberty.websphere.ibm.com
+  resources:
+  - webspherelibertyapplications
+  - webspherelibertydumps
+  - webspherelibertytraces
+  verbs:
+  - get
+  - list
+  - create
+  - patch
+  - delete
+- apiGroups:
+    - route.openshift.io
+  resources:
+    - routes
+  verbs:
+    - get
+    - list
+    - delete
+- apiGroups:
+    - networking.k8s.io
+  resources:
+    - networkpolicies
+  verbs:
+    - get
+    - list
+    - create
+    - patch
+    - delete
+- apiGroups:
+  - cert-manager.io
+  resources:
+  - issuers
+  - certificates
+  verbs:
+  - get
+  - list
diff --git a/scripts/pipeline/fyre-e2e.sh b/scripts/pipeline/fyre-e2e.sh
index 01b389f1..4ca2305c 100755
--- a/scripts/pipeline/fyre-e2e.sh
+++ b/scripts/pipeline/fyre-e2e.sh
@@ -162,24 +162,29 @@ run_scorecard() {
     if [ "$INSTALL_MODE" == "AllNamespaces" ]; then
         KUTTL_TEST_DIR="kuttl-all-namespaces"
 	CONTROLLER_MANAGER_NAMESPACE="openshift-operators"
-        SERVICE_ACCOUNT_NAME="scorecard-kuttl-cluster-wide"
+        SERVICE_ACCOUNT_NAME="scorecard-kuttl-watch-all"
         OPERATOR_GROUP_TARGET_NAMESPACE="openshift-operators" # used for CSV cleanup
+	WATCH_NAMESPACE="${TEST_NAMESPACE}"
     elif [ "$INSTALL_MODE" == "SingleNamespace" ]; then
 	KUTTL_TEST_DIR="kuttl-single-namespace"
-        CONTROLLER_MANAGER_NAMESPACE="openshift-marketplace"
-        SERVICE_ACCOUNT_NAME="scorecard-kuttl-cluster-wide"
-	OPERATOR_GROUP_NAMESPACE="openshift-marketplace"
-        OPERATOR_GROUP_TARGET_NAMESPACE="${TEST_NAMESPACE}"
+        CONTROLLER_MANAGER_NAMESPACE="${TEST_NAMESPACE}"
+        SERVICE_ACCOUNT_NAME="scorecard-kuttl-watch-another"
+	OPERATOR_GROUP_NAMESPACE="${CONTROLLER_MANAGER_NAMESPACE}"
+	WATCH_NAMESPACE="wlo-watch-${TEST_TAG}"
+        OPERATOR_GROUP_TARGET_NAMESPACE="${WATCH_NAMESPACE}"
+	oc new-project "$WATCH_NAMESPACE"
     elif [ "$INSTALL_MODE" == "OwnNamespace" ]; then
 	KUTTL_TEST_DIR="kuttl"
 	CONTROLLER_MANAGER_NAMESPACE="${TEST_NAMESPACE}"
 	SERVICE_ACCOUNT_NAME="scorecard-kuttl"
 	OPERATOR_GROUP_NAMESPACE="${TEST_NAMESPACE}"
         OPERATOR_GROUP_TARGET_NAMESPACE="${TEST_NAMESPACE}"
+	WATCH_NAMESPACE="${TEST_NAMESPACE}"
     fi
 
-    # Delete a subscription that may be blocking the install
+    # Delete a subscription or catalog source that may be blocking the install
     oc delete subscription.operators.coreos.com websphere-liberty-operator-subscription -n ${CONTROLLER_MANAGER_NAMESPACE}
+    oc delete catalogsource websphere-liberty-catalog -n ${CONTROLLER_MANAGER_NAMESPACE}
 
     install_operator
 
@@ -192,10 +197,11 @@ run_scorecard() {
     echo "****** ${CONTROLLER_MANAGER_NAME} deployment is ready..."
  
     echo "****** Starting scorecard tests in the '${KUTTL_TEST_DIR}' directory..."
+    oc project "${WATCH_NAMESPACE}"
     set_rbac
     set_kuttl_test_dir
     TESTS_FAILED=false
-    operator-sdk scorecard --verbose --kubeconfig  ${HOME}/.kube/config --selector=suite=kuttlsuite --namespace="${TEST_NAMESPACE}" --service-account="${SERVICE_ACCOUNT_NAME}" --wait-time 30m ./bundle || {
+    operator-sdk scorecard --verbose --kubeconfig  ${HOME}/.kube/config --selector=suite=kuttlsuite --namespace="${WATCH_NAMESPACE}" --service-account="${SERVICE_ACCOUNT_NAME}" --wait-time 30m ./bundle || {
        echo "****** Scorecard tests failed..."
        TESTS_FAILED=true
     }
@@ -211,24 +217,38 @@ run_scorecard() {
 set_rbac() {
     if [ "$INSTALL_MODE" == "OwnNamespace" ]; then
         oc apply -f config/rbac/kuttl-rbac.yaml
-    else 
-        cp config/rbac/kuttl-rbac-cluster-wide.yaml ./
-        sed -i "s/wlo-ns/${TEST_NAMESPACE}/" kuttl-rbac-cluster-wide.yaml
-        oc apply -f kuttl-rbac-cluster-wide.yaml
+    elif [ "$INSTALL_MODE" == "AllNamespaces" ]; then 
+        cp config/rbac/kuttl-rbac-watch-all.yaml ./
+        sed -i "s/WEBSPHERE_LIBERTY_WATCH_NAMESPACE/${WATCH_NAMESPACE}/" kuttl-rbac-watch-all.yaml
+        oc apply -f kuttl-rbac-watch-all.yaml
+    elif [ "$INSTALL_MODE" == "SingleNamespace" ]; then
+	cp config/rbac/kuttl-rbac-watch-another.yaml ./
+        sed -i "s/WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE/${WATCH_NAMESPACE}/" kuttl-rbac-watch-another.yaml
+        sed -i "s/WEBSPHERE_LIBERTY_WATCH_NAMESPACE/${CONTROLLER_MANAGER_NAMESPACE}/" kuttl-rbac-watch-another.yaml
+	oc apply -f kuttl-rbac-watch-another.yaml
+        oc apply -f config/rbac/kuttl-rbac-watcher.yaml
     fi
 }
 
 unset_rbac() {
     if [ "$INSTALL_MODE" == "OwnNamespace" ]; then
         oc delete -f config/rbac/kuttl-rbac.yaml
-    else 
-        oc delete -f kuttl-rbac-cluster-wide.yaml
-	rm kuttl-rbac-cluster-wide.yaml
+    elif [ "$INSTALL_MODE" == "AllNamespaces" ]; then 
+        oc delete -f kuttl-rbac-watch-all.yaml
+	rm kuttl-rbac-watch-all.yaml
+    elif [ "$INSTALL_MODE" == "SingleNamespace" ]; then
+        oc delete -f kuttl-rbac-watch-another.yaml
+        rm kuttl-rbac-watch-another.yaml
     fi
 }
 
 set_kuttl_test_dir() {
-    if [ "$KUTTL_TEST_DIR" != "kuttl" ]; then
+    if [ "$KUTTL_TEST_DIR" == "kuttl-single-namespace" ]; then
+        mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-temp
+        cp -r bundle/tests/scorecard/${KUTTL_TEST_DIR} bundle/tests/scorecard/kuttl
+        find bundle/tests/scorecard/kuttl -type f -name "*.yaml" -print0 | xargs -0 sed -i "s/WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE/${CONTROLLER_MANAGER_NAMESPACE}/"
+        mv bundle/tests/scorecard/kuttl-temp/kuttl-test.yaml bundle/tests/scorecard/kuttl 
+    elif [ "$KUTTL_TEST_DIR" != "kuttl" ]; then
         mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/kuttl-temp
         mv bundle/tests/scorecard/${KUTTL_TEST_DIR} bundle/tests/scorecard/kuttl
         mv bundle/tests/scorecard/kuttl-temp/kuttl-test.yaml bundle/tests/scorecard/kuttl 
@@ -236,7 +256,11 @@ set_kuttl_test_dir() {
 }
 
 unset_kuttl_test_dir() {
-    if [ "$KUTTL_TEST_DIR" != "kuttl" ]; then
+    if [ "$KUTTL_TEST_DIR" == "kuttl-single-namespace" ]; then
+        mv bundle/tests/scorecard/kuttl/kuttl-test.yaml bundle/tests/scorecard/kuttl-temp
+	rm -rf bundle/tests/scorecard/kuttl
+        mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl
+    elif [ "$KUTTL_TEST_DIR" != "kuttl" ]; then
         mv bundle/tests/scorecard/kuttl/kuttl-test.yaml bundle/tests/scorecard/kuttl-temp
         mv bundle/tests/scorecard/kuttl bundle/tests/scorecard/${KUTTL_TEST_DIR}
         mv bundle/tests/scorecard/kuttl-temp bundle/tests/scorecard/kuttl

From 30294536ab60396960cdffb584b3c4adca446830 Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Thu, 20 Oct 2022 06:21:26 -0700
Subject: [PATCH 12/14] Update watcher/watched role/rolebinding

---
 config/rbac/kuttl-rbac-watch-another.yaml | 203 ++--------------------
 config/rbac/kuttl-rbac-watcher.yaml       | 136 ---------------
 scripts/pipeline/fyre-e2e.sh              |   8 +-
 3 files changed, 24 insertions(+), 323 deletions(-)
 delete mode 100644 config/rbac/kuttl-rbac-watcher.yaml

diff --git a/config/rbac/kuttl-rbac-watch-another.yaml b/config/rbac/kuttl-rbac-watch-another.yaml
index ebf6003c..c7333764 100644
--- a/config/rbac/kuttl-rbac-watch-another.yaml
+++ b/config/rbac/kuttl-rbac-watch-another.yaml
@@ -2,24 +2,18 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: scorecard-kuttl-watch-another
-  namespace: WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE
+  namespace: WEBSPHERE_LIBERTY_WATCH_NAMESPACE
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  labels:
-    app.kubernetes.io/instance: websphere-liberty-operator
-    app.kubernetes.io/managed-by: olm
-    app.kubernetes.io/name: websphere-liberty-operator
-  name: wlo-leader-election-role
-  namespace: WEBSPHERE_LIBERTY_WATCH_NAMESPACE
+  name: watched-role
+  namespace: WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE
 rules:
   - apiGroups:
       - ""
-      - coordination.k8s.io
     resources:
       - configmaps
-      - leases
     verbs:
       - get
       - list
@@ -28,234 +22,75 @@ rules:
       - update
       - patch
       - delete
-  - apiGroups:
-      - ""
-    resources:
-      - events
-    verbs:
-      - create
-      - patch
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  creationTimestamp: null
-  labels:
-    app.kubernetes.io/instance: websphere-liberty-operator
-    app.kubernetes.io/managed-by: olm
-    app.kubernetes.io/name: websphere-liberty-operator
-  name: wlo-manager-role
+  name: watcher-role
   namespace: WEBSPHERE_LIBERTY_WATCH_NAMESPACE
 rules:
 - apiGroups:
-  - apps
-  resources:
-  - deployments
-  - statefulsets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - update
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - deployments/finalizers
-  - statefulsets
-  verbs:
-  - update
-- apiGroups:
-  - autoscaling
-  resources:
-  - horizontalpodautoscalers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - update
-  - watch
-- apiGroups:
-  - cert-manager.io
+  - ""
   resources:
-  - certificates
-  - issuers
+  - namespaces
+  - pods
+  - routes
   verbs:
-  - create
-  - delete
   - get
   - list
-  - update
-  - watch
 - apiGroups:
   - ""
   resources:
   - configmaps
-  - persistentvolumeclaims
-  - secrets
-  - serviceaccounts
-  - services
   verbs:
-  - create
-  - delete
   - get
   - list
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  - pods/exec
-  verbs:
-  - create
   - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
-  - image.openshift.io
+  - apps
   resources:
-  - imagestreams
-  - imagestreamtags
+  - deployments
+  - statefulsets
   verbs:
   - get
-  - list
-  - watch
-- apiGroups:
-  - liberty.websphere.ibm.com
-  resources:
-  - webspherelibertyapplications
-  - webspherelibertyapplications/finalizers
-  - webspherelibertyapplications/status
-  verbs:
   - create
-  - delete
-  - get
-  - list
   - patch
-  - update
-  - watch
 - apiGroups:
   - liberty.websphere.ibm.com
   resources:
+  - webspherelibertyapplications
   - webspherelibertydumps
-  - webspherelibertydumps/finalizers
-  - webspherelibertydumps/status
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - liberty.websphere.ibm.com
-  resources:
   - webspherelibertytraces
-  - webspherelibertytraces/finalizers
-  - webspherelibertytraces/status
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - monitoring.coreos.com
-  resources:
-  - servicemonitors
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - update
-  - watch
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses
-  - networkpolicies
   verbs:
-  - create
-  - delete
   - get
   - list
-  - update
-  - watch
-- apiGroups:
-  - route.openshift.io
-  resources:
-  - routes
-  - routes/custom-host
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - update
-  - watch
-- apiGroups:
-  - security.openshift.io
-  resourceNames:
-  - restricted
-  resources:
-  - securitycontextconstraints
-  verbs:
-  - use
-- apiGroups:
-  - serving.knative.dev
-  resources:
-  - services
-  verbs:
   - create
+  - patch
   - delete
-  - get
-  - list
-  - update
-  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  labels:
-    app.kubernetes.io/instance: websphere-liberty-operator
-    app.kubernetes.io/managed-by: olm
-    app.kubernetes.io/name: websphere-liberty-operator
-  name: wlo-leader-election-rolebinding
-  namespace: WEBSPHERE_LIBERTY_WATCH_NAMESPACE
+  name: watched-rolebinding
+  namespace: WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: wlo-leader-election-role
+  name: watched-role
 subjects:
 - kind: ServiceAccount
   name: scorecard-kuttl-watch-another
-  namespace: WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE
+  namespace: WEBSPHERE_LIBERTY_WATCH_NAMESPACE
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  labels:
-    app.kubernetes.io/instance: websphere-liberty-operator
-    app.kubernetes.io/managed-by: olm
-    app.kubernetes.io/name: websphere-liberty-operator
-  name: wlo-manager-rolebinding
+  name: watcher-rolebinding
   namespace: WEBSPHERE_LIBERTY_WATCH_NAMESPACE
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: wlo-manager-role
+  name: watcher-role
 subjects:
 - kind: ServiceAccount
   name: scorecard-kuttl-watch-another
-  namespace: WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE
diff --git a/config/rbac/kuttl-rbac-watcher.yaml b/config/rbac/kuttl-rbac-watcher.yaml
deleted file mode 100644
index 4649b3c2..00000000
--- a/config/rbac/kuttl-rbac-watcher.yaml
+++ /dev/null
@@ -1,136 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: scorecard-kuttl
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: scorecard-kuttl
-subjects:
-- kind: ServiceAccount
-  name: scorecard-kuttl-watch-another
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: scorecard-kuttl
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  - serviceaccounts
-  - persistentvolumeclaims
-  verbs:
-  - get
-  - list
-  - create
-  - delete
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  - pods
-  - routes
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - delete
-- apiGroups:
-    - ""
-  resources:
-    - services
-  verbs:
-    - get
-    - list
-    - patch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  - statefulsets
-  verbs:
-  - get
-  - create
-  - patch
-- apiGroups:
-  - autoscaling
-  resources:
-  - horizontalpodautoscalers
-  verbs:
-  - get
-- apiGroups:
-  - monitoring.coreos.com
-  resources:
-  - servicemonitors
-  verbs:
-  - get
-- apiGroups:
-  - image.openshift.io
-  resources:
-  - imagestreams
-  verbs:
-  - get
-  - list
-  - create
-  - patch
-  - delete
-- apiGroups:
-  - events.k8s.io
-  resources:
-  - events
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - serving.knative.dev
-  resources:
-  - services
-  verbs:
-  - get
-- apiGroups:
-  - liberty.websphere.ibm.com
-  resources:
-  - webspherelibertyapplications
-  - webspherelibertydumps
-  - webspherelibertytraces
-  verbs:
-  - get
-  - list
-  - create
-  - patch
-  - delete
-- apiGroups:
-    - route.openshift.io
-  resources:
-    - routes
-  verbs:
-    - get
-    - list
-    - delete
-- apiGroups:
-    - networking.k8s.io
-  resources:
-    - networkpolicies
-  verbs:
-    - get
-    - list
-    - create
-    - patch
-    - delete
-- apiGroups:
-  - cert-manager.io
-  resources:
-  - issuers
-  - certificates
-  verbs:
-  - get
-  - list
diff --git a/scripts/pipeline/fyre-e2e.sh b/scripts/pipeline/fyre-e2e.sh
index 4ca2305c..64a04533 100755
--- a/scripts/pipeline/fyre-e2e.sh
+++ b/scripts/pipeline/fyre-e2e.sh
@@ -209,6 +209,9 @@ run_scorecard() {
     unset_kuttl_test_dir
     unset_rbac
     uninstall_operator
+    if [ "$INSTALL_MODE" == "SingleNamespace" ]; then
+        oc delete project "${WATCH_NAMESPACE}"
+    fi
     if $TESTS_FAILED ; then 
         exit 1 
     fi
@@ -223,10 +226,9 @@ set_rbac() {
         oc apply -f kuttl-rbac-watch-all.yaml
     elif [ "$INSTALL_MODE" == "SingleNamespace" ]; then
 	cp config/rbac/kuttl-rbac-watch-another.yaml ./
-        sed -i "s/WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE/${WATCH_NAMESPACE}/" kuttl-rbac-watch-another.yaml
-        sed -i "s/WEBSPHERE_LIBERTY_WATCH_NAMESPACE/${CONTROLLER_MANAGER_NAMESPACE}/" kuttl-rbac-watch-another.yaml
+        sed -i "s/WEBSPHERE_LIBERTY_OPERATOR_NAMESPACE/${CONTROLLER_MANAGER_NAMESPACE}/" kuttl-rbac-watch-another.yaml
+        sed -i "s/WEBSPHERE_LIBERTY_WATCH_NAMESPACE/${WATCH_NAMESPACE}/" kuttl-rbac-watch-another.yaml
 	oc apply -f kuttl-rbac-watch-another.yaml
-        oc apply -f config/rbac/kuttl-rbac-watcher.yaml
     fi
 }
 

From a5fbe478dd6246262b0bf0e25b4917d3b61f48ca Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Thu, 20 Oct 2022 06:39:38 -0700
Subject: [PATCH 13/14] Minimize clusterrole config in AllNamespaces tests

---
 config/rbac/kuttl-rbac-watch-all.yaml | 81 ---------------------------
 1 file changed, 81 deletions(-)

diff --git a/config/rbac/kuttl-rbac-watch-all.yaml b/config/rbac/kuttl-rbac-watch-all.yaml
index 2f54e07c..81ef52db 100644
--- a/config/rbac/kuttl-rbac-watch-all.yaml
+++ b/config/rbac/kuttl-rbac-watch-all.yaml
@@ -22,18 +22,6 @@ kind: ClusterRole
 metadata:
   name: scorecard-kuttl-watch-all
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  - serviceaccounts
-  - persistentvolumeclaims
-  verbs:
-  - get
-  - list
-  - create
-  - delete
-  - patch
 - apiGroups:
   - ""
   resources:
@@ -51,14 +39,6 @@ rules:
   - get
   - list
   - delete
-- apiGroups:
-    - ""
-  resources:
-    - services
-  verbs:
-    - get
-    - list
-    - patch
 - apiGroups:
   - apps
   resources:
@@ -68,41 +48,6 @@ rules:
   - get
   - create
   - patch
-- apiGroups:
-  - autoscaling
-  resources:
-  - horizontalpodautoscalers
-  verbs:
-  - get
-- apiGroups:
-  - monitoring.coreos.com
-  resources:
-  - servicemonitors
-  verbs:
-  - get
-- apiGroups:
-  - image.openshift.io
-  resources:
-  - imagestreams
-  verbs:
-  - get
-  - list
-  - create
-  - patch
-  - delete
-- apiGroups:
-  - events.k8s.io
-  resources:
-  - events
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - serving.knative.dev
-  resources:
-  - services
-  verbs:
-  - get
 - apiGroups:
   - liberty.websphere.ibm.com
   resources:
@@ -115,29 +60,3 @@ rules:
   - create
   - patch
   - delete
-- apiGroups:
-    - route.openshift.io
-  resources:
-    - routes
-  verbs:
-    - get
-    - list
-    - delete
-- apiGroups:
-    - networking.k8s.io
-  resources:
-    - networkpolicies
-  verbs:
-    - get
-    - list
-    - create
-    - patch
-    - delete
-- apiGroups:
-  - cert-manager.io
-  resources:
-  - issuers
-  - certificates
-  verbs:
-  - get
-  - list

From a5e3737919cd36f1ac3b12e0e1b6775ca5cf153c Mon Sep 17 00:00:00 2001
From: kabicin <kirbychin99@gmail.com>
Date: Thu, 20 Oct 2022 10:07:17 -0700
Subject: [PATCH 14/14] Minimize role config

---
 config/rbac/kuttl-rbac-watch-all.yaml     |  9 ---------
 config/rbac/kuttl-rbac-watch-another.yaml | 13 -------------
 2 files changed, 22 deletions(-)

diff --git a/config/rbac/kuttl-rbac-watch-all.yaml b/config/rbac/kuttl-rbac-watch-all.yaml
index 81ef52db..dfb965fe 100644
--- a/config/rbac/kuttl-rbac-watch-all.yaml
+++ b/config/rbac/kuttl-rbac-watch-all.yaml
@@ -22,15 +22,6 @@ kind: ClusterRole
 metadata:
   name: scorecard-kuttl-watch-all
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  - pods
-  - routes
-  verbs:
-  - get
-  - list
 - apiGroups:
   - ""
   resources:
diff --git a/config/rbac/kuttl-rbac-watch-another.yaml b/config/rbac/kuttl-rbac-watch-another.yaml
index c7333764..0d2bb9b4 100644
--- a/config/rbac/kuttl-rbac-watch-another.yaml
+++ b/config/rbac/kuttl-rbac-watch-another.yaml
@@ -17,10 +17,6 @@ rules:
     verbs:
       - get
       - list
-      - watch
-      - create
-      - update
-      - patch
       - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -29,15 +25,6 @@ metadata:
   name: watcher-role
   namespace: WEBSPHERE_LIBERTY_WATCH_NAMESPACE
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  - pods
-  - routes
-  verbs:
-  - get
-  - list
 - apiGroups:
   - ""
   resources: