podsecurityreadinesscontroller: change type from cu to unclassified

Author: ibihim

pkg/operator/podsecurityreadinesscontroller/classification.go

@@ -51,9 +51,7 @@ func (c *PodSecurityReadinessController) classifyViolatingNamespace(
 		return nil
 	}
 
-	// Historically, we assume that this is a customer issue, but
-	// actually it means we don't know what the root cause is.
-	conditions.addViolatingCustomer(ns)
+	conditions.addUnclassifiedIssue(ns)
 
 	return nil
 }

pkg/operator/podsecurityreadinesscontroller/classification_test.go

@@ -55,7 +55,7 @@ func TestClassifyViolatingNamespaceWithAPIErrors(t *testing.T) {
 	}
 
 	// Ensure no classifications were made due to the error
-	if len(conditions.violatingCustomerNamespaces) != 0 ||
+	if len(conditions.violatingUnclassifiedNamespaces) != 0 ||
 		len(conditions.violatingUserSCCNamespaces) != 0 ||
 		len(conditions.violatingOpenShiftNamespaces) != 0 ||
 		len(conditions.violatingRunLevelZeroNamespaces) != 0 ||
@@ -190,7 +190,7 @@ func TestClassifyViolatingNamespace(t *testing.T) {
 			},
 			enforceLevel: psapi.LevelRestricted,
 			expectedConditions: podSecurityOperatorConditions{
-				violatingCustomerNamespaces: []string{"customer-ns"},
+				violatingUnclassifiedNamespaces: []string{"customer-ns"},
 			},
 			expectError: false,
 		},
@@ -224,7 +224,7 @@ func TestClassifyViolatingNamespace(t *testing.T) {
 			},
 			enforceLevel: psapi.LevelRestricted,
 			expectedConditions: podSecurityOperatorConditions{
-				violatingCustomerNamespaces: []string{"customer-ns"},
+				violatingUnclassifiedNamespaces: []string{"customer-ns"},
 			},
 			expectError: false,
 		},
@@ -238,7 +238,7 @@ func TestClassifyViolatingNamespace(t *testing.T) {
 			pods:         []corev1.Pod{},
 			enforceLevel: psapi.LevelRestricted,
 			expectedConditions: podSecurityOperatorConditions{
-				violatingCustomerNamespaces: []string{"customer-ns"},
+				violatingUnclassifiedNamespaces: []string{"customer-ns"},
 			},
 			expectError: false,
 		},
@@ -268,7 +268,7 @@ func TestClassifyViolatingNamespace(t *testing.T) {
 			},
 			enforceLevel: psapi.LevelRestricted,
 			expectedConditions: podSecurityOperatorConditions{
-				violatingCustomerNamespaces: []string{"customer-ns"},
+				violatingUnclassifiedNamespaces: []string{"customer-ns"},
 			},
 			expectError: false,
 		},
@@ -284,7 +284,7 @@ func TestClassifyViolatingNamespace(t *testing.T) {
 			},
 			enforceLevel: psapi.LevelPrivileged,
 			expectedConditions: podSecurityOperatorConditions{
-				violatingCustomerNamespaces: []string{"customer-ns"},
+				violatingUnclassifiedNamespaces: []string{"customer-ns"},
 			},
 			expectError: false,
 		},
@@ -453,7 +453,7 @@ func deepEqualPodSecurityOperatorConditions(
 
 	return slices.Equal(a.violatingOpenShiftNamespaces, b.violatingOpenShiftNamespaces) &&
 		slices.Equal(a.violatingRunLevelZeroNamespaces, b.violatingRunLevelZeroNamespaces) &&
-		slices.Equal(a.violatingCustomerNamespaces, b.violatingCustomerNamespaces) &&
+		slices.Equal(a.violatingUnclassifiedNamespaces, b.violatingUnclassifiedNamespaces) &&
 		slices.Equal(a.violatingDisabledSyncerNamespaces, b.violatingDisabledSyncerNamespaces) &&
 		slices.Equal(a.violatingUserSCCNamespaces, b.violatingUserSCCNamespaces) &&
 		slices.Equal(a.inconclusiveNamespaces, b.inconclusiveNamespaces)

pkg/operator/podsecurityreadinesscontroller/conditions.go

@@ -12,7 +12,9 @@ import (
 )
 
 const (
-	PodSecurityCustomerType       = "PodSecurityCustomerEvaluationConditionsDetected"
+	// Historically, we assume that this is a customer issue, but
+	// actually it means we don't know what the root cause is.
+	PodSecurityUnknownType        = "PodSecurityCustomerEvaluationConditionsDetected"
 	PodSecurityOpenshiftType      = "PodSecurityOpenshiftEvaluationConditionsDetected"
 	PodSecurityRunLevelZeroType   = "PodSecurityRunLevelZeroEvaluationConditionsDetected"
 	PodSecurityDisabledSyncerType = "PodSecurityDisabledSyncerEvaluationConditionsDetected"
@@ -28,9 +30,9 @@ const (
 type podSecurityOperatorConditions struct {
 	violatingOpenShiftNamespaces      []string
 	violatingRunLevelZeroNamespaces   []string
-	violatingCustomerNamespaces       []string
 	violatingDisabledSyncerNamespaces []string
 	violatingUserSCCNamespaces        []string
+	violatingUnclassifiedNamespaces   []string
 	inconclusiveNamespaces            []string
 }
 
@@ -50,8 +52,8 @@ func (c *podSecurityOperatorConditions) addViolatingDisabledSyncer(ns *corev1.Na
 	c.violatingDisabledSyncerNamespaces = append(c.violatingDisabledSyncerNamespaces, ns.Name)
 }
 
-func (c *podSecurityOperatorConditions) addViolatingCustomer(ns *corev1.Namespace) {
-	c.violatingCustomerNamespaces = append(c.violatingCustomerNamespaces, ns.Name)
+func (c *podSecurityOperatorConditions) addUnclassifiedIssue(ns *corev1.Namespace) {
+	c.violatingUnclassifiedNamespaces = append(c.violatingUnclassifiedNamespaces, ns.Name)
 }
 
 func (c *podSecurityOperatorConditions) addViolatingUserSCC(ns *corev1.Namespace) {
@@ -94,7 +96,7 @@ func makeCondition(conditionType, conditionReason string, namespaces []string) o
 
 func (c *podSecurityOperatorConditions) toConditionFuncs() []v1helpers.UpdateStatusFunc {
 	return []v1helpers.UpdateStatusFunc{
-		v1helpers.UpdateConditionFn(makeCondition(PodSecurityCustomerType, violationReason, c.violatingCustomerNamespaces)),
+		v1helpers.UpdateConditionFn(makeCondition(PodSecurityUnknownType, violationReason, c.violatingUnclassifiedNamespaces)),
 		v1helpers.UpdateConditionFn(makeCondition(PodSecurityOpenshiftType, violationReason, c.violatingOpenShiftNamespaces)),
 		v1helpers.UpdateConditionFn(makeCondition(PodSecurityRunLevelZeroType, violationReason, c.violatingRunLevelZeroNamespaces)),
 		v1helpers.UpdateConditionFn(makeCondition(PodSecurityDisabledSyncerType, violationReason, c.violatingDisabledSyncerNamespaces)),

pkg/operator/podsecurityreadinesscontroller/conditions_test.go

@@ -13,13 +13,13 @@ func TestCondition(t *testing.T) {
 	t.Run("with violating namespaces", func(t *testing.T) {
 		namespaces := []string{"namespace1", "namespace2"}
 		expectedCondition := operatorv1.OperatorCondition{
-			Type:    PodSecurityCustomerType,
+			Type:    PodSecurityUnknownType,
 			Status:  operatorv1.ConditionTrue,
 			Reason:  "PSViolationsDetected",
 			Message: "Violations detected in namespaces: [namespace1 namespace2]",
 		}
 
-		condition := makeCondition(PodSecurityCustomerType, violationReason, namespaces)
+		condition := makeCondition(PodSecurityUnknownType, violationReason, namespaces)
 
 		if condition.Type != expectedCondition.Type {
 			t.Errorf("expected condition type %s, got %s", expectedCondition.Type, condition.Type)
@@ -41,13 +41,13 @@ func TestCondition(t *testing.T) {
 	t.Run("with inconclusive namespaces", func(t *testing.T) {
 		namespaces := []string{"namespace1", "namespace2"}
 		expectedCondition := operatorv1.OperatorCondition{
-			Type:    PodSecurityCustomerType,
+			Type:    PodSecurityUnknownType,
 			Status:  operatorv1.ConditionTrue,
 			Reason:  "PSViolationDecisionInconclusive",
 			Message: "Could not evaluate violations for namespaces: [namespace1 namespace2]",
 		}
 
-		condition := makeCondition(PodSecurityCustomerType, inconclusiveReason, namespaces)
+		condition := makeCondition(PodSecurityUnknownType, inconclusiveReason, namespaces)
 
 		if condition.Type != expectedCondition.Type {
 			t.Errorf("expected condition type %s, got %s", expectedCondition.Type, condition.Type)
@@ -69,12 +69,12 @@ func TestCondition(t *testing.T) {
 	t.Run("without namespaces", func(t *testing.T) {
 		namespaces := []string{}
 		expectedCondition := operatorv1.OperatorCondition{
-			Type:   PodSecurityCustomerType,
+			Type:   PodSecurityUnknownType,
 			Status: operatorv1.ConditionFalse,
 			Reason: "ExpectedReason",
 		}
 
-		condition := makeCondition(PodSecurityCustomerType, violationReason, namespaces)
+		condition := makeCondition(PodSecurityUnknownType, violationReason, namespaces)
 
 		if condition.Type != expectedCondition.Type {
 			t.Errorf("expected condition type %s, got %s", expectedCondition.Type, condition.Type)
@@ -298,7 +298,7 @@ func TestOperatorStatus(t *testing.T) {
 						cond.addViolatingDisabledSyncer(ns)
 					} else {
 						// Default to customer violation for test purposes
-						cond.addViolatingCustomer(ns)
+						cond.addUnclassifiedIssue(ns)
 					}
 				}
 				if tt.addInconclusive {