Move Map and GroupBy to slice package

Per Goncalves da Silva · perdasilva · commit bcd8b5b3d5a1 · 2025-03-31T16:57:46.000+02:00
Signed-off-by: Per Goncalves da Silva &lt;pegoncal@redhat.com&gt;
diff --git a/internal/operator-controller/rukpak/convert/installer_rbac.go b/internal/operator-controller/rukpak/convert/installer_rbac.go
@@ -7,10 +7,10 @@ import (
 
 	rbacv1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	slicesutil "github.com/operator-framework/operator-controller/internal/shared/util/filter"
+	"github.com/operator-framework/operator-controller/internal/shared/util/filter"
+	slicesutil "github.com/operator-framework/operator-controller/internal/shared/util/slices"
 )
 
 var (
@@ -45,21 +45,16 @@ var (
 	}
 )
 
-// GenerateResourceManagerClusterRole generates a ClusterRole with permissions to manage objs resources. The
+// GenerateResourceManagerClusterRolePerms generates a ClusterRole permissions to manage objs resources. The
 // permissions also aggregate any permissions from any ClusterRoles in objs allowing the holder to also assign
 // the RBAC therein to another service account. Note: assumes objs have been created by convert.Convert.
-// The returned ClusterRole will not have set .metadata.name
-func GenerateResourceManagerClusterRole(objs []client.Object) *rbacv1.ClusterRole {
-	rules := slices.Concat(
+func GenerateResourceManagerClusterRolePerms(objs []client.Object) []rbacv1.PolicyRule {
+	return slices.Concat(
 		// cluster scoped resource creation and management rules
-		generatePolicyRules(slicesutil.Filter(objs, isClusterScopedResource)),
+		generatePolicyRules(filter.Filter(objs, isClusterScopedResource)),
 		// controller rbac scope
-		collectRBACResourcePolicyRules(slicesutil.Filter(objs, slicesutil.And(isGeneratedResource, isOfKind("ClusterRole")))),
+		collectRBACResourcePolicyRules(filter.Filter(objs, filter.And(isGeneratedResource, isOfKind("ClusterRole")))),
 	)
-	if len(rules) == 0 {
-		return nil
-	}
-	return ptr.To(newClusterRole("", rules))
 }
 
 // GenerateClusterExtensionFinalizerPolicyRule generates a policy rule that allows the holder to update
@@ -73,26 +68,27 @@ func GenerateClusterExtensionFinalizerPolicyRule(clusterExtensionName string) rb
 	}
 }
 
-// GenerateResourceManagerRoles generates one or more Roles with permissions to manage objs resources in their
+// GenerateResourceManagerRolePerms generates role permissions to manage objs resources in their
 // namespaces. The permissions also include any permissions defined in any Roles in objs within the namespace, allowing
 // the holder to also assign the RBAC therein to another service account.
 // Note: currently assumes objs have been created by convert.Convert.
 // The returned Roles will not have set .metadata.name
-func GenerateResourceManagerRoles(objs []client.Object) []*rbacv1.Role {
-	return mapToSlice(slicesutil.GroupBy(slicesutil.Filter(objs, isNamespaceScopedResource), namespaceName), generateRole)
-}
-
-func generateRole(namespace string, namespaceObjs []client.Object) *rbacv1.Role {
-	return ptr.To(newRole(
-		namespace,
-		"",
-		slices.Concat(
-			// namespace scoped resource creation and management rules
-			generatePolicyRules(namespaceObjs),
-			// controller rbac scope
-			collectRBACResourcePolicyRules(slicesutil.Filter(namespaceObjs, slicesutil.And(isOfKind("Role"), isGeneratedResource))),
-		),
-	))
+func GenerateResourceManagerRolePerms(objs []client.Object) map[string][]rbacv1.PolicyRule {
+	out := map[string][]rbacv1.PolicyRule{}
+	namespaceScopedObjs := filter.Filter(objs, isNamespaceScopedResource)
+	for _, obj := range namespaceScopedObjs {
+		namespace := obj.GetNamespace()
+		if _, ok := out[namespace]; !ok {
+			objsInNamespace := filter.Filter(namespaceScopedObjs, isInNamespace(namespace))
+			out[namespace] = slices.Concat(
+				// namespace scoped resource creation and management rules
+				generatePolicyRules(objsInNamespace),
+				// controller rbac scope
+				collectRBACResourcePolicyRules(filter.Filter(objsInNamespace, filter.And(isOfKind("Role"), isGeneratedResource))),
+			)
+		}
+	}
+	return out
 }
 
 func generatePolicyRules(objs []client.Object) []rbacv1.PolicyRule {
@@ -143,7 +139,7 @@ func isNamespaceScopedResource(o client.Object) bool {
 	return slices.Contains(namespaceScopedResources, o.GetObjectKind().GroupVersionKind().Kind)
 }
 
-func isOfKind(kind string) slicesutil.Predicate[client.Object] {
+func isOfKind(kind string) filter.Predicate[client.Object] {
 	return func(o client.Object) bool {
 		return o.GetObjectKind().GroupVersionKind().Kind == kind
 	}
@@ -155,12 +151,14 @@ func isGeneratedResource(o client.Object) bool {
 	return ok
 }
 
-func groupKind(obj client.Object) schema.GroupKind {
-	return obj.GetObjectKind().GroupVersionKind().GroupKind()
+func isInNamespace(namespace string) filter.Predicate[client.Object] {
+	return func(o client.Object) bool {
+		return o.GetNamespace() == namespace
+	}
 }
 
-func namespaceName(obj client.Object) string {
-	return obj.GetNamespace()
+func groupKind(obj client.Object) schema.GroupKind {
+	return obj.GetObjectKind().GroupVersionKind().GroupKind()
 }
 
 func toResourceName(o client.Object) string {
diff --git a/internal/shared/util/filter/filter.go b/internal/shared/util/filter/filter.go
@@ -5,10 +5,6 @@ import "slices"
 // Predicate returns true if the object should be kept when filtering
 type Predicate[T any] func(entity T) bool
 
-type Key[T any, K comparable] func(entity T) K
-
-type MapFn[S any, V any] func(S) V
-
 func And[T any](predicates ...Predicate[T]) Predicate[T] {
 	return func(obj T) bool {
 		for _, predicate := range predicates {
@@ -54,20 +50,3 @@ func Filter[T any](s []T, test Predicate[T]) []T {
 func InPlace[T any](s []T, test Predicate[T]) []T {
 	return slices.DeleteFunc(s, Not(test))
 }
-
-func GroupBy[T any, K comparable](s []T, key Key[T, K]) map[K][]T {
-	out := map[K][]T{}
-	for _, value := range s {
-		k := key(value)
-		out[k] = append(out[k], value)
-	}
-	return out
-}
-
-func Map[S, V any](s []S, mapper MapFn[S, V]) []V {
-	out := make([]V, len(s))
-	for i := 0; i < len(s); i++ {
-		out[i] = mapper(s[i])
-	}
-	return out
-}
diff --git a/internal/shared/util/slices/slices.go b/internal/shared/util/slices/slices.go
@@ -0,0 +1,22 @@
+package slices
+
+type Key[T any, K comparable] func(entity T) K
+
+type MapFn[S any, V any] func(S) V
+
+func GroupBy[T any, K comparable](s []T, key Key[T, K]) map[K][]T {
+	out := map[K][]T{}
+	for _, value := range s {
+		k := key(value)
+		out[k] = append(out[k], value)
+	}
+	return out
+}
+
+func Map[S, V any](s []S, mapper MapFn[S, V]) []V {
+	out := make([]V, len(s))
+	for i := 0; i < len(s); i++ {
+		out[i] = mapper(s[i])
+	}
+	return out
+}
diff --git a/internal/shared/util/slices/slices_test.go b/internal/shared/util/slices/slices_test.go
@@ -0,0 +1,31 @@
+package slices_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	slicesutil "github.com/operator-framework/operator-controller/internal/shared/util/slices"
+)
+
+func Test_Map(t *testing.T) {
+	in := []int{1, 2, 3, 4, 5}
+	doubleIt := func(val int) int {
+		return 2 * val
+	}
+	require.Equal(t, []int{2, 4, 6, 8, 10}, slicesutil.Map(in, doubleIt))
+}
+
+func Test_GroupBy(t *testing.T) {
+	in := []int{1, 2, 3, 4, 5}
+	oddOrEven := func(val int) string {
+		if val%2 == 0 {
+			return "even"
+		}
+		return "odd"
+	}
+	require.Equal(t, map[string][]int{
+		"even": {2, 4},
+		"odd":  {1, 3, 5},
+	}, slicesutil.GroupBy(in, oddOrEven))
+}
