auditpolicycontroller: filter configmaps triggering this controller

Make sure that other configmap updates don't trigger auditpolicy controller - only target namespace
/ name configmap updates are making sync run. APIServer config and operator client informer events
are not being filtered

Author: vrutkovs

pkg/operator/apiserver/controller/auditpolicy/auditpolicy_controller.go

@@ -59,11 +59,20 @@ func NewAuditPolicyController(
 		targetConfigMapName:    targetConfigMapName,
 	}
 
-	return factory.New().WithSync(c.sync).WithControllerInstanceName(c.controllerInstanceName).ResyncEvery(1*time.Minute).WithInformers(
-		configInformers.Config().V1().APIServers().Informer(),
-		kubeInformersForTargetNamespace.Core().V1().ConfigMaps().Informer(),
-		operatorClient.Informer(),
-	).ToController(
+	return factory.New().
+		WithSync(c.sync).
+		WithControllerInstanceName(c.controllerInstanceName).
+		ResyncEvery(1*time.Minute).
+		WithFilteredEventsInformers(func(obj interface{}) bool {
+			if cm, ok := obj.(*v1.ConfigMap); ok {
+				return cm.Namespace == targetNamespace && cm.Name == targetConfigMapName
+			}
+			return true
+		},
+			configInformers.Config().V1().APIServers().Informer(),
+			kubeInformersForTargetNamespace.Core().V1().ConfigMaps().Informer(),
+			operatorClient.Informer(),
+		).ToController(
 		"auditPolicyController", // don't change what is passed here unless you also remove the old FooDegraded condition
 		eventRecorder.WithComponentSuffix("audit-policy-controller"),
 	)

pkg/operator/apiserver/controllerset/apiservercontrollerset.go

@@ -3,10 +3,11 @@ package apiservercontrollerset
 import (
 	"context"
 	"fmt"
-	"k8s.io/utils/clock"
 	"regexp"
 	"time"
 
+	"k8s.io/utils/clock"
+
 	configv1 "github.com/openshift/api/config/v1"
 	configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	openshiftconfigclientv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
@@ -31,6 +32,7 @@ import (
 	"github.com/openshift/library-go/pkg/operator/status"
 	"github.com/openshift/library-go/pkg/operator/unsupportedconfigoverridescontroller"
 	"github.com/openshift/library-go/pkg/operator/v1helpers"
+	corev1listers "k8s.io/client-go/listers/core/v1"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
@@ -405,7 +407,8 @@ func (cs *APIServerControllerSet) WithAuditPolicyController(
 	targetNamespace string,
 	targetConfigMapName string,
 	configInformers configinformers.SharedInformerFactory,
-	kubeInformersForTargetNamesace kubeinformers.SharedInformerFactory,
+	kubeInformersForTargetNamespace kubeinformers.SharedInformerFactory,
+	configMapLister corev1listers.ConfigMapNamespaceLister,
 	kubeClient kubernetes.Interface,
 ) *APIServerControllerSet {
 	cs.auditPolicyController.controller = auditpolicy.NewAuditPolicyController(
@@ -415,7 +418,8 @@ func (cs *APIServerControllerSet) WithAuditPolicyController(
 		cs.operatorClient,
 		kubeClient,
 		configInformers,
-		kubeInformersForTargetNamesace,
+		kubeInformersForTargetNamespace,
+		configMapLister,
 		cs.eventRecorder,
 	)
 	return cs