improved catalog handling after modification

roles/fix-operators/tasks/main.yml

@@ -83,10 +83,6 @@
       (sso_sec.resources[0].data[".dockerconfigjson"] is not defined) or
       (sso_sec.resources[0].type != "kubernetes.io/dockerconfigjson")
 
-#- name: Store the credentials as a fact
-#  set_fact:
-#    sso_secret: '{"auths": {"quay.io": {"username": "{{ robot_username }}", "password": "{{ robot_token }}", "auth": "{{ (robot_username + ":" + robot_token) | string | b64encode }}"}}}'
-
 # NOTE: dot-keys aren't welcome for some dumb reason. Must use imperative command here.
 - name: Create a secret to access the catalog image if not yet there
   #k8s:
@@ -118,8 +114,17 @@
     name: rhsso-operator
   register: sso_mft
 
-# TODO: remove the catalogsource also if it's not referencing the secret, the
-#       pod is older than the secret, or its state is not "running"
+- name: Get info from the do280-catalog source
+  k8s_info:
+    kubeconfig: tmp/kubeconfig-ocp4
+    validate_certs: no
+    api_version: operators.coreos.com/v1alpha1
+    kind: catalogsource
+    namespace: openshift-marketplace
+    name: do280-catalog
+  register: op_catalog
+
+# TODO: remove the catalogsource also if the pod is older than the secret
 - name: Remove existing catalogsource from openshift-marketplace if rhsso-operator belongs to it
   k8s:
     kubeconfig: tmp/kubeconfig-ocp4
@@ -129,12 +134,16 @@
     namespace: openshift-marketplace
     name: do280-catalog
     state: absent
-  when:
-    - sso_mft.resources is defined
-    - (sso_mft.resources | length) > 0
-    - sso_mft.resources[0].status.catalogSource == "do280-catalog"
-
-# TODO: Wait for the do280-catalog pod to disappear.
+  when: |-
+    (sso_mft.resources is defined and
+      (sso_mft.resources | length) > 0 and
+      sso_mft.resources[0].status.catalogSource == "do280-catalog")
+    or
+      (op_catalog.resources is defined and
+      (op_catalog.resources | length) > 0 and
+      ((op_catalog.resources[0].spec.image != "{{ catalog_main_image }}") or
+        (op_catalog.resources[0].spec.secrets is not defined) or
+        (op_catalog.resources[0].spec.secrets != ["catalogsecret"])))
 
 - name: Make certain the "standard" catalog source is updated
   k8s:
@@ -148,11 +157,14 @@
     definition:
       spec:
         displayName: "do280 Operator Catalog"
-        image: "quay.io/rhtuser/do280-catalog-nosso:v4.10"
+        image: "{{ catalog_main_image }}"
         publisher: "Red Hat"
         secrets:
           - "catalogsecret"
         sourceType: "grpc"
+  register: op_catalog_modified
+
+- debug: var=op_catalog_modified
 
 - name: Ensure the RHSSO catalog source is there as well
   k8s:
@@ -166,13 +178,30 @@
     definition:
       spec:
         displayName: "do280 SSO Catalog"
-        image: "quay.io/rhtuser/do280-sso-operator:v4.10"
+        image: "{{ catalog_sso_image }}"
         publisher: "Red Hat"
         secrets:
           - "catalogsecret"
         sourceType: "grpc"
 
-# TODO: maybe both catalogsources?
+- name: Wait for things to settle down a bit for do280-catalog
+  pause:
+    seconds: 10
+    prompt: "Waiting for marketplace operator to settle down."
+  when: op_catalog_modified.changed
+
+- name: Delete the do280-catalog pod if CS was modified
+  k8s:
+    kubeconfig: tmp/kubeconfig-ocp4
+    validate_certs: no
+    api_version: v1
+    kind: pod
+    namespace: openshift-marketplace
+    label_selectors:
+      - olm.catalogSource=do280-catalog
+    state: absent
+  when: op_catalog_modified.changed
+
 - name: Wait for the catalogsource to be ready.
   k8s_info:
     kubeconfig: tmp/kubeconfig-ocp4

roles/fix-operators/vars/main.yml

@@ -1,4 +1,6 @@
 ---
 robot_username: rhtuser+rhsso
 robot_token: FWUDNUF8F33NNQQ2GI8GZ9VF64H5O20TH1P9G0Q78Y0VW0X9I4HTIA3CG1P7RX74
+catalog_sso_image: quay.io/rhtuser/do280-sso-operator:v4.10
+catalog_main_image: quay.io/rhtuser/do280-catalog-nosso:v4.10
 ...