fix: various test issues

config/crd/bases/falcon.crowdstrike.com_falconnodesensors.yaml

@@ -145,8 +145,7 @@ spec:
                     type: boolean
                   image:
                     description: Location of the Falcon Sensor image. Use only in
-                      cases when you mirror the original image to your repository/name:tag,
-                      and CrowdStrike OAuth2 API is not used.
+                      cases when you mirror the original image to your repository/name:tag
                     pattern: ^.*:.*$
                     type: string
                   imagePullPolicy:

controllers/admission/falconadmission_controller.go

@@ -42,8 +42,6 @@ type FalconAdmissionReconciler struct {
 	Scheme *runtime.Scheme
 }
 
-const nsTest = "falcon-kac"
-
 // SetupWithManager sets up the controller with the Manager.
 func (r *FalconAdmissionReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
@@ -137,6 +135,10 @@ func (r *FalconAdmissionReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		}
 	}
 
+	if err := r.reconcileNamespace(ctx, req, log, falconAdmission); err != nil {
+		return ctrl.Result{}, err
+	}
+
 	// Image being set will override other image based settings
 	if falconAdmission.Spec.Image != "" {
 		if _, err := r.setImageTag(ctx, falconAdmission); err != nil {

deploy/falcon-operator.yaml

@@ -2702,8 +2702,7 @@ spec:
                     type: boolean
                   image:
                     description: Location of the Falcon Sensor image. Use only in
-                      cases when you mirror the original image to your repository/name:tag,
-                      and CrowdStrike OAuth2 API is not used.
+                      cases when you mirror the original image to your repository/name:tag
                     pattern: ^.*:.*$
                     type: string
                   imagePullPolicy:
@@ -3695,7 +3694,7 @@ spec:
                 - linux
       containers:
       - args:
-        - --leader-elect
+        - --config=controller_manager_config.yaml
         command:
         - /manager
         env:
@@ -3731,8 +3730,16 @@ spec:
             drop:
             - ALL
           privileged: false
+        volumeMounts:
+        - mountPath: /controller_manager_config.yaml
+          name: manager-config
+          subPath: controller_manager_config.yaml
       securityContext:
         fsGroup: 65534
         runAsNonRoot: true
       serviceAccountName: falcon-operator-controller-manager
       terminationGracePeriodSeconds: 10
+      volumes:
+      - configMap:
+          name: falcon-operator-manager-config
+        name: manager-config

internal/controller/assets/rbac_test.go

@@ -86,6 +86,23 @@ func TestRole(t *testing.T) {
 			Namespace: namespace,
 			Labels:    common.CRLabels("role", name, common.FalconAdmissionController),
 		},
+		Rules: []rbacv1.PolicyRule{
+			{
+				Verbs:     []string{"create", "get", "list", "watch", "update"},
+				APIGroups: []string{""},
+				Resources: []string{"configmaps"},
+			},
+			{
+				Verbs:     []string{"get", "list", "watch", "update"},
+				APIGroups: []string{""},
+				Resources: []string{"pods"},
+			},
+			{
+				Verbs:     []string{"get", "list", "watch", "create", "update", "delete"},
+				APIGroups: []string{"coordination.k8s.io"},
+				Resources: []string{"leases"},
+			},
+		},
 	}
 	got := Role(name, namespace)
 	if diff := cmp.Diff(want, got); diff != "" {
@@ -107,8 +124,9 @@ func TestRoleBinding(t *testing.T) {
 			Kind:       "RoleBinding",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:   name,
-			Labels: common.CRLabels("rolebinding", name, component),
+			Name:      name,
+			Labels:    common.CRLabels("rolebinding", name, component),
+			Namespace: namespace,
 		},
 		Subjects: []rbacv1.Subject{
 			{