Fix: PSS label reset issue

[varshab1210]

What type of PR is this?

/kind bug

What does this PR do / why we need it:
Previously, PSS labels in openshift-gitops ns did not get reconciled and reset upon modification to the values. This PR fixes the issue

Have you updated the necessary documentation?

• Documentation update is required by this PR.
• Documentation has been updated.

Which issue(s) this PR fixes:
https://issues.redhat.com/browse/GITOPS-5945

Fixes #?

Test acceptance criteria:

• Unit Test
• E2E Test

How to test changes / Special notes to the reviewer:

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from varshab1210. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[svghadi]

Thanks @varshab1210. I have left a suggestion in watch logic. PTAL. It would also be great to have some unit tests for this. Maybe a test to verify that labels are added to the namespace and correctly reconciled when modified. You can use below tests for reference.

• gitops-operator/controllers/gitopsservice_controller_test.go

  Line 393 in da39de3

  func TestReconcile_GitOpsNamespace(t *testing.T) {

• Fix: Ensure ConfigMap and StatefulSet updates are applied during operator upgrades argoproj-labs/argocd-operator#1619

[svghadi]

The current watch is not functioning as expected. It triggers reconciliation for changes to all namespaces. For example, I made a change to the default namespace, and the watch still processed it:

2025-01-03T13:14:56+05:30       INFO    controller_gitopsservice        Reconciling GitopsService       {"Request.Namespace": "", "Request.Name": "default"}
2025-01-03T13:14:56+05:30       INFO    controller_gitopsservice        No ResourceQuota set for namespace      {"Request.Namespace": "", "Request.Name": "default", "Name": "openshift-gitops"}
2025-01-03T13:14:56+05:30       INFO    controller_gitopsservice        Reconciling ArgoCD      {"Request.Namespace": "", "Request.Name": "default", "Namespace": "openshift-gitops", "Name": "openshift-gitops"}
2025-01-03T13:14:56+05:30       INFO    controller_gitopsservice        Reconciling plugin deployment   {"Request.Namespace": "", "Request.Name": "default", "Namespace": "openshift-gitops", "Name": "gitops-plugin"}

We need to use a predicate to filter events for only the openshift-gitops namespace. Can you try the following patch? It sets up a watch with the necessary filtering predicate. Since the watch provides the namespace name, we can use EnqueueRequestForObject instead of a custom EnqueueRequestsFromMapFunc to simplify the logic.

Suggested change

	Watches(&corev1.Namespace{ObjectMeta: metav1.ObjectMeta{
	Name: "openshift-gitops",
	}},
	handler.EnqueueRequestsFromMapFunc(namespaceMapper),
	).
	Watches(
	&corev1.Namespace{},
	&handler.EnqueueRequestForObject{},
	builder.WithPredicates(predicate.NewPredicateFuncs(func(obj client.Object) bool{
	return obj.GetName() == "openshift-gitops"
	})),
	).