✨ Add installer policy rule generators

[perdasilva]

Description

Adds functions to the rukpak/convert package to generate policy rules that can be used by the installer service account / user to manage a cluster extension.

Reviewer Checklist

• API Go Documentation
• Tests: Unit Tests (and E2E Tests, if appropriate)
• Comprehensive Commit Messages
• Links to related GitHub Issue(s)

[netlify]

✅ Deploy Preview for olmv1 ready!

Name	Link
🔨 Latest commit	cdf1906
🔍 Latest deploy log	https://app.netlify.com/sites/olmv1/deploys/67d7ef5bacbbd00008226102
😎 Deploy Preview	https://deploy-preview-1774--olmv1.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

Attention: Patch coverage is 98.11321% with 2 lines in your changes missing coverage. Please review.

Project coverage is 69.58%. Comparing base (416fbdc) to head (cdf1906).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...erator-controller/rukpak/convert/installer_rbac.go	97.43%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1774      +/-   ##
==========================================
+ Coverage   69.04%   69.58%   +0.53%     
==========================================
  Files          65       67       +2     
  Lines        5263     5363     +100     
==========================================
+ Hits         3634     3732      +98     
- Misses       1396     1397       +1     
- Partials      233      234       +1     

Flag	Coverage Δ
e2e	49.01% <12.26%> (-1.08%)	⬇️
unit	57.72% <98.11%> (+0.76%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[perdasilva]

since we expect the rendered manifests as input, I'm wondering if we could just check whether .metadata.namespace is set as the discriminant....

[camilamacedo86]

So it is a new annotation.
What happens when we use this new annotation?
Are we allowing the creation of RBAC rules for the Cluster Extension?
Is that? Can you please clarify when it is required and why? (for the POV of the Cluster Extension User)

[perdasilva]

This is something we can talk about. This annotation exists only to inform the client of convert.Convert which of the resources where generated by it as opposed to coming directly from the bundle. Other than that, it does nothing. It's really just a signal to say "this resource was generated when rendering the bundle - it is not part of the bundle itself"