OWLS-73891 part 1: update warning messages and fix a helm upgrade issue (#1253)

* OWLS-73891 part 1 - fix stale domain watcher and add namespace in security check warning messages

* More cleanup of stale states associated with a recreated namespace

Author: doxiao

operator/src/main/java/oracle/kubernetes/operator/Main.java

@@ -221,6 +221,10 @@ private static void stopNamespaces(Collection<String> namespacesToStop) {
         stopping.set(true);
       }
       isNamespaceStarted.remove(ns);
+      domainWatchers.remove(ns);
+      eventWatchers.remove(ns);
+      podWatchers.remove(ns);
+      serviceWatchers.remove(ns);
     }
   }
 

operator/src/main/java/oracle/kubernetes/operator/helpers/HealthCheckHelper.java

@@ -118,7 +118,7 @@ public static void performSecurityChecks(
 
     // Validate RBAC or ABAC policies allow service account to perform required operations
     AuthorizationProxy ap = new AuthorizationProxy();
-    LOGGER.info(MessageKeys.VERIFY_ACCESS_START);
+    LOGGER.info(MessageKeys.VERIFY_ACCESS_START, ns);
 
     if (version.isRulesReviewSupported()) {
       boolean rulesReviewSuccessful = true;
@@ -150,7 +150,7 @@ public static void performSecurityChecks(
       for (AuthorizationProxy.Operation op : namespaceAccessChecks.get(r)) {
 
         if (!ap.check(op, r, null, AuthorizationProxy.Scope.namespace, ns)) {
-          LOGGER.warning(MessageKeys.VERIFY_ACCESS_DENIED, op, r.getResource());
+          LOGGER.warning(MessageKeys.VERIFY_ACCESS_DENIED, op, r.getResource(), ns);
         }
       }
     }
@@ -159,7 +159,7 @@ public static void performSecurityChecks(
       for (AuthorizationProxy.Operation op : clusterAccessChecks.get(r)) {
 
         if (!ap.check(op, r, null, AuthorizationProxy.Scope.cluster, null)) {
-          LOGGER.warning(MessageKeys.VERIFY_ACCESS_DENIED, op, r.getResource());
+          LOGGER.warning(MessageKeys.VERIFY_ACCESS_DENIED, op, r.getResource(), ns);
         }
       }
     }

operator/src/main/resources/Operator.properties

@@ -27,8 +27,8 @@ WLSKO-0025=Got exception {0} while trying to retrieve WLS configuration from adm
 WLSKO-0026=Fail to parse REST response from WLS. Json response is {0}. Exception is {1}
 WLSKO-0027=Service URL is {0}
 WLSKO-0028=No servers configured in WebLogic cluster with name {0}
-WLSKO-0029=Verifying that operator service account can access required operations on required resources
-WLSKO-0030=Access denied for operator service account for operation {0} on resource {1}
+WLSKO-0029=Verifying that operator service account can access required operations on required resources in namespace {0}
+WLSKO-0030=Access denied for operator service account for operation {0} on resource {1} in namespace {2}
 WLSKO-0031=A namespace has not been created for the Oracle WebLogic Server Operator for Kubernetes
 WLSKO-0032=A service account has not been created for the Oracle WebLogic Server Operator for Kubernetes
 WLSKO-0033=RBAC authorization mode is not enabled for the Kubernetes API server: {0}. To enable RBAC, start the apiserver with --authorization-mode=RBAC