Populate OM output-resources with discovered resources

Add all output resources categorized by cluster targeting:

ManagementResources (control plane):
- ClusterOperator status
- Target namespace and resources (Service, ServiceAccounts, ConfigMaps, Secrets)
- Operator namespace resources (ConfigMaps)
- Roles and RoleBindings in target namespace
- EventingNamespaces: target and operator namespaces

UserWorkloadResources (user workload cluster):
- Namespace openshift-infra
- ClusterRoles and ClusterRoleBindings for:
  - Namespace security allocation controller
  - PodSecurity admission label syncers
  - CSR approver controller
  - Localhost recovery

Generated with Claude Code

Author: bertinatto

pkg/cmd/mom/output_resources_command.go

@@ -18,11 +18,76 @@ func runOutputResources(ctx context.Context) (*libraryoutputresources.OutputReso
 			ExactResources: []libraryoutputresources.ExactResourceID{},
 		},
 		ManagementResources: libraryoutputresources.ResourceList{
-			ExactResources:     []libraryoutputresources.ExactResourceID{},
-			EventingNamespaces: []string{},
+			ExactResources: []libraryoutputresources.ExactResourceID{
+				// ClusterOperator status
+				libraryoutputresources.ExactClusterOperator("kube-controller-manager"),
+
+				// Namespace
+				libraryoutputresources.ExactNamespace("openshift-kube-controller-manager"),
+
+				// Service
+				libraryoutputresources.ExactService("openshift-kube-controller-manager", "kube-controller-manager"),
+
+				// ServiceAccounts
+				libraryoutputresources.ExactServiceAccount("openshift-kube-controller-manager", "kube-controller-manager-sa"),
+				libraryoutputresources.ExactServiceAccount("openshift-kube-controller-manager", "localhost-recovery-client"),
+				libraryoutputresources.ExactServiceAccount("openshift-kube-controller-manager", "kube-controller-manager-recycler"),
+
+				// ConfigMaps
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "config"),
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "cluster-policy-controller-config"),
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "kube-controller-manager-pod"),
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "recycler-config"),
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "controller-manager-kubeconfig"),
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "serviceaccount-ca"),
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "client-ca"),
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "aggregator-client-ca"),
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "service-ca"),
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "trusted-ca-bundle"),
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "kube-controller-cert-syncer-kubeconfig"),
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager-operator", "csr-controller-ca"),
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager-operator", "csr-signer-ca"),
+				libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager-operator", "csr-controller-signer-ca"),
+
+				// Secrets
+				libraryoutputresources.ExactSecret("openshift-kube-controller-manager", "localhost-recovery-token"),
+				libraryoutputresources.ExactSecret("openshift-kube-controller-manager", "csr-signer"),
+				libraryoutputresources.ExactSecret("openshift-kube-controller-manager", "kube-controller-manager-client-cert-key"),
+
+				// RoleBindings in target namespace
+				libraryoutputresources.ExactRoleBinding("openshift-kube-controller-manager", "system:openshift:leader-election-lock-kube-controller-manager"),
+				libraryoutputresources.ExactRoleBinding("openshift-kube-controller-manager", "system:openshift:leader-election-lock-openshift-cluster-policy-controller"),
+
+				// Roles
+				libraryoutputresources.ExactRole("openshift-kube-controller-manager", "system:openshift:leader-election-lock-openshift-cluster-policy-controller"),
+			},
+			EventingNamespaces: []string{
+				"openshift-kube-controller-manager",
+				"openshift-kube-controller-manager-operator",
+			},
 		},
 		UserWorkloadResources: libraryoutputresources.ResourceList{
-			ExactResources: []libraryoutputresources.ExactResourceID{},
+			ExactResources: []libraryoutputresources.ExactResourceID{
+				// Namespace for infrastructure
+				libraryoutputresources.ExactNamespace("openshift-infra"),
+
+				// ClusterRoles for namespace security and pod security
+				libraryoutputresources.ExactClusterRole("system:openshift:controller:namespace-security-allocation-controller"),
+				libraryoutputresources.ExactClusterRole("system:openshift:controller:podsecurity-admission-label-syncer-controller"),
+				libraryoutputresources.ExactClusterRole("system:openshift:controller:podsecurity-admission-label-privileged-namespaces-syncer-controller"),
+
+				// ClusterRoleBindings
+				libraryoutputresources.ExactClusterRoleBinding("system:openshift:controller:namespace-security-allocation-controller"),
+				libraryoutputresources.ExactClusterRoleBinding("system:openshift:controller:podsecurity-admission-label-syncer-controller"),
+				libraryoutputresources.ExactClusterRoleBinding("system:openshift:controller:podsecurity-admission-label-privileged-namespaces-syncer-controller"),
+
+				// CSR approver
+				libraryoutputresources.ExactClusterRole("system:openshift:controller:cluster-csr-approver-controller"),
+				libraryoutputresources.ExactClusterRoleBinding("system:openshift:controller:cluster-csr-approver-controller"),
+
+				// Localhost recovery
+				libraryoutputresources.ExactClusterRoleBinding("system:openshift:operator:kube-controller-manager-recovery"),
+			},
 		},
 	}, nil
 }