feat(resourcecontext): Build generator + /api/ai/resources/* GET wiring (T6)

internal/issues/issues.go

@@ -303,6 +303,21 @@ func condTypeReason(condType, reason string) string {
 // Source-specific normalization
 // ---------------------------------------------------------------------------
 
+// resolveGroup returns the explicit group if set, else falls back to the
+// built-in (Kind→Group) table. Some legacy Problem emission sites in
+// k8s.DetectProblems still leave Group="" for built-in workloads
+// (Deployment, StatefulSet, etc.) — without this fallback, the
+// group-aware consumer (computeIssueSummaryForResource) would silently
+// drop those rows when looking up by canonical group like "apps".
+// Centralised here so the (Kind→Group) map lives in one place across
+// packages (pkg/audit owns the table; this is a pass-through).
+func resolveGroup(group, kind string) string {
+	if group != "" {
+		return group
+	}
+	return bp.GroupForBuiltinKind(kind)
+}
+
 func fromProblem(p k8s.Problem, now time.Time) Issue {
 	sev := SeverityWarning
 	if p.Severity == "critical" {
@@ -313,7 +328,7 @@ func fromProblem(p k8s.Problem, now time.Time) Issue {
 		Severity:  sev,
 		Source:    SourceProblem,
 		Kind:      p.Kind,
-		Group:     p.Group,
+		Group:     resolveGroup(p.Group, p.Kind),
 		Namespace: p.Namespace,
 		Name:      p.Name,
 		Reason:    p.Reason,
@@ -333,6 +348,7 @@ func fromAudit(fin bp.Finding, now time.Time) Issue {
 		Severity:  sev,
 		Source:    SourceAudit,
 		Kind:      fin.Kind,
+		Group:     resolveGroup(fin.Group, fin.Kind),
 		Namespace: fin.Namespace,
 		Name:      fin.Name,
 		Reason:    fin.CheckID,
@@ -413,10 +429,19 @@ func fromWarningEvent(e *corev1.Event) Issue {
 	if first.IsZero() {
 		first = last
 	}
+	// Event.InvolvedObject carries apiVersion (group/version); split out
+	// the group so cross-group consumers don't collide when a Knative
+	// Service and a core Service share name+ns.
+	group, _, _ := strings.Cut(e.InvolvedObject.APIVersion, "/")
+	if e.InvolvedObject.APIVersion != "" && !strings.Contains(e.InvolvedObject.APIVersion, "/") {
+		// "v1" → core group "".
+		group = ""
+	}
 	return Issue{
 		Severity:  SeverityWarning,
 		Source:    SourceEvent,
 		Kind:      e.InvolvedObject.Kind,
+		Group:     resolveGroup(group, e.InvolvedObject.Kind),
 		Namespace: e.Namespace,
 		Name:      e.InvolvedObject.Name,
 		Reason:    e.Reason,

internal/k8s/testing.go

@@ -4,7 +4,9 @@ import (
 	"sync"
 
 	"github.com/skyhook-io/radar/pkg/k8score"
+	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
+	fakeclientset "k8s.io/client-go/kubernetes/fake"
 )
 
 // InitTestResourceCache creates a resource cache from a fake or test client,
@@ -68,6 +70,56 @@ func InitTestResourceCache(client kubernetes.Interface) error {
 	return nil
 }
 
+// InitTestDynamicResourceCache wires the dynamic resource cache and discovery
+// singletons against test fakes. Pass a dynamic client (typically from
+// dynamicfake.NewSimpleDynamicClientWithCustomListKinds) and the set of
+// APIResources to register in discovery. Each registered resource gets a GVR
+// entry that group-qualified lookups (GetGVRWithGroup) and dynamic informers
+// can resolve.
+//
+// Callers should defer ResetTestDynamicState — without it, the dynamic
+// singletons leak into other tests that share TestMain state.
+//
+// This is intended for integration tests only.
+func InitTestDynamicResourceCache(dynClient dynamic.Interface, resources []APIResource) error {
+	clientMu.Lock()
+	dynamicClient = dynClient
+	clientMu.Unlock()
+
+	// Bootstrap discovery from a fake clientset so NewResourceDiscovery has a
+	// non-nil discovery client; AddAPIResource then registers the test-only
+	// GVRs (e.g. serving.knative.dev/Service) the test depends on.
+	fakeDisc := fakeclientset.NewSimpleClientset().Discovery()
+	core, err := k8score.NewResourceDiscovery(fakeDisc)
+	if err != nil {
+		clientMu.Lock()
+		dynamicClient = nil
+		clientMu.Unlock()
+		return err
+	}
+	for _, r := range resources {
+		core.AddAPIResource(r)
+	}
+
+	discoveryMu.Lock()
+	resourceDiscovery = &ResourceDiscovery{ResourceDiscovery: core}
+	discoveryOnce = new(sync.Once)
+	discoveryOnce.Do(func() {})
+	discoveryMu.Unlock()
+
+	return InitDynamicResourceCache(nil)
+}
+
+// ResetTestDynamicState tears down the dynamic cache + discovery singletons
+// and clears the dynamic client. Pairs with InitTestDynamicResourceCache.
+func ResetTestDynamicState() {
+	ResetDynamicResourceCache()
+	ResetResourceDiscovery()
+	clientMu.Lock()
+	dynamicClient = nil
+	clientMu.Unlock()
+}
+
 // SetTestContextName is a test-only helper that overrides the package-level
 // kubeconfig context name. Used by tests that exercise per-context state
 // (e.g. namespace preferences) without needing to spin up a real client.