Fix webhook config merge to match by name instead of index

MergeWebhookConfigurationForUpdate was copying the entire clientConfig
from current to updated webhooks by array index. When the webhook arrays
have different ordering (e.g. Kubernetes sorts alphabetically by name,
but the template YAML has a different order), each webhook gets the
clientConfig from the wrong entry. This scrambles the service paths,
causing admission requests to be routed to the wrong handler.

For example, mrabbitmq-v1beta1.kb.io would get the path for
/mutate-network-openstack-org-v1beta1-reservation instead of
/mutate-rabbitmq-openstack-org-v1beta1-rabbitmq, resulting in:
"unable to decode rabbitmq.openstack.org/v1beta1, Kind=RabbitMq
into *v1beta1.Reservation"

Fix by matching webhooks by name and only copying the caBundle field
(injected by cert-manager) rather than the entire clientConfig. This
preserves the correct service path from the updated template.

Jira: https://redhat.atlassian.net/browse/OSPRH-29026

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: lmiccini

internal/operator/bindata/merge.go

@@ -55,7 +55,10 @@ func MergeObjectForUpdate(current, updated *uns.Unstructured) error {
 	return nil
 }
 
-// MergeWebhookConfigurationForUpdate merges certs and clientConfig from the current object
+// MergeWebhookConfigurationForUpdate merges the caBundle from the current
+// webhook configuration into the updated one, matching webhooks by name.
+// This preserves the CA certificate injected by cert-manager while keeping
+// the service path and other clientConfig fields from the updated template.
 func MergeWebhookConfigurationForUpdate(current, updated *uns.Unstructured) error {
 	gvk := updated.GroupVersionKind()
 
@@ -65,17 +68,44 @@ func MergeWebhookConfigurationForUpdate(current, updated *uns.Unstructured) erro
 			return nil
 		}
 
-		for i, webhook := range updated.Object["webhooks"].([]interface{}) {
-			// Check if the index exists in the current webhooks list
-			if i >= len(currentWebhooks) {
+		// Build a lookup of current caBundle values keyed by webhook name
+		caBundleByName := make(map[string]interface{})
+		for _, cw := range currentWebhooks {
+			cwMap, ok := cw.(map[string]interface{})
+			if !ok {
 				continue
 			}
-
-			currentClientConfig := currentWebhooks[i].(map[string]interface{})["clientConfig"].(map[string]interface{})
-			if currentClientConfig != nil {
-				webhook.(map[string]interface{})["clientConfig"] = currentClientConfig
+			name, _ := cwMap["name"].(string)
+			if name == "" {
+				continue
+			}
+			cc, ok := cwMap["clientConfig"].(map[string]interface{})
+			if !ok {
+				continue
 			}
+			if caBundle, exists := cc["caBundle"]; exists {
+				caBundleByName[name] = caBundle
+			}
+		}
 
+		for _, webhook := range updated.Object["webhooks"].([]interface{}) {
+			whMap, ok := webhook.(map[string]interface{})
+			if !ok {
+				continue
+			}
+			name, _ := whMap["name"].(string)
+			if name == "" {
+				continue
+			}
+			caBundle, found := caBundleByName[name]
+			if !found {
+				continue
+			}
+			cc, ok := whMap["clientConfig"].(map[string]interface{})
+			if !ok {
+				continue
+			}
+			cc["caBundle"] = caBundle
 		}
 	}
 	return nil