Fix RBAC in multicluster tool (#99)

# Summary

Our multicluster CLI tool didn't treat the "IsAlreadyExists" errors
properly so some roles and clusterrolebindings were not updated when
upgrading the operator.

## Proof of Work

You can see that
[clusterrolebindings](https://operator-e2e-artifacts.s3.amazonaws.com/logs/mongodb_kubernetes_e2e_multi_cluster_kind_e2e_meko_mck_upgrade_patch_3178929a901f7bf30090fae7f634043c07b0db65_681dd24a5a5bd00007b819da_25_05_09_10_00_43/0/kind-e2e-cluster-1_z_clusterrolebindings.txt)
now are applied to the new service account, and the operator doesn't
print any errors related to RBAC in the
[logs](https://operator-e2e-artifacts.s3.amazonaws.com/logs/mongodb_kubernetes_e2e_multi_cluster_kind_e2e_meko_mck_upgrade_patch_3178929a901f7bf30090fae7f634043c07b0db65_681dd24a5a5bd00007b819da_25_05_09_10_00_43/0/mongodb-kubernetes-operator-multi-cluster-767f89dd9-9wt9n-mongodb-kubernetes-operator-multi-cluster.log).

Here are the
[clusterrolebindings](https://operator-e2e-artifacts.s3.amazonaws.com/logs/mongodb_kubernetes_e2e_multi_cluster_kind_e2e_meko_mck_upgrade_patch_3178929a901f7bf30090fae7f634043c07b0db65_681dc1aba422640007a240db_25_05_09_08_49_49/4/kind-e2e-cluster-1_z_clusterrolebindings.txt)
and the operator
[logs](https://operator-e2e-artifacts.s3.amazonaws.com/logs/mongodb_kubernetes_e2e_multi_cluster_kind_e2e_meko_mck_upgrade_patch_3178929a901f7bf30090fae7f634043c07b0db65_681dc1aba422640007a240db_25_05_09_08_49_49/4/mongodb-kubernetes-operator-multi-cluster-9f66cc7bc-n877n-mongodb-kubernetes-operator-multi-cluster.log)
before.

## Checklist
- [ ] Have you linked a jira ticket and/or is the ticket in the title?
- [ ] Have you checked whether your jira ticket required DOCSP changes?
- [ ] Have you checked for release_note changes?

Author: lucian-tosa

public/tools/multicluster/pkg/common/common.go

@@ -575,8 +575,14 @@ func createRoles(ctx context.Context, c KubeClient, serviceAccountName, serviceA
 	if telemetryClusterRoles {
 		clusterRoleTelemetry := buildClusterRoleTelemetry()
 		_, err = c.RbacV1().ClusterRoles().Create(ctx, &clusterRoleTelemetry, metav1.CreateOptions{})
-		if !errors.IsAlreadyExists(err) && err != nil {
-			return xerrors.Errorf("error creating cluster role: %w", err)
+		if err != nil {
+			if errors.IsAlreadyExists(err) {
+				if _, err := c.RbacV1().ClusterRoles().Update(ctx, &clusterRoleTelemetry, metav1.UpdateOptions{}); err != nil {
+					return xerrors.Errorf("error updating role: %w", err)
+				}
+			} else {
+				return xerrors.Errorf("error creating cluster role: %w", err)
+			}
 		}
 		fmt.Printf("created clusterrole: %s\n", clusterRoleTelemetry.Name)
 		if err = createClusterRoleBinding(ctx, c, serviceAccountName, serviceAccountNamespace, DefaultOperatorName+"-multi-telemetry-cluster-role-binding", clusterRoleTelemetry); err != nil {
@@ -594,7 +600,7 @@ func createRoles(ctx context.Context, c KubeClient, serviceAccountName, serviceA
 		}
 
 		_, err = c.RbacV1().Roles(namespace).Create(ctx, &role, metav1.CreateOptions{})
-		if !errors.IsAlreadyExists(err) && err != nil {
+		if err != nil {
 			if errors.IsAlreadyExists(err) {
 				if _, err := c.RbacV1().Roles(namespace).Update(ctx, &role, metav1.UpdateOptions{}); err != nil {
 					return xerrors.Errorf("error updating role: %w", err)
@@ -641,8 +647,14 @@ func createRoles(ctx context.Context, c KubeClient, serviceAccountName, serviceA
 func createClusterRoleBinding(ctx context.Context, c KubeClient, serviceAccountName string, serviceAccountNamespace string, clusterRoleBindingName string, clusterRole rbacv1.ClusterRole) error {
 	clusterRoleBinding := buildClusterRoleBinding(clusterRole, serviceAccountName, serviceAccountNamespace, clusterRoleBindingName)
 	_, err := c.RbacV1().ClusterRoleBindings().Create(ctx, &clusterRoleBinding, metav1.CreateOptions{})
-	if !errors.IsAlreadyExists(err) && err != nil {
-		return xerrors.Errorf("error creating cluster role binding: %w", err)
+	if err != nil {
+		if errors.IsAlreadyExists(err) {
+			if _, err := c.RbacV1().ClusterRoleBindings().Update(ctx, &clusterRoleBinding, metav1.UpdateOptions{}); err != nil {
+				return xerrors.Errorf("error updating role: %w", err)
+			}
+		} else {
+			return xerrors.Errorf("error creating cluster role binding: %w", err)
+		}
 	}
 	fmt.Printf("created clusterrolebinding: %s\n", clusterRoleBinding.Name)
 	return nil

scripts/evergreen/e2e/dump_diagnostic_information.sh

@@ -293,6 +293,10 @@ dump_namespace() {
     dump_objects sts "StatefulSets" "${namespace}" describe > "logs/${prefix}z_statefulsets.txt"
     dump_objects sts "StatefulSets Yaml" "${namespace}" >> "logs/${prefix}z_statefulsets.txt"
     dump_objects serviceaccounts "ServiceAccounts" "${namespace}" > "logs/${prefix}z_service_accounts.txt"
+    dump_objects clusterrolebindings "ClusterRoleBindings" "${namespace}" > "logs/${prefix}z_clusterrolebindings.txt"
+    dump_objects clusterroles "ClusterRoles" "${namespace}" > "logs/${prefix}z_clusterroles.txt"
+    dump_objects rolebindings "RoleBindings" "${namespace}" > "logs/${prefix}z_rolebindings.txt"
+    dump_objects roles "Roles" "${namespace}" > "logs/${prefix}z_roles.txt"
     dump_objects validatingwebhookconfigurations "Validating Webhook Configurations" "${namespace}" > "logs/${prefix}z_validatingwebhookconfigurations.txt"
     dump_objects certificates.cert-manager.io "Cert-manager certificates" "${namespace}"  2> /dev/null > "logs/${prefix}z_certificates_certmanager.txt"
     dump_objects catalogsources "OLM CatalogSources" "${namespace}"  2> /dev/null > "logs/${prefix}z_olm_catalogsources.txt"