switching the operator role to clusterrole for ingresses config (#23641)

closes #23629
This commit is contained in:
Steven Hawkins 2023-10-03 06:31:23 -04:00 committed by GitHub
parent ceea11d044
commit d351290c0c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 55 additions and 4 deletions

View file

@ -5,3 +5,15 @@ resources:
- ../../target - ../../target
namespace: default namespace: default
transformers:
- |-
apiVersion: builtin
kind: NamespaceTransformer
metadata:
name: notImportantHere
namespace: default
setRoleBindingSubjects: allServiceAccounts
fieldSpecs:
- path: metadata/namespace
create: true

View file

@ -58,6 +58,12 @@ rules:
- delete - delete
- patch - patch
- update - update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: keycloak-operator-clusterrole
rules:
- apiGroups: - apiGroups:
- config.openshift.io - config.openshift.io
resources: resources:
@ -78,3 +84,18 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: keycloak-operator name: keycloak-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: keycloak-operator
name: keycloak-operator-clusterrole-binding
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: keycloak-operator-clusterrole
subjects:
- kind: ServiceAccount
name: keycloak-operator
namespace: keycloak

View file

@ -25,6 +25,7 @@ import io.fabric8.kubernetes.api.model.PodTemplateSpecFluent.SpecNested;
import io.fabric8.kubernetes.api.model.Secret; import io.fabric8.kubernetes.api.model.Secret;
import io.fabric8.kubernetes.api.model.apps.Deployment; import io.fabric8.kubernetes.api.model.apps.Deployment;
import io.fabric8.kubernetes.api.model.apps.StatefulSet; import io.fabric8.kubernetes.api.model.apps.StatefulSet;
import io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding;
import io.fabric8.kubernetes.client.Config; import io.fabric8.kubernetes.client.Config;
import io.fabric8.kubernetes.client.ConfigBuilder; import io.fabric8.kubernetes.client.ConfigBuilder;
import io.fabric8.kubernetes.client.KubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient;
@ -62,6 +63,7 @@ import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.io.FileWriter; import java.io.FileWriter;
import java.lang.reflect.Method;
import java.net.MalformedURLException; import java.net.MalformedURLException;
import java.net.URL; import java.net.URL;
import java.time.Duration; import java.time.Duration;
@ -69,6 +71,7 @@ import java.util.Optional;
import java.util.UUID; import java.util.UUID;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import java.util.function.Function; import java.util.function.Function;
import java.util.stream.Stream;
import jakarta.enterprise.inject.Instance; import jakarta.enterprise.inject.Instance;
import jakarta.enterprise.inject.spi.CDI; import jakarta.enterprise.inject.spi.CDI;
@ -151,7 +154,12 @@ public class BaseOperatorTest implements QuarkusTestAfterEachCallback {
private static void createRBACresourcesAndOperatorDeployment() throws FileNotFoundException { private static void createRBACresourcesAndOperatorDeployment() throws FileNotFoundException {
Log.info("Creating RBAC and Deployment into Namespace " + namespace); Log.info("Creating RBAC and Deployment into Namespace " + namespace);
K8sUtils.set(k8sclient, new FileInputStream(TARGET_KUBERNETES_GENERATED_YML_FOLDER + deploymentTarget + ".yml")); K8sUtils.set(k8sclient, new FileInputStream(TARGET_KUBERNETES_GENERATED_YML_FOLDER + deploymentTarget + ".yml"), obj -> {
if (obj instanceof ClusterRoleBinding) {
((ClusterRoleBinding)obj).getSubjects().forEach(s -> s.setNamespace(namespace));
}
return obj;
});
} }
private static void cleanRBACresourcesAndOperatorDeployment() throws FileNotFoundException { private static void cleanRBACresourcesAndOperatorDeployment() throws FileNotFoundException {
@ -262,10 +270,15 @@ public class BaseOperatorTest implements QuarkusTestAfterEachCallback {
@Override @Override
public void afterEach(QuarkusTestMethodContext context) { public void afterEach(QuarkusTestMethodContext context) {
if (!(context.getTestInstance() instanceof BaseOperatorTest)) { if (!(context.getTestInstance() instanceof BaseOperatorTest)) {
return; return; // this hook gets called for all quarkus tests, not all are operator tests
} }
try { try {
if (!context.getTestStatus().isTestFailed() || context.getTestStatus().getTestErrorCause() instanceof TestAbortedException) { Method testMethod = context.getTestMethod();
if (context.getTestStatus().getTestErrorCause() == null
|| context.getTestStatus().getTestErrorCause() instanceof TestAbortedException
|| !Stream.of(context.getTestStatus().getTestErrorCause().getStackTrace())
.anyMatch(ste -> ste.getMethodName().equals(testMethod.getName())
&& ste.getClassName().equals(testMethod.getDeclaringClass().getName()))) {
return; return;
} }
Log.warnf("Test failed with %s: %s", context.getTestStatus().getTestErrorCause().getMessage(), context.getTestStatus().getTestErrorCause().getClass().getName()); Log.warnf("Test failed with %s: %s", context.getTestStatus().getTestErrorCause().getMessage(), context.getTestStatus().getTestErrorCause().getClass().getName());

View file

@ -39,6 +39,7 @@ import java.nio.charset.StandardCharsets;
import java.util.List; import java.util.List;
import java.util.Objects; import java.util.Objects;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import java.util.stream.Stream; import java.util.stream.Stream;
@ -63,7 +64,11 @@ public final class K8sUtils {
} }
public static List<HasMetadata> set(KubernetesClient client, InputStream stream) { public static List<HasMetadata> set(KubernetesClient client, InputStream stream) {
return client.load(stream).items().stream().map(i -> set(client, i)).collect(Collectors.toList()); return set(client, stream, Function.identity());
}
public static List<HasMetadata> set(KubernetesClient client, InputStream stream, Function<HasMetadata, HasMetadata> modifier) {
return client.load(stream).items().stream().map(modifier).map(i -> set(client, i)).collect(Collectors.toList());
} }
public static <T extends HasMetadata> T set(KubernetesClient client, T hasMetadata) { public static <T extends HasMetadata> T set(KubernetesClient client, T hasMetadata) {