switching the operator role to clusterrole for ingresses config (#23641)
closes #23629
This commit is contained in:
parent
ceea11d044
commit
d351290c0c
4 changed files with 55 additions and 4 deletions
|
@ -5,3 +5,15 @@ resources:
|
||||||
- ../../target
|
- ../../target
|
||||||
|
|
||||||
namespace: default
|
namespace: default
|
||||||
|
|
||||||
|
transformers:
|
||||||
|
- |-
|
||||||
|
apiVersion: builtin
|
||||||
|
kind: NamespaceTransformer
|
||||||
|
metadata:
|
||||||
|
name: notImportantHere
|
||||||
|
namespace: default
|
||||||
|
setRoleBindingSubjects: allServiceAccounts
|
||||||
|
fieldSpecs:
|
||||||
|
- path: metadata/namespace
|
||||||
|
create: true
|
||||||
|
|
|
@ -58,6 +58,12 @@ rules:
|
||||||
- delete
|
- delete
|
||||||
- patch
|
- patch
|
||||||
- update
|
- update
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: keycloak-operator-clusterrole
|
||||||
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- config.openshift.io
|
- config.openshift.io
|
||||||
resources:
|
resources:
|
||||||
|
@ -78,3 +84,18 @@ roleRef:
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: keycloak-operator
|
name: keycloak-operator
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: keycloak-operator
|
||||||
|
name: keycloak-operator-clusterrole-binding
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
name: keycloak-operator-clusterrole
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: keycloak-operator
|
||||||
|
namespace: keycloak
|
||||||
|
|
|
@ -25,6 +25,7 @@ import io.fabric8.kubernetes.api.model.PodTemplateSpecFluent.SpecNested;
|
||||||
import io.fabric8.kubernetes.api.model.Secret;
|
import io.fabric8.kubernetes.api.model.Secret;
|
||||||
import io.fabric8.kubernetes.api.model.apps.Deployment;
|
import io.fabric8.kubernetes.api.model.apps.Deployment;
|
||||||
import io.fabric8.kubernetes.api.model.apps.StatefulSet;
|
import io.fabric8.kubernetes.api.model.apps.StatefulSet;
|
||||||
|
import io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding;
|
||||||
import io.fabric8.kubernetes.client.Config;
|
import io.fabric8.kubernetes.client.Config;
|
||||||
import io.fabric8.kubernetes.client.ConfigBuilder;
|
import io.fabric8.kubernetes.client.ConfigBuilder;
|
||||||
import io.fabric8.kubernetes.client.KubernetesClient;
|
import io.fabric8.kubernetes.client.KubernetesClient;
|
||||||
|
@ -62,6 +63,7 @@ import java.io.File;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
import java.io.FileWriter;
|
import java.io.FileWriter;
|
||||||
|
import java.lang.reflect.Method;
|
||||||
import java.net.MalformedURLException;
|
import java.net.MalformedURLException;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.time.Duration;
|
import java.time.Duration;
|
||||||
|
@ -69,6 +71,7 @@ import java.util.Optional;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
import java.util.function.Function;
|
import java.util.function.Function;
|
||||||
|
import java.util.stream.Stream;
|
||||||
|
|
||||||
import jakarta.enterprise.inject.Instance;
|
import jakarta.enterprise.inject.Instance;
|
||||||
import jakarta.enterprise.inject.spi.CDI;
|
import jakarta.enterprise.inject.spi.CDI;
|
||||||
|
@ -151,7 +154,12 @@ public class BaseOperatorTest implements QuarkusTestAfterEachCallback {
|
||||||
|
|
||||||
private static void createRBACresourcesAndOperatorDeployment() throws FileNotFoundException {
|
private static void createRBACresourcesAndOperatorDeployment() throws FileNotFoundException {
|
||||||
Log.info("Creating RBAC and Deployment into Namespace " + namespace);
|
Log.info("Creating RBAC and Deployment into Namespace " + namespace);
|
||||||
K8sUtils.set(k8sclient, new FileInputStream(TARGET_KUBERNETES_GENERATED_YML_FOLDER + deploymentTarget + ".yml"));
|
K8sUtils.set(k8sclient, new FileInputStream(TARGET_KUBERNETES_GENERATED_YML_FOLDER + deploymentTarget + ".yml"), obj -> {
|
||||||
|
if (obj instanceof ClusterRoleBinding) {
|
||||||
|
((ClusterRoleBinding)obj).getSubjects().forEach(s -> s.setNamespace(namespace));
|
||||||
|
}
|
||||||
|
return obj;
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
private static void cleanRBACresourcesAndOperatorDeployment() throws FileNotFoundException {
|
private static void cleanRBACresourcesAndOperatorDeployment() throws FileNotFoundException {
|
||||||
|
@ -262,10 +270,15 @@ public class BaseOperatorTest implements QuarkusTestAfterEachCallback {
|
||||||
@Override
|
@Override
|
||||||
public void afterEach(QuarkusTestMethodContext context) {
|
public void afterEach(QuarkusTestMethodContext context) {
|
||||||
if (!(context.getTestInstance() instanceof BaseOperatorTest)) {
|
if (!(context.getTestInstance() instanceof BaseOperatorTest)) {
|
||||||
return;
|
return; // this hook gets called for all quarkus tests, not all are operator tests
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
if (!context.getTestStatus().isTestFailed() || context.getTestStatus().getTestErrorCause() instanceof TestAbortedException) {
|
Method testMethod = context.getTestMethod();
|
||||||
|
if (context.getTestStatus().getTestErrorCause() == null
|
||||||
|
|| context.getTestStatus().getTestErrorCause() instanceof TestAbortedException
|
||||||
|
|| !Stream.of(context.getTestStatus().getTestErrorCause().getStackTrace())
|
||||||
|
.anyMatch(ste -> ste.getMethodName().equals(testMethod.getName())
|
||||||
|
&& ste.getClassName().equals(testMethod.getDeclaringClass().getName()))) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
Log.warnf("Test failed with %s: %s", context.getTestStatus().getTestErrorCause().getMessage(), context.getTestStatus().getTestErrorCause().getClass().getName());
|
Log.warnf("Test failed with %s: %s", context.getTestStatus().getTestErrorCause().getMessage(), context.getTestStatus().getTestErrorCause().getClass().getName());
|
||||||
|
|
|
@ -39,6 +39,7 @@ import java.nio.charset.StandardCharsets;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
import java.util.function.Function;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
import java.util.stream.Stream;
|
import java.util.stream.Stream;
|
||||||
|
|
||||||
|
@ -63,7 +64,11 @@ public final class K8sUtils {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static List<HasMetadata> set(KubernetesClient client, InputStream stream) {
|
public static List<HasMetadata> set(KubernetesClient client, InputStream stream) {
|
||||||
return client.load(stream).items().stream().map(i -> set(client, i)).collect(Collectors.toList());
|
return set(client, stream, Function.identity());
|
||||||
|
}
|
||||||
|
|
||||||
|
public static List<HasMetadata> set(KubernetesClient client, InputStream stream, Function<HasMetadata, HasMetadata> modifier) {
|
||||||
|
return client.load(stream).items().stream().map(modifier).map(i -> set(client, i)).collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
public static <T extends HasMetadata> T set(KubernetesClient client, T hasMetadata) {
|
public static <T extends HasMetadata> T set(KubernetesClient client, T hasMetadata) {
|
||||||
|
|
Loading…
Reference in a new issue