From b71c8b19111fba1826931582cf2fff220696a988 Mon Sep 17 00:00:00 2001 From: Dylan Murray Date: Wed, 3 Oct 2018 11:20:14 -0400 Subject: [PATCH 1/4] Fix project root function and rbac updates for Ansible Operator --- commands/operator-sdk/cmd/cmdutil/util.go | 5 +++-- pkg/generator/generator.go | 5 +++-- pkg/generator/templates.go | 14 ++++++++++++-- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/commands/operator-sdk/cmd/cmdutil/util.go b/commands/operator-sdk/cmd/cmdutil/util.go index b109799d7e..aeca0678c5 100644 --- a/commands/operator-sdk/cmd/cmdutil/util.go +++ b/commands/operator-sdk/cmd/cmdutil/util.go @@ -30,12 +30,13 @@ import ( ) const configYaml = "./config/config.yaml" +const tmpDockerfile = "./tmp/build/Dockerfile" // MustInProjectRoot checks if the current dir is the project root. func MustInProjectRoot() { - // if the current directory has the "./config/config.yaml" file, then it is safe to say + // if the current directory has the "./tmp/build/Dockerfile" file, then it is safe to say // we are at the project root. - _, err := os.Stat(configYaml) + _, err := os.Stat(tmpDockerfile) if err != nil && os.IsNotExist(err) { cmdError.ExitWithError(cmdError.ExitError, fmt.Errorf("must in project root dir: %v", err)) } diff --git a/pkg/generator/generator.go b/pkg/generator/generator.go index 1d11ffc142..da513094b1 100644 --- a/pkg/generator/generator.go +++ b/pkg/generator/generator.go @@ -366,8 +366,9 @@ func RenderDeployCrdFiles(deployPath, apiVersion, kind string) error { func renderDeployFiles(deployDir, projectName, apiVersion, kind, operatorType string) error { rbacTd := tmplData{ - ProjectName: projectName, - GroupName: groupName(apiVersion), + ProjectName: projectName, + GroupName: groupName(apiVersion), + IsGoOperator: isGoOperator(operatorType), } if err := renderWriteFile(filepath.Join(deployDir, rbacYaml), rbacTmplName, rbacYamlTmpl, rbacTd); err != nil { return err diff --git a/pkg/generator/templates.go b/pkg/generator/templates.go index f1774af24a..06fe488344 100644 --- a/pkg/generator/templates.go +++ b/pkg/generator/templates.go @@ -476,7 +476,11 @@ spec: value: "{{.ProjectName}}" ` -const rbacYamlTmpl = `kind: Role +// For Ansible Operator we are assuming namespace: default on ClusterRoleBinding +// Documentation will tell user to update +const rbacYamlTmpl = `{{ if .IsGoOperator }}kind: Role +{{- else }} +kind: ClusterRole{{ end }} apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: {{.ProjectName}} @@ -510,14 +514,20 @@ rules: - "*" --- - +{{- if .IsGoOperator }} kind: RoleBinding +{{- else }} +kind: ClusterRoleBinding{{ end }} apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: {{.ProjectName}} subjects: - kind: ServiceAccount +{{- if .IsGoOperator }} name: {{.ProjectName}} +{{- else }} + name: default + namespace: default{{ end }} roleRef: kind: Role name: {{.ProjectName}} From 5b87b2962103a3642efc6f1e936d4b45b3d62955 Mon Sep 17 00:00:00 2001 From: Dylan Murray Date: Wed, 3 Oct 2018 11:22:01 -0400 Subject: [PATCH 2/4] Fix whitespace --- pkg/generator/templates.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/generator/templates.go b/pkg/generator/templates.go index 06fe488344..adb356950a 100644 --- a/pkg/generator/templates.go +++ b/pkg/generator/templates.go @@ -514,7 +514,7 @@ rules: - "*" --- -{{- if .IsGoOperator }} +{{ if .IsGoOperator }} kind: RoleBinding {{- else }} kind: ClusterRoleBinding{{ end }} From 375742c52199cc58c4e2bbece5aa75aad2f576db Mon Sep 17 00:00:00 2001 From: Dylan Murray Date: Wed, 3 Oct 2018 11:43:27 -0400 Subject: [PATCH 3/4] Fix unit tests --- pkg/generator/generator_test.go | 63 +++++++++++++++++++++++++++++++-- pkg/generator/templates.go | 3 ++ 2 files changed, 64 insertions(+), 2 deletions(-) diff --git a/pkg/generator/generator_test.go b/pkg/generator/generator_test.go index 17e1655eea..5d8e3b51f0 100644 --- a/pkg/generator/generator_test.go +++ b/pkg/generator/generator_test.go @@ -296,6 +296,55 @@ roleRef: apiGroup: rbac.authorization.k8s.io ` +const rbacYamlAnsibleExp = `kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: app-operator +rules: +- apiGroups: + - app.example.com + resources: + - "*" + verbs: + - "*" +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + verbs: + - "*" +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - "*" + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: app-operator +subjects: +- kind: ServiceAccount + name: default + namespace: default +roleRef: + kind: ClusterRole + name: app-operator + apiGroup: rbac.authorization.k8s.io +` + const saYamlExp = `apiVersion: v1 kind: ServiceAccount metadata: @@ -338,7 +387,7 @@ func TestGenDeploy(t *testing.T) { t.Errorf("\nTest failed. Below is the diff of the expected vs actual results.\nRed text is missing and green text is extra.\n\n" + dmp.DiffPrettyText(diffs)) } - // Test Ansible Operator + // Test Ansible Operator operator.yaml buf = &bytes.Buffer{} td = tmplData{ ProjectName: appProjectName, @@ -358,7 +407,7 @@ func TestGenDeploy(t *testing.T) { } buf = &bytes.Buffer{} - if err := renderFile(buf, rbacTmplName, rbacYamlTmpl, tmplData{ProjectName: appProjectName, GroupName: appGroupName}); err != nil { + if err := renderFile(buf, rbacTmplName, rbacYamlTmpl, tmplData{ProjectName: appProjectName, GroupName: appGroupName, IsGoOperator: true}); err != nil { t.Error(err) } if rbacYamlExp != buf.String() { @@ -367,6 +416,16 @@ func TestGenDeploy(t *testing.T) { t.Errorf("\nTest failed. Below is the diff of the expected vs actual results.\nRed text is missing and green text is extra.\n\n" + dmp.DiffPrettyText(diffs)) } + // Test Ansible Operator rbac.yaml + buf = &bytes.Buffer{} + if err := renderFile(buf, rbacTmplName, rbacYamlTmpl, tmplData{ProjectName: appProjectName, GroupName: appGroupName, IsGoOperator: false}); err != nil { + t.Error(err) + } + if rbacYamlAnsibleExp != buf.String() { + dmp := diffmatchpatch.New() + diffs := dmp.DiffMain(rbacYamlAnsibleExp, buf.String(), false) + t.Errorf("\nTest failed. Below is the diff of the expected vs actual results.\nRed text is missing and green text is extra.\n\n" + dmp.DiffPrettyText(diffs)) + } buf = &bytes.Buffer{} if err := renderFile(buf, saTmplName, saYamlTmpl, tmplData{ProjectName: appProjectName}); err != nil { t.Error(err) diff --git a/pkg/generator/templates.go b/pkg/generator/templates.go index adb356950a..0849f77d1d 100644 --- a/pkg/generator/templates.go +++ b/pkg/generator/templates.go @@ -529,7 +529,10 @@ subjects: name: default namespace: default{{ end }} roleRef: +{{- if .IsGoOperator }} kind: Role +{{- else }} + kind: ClusterRole{{ end }} name: {{.ProjectName}} apiGroup: rbac.authorization.k8s.io ` From c26a7824b621ba5216dcfdfaeb1c16203e77cfe0 Mon Sep 17 00:00:00 2001 From: Dylan Murray Date: Wed, 3 Oct 2018 11:46:34 -0400 Subject: [PATCH 4/4] Fix whitespace in test --- pkg/generator/templates.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/generator/templates.go b/pkg/generator/templates.go index 0849f77d1d..7392ee489b 100644 --- a/pkg/generator/templates.go +++ b/pkg/generator/templates.go @@ -478,8 +478,8 @@ spec: // For Ansible Operator we are assuming namespace: default on ClusterRoleBinding // Documentation will tell user to update -const rbacYamlTmpl = `{{ if .IsGoOperator }}kind: Role -{{- else }} +const rbacYamlTmpl = `{{- if .IsGoOperator }}kind: Role +{{- else -}} kind: ClusterRole{{ end }} apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: