Rename and relocate cluster related roles files. (open-cluster-manage…

…ment-io#674) Signed-off-by: xuezhaojun <zxue@redhat.com>
RokibulHasan7 · Oct 28, 2024 · 26f9e74 · 26f9e74
1 parent e9245d4
commit 26f9e74
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 24 deletions.
diff --git a/pkg/registration/hub/clusterrole/controller.go b/pkg/registration/hub/clusterrole/controller.go
@@ -25,11 +25,6 @@ const (
 	workClusterRole         = "open-cluster-management:managedcluster:work"
 )
 
-var clusterRoleFiles = []string{
-	"rbac/managedcluster-registration-clusterrole.yaml",
-	"rbac/managedcluster-work-clusterrole.yaml",
-}
-
 // clusterroleController maintains the necessary clusterroles for registration and work agent on hub cluster.
 type clusterroleController struct {
 	kubeClient    kubernetes.Interface
@@ -81,7 +76,7 @@ func (c *clusterroleController) sync(ctx context.Context, syncCtx factory.SyncCo
 			resourceapply.NewKubeClientHolder(c.kubeClient),
 			c.eventRecorder,
 			manifests.RBACManifests.ReadFile,
-			clusterRoleFiles...,
+			manifests.CommonClusterRoleFiles...,
 		)
 		for _, result := range results {
 			if result.Error != nil {
@@ -96,7 +91,7 @@ func (c *clusterroleController) sync(ctx context.Context, syncCtx factory.SyncCo
 		ctx,
 		syncCtx.Recorder(),
 		manifests.RBACManifests.ReadFile,
-		clusterRoleFiles...,
+		manifests.CommonClusterRoleFiles...,
 	)
 
 	for _, result := range results {

diff --git a/pkg/registration/hub/gc/gc_cluster_rbac.go b/pkg/registration/hub/gc/gc_cluster_rbac.go
@@ -25,13 +25,6 @@ import (
 	"open-cluster-management.io/ocm/pkg/registration/register"
 )
 
-var clusterRbacFiles = []string{
-	"rbac/managedcluster-clusterrole.yaml",
-	"rbac/managedcluster-clusterrolebinding.yaml",
-	"rbac/managedcluster-registration-rolebinding.yaml",
-	"rbac/managedcluster-work-rolebinding.yaml",
-}
-
 const (
 	manifestWorkFinalizer = "cluster.open-cluster-management.io/manifest-work-cleanup"
 )
@@ -136,7 +129,7 @@ func (r *gcClusterRbacController) removeClusterRbac(ctx context.Context, cluster
 	// Clean up managed cluster manifests
 	assetFn := helpers.ManagedClusterAssetFn(manifests.RBACManifests, clusterName)
 	resourceResults := resourceapply.DeleteAll(ctx, resourceapply.NewKubeClientHolder(r.kubeClient),
-		r.eventRecorder, assetFn, clusterRbacFiles...)
+		r.eventRecorder, assetFn, manifests.ClusterSpecificRBACFiles...)
 	for _, result := range resourceResults {
 		if result.Error != nil {
 			errs = append(errs, fmt.Errorf("%q (%T): %v", result.File, result.Type, result.Error))

diff --git a/pkg/registration/hub/managedcluster/controller.go b/pkg/registration/hub/managedcluster/controller.go
@@ -37,13 +37,6 @@ import (
 // expected to be changed or removed outside.
 const clusterAcceptedAnnotationKey = "open-cluster-management.io/automatically-accepted-on"
 
-var staticFiles = []string{
-	"rbac/managedcluster-clusterrole.yaml",
-	"rbac/managedcluster-clusterrolebinding.yaml",
-	"rbac/managedcluster-registration-rolebinding.yaml",
-	"rbac/managedcluster-work-rolebinding.yaml",
-}
-
 // managedClusterController reconciles instances of ManagedCluster on the hub.
 type managedClusterController struct {
 	kubeClient    kubernetes.Interface
@@ -180,7 +173,7 @@ func (c *managedClusterController) sync(ctx context.Context, syncCtx factory.Syn
 		ctx,
 		syncCtx.Recorder(),
 		helpers.ManagedClusterAssetFn(manifests.RBACManifests, managedClusterName),
-		staticFiles...,
+		manifests.ClusterSpecificRBACFiles...,
 	)
 	for _, result := range resourceResults {
 		if result.Error != nil {
@@ -218,7 +211,11 @@ func (c *managedClusterController) removeManagedClusterResources(ctx context.Con
 	var errs []error
 	// Clean up managed cluster manifests
 	assetFn := helpers.ManagedClusterAssetFn(manifests.RBACManifests, managedClusterName)
-	resourceResults := resourceapply.DeleteAll(ctx, resourceapply.NewKubeClientHolder(c.kubeClient), c.eventRecorder, assetFn, staticFiles...)
+	resourceResults := resourceapply.DeleteAll(ctx,
+		resourceapply.NewKubeClientHolder(c.kubeClient),
+		c.eventRecorder,
+		assetFn,
+		manifests.ClusterSpecificRBACFiles...)
 	for _, result := range resourceResults {
 		if result.Error != nil {
 			errs = append(errs, fmt.Errorf("%q (%T): %v", result.File, result.Type, result.Error))

diff --git a/pkg/registration/hub/manifests/fs.go b/pkg/registration/hub/manifests/fs.go
@@ -4,3 +4,18 @@ import "embed"
 
 //go:embed rbac
 var RBACManifests embed.FS
+
+// ClusterSpecificRBACFiles are cluster-specific RBAC manifests.
+// Created when a managed cluster is accepted and removed when a managed cluster is removed or not accepted.
+var ClusterSpecificRBACFiles = []string{
+	"rbac/managedcluster-clusterrole.yaml",
+	"rbac/managedcluster-clusterrolebinding.yaml",
+	"rbac/managedcluster-registration-rolebinding.yaml",
+	"rbac/managedcluster-work-rolebinding.yaml",
+}
+
+// CommonClusterRoleFiles are common clusterroles needed by any managed cluster.
+var CommonClusterRoleFiles = []string{
+	"rbac/managedcluster-registration-clusterrole.yaml",
+	"rbac/managedcluster-work-clusterrole.yaml",
+}