From f57f21bdf6465d29242afc5d17efc9e1700b1c6a Mon Sep 17 00:00:00 2001 From: Camila Macedo Date: Sun, 17 Sep 2023 07:34:25 +0100 Subject: [PATCH] fix role generation when no CRDs are added to the project --- .../project/config/default/kustomization.yaml | 2 +- .../testdata/project/config/rbac/role.yaml | 15 +++++ .../project/config/default/kustomization.yaml | 2 +- .../common/kustomize/v2/scaffolds/api.go | 7 +++ .../common/kustomize/v2/scaffolds/init.go | 3 + .../config/kdefault/kustomization.go | 2 +- .../internal/templates/config/rbac/role.go | 61 +++++++++++++++++++ .../config/default/kustomization.yaml | 2 +- .../config/default/kustomization.yaml | 2 +- .../config/default/kustomization.yaml | 2 +- .../config/rbac/role.yaml | 15 +++++ .../config/default/kustomization.yaml | 2 +- 12 files changed, 108 insertions(+), 7 deletions(-) create mode 100644 docs/book/src/component-config-tutorial/testdata/project/config/rbac/role.yaml create mode 100644 pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/role.go create mode 100644 testdata/project-v4-with-grafana/config/rbac/role.yaml diff --git a/docs/book/src/component-config-tutorial/testdata/project/config/default/kustomization.yaml b/docs/book/src/component-config-tutorial/testdata/project/config/default/kustomization.yaml index ea608f256b7..5fa9eb882f5 100644 --- a/docs/book/src/component-config-tutorial/testdata/project/config/default/kustomization.yaml +++ b/docs/book/src/component-config-tutorial/testdata/project/config/default/kustomization.yaml @@ -15,7 +15,7 @@ namePrefix: project- # someName: someValue resources: -- ../crd +#- ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in diff --git a/docs/book/src/component-config-tutorial/testdata/project/config/rbac/role.yaml b/docs/book/src/component-config-tutorial/testdata/project/config/rbac/role.yaml new file mode 100644 index 00000000000..9f0ce00dd55 --- /dev/null +++ b/docs/book/src/component-config-tutorial/testdata/project/config/rbac/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: manager-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: project + app.kubernetes.io/part-of: project + app.kubernetes.io/managed-by: kustomize + name: manager-role +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml index f91d0c64e09..5ac34f10933 100644 --- a/docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml +++ b/docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml @@ -15,7 +15,7 @@ namePrefix: project- # someName: someValue resources: -- ../crd +#- ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/api.go b/pkg/plugins/common/kustomize/v2/scaffolds/api.go index 8bafbf9f9d1..d77e1ed915d 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/api.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/api.go @@ -24,6 +24,7 @@ import ( "sigs.k8s.io/kubebuilder/v3/pkg/config" "sigs.k8s.io/kubebuilder/v3/pkg/machinery" "sigs.k8s.io/kubebuilder/v3/pkg/model/resource" + pluginutil "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util" "sigs.k8s.io/kubebuilder/v3/pkg/plugins" "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd" "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches" @@ -72,6 +73,12 @@ func (s *apiScaffolder) Scaffold() error { // Keep track of these values before the update if s.resource.HasAPI() { + // We need to uncomment the ../crd in the config/default/kustomization.yaml + // when an API is created. We will not raise an error because + // if any API was created then it will be uncommented already + _ = pluginutil.UncommentCode("config/default/kustomization.yaml", + "# - ../crd", `#`) + if err := scaffold.Execute( &samples.CRDSample{Force: s.force}, &rbac.CRDEditorRole{}, diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/init.go b/pkg/plugins/common/kustomize/v2/scaffolds/init.go index 3d5785255a0..baea4bb55c6 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/init.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/init.go @@ -69,6 +69,9 @@ func (s *initScaffolder) Scaffold() error { &rbac.AuthProxyService{}, &rbac.AuthProxyClientRole{}, &rbac.RoleBinding{}, + // We need to create a Role because if the project + // has not CRD define the controller-gen will not generate this file + &rbac.Role{}, &rbac.LeaderElectionRole{}, &rbac.LeaderElectionRoleBinding{}, &rbac.ServiceAccount{}, diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go index 4919a8d8c9b..7d8c8449f6e 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go @@ -61,7 +61,7 @@ namePrefix: {{ .ProjectName }}- # someName: someValue resources: -- ../crd +#- ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/role.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/role.go new file mode 100644 index 00000000000..4b3dd815deb --- /dev/null +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/role.go @@ -0,0 +1,61 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rbac + +import ( + "path/filepath" + + "sigs.k8s.io/kubebuilder/v3/pkg/machinery" +) + +var _ machinery.Template = &Role{} + +// Role scaffolds a file that defines the role for the manager +type Role struct { + machinery.TemplateMixin + machinery.ProjectNameMixin +} + +// SetTemplateDefaults implements file.Template +func (f *Role) SetTemplateDefaults() error { + if f.Path == "" { + f.Path = filepath.Join("config", "rbac", "role.yaml") + } + + f.TemplateBody = managerRoleTemplate + + f.IfExistsAction = machinery.SkipFile + + return nil +} + +const managerRoleTemplate = `apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: manager-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: {{ .ProjectName }} + app.kubernetes.io/part-of: {{ .ProjectName }} + app.kubernetes.io/managed-by: kustomize + name: manager-role +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] +` diff --git a/testdata/project-v4-multigroup/config/default/kustomization.yaml b/testdata/project-v4-multigroup/config/default/kustomization.yaml index baea92fc167..1d654bdcaf7 100644 --- a/testdata/project-v4-multigroup/config/default/kustomization.yaml +++ b/testdata/project-v4-multigroup/config/default/kustomization.yaml @@ -15,7 +15,7 @@ namePrefix: project-v4-multigroup- # someName: someValue resources: -- ../crd +#- ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in diff --git a/testdata/project-v4-with-deploy-image/config/default/kustomization.yaml b/testdata/project-v4-with-deploy-image/config/default/kustomization.yaml index faf2235f91f..eb4953b5aa0 100644 --- a/testdata/project-v4-with-deploy-image/config/default/kustomization.yaml +++ b/testdata/project-v4-with-deploy-image/config/default/kustomization.yaml @@ -15,7 +15,7 @@ namePrefix: project-v4-with-deploy-image- # someName: someValue resources: -- ../crd +#- ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in diff --git a/testdata/project-v4-with-grafana/config/default/kustomization.yaml b/testdata/project-v4-with-grafana/config/default/kustomization.yaml index d392dadc0fd..50746f77fce 100644 --- a/testdata/project-v4-with-grafana/config/default/kustomization.yaml +++ b/testdata/project-v4-with-grafana/config/default/kustomization.yaml @@ -15,7 +15,7 @@ namePrefix: project-v4-with-grafana- # someName: someValue resources: -- ../crd +#- ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in diff --git a/testdata/project-v4-with-grafana/config/rbac/role.yaml b/testdata/project-v4-with-grafana/config/rbac/role.yaml new file mode 100644 index 00000000000..7d58c9ed049 --- /dev/null +++ b/testdata/project-v4-with-grafana/config/rbac/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: manager-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: project-v4-with-grafana + app.kubernetes.io/part-of: project-v4-with-grafana + app.kubernetes.io/managed-by: kustomize + name: manager-role +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] diff --git a/testdata/project-v4/config/default/kustomization.yaml b/testdata/project-v4/config/default/kustomization.yaml index 1516d32747f..98350db65e0 100644 --- a/testdata/project-v4/config/default/kustomization.yaml +++ b/testdata/project-v4/config/default/kustomization.yaml @@ -15,7 +15,7 @@ namePrefix: project-v4- # someName: someValue resources: -- ../crd +#- ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in