From fc12050151efeb5718e07cb99fdef471868f0495 Mon Sep 17 00:00:00 2001 From: Camila Macedo Date: Sun, 17 Sep 2023 07:34:25 +0100 Subject: [PATCH] fix role generation when no CRDs are added to the project --- .../testdata/project/config/rbac/role.yaml | 15 +++++ .../common/kustomize/v2/scaffolds/api.go | 11 ++++ .../common/kustomize/v2/scaffolds/init.go | 3 + .../config/kdefault/kustomization.go | 2 +- .../internal/templates/config/rbac/role.go | 61 +++++++++++++++++++ .../config/default/kustomization.yaml | 2 +- .../config/rbac/role.yaml | 15 +++++ 7 files changed, 107 insertions(+), 2 deletions(-) create mode 100644 docs/book/src/component-config-tutorial/testdata/project/config/rbac/role.yaml create mode 100644 pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/role.go create mode 100644 testdata/project-v4-with-grafana/config/rbac/role.yaml diff --git a/docs/book/src/component-config-tutorial/testdata/project/config/rbac/role.yaml b/docs/book/src/component-config-tutorial/testdata/project/config/rbac/role.yaml new file mode 100644 index 0000000000..9f0ce00dd5 --- /dev/null +++ b/docs/book/src/component-config-tutorial/testdata/project/config/rbac/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: manager-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: project + app.kubernetes.io/part-of: project + app.kubernetes.io/managed-by: kustomize + name: manager-role +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/api.go b/pkg/plugins/common/kustomize/v2/scaffolds/api.go index 8bafbf9f9d..2c69dc6f27 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/api.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/api.go @@ -18,6 +18,7 @@ package scaffolds import ( "fmt" + pluginutil "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util" log "github.com/sirupsen/logrus" @@ -90,6 +91,16 @@ func (s *apiScaffolder) Scaffold() error { return fmt.Errorf("error scaffolding manifests: %v", err) } } + + kustomizeFilePath := "config/default/kustomization.yaml" + err := pluginutil.UncommentCode(kustomizeFilePath, "#- ../crd", `#`) + if err != nil { + hasCRUncommented, err := pluginutil.HasFragment(kustomizeFilePath, "- ../crd") + if !hasCRUncommented || err != nil { + log.Errorf("Unable to find the target #- ../crd to uncomment in the file "+ + "%s.", kustomizeFilePath) + } + } } return nil diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/init.go b/pkg/plugins/common/kustomize/v2/scaffolds/init.go index 3d5785255a..baea4bb55c 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/init.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/init.go @@ -69,6 +69,9 @@ func (s *initScaffolder) Scaffold() error { &rbac.AuthProxyService{}, &rbac.AuthProxyClientRole{}, &rbac.RoleBinding{}, + // We need to create a Role because if the project + // has not CRD define the controller-gen will not generate this file + &rbac.Role{}, &rbac.LeaderElectionRole{}, &rbac.LeaderElectionRoleBinding{}, &rbac.ServiceAccount{}, diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go index 4919a8d8c9..7d8c8449f6 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go @@ -61,7 +61,7 @@ namePrefix: {{ .ProjectName }}- # someName: someValue resources: -- ../crd +#- ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/role.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/role.go new file mode 100644 index 0000000000..4b3dd815de --- /dev/null +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/role.go @@ -0,0 +1,61 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rbac + +import ( + "path/filepath" + + "sigs.k8s.io/kubebuilder/v3/pkg/machinery" +) + +var _ machinery.Template = &Role{} + +// Role scaffolds a file that defines the role for the manager +type Role struct { + machinery.TemplateMixin + machinery.ProjectNameMixin +} + +// SetTemplateDefaults implements file.Template +func (f *Role) SetTemplateDefaults() error { + if f.Path == "" { + f.Path = filepath.Join("config", "rbac", "role.yaml") + } + + f.TemplateBody = managerRoleTemplate + + f.IfExistsAction = machinery.SkipFile + + return nil +} + +const managerRoleTemplate = `apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: manager-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: {{ .ProjectName }} + app.kubernetes.io/part-of: {{ .ProjectName }} + app.kubernetes.io/managed-by: kustomize + name: manager-role +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] +` diff --git a/testdata/project-v4-with-grafana/config/default/kustomization.yaml b/testdata/project-v4-with-grafana/config/default/kustomization.yaml index d392dadc0f..50746f77fc 100644 --- a/testdata/project-v4-with-grafana/config/default/kustomization.yaml +++ b/testdata/project-v4-with-grafana/config/default/kustomization.yaml @@ -15,7 +15,7 @@ namePrefix: project-v4-with-grafana- # someName: someValue resources: -- ../crd +#- ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in diff --git a/testdata/project-v4-with-grafana/config/rbac/role.yaml b/testdata/project-v4-with-grafana/config/rbac/role.yaml new file mode 100644 index 0000000000..7d58c9ed04 --- /dev/null +++ b/testdata/project-v4-with-grafana/config/rbac/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: manager-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: project-v4-with-grafana + app.kubernetes.io/part-of: project-v4-with-grafana + app.kubernetes.io/managed-by: kustomize + name: manager-role +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"]