fix(core): fix oss user namespace error, fix rbac for crd (#411)

Signed-off-by: maslow <wangfugen@126.com>

core/controllers/application/config/rbac/role.yaml

@@ -83,3 +83,281 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - database.laf.dev
+  resources:
+  - databases
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - database.laf.dev
+  resources:
+  - databases/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - database.laf.dev
+  resources:
+  - databases/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - database.laf.dev
+  resources:
+  - stores
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - database.laf.dev
+  resources:
+  - stores/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - database.laf.dev
+  resources:
+  - stores/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - gateway.laf.dev
+  resources:
+  - domains
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - gateway.laf.dev
+  resources:
+  - domains/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - gateway.laf.dev
+  resources:
+  - domains/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - gateway.laf.dev
+  resources:
+  - gateways
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - gateway.laf.dev
+  resources:
+  - gateways/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - gateway.laf.dev
+  resources:
+  - gateways/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - gateway.laf.dev
+  resources:
+  - routes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - gateway.laf.dev
+  resources:
+  - routes/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - gateway.laf.dev
+  resources:
+  - routes/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - instance.laf.dev
+  resources:
+  - clusters
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - instance.laf.dev
+  resources:
+  - clusters/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - instance.laf.dev
+  resources:
+  - clusters/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - instance.laf.dev
+  resources:
+  - instances
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - instance.laf.dev
+  resources:
+  - instances/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - instance.laf.dev
+  resources:
+  - instances/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - oss.laf.dev
+  resources:
+  - buckets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - oss.laf.dev
+  resources:
+  - buckets/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - oss.laf.dev
+  resources:
+  - buckets/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - oss.laf.dev
+  resources:
+  - stores
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - oss.laf.dev
+  resources:
+  - stores/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - oss.laf.dev
+  resources:
+  - stores/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - oss.laf.dev
+  resources:
+  - users
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - oss.laf.dev
+  resources:
+  - users/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - oss.laf.dev
+  resources:
+  - users/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - runtime.laf.dev
+  resources:
+  - runtimes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - runtime.laf.dev
+  resources:
+  - runtimes/status
+  verbs:
+  - get

core/controllers/application/controllers/application_controller.go

@@ -45,6 +45,43 @@ type ApplicationReconciler struct {
 //+kubebuilder:rbac:groups=application.laf.dev,resources=applications/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=application.laf.dev,resources=applications/finalizers,verbs=update
 
+//+kubebuilder:rbac:groups=runtime.laf.dev,resources=runtimes,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=runtime.laf.dev,resources=runtimes/status,verbs=get;
+
+//+kubebuilder:rbac:groups=database.laf.dev,resources=databases,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=database.laf.dev,resources=databases/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=database.laf.dev,resources=databases/finalizers,verbs=update
+//+kubebuilder:rbac:groups=database.laf.dev,resources=stores,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=database.laf.dev,resources=stores/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=database.laf.dev,resources=stores/finalizers,verbs=update
+
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=buckets,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=buckets/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=buckets/finalizers,verbs=update
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=users,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=users/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=users/finalizers,verbs=update
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=stores,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=stores/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=stores/finalizers,verbs=update
+
+//+kubebuilder:rbac:groups=gateway.laf.dev,resources=gateways,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=gateway.laf.dev,resources=gateways/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=gateway.laf.dev,resources=gateways/finalizers,verbs=update
+//+kubebuilder:rbac:groups=gateway.laf.dev,resources=domains,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=gateway.laf.dev,resources=domains/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=gateway.laf.dev,resources=domains/finalizers,verbs=update
+//+kubebuilder:rbac:groups=gateway.laf.dev,resources=routes,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=gateway.laf.dev,resources=routes/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=gateway.laf.dev,resources=routes/finalizers,verbs=update
+
+//+kubebuilder:rbac:groups=instance.laf.dev,resources=clusters,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=instance.laf.dev,resources=clusters/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=instance.laf.dev,resources=clusters/finalizers,verbs=update
+//+kubebuilder:rbac:groups=instance.laf.dev,resources=instances,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=instance.laf.dev,resources=instances/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=instance.laf.dev,resources=instances/finalizers,verbs=update
+
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
 // TODO(user): Modify the Reconcile function to compare the state specified by

core/controllers/application/main.go

@@ -20,10 +20,10 @@ import (
 	"flag"
 	"os"
 
-	v14 "github.com/labring/laf/core/controllers/database/api/v1"
-	v12 "github.com/labring/laf/core/controllers/gateway/api/v1"
-	v1 "github.com/labring/laf/core/controllers/oss/api/v1"
-	v13 "github.com/labring/laf/core/controllers/runtime/api/v1"
+	databasev1 "github.com/labring/laf/core/controllers/database/api/v1"
+	gatewayv1 "github.com/labring/laf/core/controllers/gateway/api/v1"
+	ossv1 "github.com/labring/laf/core/controllers/oss/api/v1"
+	runtimev1 "github.com/labring/laf/core/controllers/runtime/api/v1"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
@@ -52,10 +52,10 @@ func init() {
 	utilruntime.Must(applicationv1.AddToScheme(scheme))
 	//+kubebuilder:scaffold:scheme
 
-	utilruntime.Must(v13.AddToScheme(scheme))
-	utilruntime.Must(v14.AddToScheme(scheme))
-	utilruntime.Must(v1.AddToScheme(scheme))
-	utilruntime.Must(v12.AddToScheme(scheme))
+	utilruntime.Must(runtimev1.AddToScheme(scheme))
+	utilruntime.Must(databasev1.AddToScheme(scheme))
+	utilruntime.Must(ossv1.AddToScheme(scheme))
+	utilruntime.Must(gatewayv1.AddToScheme(scheme))
 }
 
 func main() {

core/controllers/gateway/controllers/domain_controller.go

@@ -37,6 +37,16 @@ type DomainReconciler struct {
 //+kubebuilder:rbac:groups=gateway.laf.dev,resources=domains/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=gateway.laf.dev,resources=domains/finalizers,verbs=update
 
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=buckets,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=buckets/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=buckets/finalizers,verbs=update
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=users,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=users/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=users/finalizers,verbs=update
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=stores,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=stores/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=oss.laf.dev,resources=stores/finalizers,verbs=update
+
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
 // TODO(user): Modify the Reconcile function to compare the state specified by