From 55077bdaddda48389b9d37d414453deb61ba9e69 Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Tue, 13 Oct 2020 18:41:58 +0000 Subject: [PATCH 1/8] Replacing default account for dedicated service account --- config/manager/manager.yaml | 2 ++ config/rbac/cluster_role_binding.yaml | 3 +-- config/rbac/kustomization.yaml | 1 + config/rbac/leader_election_role_binding.yaml | 3 +-- config/rbac/namespaced/role_binding.yaml | 3 +-- config/rbac/service_account.yaml | 5 +++++ 6 files changed, 11 insertions(+), 6 deletions(-) create mode 100644 config/rbac/service_account.yaml diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 9e0b093..10bf6ca 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -29,3 +29,5 @@ spec: - "--leader-election-id=gitea-operator" image: controller:latest terminationGracePeriodSeconds: 10 + serviceAccountName: devsecops-operator-sa + diff --git a/config/rbac/cluster_role_binding.yaml b/config/rbac/cluster_role_binding.yaml index 98f8782..dae9905 100644 --- a/config/rbac/cluster_role_binding.yaml +++ b/config/rbac/cluster_role_binding.yaml @@ -9,5 +9,4 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - name: default - namespace: system + name: sa diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index c86f13b..5ccdf5a 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -8,3 +8,4 @@ resources: - leader_election_role_binding.yaml - gitea_editor_role.yaml - gitea_viewer_role.yaml +- service_account.yaml diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 2626b97..482a32c 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -8,5 +8,4 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount - name: default - namespace: system + name: sa diff --git a/config/rbac/namespaced/role_binding.yaml b/config/rbac/namespaced/role_binding.yaml index 80fddbe..29b426f 100644 --- a/config/rbac/namespaced/role_binding.yaml +++ b/config/rbac/namespaced/role_binding.yaml @@ -9,5 +9,4 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - name: default - namespace: system + name: sa diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml new file mode 100644 index 0000000..e222fcb --- /dev/null +++ b/config/rbac/service_account.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sa From 40970fe02e4d9fa58c724afa4066dbb3e70b53ce Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Tue, 13 Oct 2020 19:33:16 +0000 Subject: [PATCH 2/8] Fixing accidental service account name --- config/manager/manager.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 10bf6ca..0d10bc4 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -29,5 +29,5 @@ spec: - "--leader-election-id=gitea-operator" image: controller:latest terminationGracePeriodSeconds: 10 - serviceAccountName: devsecops-operator-sa + serviceAccountName: gitea-operator-sa From 053860c1ad6efed55934c8cd092a0d194f25e8b8 Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Tue, 13 Oct 2020 20:49:17 +0000 Subject: [PATCH 3/8] Fixing Molecule tests --- config/manager/manager.yaml | 1 - config/testing/cluster_scope/kustomization.yaml | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 0d10bc4..0b40b09 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -30,4 +30,3 @@ spec: image: controller:latest terminationGracePeriodSeconds: 10 serviceAccountName: gitea-operator-sa - diff --git a/config/testing/cluster_scope/kustomization.yaml b/config/testing/cluster_scope/kustomization.yaml index 99f6114..b90c3da 100644 --- a/config/testing/cluster_scope/kustomization.yaml +++ b/config/testing/cluster_scope/kustomization.yaml @@ -5,8 +5,8 @@ resources: - ../../rbac - ../../manager -namespace: osdk-test -namePrefix: osdk- +namespace: gitea-operator-test +namePrefix: gitea-operator- images: - name: testing From 41d5deed556aeeb49c2f9d68e7d9bdd96b2a4dd5 Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Tue, 13 Oct 2020 21:10:09 +0000 Subject: [PATCH 4/8] Fixing Molecule tests --- config/testing/namespace_scope/kustomization.yaml | 4 ++-- roles/gitea-ocp/tasks/main.yml | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/config/testing/namespace_scope/kustomization.yaml b/config/testing/namespace_scope/kustomization.yaml index 210147e..baf9b16 100644 --- a/config/testing/namespace_scope/kustomization.yaml +++ b/config/testing/namespace_scope/kustomization.yaml @@ -5,8 +5,8 @@ resources: - ../../rbac/namespaced - ../../manager -namespace: osdk-test -namePrefix: osdk- +namespace: gitea-operator-test +namePrefix: gitea-operator- images: - name: testing diff --git a/roles/gitea-ocp/tasks/main.yml b/roles/gitea-ocp/tasks/main.yml index 45aaad3..700cbd8 100644 --- a/roles/gitea-ocp/tasks/main.yml +++ b/roles/gitea-ocp/tasks/main.yml @@ -41,9 +41,9 @@ namespace: "{{ _gitea_namespace }}" register: r_route until: - - (r_route.resources|length) > 0 - - r_route.resources[0].spec.host is defined - - r_route.resources[0].spec.host|length > 0 + - (r_route.resources|length) > 0 + - r_route.resources[0].spec.host is defined + - r_route.resources[0].spec.host|length > 0 - name: Store Gitea Route Hostname when: @@ -64,8 +64,8 @@ - name: Wait until application is available when: - - _gitea_state == "present" - - _gitea_wait_for_init|bool + - _gitea_state == "present" + - _gitea_wait_for_init|bool k8s_facts: api_version: apps/v1 kind: Deployment From dea3dc0fd6becca089fdfacb16b2316782430279 Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Tue, 13 Oct 2020 21:54:06 +0000 Subject: [PATCH 5/8] Fixing Molecule tests --- config/rbac/cluster_role_binding.yaml | 1 + config/rbac/leader_election_role_binding.yaml | 1 + config/rbac/namespaced/role_binding.yaml | 1 + config/testing/cluster_scope/kustomization.yaml | 4 ++-- config/testing/namespace_scope/kustomization.yaml | 4 ++-- 5 files changed, 7 insertions(+), 4 deletions(-) diff --git a/config/rbac/cluster_role_binding.yaml b/config/rbac/cluster_role_binding.yaml index dae9905..cd4b89e 100644 --- a/config/rbac/cluster_role_binding.yaml +++ b/config/rbac/cluster_role_binding.yaml @@ -9,4 +9,5 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount + namespace: system name: sa diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 482a32c..a3e862c 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -8,4 +8,5 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount + namespace: system name: sa diff --git a/config/rbac/namespaced/role_binding.yaml b/config/rbac/namespaced/role_binding.yaml index 29b426f..b2ecce6 100644 --- a/config/rbac/namespaced/role_binding.yaml +++ b/config/rbac/namespaced/role_binding.yaml @@ -9,4 +9,5 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount + namespace: system name: sa diff --git a/config/testing/cluster_scope/kustomization.yaml b/config/testing/cluster_scope/kustomization.yaml index b90c3da..99f6114 100644 --- a/config/testing/cluster_scope/kustomization.yaml +++ b/config/testing/cluster_scope/kustomization.yaml @@ -5,8 +5,8 @@ resources: - ../../rbac - ../../manager -namespace: gitea-operator-test -namePrefix: gitea-operator- +namespace: osdk-test +namePrefix: osdk- images: - name: testing diff --git a/config/testing/namespace_scope/kustomization.yaml b/config/testing/namespace_scope/kustomization.yaml index baf9b16..210147e 100644 --- a/config/testing/namespace_scope/kustomization.yaml +++ b/config/testing/namespace_scope/kustomization.yaml @@ -5,8 +5,8 @@ resources: - ../../rbac/namespaced - ../../manager -namespace: gitea-operator-test -namePrefix: gitea-operator- +namespace: osdk-test +namePrefix: osdk- images: - name: testing From b22e07315eb53fb8771310c31d0f3949166413ef Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Tue, 13 Oct 2020 22:08:05 +0000 Subject: [PATCH 6/8] Revert latest changes --- config/rbac/cluster_role_binding.yaml | 1 - config/rbac/leader_election_role_binding.yaml | 1 - config/rbac/namespaced/role_binding.yaml | 1 - config/testing/cluster_scope/kustomization.yaml | 4 ++-- config/testing/namespace_scope/kustomization.yaml | 4 ++-- 5 files changed, 4 insertions(+), 7 deletions(-) diff --git a/config/rbac/cluster_role_binding.yaml b/config/rbac/cluster_role_binding.yaml index cd4b89e..dae9905 100644 --- a/config/rbac/cluster_role_binding.yaml +++ b/config/rbac/cluster_role_binding.yaml @@ -9,5 +9,4 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - namespace: system name: sa diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index a3e862c..482a32c 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -8,5 +8,4 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount - namespace: system name: sa diff --git a/config/rbac/namespaced/role_binding.yaml b/config/rbac/namespaced/role_binding.yaml index b2ecce6..29b426f 100644 --- a/config/rbac/namespaced/role_binding.yaml +++ b/config/rbac/namespaced/role_binding.yaml @@ -9,5 +9,4 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - namespace: system name: sa diff --git a/config/testing/cluster_scope/kustomization.yaml b/config/testing/cluster_scope/kustomization.yaml index 99f6114..b90c3da 100644 --- a/config/testing/cluster_scope/kustomization.yaml +++ b/config/testing/cluster_scope/kustomization.yaml @@ -5,8 +5,8 @@ resources: - ../../rbac - ../../manager -namespace: osdk-test -namePrefix: osdk- +namespace: gitea-operator-test +namePrefix: gitea-operator- images: - name: testing diff --git a/config/testing/namespace_scope/kustomization.yaml b/config/testing/namespace_scope/kustomization.yaml index 210147e..baf9b16 100644 --- a/config/testing/namespace_scope/kustomization.yaml +++ b/config/testing/namespace_scope/kustomization.yaml @@ -5,8 +5,8 @@ resources: - ../../rbac/namespaced - ../../manager -namespace: osdk-test -namePrefix: osdk- +namespace: gitea-operator-test +namePrefix: gitea-operator- images: - name: testing From a3dc1e4d5e6c1a27396848ec43240e4decbc52a7 Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Tue, 13 Oct 2020 22:32:49 +0000 Subject: [PATCH 7/8] Adding namespace --- config/rbac/cluster_role_binding.yaml | 1 + config/rbac/leader_election_role_binding.yaml | 1 + config/rbac/namespaced/role_binding.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/config/rbac/cluster_role_binding.yaml b/config/rbac/cluster_role_binding.yaml index dae9905..cd4b89e 100644 --- a/config/rbac/cluster_role_binding.yaml +++ b/config/rbac/cluster_role_binding.yaml @@ -9,4 +9,5 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount + namespace: system name: sa diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 482a32c..a3e862c 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -8,4 +8,5 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount + namespace: system name: sa diff --git a/config/rbac/namespaced/role_binding.yaml b/config/rbac/namespaced/role_binding.yaml index 29b426f..b2ecce6 100644 --- a/config/rbac/namespaced/role_binding.yaml +++ b/config/rbac/namespaced/role_binding.yaml @@ -9,4 +9,5 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount + namespace: system name: sa From 7f0a7773fe95535627fde16d52336debdef006fa Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Wed, 14 Oct 2020 02:53:52 +0000 Subject: [PATCH 8/8] Fixing broken Molecule tests --- config/rbac/cluster_role_binding.yaml | 1 - config/rbac/leader_election_role_binding.yaml | 1 - config/rbac/namespaced/kustomization.yaml | 1 + config/rbac/namespaced/role_binding.yaml | 1 - 4 files changed, 1 insertion(+), 3 deletions(-) diff --git a/config/rbac/cluster_role_binding.yaml b/config/rbac/cluster_role_binding.yaml index cd4b89e..dae9905 100644 --- a/config/rbac/cluster_role_binding.yaml +++ b/config/rbac/cluster_role_binding.yaml @@ -9,5 +9,4 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - namespace: system name: sa diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index a3e862c..482a32c 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -8,5 +8,4 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount - namespace: system name: sa diff --git a/config/rbac/namespaced/kustomization.yaml b/config/rbac/namespaced/kustomization.yaml index b3c8b59..30ee59f 100644 --- a/config/rbac/namespaced/kustomization.yaml +++ b/config/rbac/namespaced/kustomization.yaml @@ -8,3 +8,4 @@ resources: - ../leader_election_role_binding.yaml - ../gitea_editor_role.yaml - ../gitea_viewer_role.yaml +- ../service_account.yaml diff --git a/config/rbac/namespaced/role_binding.yaml b/config/rbac/namespaced/role_binding.yaml index b2ecce6..29b426f 100644 --- a/config/rbac/namespaced/role_binding.yaml +++ b/config/rbac/namespaced/role_binding.yaml @@ -9,5 +9,4 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - namespace: system name: sa