From dcd9303e2f7d6fec56e10a042eb52660a9edfdd9 Mon Sep 17 00:00:00 2001 From: Sathyajith Krishnan Date: Thu, 26 Sep 2024 20:26:29 +0200 Subject: [PATCH] [FIX] manager missing permission for `captenantoutputs` --- Makefile | 6 +- .../operator.sme.sap.com_capoperators.yaml | 66 ++++++++++++++----- config/rbac/role.yaml | 12 +--- go.mod | 6 +- go.sum | 6 ++ main.go | 2 +- 6 files changed, 62 insertions(+), 36 deletions(-) diff --git a/Makefile b/Makefile index f1c4b9c..4a54373 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ help: ## Display this help. .PHONY: manifests manifests: controller-gen ## Generate ClusterRole & CustomResourceDefinition objects. - $(CONTROLLER_GEN) rbac:roleName=manager-role crd paths="./..." output:crd:artifacts:config=config/crd + $(CONTROLLER_GEN) rbac:roleName=cap-operator-manager-role crd paths="./..." output:crd:artifacts:config=config/crd .PHONY: generate generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. @@ -88,8 +88,8 @@ LISTER_GEN ?= $(LOCALBIN)/lister-gen SETUP_ENVTEST ?= $(LOCALBIN)/setup-envtest ## Tool Versions -CONTROLLER_TOOLS_VERSION ?= v0.13.0 -CODE_GENERATOR_VERSION ?= v0.28.1 +CONTROLLER_TOOLS_VERSION ?= v0.16.3 +CODE_GENERATOR_VERSION ?= v0.31.1 SETUP_ENVTEST_VERSION ?= latest .PHONY: controller-gen diff --git a/config/crd/operator.sme.sap.com_capoperators.yaml b/config/crd/operator.sme.sap.com_capoperators.yaml index 69070bc..3fc4363 100644 --- a/config/crd/operator.sme.sap.com_capoperators.yaml +++ b/config/crd/operator.sme.sap.com_capoperators.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.16.3 labels: app.kubernetes.io/name: capoperators.operator.sme.sap.com app.kubernetes.io/instance: capoperators.operator.sme.sap.com @@ -28,24 +28,24 @@ spec: description: CAPOperator is the Schema for the CAPOperators API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: CAPOperatorSpec defines the desired state of CAPOperator - oneOf: - - required: - - ingressGatewayLabels - - required: - - dnsTarget properties: dnsTarget: description: Public ingress URL for the cluster Load Balancer @@ -116,6 +116,18 @@ spec: description: InventoryItem represents a dependent object managed by this operator. properties: + adoptionPolicy: + description: Adoption policy. + type: string + applyOrder: + description: Apply order. + type: integer + deleteOrder: + description: Delete order. + type: integer + deletePolicy: + description: Delete policy. + type: string digest: description: Digest of the descriptor of the dependent object. type: string @@ -126,7 +138,7 @@ spec: description: API kind. type: string managedTypes: - description: Managed types + description: Managed types. items: description: TypeInfo represents a Kubernetes type. properties: @@ -155,18 +167,29 @@ spec: phase: description: Phase of the dependent object. type: string + reconcilePolicy: + description: Reconcile policy. + type: string status: - description: Observed status of the dependent object, as observed - by kstatus. + description: Observed status of the dependent object. + type: string + updatePolicy: + description: Update policy. type: string version: description: API group version. type: string required: + - adoptionPolicy + - applyOrder + - deleteOrder + - deletePolicy - digest - group - kind - name + - reconcilePolicy + - updatePolicy - version type: object type: array @@ -179,13 +202,20 @@ spec: observedGeneration: format: int64 type: integer + processingDigest: + type: string + processingSince: + format: date-time + type: string state: - description: Component state. Can be one of 'Ready', 'Processing', - 'Error', 'Deleting'. + description: Component state. Can be one of 'Ready', 'Pending', 'Processing', + 'DeletionPending', 'Deleting', 'Error'. enum: + - Ready + - Pending - Processing + - DeletionPending - Deleting - - Ready - Error type: string required: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 5112686..0883bde 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -64,17 +64,6 @@ rules: - watch - apiGroups: - cert-manager.io - resources: - - certificates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - cert.gardener.cloud resources: - certificates @@ -145,6 +134,7 @@ rules: - capapplications - capapplicationversions - captenantoperations + - captenantoutputs - captenants verbs: - get diff --git a/go.mod b/go.mod index 6a40bdd..e52511d 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.23.1 require ( github.com/pkg/errors v0.9.1 - github.com/sap/component-operator-runtime v0.3.38 + github.com/sap/component-operator-runtime v0.3.40 k8s.io/api v0.31.1 k8s.io/apiextensions-apiserver v0.31.1 k8s.io/apimachinery v0.31.1 @@ -44,7 +44,7 @@ require ( github.com/imdario/mergo v0.3.16 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.9 // indirect + github.com/klauspost/compress v1.17.10 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect @@ -78,7 +78,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 // indirect - k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 // indirect + k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 // indirect sigs.k8s.io/cli-utils v0.37.2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect diff --git a/go.sum b/go.sum index 21107db..3cf2ac6 100644 --- a/go.sum +++ b/go.sum @@ -76,6 +76,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.10 h1:oXAz+Vh0PMUvJczoi+flxpnBEPxoER1IaAnU/NMPtT0= +github.com/klauspost/compress v1.17.10/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -116,6 +118,8 @@ github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/sap/component-operator-runtime v0.3.38 h1:gWQs1V5c2LczsNOw6IOd/dOsAeevOIIZZKK7+Er5O1M= github.com/sap/component-operator-runtime v0.3.38/go.mod h1:VrFEgBWwKdl+tIpHfb+oT8/LnqfwEbx5UmjvxFLlCh0= +github.com/sap/component-operator-runtime v0.3.40 h1:y9xBdG/tYwLED9dzT0erHTvD3iQXYJMyh0DN177AflQ= +github.com/sap/component-operator-runtime v0.3.40/go.mod h1:fOvb27YqQIv30YUxFc/XcjNKrYwrQ1XANu3z2MY22mU= github.com/sap/go-generics v0.2.19 h1:7jhLhM0Bnq8Rwl5aOIHOBJem1WJ/oLTugz9H2+HGjwA= github.com/sap/go-generics v0.2.19/go.mod h1:GLFl9wBPK5ucywnbhkoH/tCSQy+T3cc+KJtNlzt370M= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= @@ -213,6 +217,8 @@ k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 h1:1dWzkmJrrprYvjGwh9kEUx k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 h1:b2FmK8YH+QEwq/Sy2uAEhmqL5nPfGYbJOcaqjeYYZoA= k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 h1:MDF6h2H/h4tbzmtIKTuctcwZmY0tY9mD9fNT47QO6HI= +k8s.io/utils v0.0.0-20240921022957-49e7df575cb6/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/cli-utils v0.37.2 h1:GOfKw5RV2HDQZDJlru5KkfLO1tbxqMoyn1IYUxqBpNg= sigs.k8s.io/cli-utils v0.37.2/go.mod h1:V+IZZr4UoGj7gMJXklWBg6t5xbdThFBcpj4MrZuCYco= sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= diff --git a/main.go b/main.go index aa4a505..7edfbb9 100644 --- a/main.go +++ b/main.go @@ -13,7 +13,7 @@ package main // +kubebuilder:rbac:groups=dns.gardener.cloud,resources=dnsentries,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=clusterroles;clusterrolebindings,verbs=get;list;watch;create;update;patch;delete;escalate;bind -// +kubebuilder:rbac:groups="sme.sap.com",resources=capapplications;capapplicationversions;captenants;captenantoperations,verbs=get;list;watch +// +kubebuilder:rbac:groups="sme.sap.com",resources=capapplications;capapplicationversions;captenants;captenantoperations;captenantoutputs,verbs=get;list;watch // +kubebuilder:rbac:groups="apiextensions.k8s.io",resources=customresourcedefinitions,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups="",resources=secrets;configmaps;pods;services;serviceaccounts;namespaces;events,verbs=get;list;watch;create;update;patch;delete