Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Wire up Service Account #1038

Merged
merged 10 commits into from
Jul 18, 2024
Merged

✨ Wire up Service Account #1038

merged 10 commits into from
Jul 18, 2024

Conversation

theishshah
Copy link
Member

Description

#973 Add functionality to use Service Account

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 11, 2024
@netlify Netlify
Copy link

netlify bot commented Jul 11, 2024
edited
Loading

Deploy Preview for olmv1 ready!

Name Link
🔨 Latest commit d1eb632
🔍 Latest deploy log https://app.netlify.com/sites/olmv1/deploys/66995b9c2bb9d100086b47f6
😎 Deploy Preview https://deploy-preview-1038--olmv1.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@codecov Codecov
Copy link

codecov bot commented Jul 11, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 63.15789% with 7 lines in your changes missing coverage. Please review.

Project coverage is 72.25%. Comparing base (aff11ee) to head (d1eb632).
Report is 3 commits behind head on main.

Files Patch % Lines
cmd/manager/main.go 63.15% 4 Missing and 3 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1038      +/-   ##
==========================================
- Coverage   72.50%   72.25%   -0.26%     
==========================================
  Files          32       32              
  Lines        1884     1903      +19     
==========================================
+ Hits         1366     1375       +9     
- Misses        383      389       +6     
- Partials      135      139       +4
Flag Coverage Δ
e2e 56.00% <63.15%> (+0.78%) ⬆️
unit 44.50% <0.00%> (-0.45%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 13, 2024
joelanford
joelanford reviewed Jul 16, 2024
View reviewed changes
cmd/manager/main.go
cfgGetter, err := helmclient.NewActionConfigGetter(mgr.GetConfig(), mgr.GetRESTMapper(),
helmclient.StorageNamespaceMapper(installNamespaceMapper),
helmclient.ClientNamespaceMapper(installNamespaceMapper),
helmclient.RestConfigMapper(restConfigMapper),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this lands soon, all good. But just wanted to let you know that I'm working on making REST config mapping handle storage and client interactions separately. The intent is that we would use our own service account for storage (since that is an implementation detail of our controller) and we would only use the ClusterExtension's service account for the helm client's REST config.

See:

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the heads up! I spoke with @theishshah and I think we will focus on getting this in using the soon-to-be-deprecated RestConfigMapper option and as a follow up address this (if the helm-operator-plugins changes land before this gets in)

@openshift-merge-robot openshift-merge-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Jul 17, 2024
@theishshah theishshah changed the title [WIP] Wire up Service Account Wire up Service Account Jul 18, 2024
@theishshah
add logic to return service account
d99940d 
Signed-off-by: Ish Shah <ishah@redhat.com>
@theishshah
update permissions and anon token
11d8f90 
Signed-off-by: Ish Shah <ishah@redhat.com>
@theishshah
updated role yaml
dbe5705 
Signed-off-by: Ish Shah <ishah@redhat.com>
@theishshah
clean up imports
fbcf4c8 
Signed-off-by: Ish Shah <ishah@redhat.com>
@theishshah
update e2e tests
0e5dc71 
Signed-off-by: Ish Shah <ishah@redhat.com>
@theishshah
fix lint
182648a 
Signed-off-by: Ish Shah <ishah@redhat.com>
@theishshah
extension developer test fixed
09efb2a 
Signed-off-by: Ish Shah <ishah@redhat.com>
@theishshah
stand up sa for upgrade test
c04d504 
Signed-off-by: Ish Shah <ishah@redhat.com>
@theishshah
fixed upgrade test
0715393 
Signed-off-by: Ish Shah <ishah@redhat.com>
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 18, 2024
@theishshah theishshah changed the title Wire up Service Account ✨ Wire up Service Account Jul 18, 2024
@theishshah theishshah marked this pull request as ready for review July 18, 2024 18:11
@theishshah theishshah requested a review from a team as a code owner July 18, 2024 18:11
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 18, 2024
@theishshah
linting for extension test
d1eb632 
Signed-off-by: Ish Shah <ishah@redhat.com>
tmshort
tmshort approved these changes Jul 18, 2024
View reviewed changes
Copy link
Contributor

@tmshort tmshort left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 18, 2024
everettraven
everettraven reviewed Jul 18, 2024
View reviewed changes
internal/controllers/clusterextension_controller.go
Comment on lines +120 to +121
//+kubebuilder:rbac:groups=core,resources=serviceaccounts/token,verbs=create
//+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For other reviewers, the serviceaccounts/token permissions were required to get tokens for a provided SA and the customresourcedefinitions permissions are for the CRD Upgrade Safety preflight checks

@everettraven everettraven added this pull request to the merge queue Jul 18, 2024
Merged via the queue into operator-framework:main with commit 95b9f0d Jul 18, 2024
16 of 18 checks passed
@joelanford joelanford mentioned this pull request Jul 19, 2024
Closed
joelanford added a commit to joelanford/operator-controller that referenced this pull request Jul 19, 2024
@joelanford
Revert ":sparkles: Wire up Service Account (operator-framework#1038)"
bb4171f 
This reverts commit 95b9f0d.
@joelanford joelanford mentioned this pull request Jul 19, 2024
Closed
4 tasks
github-merge-queue bot pushed a commit that referenced this pull request Jul 19, 2024
@joelanford
Revert ":sparkles: Wire up Service Account (#1038)" (#1072)
193281f 
This reverts commit 95b9f0d.
This was referenced Jul 19, 2024
Merged
Merged
perdasilva pushed a commit to LalatenduMohanty/operator-controller that referenced this pull request Aug 13, 2024
@theishshah
✨ Wire up Service Account (operator-framework#1038)
8f4eb9e 
* add logic to return service account

Signed-off-by: Ish Shah <ishah@redhat.com>

* update permissions and anon token

Signed-off-by: Ish Shah <ishah@redhat.com>

* updated role yaml

Signed-off-by: Ish Shah <ishah@redhat.com>

* clean up imports

Signed-off-by: Ish Shah <ishah@redhat.com>

* update e2e tests

Signed-off-by: Ish Shah <ishah@redhat.com>

* fix lint

Signed-off-by: Ish Shah <ishah@redhat.com>

* extension developer test fixed

Signed-off-by: Ish Shah <ishah@redhat.com>

* stand up sa for upgrade test

Signed-off-by: Ish Shah <ishah@redhat.com>

* fixed upgrade test

Signed-off-by: Ish Shah <ishah@redhat.com>

* linting for extension test

Signed-off-by: Ish Shah <ishah@redhat.com>

---------

Signed-off-by: Ish Shah <ishah@redhat.com>
perdasilva pushed a commit to kevinrizza/operator-controller that referenced this pull request Aug 13, 2024
@theishshah
✨ Wire up Service Account (operator-framework#1038)
a2c9b88 
* add logic to return service account

Signed-off-by: Ish Shah <ishah@redhat.com>

* update permissions and anon token

Signed-off-by: Ish Shah <ishah@redhat.com>

* updated role yaml

Signed-off-by: Ish Shah <ishah@redhat.com>

* clean up imports

Signed-off-by: Ish Shah <ishah@redhat.com>

* update e2e tests

Signed-off-by: Ish Shah <ishah@redhat.com>

* fix lint

Signed-off-by: Ish Shah <ishah@redhat.com>

* extension developer test fixed

Signed-off-by: Ish Shah <ishah@redhat.com>

* stand up sa for upgrade test

Signed-off-by: Ish Shah <ishah@redhat.com>

* fixed upgrade test

Signed-off-by: Ish Shah <ishah@redhat.com>

* linting for extension test

Signed-off-by: Ish Shah <ishah@redhat.com>

---------

Signed-off-by: Ish Shah <ishah@redhat.com>
@skattoju skattoju mentioned this pull request Sep 9, 2024
Merged
@skattoju skattoju mentioned this pull request Sep 25, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joelanford joelanford joelanford left review comments

@everettraven everettraven everettraven approved these changes

@tmshort tmshort tmshort approved these changes

Assignees

@tmshort tmshort

Labels
lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@theishshah @joelanford @tmshort @everettraven @openshift-merge-robot