Added ownerreference to build_rbac_resources (#579)

## Description

*Please add a description here. This will become the commit message of the merge request later.*



Co-authored-by: Malte Sander <malte.sander.it@gmail.com>

Author: maltesander

CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+### Added
+
+- [BREAKING]: Added ownerreferences and labels to `build_rbac_resources` ([#579]).
+
 ## [0.39.1] - 2023-04-07
 
 ### Fixed
@@ -13,6 +17,7 @@ All notable changes to this project will be documented in this file.
   log events ([#577]).
 
 [#577]: https://github.com/stackabletech/operator-rs/pull/577
+[#579]: https://github.com/stackabletech/operator-rs/pull/579
 
 ## [0.39.0] - 2023-03-31
 

src/cluster_resources.rs

@@ -367,6 +367,21 @@ impl ClusterResources {
         })
     }
 
+    /// Return required labels for cluster resources to be uniquely identified for clean up.
+    // TODO: This is a (quick-fix) helper method but should be replaced by better label handling
+    pub fn get_required_labels(&self) -> BTreeMap<String, String> {
+        vec![
+            (
+                APP_INSTANCE_LABEL.to_string(),
+                self.app_instance.to_string(),
+            ),
+            (APP_MANAGED_BY_LABEL.to_string(), self.manager.to_string()),
+            (APP_NAME_LABEL.to_string(), self.app_name.to_string()),
+        ]
+        .into_iter()
+        .collect()
+    }
+
     /// Adds a resource to the cluster resources.
     ///
     /// The resource will be patched and the patched resource will be returned.

src/commons/rbac.rs

@@ -1,20 +1,25 @@
 use crate::builder::ObjectMetaBuilder;
+use crate::error::OperatorResult;
 use crate::k8s_openapi::api::core::v1::ServiceAccount;
 use crate::k8s_openapi::api::rbac::v1::{RoleBinding, RoleRef, Subject};
 use kube::{Resource, ResourceExt};
+use std::collections::BTreeMap;
 
 /// Build RBAC objects for the product workloads.
 /// The `rbac_prefix` is meant to be the product name, for example: zookeeper, airflow, etc.
 /// and it is a assumed that a ClusterRole named `{rbac_prefix}-clusterrole` exists.
-pub fn build_rbac_resources<T: Resource>(
+pub fn build_rbac_resources<T: Clone + Resource<DynamicType = ()>>(
     resource: &T,
     rbac_prefix: &str,
-) -> (ServiceAccount, RoleBinding) {
+    labels: BTreeMap<String, String>,
+) -> OperatorResult<(ServiceAccount, RoleBinding)> {
     let sa_name = format!("{rbac_prefix}-sa");
     let service_account = ServiceAccount {
         metadata: ObjectMetaBuilder::new()
             .name_and_namespace(resource)
             .name(sa_name.clone())
+            .ownerreference_from_resource(resource, None, Some(true))?
+            .with_labels(labels.clone())
             .build(),
         ..ServiceAccount::default()
     };
@@ -23,6 +28,8 @@ pub fn build_rbac_resources<T: Resource>(
         metadata: ObjectMetaBuilder::new()
             .name_and_namespace(resource)
             .name(format!("{rbac_prefix}-rolebinding"))
+            .ownerreference_from_resource(resource, None, Some(true))?
+            .with_labels(labels)
             .build(),
         role_ref: RoleRef {
             kind: "ClusterRole".to_string(),
@@ -37,7 +44,7 @@ pub fn build_rbac_resources<T: Resource>(
         }]),
     };
 
-    (service_account, role_binding)
+    Ok((service_account, role_binding))
 }
 
 #[cfg(test)]
@@ -46,6 +53,7 @@ mod tests {
     use kube::CustomResource;
     use schemars::{self, JsonSchema};
     use serde::{Deserialize, Serialize};
+    use std::collections::BTreeMap;
 
     const CLUSTER_NAME: &str = "simple-cluster";
     const RESOURCE_NAME: &str = "test-resource";
@@ -64,6 +72,7 @@ mod tests {
             metadata:
               name: {CLUSTER_NAME}
               namespace: {CLUSTER_NAME}-ns
+              uid: 12345
             spec:
               test: 100
             "
@@ -74,7 +83,8 @@ mod tests {
     #[test]
     fn test_build_rbac() {
         let cluster = build_test_resource();
-        let (rbac_sa, rbac_rolebinding) = build_rbac_resources(&cluster, RESOURCE_NAME);
+        let (rbac_sa, rbac_rolebinding) =
+            build_rbac_resources(&cluster, RESOURCE_NAME, BTreeMap::new()).unwrap();
 
         assert_eq!(
             Some(format!("{RESOURCE_NAME}-sa")),