Skip to content

Commit

Permalink
fix(catalog): do not add owner references to clusterroles or crbs
Browse files Browse the repository at this point in the history
  • Loading branch information
ecordell committed Jun 19, 2019
1 parent 586ffaf commit ab0b47a
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 23 deletions.
18 changes: 3 additions & 15 deletions pkg/controller/operators/catalog/operator.go
Original file line number Diff line number Diff line change
Expand Up @@ -1156,16 +1156,11 @@ func (o *Operator) ExecutePlan(plan *v1alpha1.InstallPlan) error {
return errorwrap.Wrapf(err, "error parsing step manifest: %s", step.Resource.Name)
}

// Update UIDs on all CSV OwnerReferences
updated, err := o.getUpdatedOwnerReferences(cr.OwnerReferences, plan.Namespace)
if err != nil {
return errorwrap.Wrapf(err, "error generating ownerrefs for clusterrole %s", cr.GetName())
}
cr.OwnerReferences = updated

// Attempt to create the ClusterRole.
_, err = o.OpClient.KubernetesInterface().RbacV1().ClusterRoles().Create(&cr)
if k8serrors.IsAlreadyExists(err) {
// if we're updating, point owner to the newest csv
cr.Labels[ownerutil.OwnerKey] = step.Resolving
_, err = o.OpClient.UpdateClusterRole(&cr)
if err != nil {
return errorwrap.Wrapf(err, "error updating clusterrole %s", cr.GetName())
Expand All @@ -1186,17 +1181,10 @@ func (o *Operator) ExecutePlan(plan *v1alpha1.InstallPlan) error {
return errorwrap.Wrapf(err, "error parsing step manifest: %s", step.Resource.Name)
}

// Update UIDs on all CSV OwnerReferences
updated, err := o.getUpdatedOwnerReferences(rb.OwnerReferences, plan.Namespace)
if err != nil {
return errorwrap.Wrapf(err, "error generating ownerrefs for clusterrolebinding %s", rb.GetName())
}
rb.OwnerReferences = updated

// Attempt to create the ClusterRoleBinding.
_, err = o.OpClient.KubernetesInterface().RbacV1().ClusterRoleBindings().Create(&rb)
if k8serrors.IsAlreadyExists(err) {
rb.SetNamespace(plan.Namespace)
rb.Labels[ownerutil.OwnerKey] = step.Resolving
_, err = o.OpClient.UpdateClusterRoleBinding(&rb)
if err != nil {
return errorwrap.Wrapf(err, "error updating clusterrolebinding %s", rb.GetName())
Expand Down
13 changes: 5 additions & 8 deletions pkg/controller/registry/resolver/rbac.go
Original file line number Diff line number Diff line change
Expand Up @@ -118,17 +118,15 @@ func RBACForClusterServiceVersion(csv *v1alpha1.ClusterServiceVersion) (map[stri
if _, ok := permissions[permission.ServiceAccountName]; !ok {
serviceAccount := &corev1.ServiceAccount{}
serviceAccount.SetName(permission.ServiceAccountName)
ownerutil.AddNonBlockingOwner(serviceAccount, csv)

permissions[permission.ServiceAccountName] = NewOperatorPermissions(serviceAccount)
}

// Create ClusterRole
role := &rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
Name: generateName(csv.GetName()),
OwnerReferences: []metav1.OwnerReference{ownerutil.NonBlockingOwner(csv)},
Labels: ownerutil.OwnerLabel(csv, v1alpha1.ClusterServiceVersionKind),
Name: generateName(csv.GetName()),
Labels: ownerutil.OwnerLabel(csv, v1alpha1.ClusterServiceVersionKind),
},
Rules: permission.Rules,
}
Expand All @@ -137,10 +135,9 @@ func RBACForClusterServiceVersion(csv *v1alpha1.ClusterServiceVersion) (map[stri
// Create ClusterRoleBinding
roleBinding := &rbacv1.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: generateName(fmt.Sprintf("%s-%s", role.GetName(), permission.ServiceAccountName)),
Namespace: csv.GetNamespace(),
OwnerReferences: []metav1.OwnerReference{ownerutil.NonBlockingOwner(csv)},
Labels: ownerutil.OwnerLabel(csv, v1alpha1.ClusterServiceVersionKind),
Name: generateName(fmt.Sprintf("%s-%s", role.GetName(), permission.ServiceAccountName)),
Namespace: csv.GetNamespace(),
Labels: ownerutil.OwnerLabel(csv, v1alpha1.ClusterServiceVersionKind),
},
RoleRef: rbacv1.RoleRef{
Kind: "ClusterRole",
Expand Down

0 comments on commit ab0b47a

Please sign in to comment.