refactoring build so that ServiceAccountName is available in ack-generate controller process as well as ack-generate release process. Also adding in a service-account.yaml.tpl to be referenced in deployment.yaml.tpl and cluster-role-binding.yaml.tpl

acornett21 · acornett21 · commit 180195dbf7bb · 2022-01-21T10:29:28.000-07:00
Signed-off-by: Adam D. Cornett &lt;adc@redhat.com&gt;
diff --git a/cmd/ack-generate/command/apis.go b/cmd/ack-generate/command/apis.go
@@ -100,7 +100,7 @@ func generateAPIs(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	ts, err := ackgenerate.APIs(m, optTemplateDirs)
+	ts, err := ackgenerate.APIs(m, optTemplateDirs, optServiceAccountName)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/ack-generate/command/controller.go b/cmd/ack-generate/command/controller.go
@@ -63,7 +63,7 @@ func generateController(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	ts, err := ackgenerate.Controller(m, optTemplateDirs)
+	ts, err := ackgenerate.Controller(m, optTemplateDirs, optServiceAccountName)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/ack-generate/command/release.go b/cmd/ack-generate/command/release.go
@@ -27,9 +27,8 @@ import (
 )
 
 var (
-	optReleaseOutputPath  string
-	optImageRepository    string
-	optServiceAccountName string
+	optReleaseOutputPath string
+	optImageRepository   string
 )
 
 var releaseCmd = &cobra.Command{
@@ -42,9 +41,6 @@ func init() {
 	releaseCmd.PersistentFlags().StringVar(
 		&optImageRepository, "image-repository", "", "the Docker image repository to use in release artifacts. Defaults to 'public.ecr.aws/aws-controllers-k8s/$service-controller'",
 	)
-	releaseCmd.PersistentFlags().StringVar(
-		&optServiceAccountName, "service-account-name", "default", "The name of the ServiceAccount AND ClusterRole used for ACK service controller",
-	)
 	releaseCmd.PersistentFlags().StringVarP(
 		&optReleaseOutputPath, "output", "o", "", "path to root directory to create generated files. Defaults to "+optServicesDir+"/$service",
 	)
diff --git a/cmd/ack-generate/command/root.go b/cmd/ack-generate/command/root.go
@@ -43,6 +43,7 @@ var (
 	optGeneratorConfigPath string
 	optMetadataConfigPath  string
 	optOutputPath          string
+	optServiceAccountName  string
 )
 
 var rootCmd = &cobra.Command{
@@ -121,6 +122,9 @@ func init() {
 	rootCmd.PersistentFlags().StringVar(
 		&optAWSSDKGoVersion, "aws-sdk-go-version", "", "Version of github.com/aws/aws-sdk-go used to generate apis and controllers files",
 	)
+	rootCmd.PersistentFlags().StringVar(
+		&optServiceAccountName, "service-account-name", optServiceAccountName, "The name of the ServiceAccount AND ClusterRole used for ACK service controller",
+	)
 }
 
 // Execute adds all child commands to the root command and sets flags
diff --git a/pkg/generate/ack/apis.go b/pkg/generate/ack/apis.go
@@ -46,6 +46,9 @@ var (
 func APIs(
 	m *ackmodel.Model,
 	templateBasePaths []string,
+	// serviceAccountName is the name of the ServiceAccount and ClusterRole
+	// used in the Helm chart
+	serviceAccountName string,
 ) (*templateset.TemplateSet, error) {
 	enumDefs, err := m.GetEnumDefs()
 	if err != nil {
@@ -86,6 +89,7 @@ func APIs(
 			metaVars,
 			m.SDKAPI,
 			crd,
+			serviceAccountName,
 		}
 		if err = ts.Add(crdFileName, "apis/crd.go.tpl", crdVars); err != nil {
 			return nil, err
@@ -106,6 +110,7 @@ type templateAPIVars struct {
 // code for a single top-level resource's API definition
 type templateCRDVars struct {
 	templateset.MetaVars
-	SDKAPI *ackmodel.SDKAPI
-	CRD    *ackmodel.CRD
+	SDKAPI             *ackmodel.SDKAPI
+	CRD                *ackmodel.CRD
+	ServiceAccountName string
 }
diff --git a/pkg/generate/ack/controller.go b/pkg/generate/ack/controller.go
@@ -35,6 +35,7 @@ var (
 		"config/rbac/cluster-role-binding.yaml.tpl",
 		"config/rbac/role-reader.yaml.tpl",
 		"config/rbac/role-writer.yaml.tpl",
+		"config/rbac/service-account.yaml.tpl",
 		"config/rbac/kustomization.yaml.tpl",
 		"config/crd/kustomization.yaml.tpl",
 		"config/overlays/namespaced/kustomization.yaml.tpl",
@@ -164,6 +165,9 @@ var (
 func Controller(
 	m *ackmodel.Model,
 	templateBasePaths []string,
+	// serviceAccountName is the name of the ServiceAccount and ClusterRole
+	// used in the Helm chart
+	serviceAccountName string,
 ) (*templateset.TemplateSet, error) {
 	crds, err := m.GetCRDs()
 	if err != nil {
@@ -179,6 +183,7 @@ func Controller(
 			metaVars,
 			m.SDKAPI,
 			r,
+			serviceAccountName,
 		}
 		code, err := ResourceHookCode(templateBasePaths, r, hookID, crdVars, controllerFuncMap)
 		if err != nil {
@@ -214,6 +219,7 @@ func Controller(
 				metaVars,
 				m.SDKAPI,
 				crd,
+				serviceAccountName,
 			}
 			if err = ts.Add(outPath, tplPath, crdVars); err != nil {
 				return nil, err
@@ -224,6 +230,7 @@ func Controller(
 	configVars := &templateConfigVars{
 		metaVars,
 		m.GetConfig(),
+		serviceAccountName,
 	}
 	if err = ts.Add("pkg/resource/registry.go", "pkg/resource/registry.go.tpl", configVars); err != nil {
 		return nil, err
@@ -250,7 +257,7 @@ func Controller(
 	// Finally, add the configuration YAML file templates
 	for _, path := range controllerConfigTemplatePaths {
 		outPath := strings.TrimSuffix(path, ".tpl")
-		if err = ts.Add(outPath, path, metaVars); err != nil {
+		if err = ts.Add(outPath, path, configVars); err != nil {
 			return nil, err
 		}
 	}
@@ -268,5 +275,6 @@ type templateCmdVars struct {
 // access to the generator configuration definition
 type templateConfigVars struct {
 	templateset.MetaVars
-	GeneratorConfig *ackgenconfig.Config
+	GeneratorConfig    *ackgenconfig.Config
+	ServiceAccountName string
 }
diff --git a/scripts/build-controller-release.sh b/scripts/build-controller-release.sh
@@ -34,6 +34,7 @@ ACK_GENERATE_API_VERSION=${ACK_GENERATE_API_VERSION:-"v1alpha1"}
 ACK_GENERATE_CONFIG_PATH=${ACK_GENERATE_CONFIG_PATH:-""}
 ACK_METADATA_CONFIG_PATH=${ACK_METADATA_CONFIG_PATH:-""}
 AWS_SDK_GO_VERSION=${AWS_SDK_GO_VERSION:-""}
+ACK_GENERATE_SERVICE_ACCOUNT_NAME=${ACK_GENERATE_SERVICE_ACCOUNT_NAME:-"ack-$SERVICE-service-account"}
 
 DEFAULT_TEMPLATES_DIR="$ROOT_DIR/../../aws-controllers-k8s/code-generator/templates"
 TEMPLATES_DIR=${TEMPLATES_DIR:-$DEFAULT_TEMPLATES_DIR}
@@ -42,6 +43,7 @@ DEFAULT_RUNTIME_DIR="$ROOT_DIR/../runtime"
 RUNTIME_DIR=${RUNTIME_DIR:-$DEFAULT_RUNTIME_DIR}
 RUNTIME_API_VERSION=${RUNTIME_API_VERSION:-"v1alpha1"}
 NON_RELEASE_VERSION="v0.0.0-non-release-version"
+K8S_RBAC_ROLE_NAME=${K8S_RBAC_ROLE_NAME:-"ack-$SERVICE-controller"}
 
 USAGE="
 Usage:
@@ -157,9 +159,6 @@ if [[ $RELEASE_VERSION != $NON_RELEASE_VERSION ]]; then
   fi
 fi
 
-K8S_RBAC_ROLE_NAME=${K8S_RBAC_ROLE_NAME:-"ack-$SERVICE-controller"}
-ACK_GENERATE_SERVICE_ACCOUNT_NAME=${ACK_GENERATE_SERVICE_ACCOUNT_NAME:-"ack-$SERVICE-controller"}
-
 if [ -z "$AWS_SDK_GO_VERSION" ]; then
     AWS_SDK_GO_VERSION=$(go list -m -f '{{ .Version }}' -modfile $SERVICE_CONTROLLER_SOURCE_PATH/go.mod github.com/aws/aws-sdk-go)
 fi
diff --git a/scripts/build-controller.sh b/scripts/build-controller.sh
@@ -26,9 +26,11 @@ ACK_GENERATE_BIN_PATH=${ACK_GENERATE_BIN_PATH:-$DEFAULT_ACK_GENERATE_BIN_PATH}
 ACK_GENERATE_API_VERSION=${ACK_GENERATE_API_VERSION:-"v1alpha1"}
 ACK_GENERATE_CONFIG_PATH=${ACK_GENERATE_CONFIG_PATH:-""}
 ACK_METADATA_CONFIG_PATH=${ACK_METADATA_CONFIG_PATH:-""}
+ACK_GENERATE_SERVICE_ACCOUNT_NAME=${ACK_GENERATE_SERVICE_ACCOUNT_NAME:-"ack-$SERVICE-service-account"}
 AWS_SDK_GO_VERSION=${AWS_SDK_GO_VERSION:-""}
 DEFAULT_RUNTIME_CRD_DIR="$ROOT_DIR/../../aws-controllers-k8s/runtime/config"
 RUNTIME_CRD_DIR=${RUNTIME_CRD_DIR:-$DEFAULT_RUNTIME_CRD_DIR}
+K8S_RBAC_ROLE_NAME=${K8S_RBAC_ROLE_NAME:-"ack-$SERVICE-controller"}
 
 USAGE="
 Usage:
@@ -38,32 +40,35 @@ Usage:
 's3' 'sns' or 'sqs'
 
 Environment variables:
-  ACK_GENERATE_CACHE_DIR:   Overrides the directory used for caching AWS API
-                            models used by the ack-generate tool.
-                            Default: $ACK_GENERATE_CACHE_DIR
-  ACK_GENERATE_BIN_PATH:    Overrides the path to the the ack-generate binary.
-                            Default: $ACK_GENERATE_BIN_PATH
-  ACK_GENERATE_API_VERSION: Overrides the version of the Kubernetes API objects
-                            generated by the ack-generate apis command. If not
-                            specified, and the service controller has been
-                            previously generated, the latest generated API
-                            version is used. If the service controller has yet
-                            to be generated, 'v1alpha1' is used.
-  ACK_GENERATE_CONFIG_PATH: Specify a path to the generator config YAML file to
-                            instruct the code generator for the service.
-                            Default: generator.yaml
-  ACK_METADATA_CONFIG_PATH: Specify a path to the metadata config YAML file to 
-                            instruct the code generator for the service.
-                            Default: metadata.yaml
-  AWS_SDK_GO_VERSION:       Overrides the version of github.com/aws/aws-sdk-go used
-                            by 'ack-generate' to fetch the service API Specifications.
-                            Default: Version of aws/aws-sdk-go in service go.mod
-  TEMPLATES_DIR:            Overrides the directory containg ack-generate templates
-                            Default: $TEMPLATES_DIR
-  K8S_RBAC_ROLE_NAME:       Name of the Kubernetes Role to use when generating
-                            the RBAC manifests for the custom resource
-                            definitions.
-                            Default: $K8S_RBAC_ROLE_NAME
+  ACK_GENERATE_CACHE_DIR:               Overrides the directory used for caching AWS API
+                                        models used by the ack-generate tool.
+                                        Default: $ACK_GENERATE_CACHE_DIR
+  ACK_GENERATE_BIN_PATH:                Overrides the path to the the ack-generate binary.
+                                        Default: $ACK_GENERATE_BIN_PATH
+  ACK_GENERATE_API_VERSION:             Overrides the version of the Kubernetes API objects
+                                        generated by the ack-generate apis command. If not
+                                        specified, and the service controller has been
+                                        previously generated, the latest generated API
+                                        version is used. If the service controller has yet
+                                        to be generated, 'v1alpha1' is used.
+  ACK_GENERATE_CONFIG_PATH:             Specify a path to the generator config YAML file to
+                                        instruct the code generator for the service.
+                                        Default: generator.yaml
+  ACK_METADATA_CONFIG_PATH:             Specify a path to the metadata config YAML file to
+                                        instruct the code generator for the service.
+                                        Default: metadata.yaml
+  ACK_GENERATE_SERVICE_ACCOUNT_NAME:    Name of the Kubernetes Service Account and
+                                        Cluster Role to use in Helm chart.
+                                        Default: $ACK_GENERATE_SERVICE_ACCOUNT_NAME
+  AWS_SDK_GO_VERSION:                   Overrides the version of github.com/aws/aws-sdk-go used
+                                        by 'ack-generate' to fetch the service API Specifications.
+                                        Default: Version of aws/aws-sdk-go in service go.mod
+  TEMPLATES_DIR:                        Overrides the directory containg ack-generate templates
+                                        Default: $TEMPLATES_DIR
+  K8S_RBAC_ROLE_NAME:                   Name of the Kubernetes Role to use when generating
+                                        the RBAC manifests for the custom resource
+                                        definitions.
+                                        Default: $K8S_RBAC_ROLE_NAME
 "
 
 if [ $# -ne 1 ]; then
@@ -119,9 +124,8 @@ if [[ -d "$SERVICE_CONTROLLER_SOURCE_PATH/templates" ]]; then
         BOILERPLATE_TXT_PATH="$SERVICE_CONTROLLER_SOURCE_PATH/templates/boilerplate.txt"
     fi
 fi
-TEMPLATE_DIRS=${TEMPLATE_DIRS:-$DEFAULT_TEMPLATE_DIRS}
 
-K8S_RBAC_ROLE_NAME=${K8S_RBAC_ROLE_NAME:-"ack-$SERVICE-controller"}
+TEMPLATE_DIRS=${TEMPLATE_DIRS:-$DEFAULT_TEMPLATE_DIRS}
 
 config_output_dir="$SERVICE_CONTROLLER_SOURCE_PATH/config/"
 
@@ -174,6 +178,10 @@ if [ -n "$AWS_SDK_GO_VERSION" ]; then
     apis_args="$apis_args --aws-sdk-go-version $AWS_SDK_GO_VERSION"
 fi
 
+if [ -n "$ACK_GENERATE_SERVICE_ACCOUNT_NAME" ]; then
+    ag_args="$ag_args --service-account-name $ACK_GENERATE_SERVICE_ACCOUNT_NAME"
+fi
+
 echo "Building Kubernetes API objects for $SERVICE"
 $ACK_GENERATE_BIN_PATH $apis_args
 if [ $? -ne 0 ]; then
diff --git a/templates/config/controller/deployment.yaml.tpl b/templates/config/controller/deployment.yaml.tpl
@@ -61,6 +61,7 @@ spec:
             drop:
               - ALL
       terminationGracePeriodSeconds: 10
+      serviceAccountName: {{ .ServiceAccountName }}
       hostIPC: false
       hostNetwork: false
       hostPID: false
diff --git a/templates/config/rbac/cluster-role-binding.yaml.tpl b/templates/config/rbac/cluster-role-binding.yaml.tpl
@@ -8,5 +8,5 @@ roleRef:
   name: ack-{{ .ServicePackageName }}-controller
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: {{ .ServiceAccountName }}
   namespace: ack-system
diff --git a/templates/config/rbac/kustomization.yaml.tpl b/templates/config/rbac/kustomization.yaml.tpl
@@ -3,3 +3,5 @@ resources:
 - cluster-role-controller.yaml
 - role-reader.yaml
 - role-writer.yaml
+- service-account.yaml
+
diff --git a/templates/config/rbac/service-account.yaml.tpl b/templates/config/rbac/service-account.yaml.tpl
@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .ServiceAccountName }}
+  namespace: ack-system

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,7 @@ func generateAPIs(cmd *cobra.Command, args []string) error {`
`100`	`100`	`if err != nil {`
`101`	`101`	`return err`
`102`	`102`	`}`
`103`		`- ts, err := ackgenerate.APIs(m, optTemplateDirs)`
	`103`	`+ ts, err := ackgenerate.APIs(m, optTemplateDirs, optServiceAccountName)`
`104`	`104`	`if err != nil {`
`105`	`105`	`return err`
`106`	`106`	`}`
Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ func generateController(cmd *cobra.Command, args []string) error {`
`63`	`63`	`if err != nil {`
`64`	`64`	`return err`
`65`	`65`	`}`
`66`		`- ts, err := ackgenerate.Controller(m, optTemplateDirs)`
	`66`	`+ ts, err := ackgenerate.Controller(m, optTemplateDirs, optServiceAccountName)`
`67`	`67`	`if err != nil {`
`68`	`68`	`return err`
`69`	`69`	`}`
Original file line number	Diff line number	Diff line change
`@@ -27,9 +27,8 @@ import (`
`27`	`27`	`)`
`28`	`28`
`29`	`29`	`var (`
`30`		`- optReleaseOutputPath string`
`31`		`- optImageRepository string`
`32`		`- optServiceAccountName string`
	`30`	`+ optReleaseOutputPath string`
	`31`	`+ optImageRepository string`
`33`	`32`	`)`
`34`	`33`
`35`	`34`	`var releaseCmd = &cobra.Command{`
`@@ -42,9 +41,6 @@ func init() {`
`42`	`41`	`releaseCmd.PersistentFlags().StringVar(`
`43`	`42`	`&optImageRepository, "image-repository", "", "the Docker image repository to use in release artifacts. Defaults to 'public.ecr.aws/aws-controllers-k8s/$service-controller'",`
`44`	`43`	`)`
`45`		`- releaseCmd.PersistentFlags().StringVar(`
`46`		`- &optServiceAccountName, "service-account-name", "default", "The name of the ServiceAccount AND ClusterRole used for ACK service controller",`
`47`		`- )`
`48`	`44`	`releaseCmd.PersistentFlags().StringVarP(`
`49`	`45`	`&optReleaseOutputPath, "output", "o", "", "path to root directory to create generated files. Defaults to "+optServicesDir+"/$service",`
`50`	`46`	`)`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,7 @@ var (`
`43`	`43`	`optGeneratorConfigPath string`
`44`	`44`	`optMetadataConfigPath string`
`45`	`45`	`optOutputPath string`
	`46`	`+ optServiceAccountName string`
`46`	`47`	`)`
`47`	`48`
`48`	`49`	`var rootCmd = &cobra.Command{`
`@@ -121,6 +122,9 @@ func init() {`
`121`	`122`	`rootCmd.PersistentFlags().StringVar(`
`122`	`123`	`&optAWSSDKGoVersion, "aws-sdk-go-version", "", "Version of github.com/aws/aws-sdk-go used to generate apis and controllers files",`
`123`	`124`	`)`
	`125`	`+ rootCmd.PersistentFlags().StringVar(`
	`126`	`+ &optServiceAccountName, "service-account-name", optServiceAccountName, "The name of the ServiceAccount AND ClusterRole used for ACK service controller",`
	`127`	`+ )`
`124`	`128`	`}`
`125`	`129`
`126`	`130`	`// Execute adds all child commands to the root command and sets flags`