Fix controller-gen operations:

Update rbac. Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
jacobweinstock · Sep 20, 2024 · 86387cc · 86387cc
1 parent d1b21d8
commit 86387cc
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 25 deletions.
diff --git a/Makefile b/Makefile
@@ -120,12 +120,12 @@ generate-crds: $(CONTROLLER_GEN) $(YAMLFMT)
 	$(YAMLFMT) ./config/crd/bases/* ./config/webhook/*
 
 .PHONY: generate-rbac
-generate-rbac: $(CONTROLLER_GEN) $(YAMLFMT)
+generate-rbac: generate-controller-rbac generate-server-rbac $(CONTROLLER_GEN) $(YAMLFMT)
 
 .PHONY: generate-controller-rbac
-generate-manager-rbac:
+generate-controller-rbac:
 	$(CONTROLLER_GEN) \
-		paths=./internal/workflow/... \
+		paths=./internal/deprecated/workflow/... \
 		output:rbac:dir=./config/manager-rbac/ \
 		rbac:roleName=manager-role
 	$(YAMLFMT) ./config/rbac/*
@@ -151,14 +151,14 @@ out/release/default/kustomization.yaml: config/default/kustomization.yaml
 	mkdir -p out/
 	cp -a config/ out/release/
 
-out/release/tink.yaml: generate-manifests out/release/default/kustomization.yaml $(KUSTOMIZE)
+out/release/tink.yaml: generate-manifests out/release/default/kustomization.yaml $(KUSTOMIZE) $(YAMLFMT)
 	(
 		cd out/release/default && \
 		$(KUSTOMIZE) edit set image server=$(TINK_SERVER_IMAGE):$(TINK_CONTROLLER_TAG) controller=$(TINK_CONTROLLER_IMAGE):$(TINK_CONTROLLER_TAG) && \
 		$(KUSTOMIZE) edit set namespace $(NAMESPACE) \
 	)
 	$(KUSTOMIZE) build out/release/default -o $@
-	prettier --write $@
+	$(YAMLFMT) $@
 
 .PHONY: release-manifests
 release-manifests: ## Builds the manifests to publish with a release.

diff --git a/config/manager-rbac/role.yaml b/config/manager-rbac/role.yaml
@@ -5,19 +5,21 @@ metadata:
   name: manager-role
 rules:
 - apiGroups:
-  - tinkerbell.org
+  - bmc.tinkerbell.org
   resources:
-  - hardware
-  - hardware/status
+  - job
+  - job/status
   verbs:
+  - create
+  - delete
   - get
   - list
-  - patch
-  - update
   - watch
 - apiGroups:
   - tinkerbell.org
   resources:
+  - hardware
+  - hardware/status
   - templates
   - templates/status
   verbs:
@@ -26,19 +28,13 @@ rules:
   - patch
   - update
   - watch
-- apiGroups:
-  - tinkerbell.org
-  resources:
-  - workflows
-  - workflows/finalizers
-  verbs:
-  - update
 - apiGroups:
   - tinkerbell.org
   resources:
   - workflows
   - workflows/status
   verbs:
+  - delete
   - get
   - list
   - patch

diff --git a/config/server-rbac/role.yaml b/config/server-rbac/role.yaml
@@ -8,13 +8,6 @@ rules:
     resources:
       - hardware
       - hardware/status
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - tinkerbell.org
-    resources:
       - templates
       - templates/status
     verbs:

diff --git a/internal/deprecated/workflow/reconciler.go b/internal/deprecated/workflow/reconciler.go
@@ -45,8 +45,9 @@ func (r *Reconciler) SetupWithManager(mgr manager.Manager) error {
 // +kubebuilder:rbac:groups=tinkerbell.org,resources=hardware;hardware/status,verbs=get;list;watch;update;patch
 // +kubebuilder:rbac:groups=tinkerbell.org,resources=templates;templates/status,verbs=get;list;watch;update;patch
 // +kubebuilder:rbac:groups=tinkerbell.org,resources=workflows;workflows/status,verbs=get;list;watch;update;patch;delete
-// +kubebuilder:rbac:groups=bmc.tinkerbell.org,resources=job;job/status,verbs=get;delete;create;watch
+// +kubebuilder:rbac:groups=bmc.tinkerbell.org,resources=job;job/status,verbs=get;list;watch;delete;create
 
+// Reconcile handles Workflow objects. This includes Template rendering, optional Hardware allowPXE toggling, and optional Hardware one-time netbooting.
 func (r *Reconciler) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) {
 	logger := ctrl.LoggerFrom(ctx)
 	logger.Info("Reconciling")