From 86387cca627a51dcd5c6152f2ce9be7b195dc7f3 Mon Sep 17 00:00:00 2001 From: Jacob Weinstock Date: Fri, 20 Sep 2024 09:46:26 -0600 Subject: [PATCH] Fix controller-gen operations: Update rbac. Signed-off-by: Jacob Weinstock --- Makefile | 10 +++++----- config/manager-rbac/role.yaml | 20 ++++++++------------ config/server-rbac/role.yaml | 7 ------- internal/deprecated/workflow/reconciler.go | 3 ++- 4 files changed, 15 insertions(+), 25 deletions(-) diff --git a/Makefile b/Makefile index acd228890..680331162 100644 --- a/Makefile +++ b/Makefile @@ -120,12 +120,12 @@ generate-crds: $(CONTROLLER_GEN) $(YAMLFMT) $(YAMLFMT) ./config/crd/bases/* ./config/webhook/* .PHONY: generate-rbac -generate-rbac: $(CONTROLLER_GEN) $(YAMLFMT) +generate-rbac: generate-controller-rbac generate-server-rbac $(CONTROLLER_GEN) $(YAMLFMT) .PHONY: generate-controller-rbac -generate-manager-rbac: +generate-controller-rbac: $(CONTROLLER_GEN) \ - paths=./internal/workflow/... \ + paths=./internal/deprecated/workflow/... \ output:rbac:dir=./config/manager-rbac/ \ rbac:roleName=manager-role $(YAMLFMT) ./config/rbac/* @@ -151,14 +151,14 @@ out/release/default/kustomization.yaml: config/default/kustomization.yaml mkdir -p out/ cp -a config/ out/release/ -out/release/tink.yaml: generate-manifests out/release/default/kustomization.yaml $(KUSTOMIZE) +out/release/tink.yaml: generate-manifests out/release/default/kustomization.yaml $(KUSTOMIZE) $(YAMLFMT) ( cd out/release/default && \ $(KUSTOMIZE) edit set image server=$(TINK_SERVER_IMAGE):$(TINK_CONTROLLER_TAG) controller=$(TINK_CONTROLLER_IMAGE):$(TINK_CONTROLLER_TAG) && \ $(KUSTOMIZE) edit set namespace $(NAMESPACE) \ ) $(KUSTOMIZE) build out/release/default -o $@ - prettier --write $@ + $(YAMLFMT) $@ .PHONY: release-manifests release-manifests: ## Builds the manifests to publish with a release. diff --git a/config/manager-rbac/role.yaml b/config/manager-rbac/role.yaml index fb55a1945..3f46bb22e 100644 --- a/config/manager-rbac/role.yaml +++ b/config/manager-rbac/role.yaml @@ -5,19 +5,21 @@ metadata: name: manager-role rules: - apiGroups: - - tinkerbell.org + - bmc.tinkerbell.org resources: - - hardware - - hardware/status + - job + - job/status verbs: + - create + - delete - get - list - - patch - - update - watch - apiGroups: - tinkerbell.org resources: + - hardware + - hardware/status - templates - templates/status verbs: @@ -26,19 +28,13 @@ rules: - patch - update - watch -- apiGroups: - - tinkerbell.org - resources: - - workflows - - workflows/finalizers - verbs: - - update - apiGroups: - tinkerbell.org resources: - workflows - workflows/status verbs: + - delete - get - list - patch diff --git a/config/server-rbac/role.yaml b/config/server-rbac/role.yaml index 1a228bd4c..8e65cfe3b 100644 --- a/config/server-rbac/role.yaml +++ b/config/server-rbac/role.yaml @@ -8,13 +8,6 @@ rules: resources: - hardware - hardware/status - verbs: - - get - - list - - watch - - apiGroups: - - tinkerbell.org - resources: - templates - templates/status verbs: diff --git a/internal/deprecated/workflow/reconciler.go b/internal/deprecated/workflow/reconciler.go index 2a8d9d791..ce00b45b7 100644 --- a/internal/deprecated/workflow/reconciler.go +++ b/internal/deprecated/workflow/reconciler.go @@ -45,8 +45,9 @@ func (r *Reconciler) SetupWithManager(mgr manager.Manager) error { // +kubebuilder:rbac:groups=tinkerbell.org,resources=hardware;hardware/status,verbs=get;list;watch;update;patch // +kubebuilder:rbac:groups=tinkerbell.org,resources=templates;templates/status,verbs=get;list;watch;update;patch // +kubebuilder:rbac:groups=tinkerbell.org,resources=workflows;workflows/status,verbs=get;list;watch;update;patch;delete -// +kubebuilder:rbac:groups=bmc.tinkerbell.org,resources=job;job/status,verbs=get;delete;create;watch +// +kubebuilder:rbac:groups=bmc.tinkerbell.org,resources=job;job/status,verbs=get;list;watch;delete;create +// Reconcile handles Workflow objects. This includes Template rendering, optional Hardware allowPXE toggling, and optional Hardware one-time netbooting. func (r *Reconciler) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) { logger := ctrl.LoggerFrom(ctx) logger.Info("Reconciling")