diff --git a/charts/operator/chart_test.go b/charts/operator/chart_test.go index 2fb5a0d44..ea5024acb 100644 --- a/charts/operator/chart_test.go +++ b/charts/operator/chart_test.go @@ -4,17 +4,13 @@ import ( "encoding/json" "fmt" "os" - "path/filepath" "regexp" "slices" "strconv" "testing" - appsv1 "k8s.io/api/apps/v1" - fuzz "github.com/google/gofuzz" "github.com/redpanda-data/helm-charts/pkg/helm" - "github.com/redpanda-data/helm-charts/pkg/kube" "github.com/redpanda-data/helm-charts/pkg/testutil" "github.com/santhosh-tekuri/jsonschema/v5" "github.com/stretchr/testify/require" @@ -226,111 +222,3 @@ func makeSureTagIsNotEmptyString(values PartialValues, fuzzer *fuzz.Fuzzer) { } } } - -// preTranspilerChartVersion is the latest release of the Operator helm chart prior to the introduction of -// ConfigMap go base implementation. It's used to verify that translated code is functionally equivalent. -const preTranspilerChartVersion = "0.4.28" - -// TestChartDifferences can be removed if in the next operator chart version values definition changes or any resource. -// That test only validates clean transition to gotohelm definition of the operator helm chart. -func TestChartDifferences(t *testing.T) { - ctx := testutil.Context(t) - client, err := helm.New(helm.Options{ConfigHome: testutil.TempDir(t)}) - require.NoError(t, err) - - // Downloading Operator helm chart release is required as client.Template - // function does not pass HELM_CONFIG_HOME, that prevents from downloading specific - // Operator helm chart version from public helm repository. - require.NoError(t, client.DownloadFile(ctx, - fmt.Sprintf("https://github.com/redpanda-data/helm-charts/releases/download/operator-%s/operator-%s.tgz", preTranspilerChartVersion, preTranspilerChartVersion), - fmt.Sprintf("operator-%s.tgz", preTranspilerChartVersion))) - - values, err := os.ReadDir("./ci") - require.NoError(t, err) - - for _, v := range values { - t.Run(v.Name(), func(t *testing.T) { - t.Parallel() - - // First generate latest released Redpanda charts manifests. From ConfigMap bootstrap, - // redpanda node configuration and RPK profile. - manifests, err := client.Template(ctx, - filepath.Join(client.GetConfigHome(), fmt.Sprintf("operator-%s.tgz", preTranspilerChartVersion)), - helm.TemplateOptions{ - Name: "operator", - ValuesFile: "./ci/" + v.Name(), - Set: []string{}, - }) - require.NoError(t, err) - - oldOperator, err := convertToMap(manifests) - require.NoError(t, err) - - // Now helm template will generate Redpanda configuration from local definition - manifests, err = client.Template(ctx, ".", helm.TemplateOptions{ - Name: "operator", - ValuesFile: "./ci/" + v.Name(), - Set: []string{}, - }) - require.NoError(t, err) - - operator, err := convertToMap(manifests) - require.NoError(t, err) - - for key, val := range oldOperator { - require.Equal(t, val, operator[key]) - delete(oldOperator, key) - delete(operator, key) - } - - require.Len(t, oldOperator, 0) - require.Len(t, operator, 0) - }) - } -} - -func convertToMap(manifests []byte) (map[string]string, error) { - objs, err := kube.DecodeYAML(manifests, Scheme) - if err != nil { - return nil, err - } - - result := map[string]string{} - for _, obj := range objs { - key := fmt.Sprintf("%s, %s", obj.GetObjectKind().GroupVersionKind().String(), obj.GetName()) - if _, exist := result[key]; exist { - panic("duplicate key " + key) - } - - labels := obj.GetLabels() - delete(labels, "app.kubernetes.io/version") - delete(labels, "helm.sh/chart") - obj.SetLabels(labels) - - // Previous operator configuration was malformed as `{{.values.config}}` was dictionary - // which should be translated by `toYaml` function - if cfg, ok := obj.(*corev1.ConfigMap); ok && obj.GetName() == "operator-config" { - cfg.Data = map[string]string{} - obj = kube.Object(cfg) - } - - // Due to operator helm chart bump the Deployment needs to remove few properites - if dep, ok := obj.(*appsv1.Deployment); ok && obj.GetName() == "operator" { - dep.Spec.Template.Spec.Containers[0].Image = "REDACTED_DUE_TO_CONTAINER_TAG_MISS_MATCH" - dep.Spec.Template.Spec.Containers[0].Args[3] = "REDACTED_DUE_TO_CONTAINER_TAG_MISS_MATCH" - obj = kube.Object(dep) - } - - // In previous operator templates namespace was omitted in multiple places - obj.SetNamespace("") - - b, err := yaml.Marshal(obj) - if err != nil { - return nil, err - } - - result[key] = string(b) - } - - return result, nil -} diff --git a/charts/operator/rbac.go b/charts/operator/rbac.go index 2561046c6..2715b1e26 100644 --- a/charts/operator/rbac.go +++ b/charts/operator/rbac.go @@ -701,6 +701,21 @@ func Roles(dot *helmette.Dot) []rbacv1.Role { APIGroups: []string{"cluster.redpanda.com"}, Resources: []string{"topics/status"}, }, + { + Verbs: []string{"get", "list", "patch", "update", "watch"}, + APIGroups: []string{"cluster.redpanda.com"}, + Resources: []string{"users"}, + }, + { + Verbs: []string{"update"}, + APIGroups: []string{"cluster.redpanda.com"}, + Resources: []string{"users/finalizers"}, + }, + { + Verbs: []string{"get", "patch", "update"}, + APIGroups: []string{"cluster.redpanda.com"}, + Resources: []string{"users/status"}, + }, }, }) } diff --git a/charts/operator/templates/_rbac.go.tpl b/charts/operator/templates/_rbac.go.tpl index d14baa750..c797f42ca 100644 --- a/charts/operator/templates/_rbac.go.tpl +++ b/charts/operator/templates/_rbac.go.tpl @@ -66,7 +66,7 @@ {{- end -}} {{- $role := (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "Role" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "election-role") ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "watch" "create" "update" "patch" "delete") "apiGroups" (list "" "coordination.k8s.io") "resources" (list "leases") ))) )) (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "Role" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "pvc") ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "list" "delete") "apiGroups" (list "") "resources" (list "persistentvolumeclaims") ))) ))) -}} {{- if (eq $values.scope "Namespace") -}} -{{- $role = (concat (default (list ) $role) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "Role" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "persistentvolumeclaims") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "pods") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "apps") "resources" (list "deployments") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "apps") "resources" (list "replicasets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "list" "watch" "create" "delete" "get" "patch" "update") "apiGroups" (list "apps") "resources" (list "statefulsets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "patch" "update") "apiGroups" (list "apps") "resources" (list "statefulsets/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "batch") "resources" (list "jobs") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "patch" "update") "apiGroups" (list "cert-manager.io") "resources" (list "certificates") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "patch" "update") "apiGroups" (list "cert-manager.io") "resources" (list "issuers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "cluster.redpanda.com") "resources" (list "redpandas") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "redpandas/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "redpandas/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "coordination.k8s.io") "resources" (list "leases") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "configmaps") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "patch") "apiGroups" (list "") "resources" (list "events") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "secrets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "serviceaccounts") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "pods") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "patch" "update") "apiGroups" (list "") "resources" (list "pods/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "services") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "helm.toolkit.fluxcd.io") "resources" (list "helmreleases") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "update") "apiGroups" (list "helm.toolkit.fluxcd.io") "resources" (list "helmreleases/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "helm.toolkit.fluxcd.io") "resources" (list "helmreleases/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "monitoring.coreos.com") "resources" (list "podmonitors") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "monitoring.coreos.com") "resources" (list "servicemonitors") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "networking.k8s.io") "resources" (list "ingresses") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "policy") "resources" (list "poddisruptionbudgets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "rbac.authorization.k8s.io") "resources" (list "rolebindings") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "rbac.authorization.k8s.io") "resources" (list "roles") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "patch" "update" "watch") "apiGroups" (list "redpanda.vectorized.io") "resources" (list "clusters") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "patch" "update" "watch") "apiGroups" (list "redpanda.vectorized.io") "resources" (list "consoles") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "buckets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "gitrepositories") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "gitrepository") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "patch" "update") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "gitrepository/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "gitrepository/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "helmcharts") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "patch" "update") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "helmcharts/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "helmcharts/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "helmrepositories") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "patch" "update") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "helmrepositories/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "helmrepositories/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "patch" "update" "watch") "apiGroups" (list "cluster.redpanda.com") "resources" (list "topics") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "topics/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "topics/status") ))) )))) -}} +{{- $role = (concat (default (list ) $role) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "Role" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "operator.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "operator.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "persistentvolumeclaims") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "pods") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "apps") "resources" (list "deployments") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "apps") "resources" (list "replicasets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "list" "watch" "create" "delete" "get" "patch" "update") "apiGroups" (list "apps") "resources" (list "statefulsets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "patch" "update") "apiGroups" (list "apps") "resources" (list "statefulsets/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "batch") "resources" (list "jobs") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "patch" "update") "apiGroups" (list "cert-manager.io") "resources" (list "certificates") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "patch" "update") "apiGroups" (list "cert-manager.io") "resources" (list "issuers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "cluster.redpanda.com") "resources" (list "redpandas") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "redpandas/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "redpandas/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "coordination.k8s.io") "resources" (list "leases") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "configmaps") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "patch") "apiGroups" (list "") "resources" (list "events") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "secrets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "serviceaccounts") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "pods") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "patch" "update") "apiGroups" (list "") "resources" (list "pods/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "") "resources" (list "services") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "helm.toolkit.fluxcd.io") "resources" (list "helmreleases") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "update") "apiGroups" (list "helm.toolkit.fluxcd.io") "resources" (list "helmreleases/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "helm.toolkit.fluxcd.io") "resources" (list "helmreleases/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "monitoring.coreos.com") "resources" (list "podmonitors") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "monitoring.coreos.com") "resources" (list "servicemonitors") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "networking.k8s.io") "resources" (list "ingresses") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "policy") "resources" (list "poddisruptionbudgets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "rbac.authorization.k8s.io") "resources" (list "rolebindings") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "rbac.authorization.k8s.io") "resources" (list "roles") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "patch" "update" "watch") "apiGroups" (list "redpanda.vectorized.io") "resources" (list "clusters") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "patch" "update" "watch") "apiGroups" (list "redpanda.vectorized.io") "resources" (list "consoles") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "buckets") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "gitrepositories") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "gitrepository") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "patch" "update") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "gitrepository/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "gitrepository/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "helmcharts") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "patch" "update") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "helmcharts/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "helmcharts/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "list" "patch" "update" "watch") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "helmrepositories") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "create" "delete" "get" "patch" "update") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "helmrepositories/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "source.toolkit.fluxcd.io") "resources" (list "helmrepositories/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "patch" "update" "watch") "apiGroups" (list "cluster.redpanda.com") "resources" (list "topics") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "topics/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "topics/status") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "list" "patch" "update" "watch") "apiGroups" (list "cluster.redpanda.com") "resources" (list "users") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "users/finalizers") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "verbs" (list "get" "patch" "update") "apiGroups" (list "cluster.redpanda.com") "resources" (list "users/status") ))) )))) -}} {{- end -}} {{- $_is_returning = true -}} {{- (dict "r" $role) | toJson -}} diff --git a/charts/operator/testdata/template-cases.golden.txtar b/charts/operator/testdata/template-cases.golden.txtar index 223f15c40..893fb8667 100644 --- a/charts/operator/testdata/template-cases.golden.txtar +++ b/charts/operator/testdata/template-cases.golden.txtar @@ -647,6 +647,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -1763,6 +1787,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -2849,6 +2897,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -3935,6 +4007,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -5040,6 +5136,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -6137,6 +6257,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -7248,6 +7392,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -8784,6 +8952,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -9902,6 +10094,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -11075,6 +11291,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -12223,6 +12463,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -13301,6 +13565,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -14430,6 +14718,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -15985,6 +16297,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -17719,6 +18055,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18953,6 +19313,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -20109,6 +20493,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -22499,6 +22907,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -29862,6 +30294,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -35912,6 +36368,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -37270,6 +37750,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -39888,6 +40392,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -54058,6 +54586,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -61505,6 +62057,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -74579,6 +75155,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -84143,6 +84743,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -98475,6 +99099,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -114064,6 +114712,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -129005,6 +129677,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -131747,6 +132443,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -138994,6 +139714,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -148328,6 +149072,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -149814,6 +150582,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -152608,6 +153400,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/charts/kube-prometheus-stack/charts/grafana/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -320838,6 +321654,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -322772,6 +323612,30 @@ rules: - get - patch - update +- apiGroups: + - cluster.redpanda.com + resources: + - users + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.redpanda.com + resources: + - users/finalizers + verbs: + - update +- apiGroups: + - cluster.redpanda.com + resources: + - users/status + verbs: + - get + - patch + - update --- # Source: operator/templates/role_binding.yaml apiVersion: rbac.authorization.k8s.io/v1