Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rework 2.x RBAC generators #1457

Merged
merged 9 commits into from
Jun 25, 2021
Merged

Rework 2.x RBAC generators #1457

merged 9 commits into from
Jun 25, 2021

Conversation

rainest
Copy link
Contributor

@rainest rainest commented Jun 24, 2021
edited
Loading

What this PR does / why we need it:

  • Adds configurable RBAC verbs for generated controllers' kubebuilder RBAC annotations.
  • Adds RBAC-only API configuration to the controller generator.
  • Adds a namespaced Role duplicate of the ClusterRole.
  • Updates permissions to align with KIC 1.x permissions

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #1215

Special notes for your reviewer:

  • RBAC-only API generation is perhaps a bit out of place in its current home (railgun/hack/generators/controllers/networking/main.go) as they aren't controllers, but there isn't an obvious better place to place it already. This at least provides a single location to configure both types of things that generate RBAC permissions.
  • The status and finalizer permissions have been left as-is, with no new toggles to disable them. Wasn't sure if we wanted to remove them from anything (1.x only had status on Ingress-likes, but AFAIK we intend to expand on what 1.x did).
  • The addition of the namespaced Role will place a resource we don't want in role.yaml. We will need to split it out and select only the ClusterRole when building the all-in-one manifests.

PR Readiness Checklist:

Complete these before marking the PR as ready to review:

  • the CHANGELOG.md release notes have been updated to reflect any significant (and particularly user-facing) changes introduced by this PR

@rainest rainest requested a review from a team as a code owner June 24, 2021 21:16
@rainest rainest temporarily deployed to Configure ci June 24, 2021 21:16 Inactive
@github-actions
Copy link

Licenses differ between commit 66977e7fb964aaa0d78b7ea98368afae7872701c and base:

+++ pr_licenses.csv	2021-06-24 21:17:34.567611297 +0000
@@ -1,3 +1,6 @@
+github.com/Masterminds/goutils,https://github.com/Masterminds/goutils/blob/master/LICENSE.txt,Apache-2.0
+github.com/Masterminds/semver,https://github.com/Masterminds/semver/blob/master/LICENSE.txt,MIT
+github.com/Masterminds/sprig,https://github.com/Masterminds/sprig/blob/master/LICENSE.txt,MIT
 github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/master/quantile/LICENSE,MIT
 github.com/blang/semver/v4,https://github.com/blang/semver/blob/master/v4/LICENSE,MIT
 github.com/bombsimon/logrusr,https://github.com/bombsimon/logrusr/blob/master/LICENCE,MIT
@@ -25,13 +28,16 @@
 github.com/hashicorp/golang-lru,https://github.com/hashicorp/golang-lru/blob/master/LICENSE,MPL-2.0
 github.com/hashicorp/hcl,https://github.com/hashicorp/hcl/blob/master/LICENSE,MPL-2.0
 github.com/hexops/gotextdiff,https://github.com/hexops/gotextdiff/blob/master/LICENSE,BSD-3-Clause
+github.com/huandu/xstrings,https://github.com/huandu/xstrings/blob/master/LICENSE,MIT
 github.com/imdario/mergo,https://github.com/imdario/mergo/blob/master/LICENSE,BSD-3-Clause
 github.com/json-iterator/go,https://github.com/json-iterator/go/blob/master/LICENSE,MIT
 github.com/magiconair/properties,https://github.com/magiconair/properties/blob/master/LICENSE.md,BSD-2-Clause
 github.com/mattn/go-colorable,https://github.com/mattn/go-colorable/blob/master/LICENSE,MIT
 github.com/mattn/go-isatty,https://github.com/mattn/go-isatty/blob/master/LICENSE,MIT
 github.com/matttproud/golang_protobuf_extensions/pbutil,https://github.com/matttproud/golang_protobuf_extensions/blob/master/pbutil/LICENSE,Apache-2.0
+github.com/mitchellh/copystructure,https://github.com/mitchellh/copystructure/blob/master/LICENSE,MIT
 github.com/mitchellh/mapstructure,https://github.com/mitchellh/mapstructure/blob/master/LICENSE,MIT
+github.com/mitchellh/reflectwalk,https://github.com/mitchellh/reflectwalk/blob/master/LICENSE,MIT
 github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/master/LICENSE,Apache-2.0
 github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/master/LICENSE,Apache-2.0
 github.com/pelletier/go-toml,https://github.com/pelletier/go-toml/blob/master/LICENSE,MIT```

@rainest rainest temporarily deployed to Configure ci June 24, 2021 21:18 Inactive
@codecov
Copy link

codecov bot commented Jun 24, 2021
edited
Loading

Codecov Report

Merging #1457 (160284d) into next (8171d4e) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             next    #1457   +/-   ##
=======================================
  Coverage   55.79%   55.79%           
=======================================
  Files          44       44           
  Lines        3733     3733           
=======================================
  Hits         2083     2083           
  Misses       1501     1501           
  Partials      149      149

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8171d4e...160284d. Read the comment docs.

@rainest rainest temporarily deployed to Configure ci June 24, 2021 21:38 Inactive
shaneutt
shaneutt approved these changes Jun 25, 2021
View reviewed changes
Copy link
Contributor

@shaneutt shaneutt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

railgun/config/crd/bases/configuration.konghq.com_tcpingresses.yaml Show resolved Hide resolved
railgun/hack/generators/controllers/networking/main.go Outdated Show resolved Hide resolved
railgun/hack/generators/controllers/networking/main.go Show resolved Hide resolved
railgun/hack/generators/controllers/networking/main.go Outdated Show resolved Hide resolved
railgun/hack/generators/controllers/networking/main.go Outdated Show resolved Hide resolved
railgun/hack/generators/controllers/networking/main.go Outdated Show resolved Hide resolved
railgun/hack/generators/controllers/networking/main.go Show resolved Hide resolved
railgun/hack/generators/controllers/networking/main.go Show resolved Hide resolved
@rainest rainest temporarily deployed to Configure ci June 25, 2021 17:40 Inactive
@rainest rainest temporarily deployed to Configure ci June 25, 2021 17:43 Inactive
@rainest rainest temporarily deployed to Configure ci June 25, 2021 17:49 Inactive
@rainest rainest merged commit a0405a3 into next Jun 25, 2021
@rainest rainest deleted the feat/rg-rbac-revamp branch June 25, 2021 18:07
@shaneutt shaneutt mentioned this pull request Jun 30, 2021
Closed
2 tasks
@shaneutt shaneutt mentioned this pull request Jul 7, 2021
Closed
1 task
@rainest rainest mentioned this pull request Jul 9, 2021
Merged
@shaneutt shaneutt mentioned this pull request Aug 30, 2021
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shaneutt shaneutt shaneutt approved these changes

Assignees
No one assigned
Labels
ci/license/changed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rainest @shaneutt