disable serviceImport (#260)

ryanzhang-oss · Ryan Zhang · web-flow · commit 44551d309f6e · 2022-09-06T00:55:44.000-07:00
Co-authored-by: Ryan Zhang &lt;zhangryan@microsoft.com&gt;
diff --git a/pkg/utils/apiresources.go b/pkg/utils/apiresources.go
@@ -31,6 +31,12 @@ var (
 		Kind:    "Node",
 	}
 
+	serviceImportGVK = schema.GroupVersionKind{
+		Group:   NetworkingGroupName,
+		Version: "v1alpha1",
+		Kind:    "ServiceImport",
+	}
+
 	// we use `;` to separate the different api groups
 	apiGroupSepToken = ";"
 )
@@ -61,6 +67,7 @@ func NewDisabledResourceConfig() *DisabledResourceConfig {
 	r.DisableGroup(coordv1.GroupName)
 	r.DisableGroupVersionKind(corev1PodGVK)
 	r.DisableGroupVersionKind(corev1NodeGVK)
+	r.DisableGroupVersionKind(serviceImportGVK)
 	return r
 }
 
diff --git a/pkg/utils/common.go b/pkg/utils/common.go
@@ -56,6 +56,10 @@ const (
 	// PlacementFinalizer is used to make sure that we handle gc of placement resources
 	PlacementFinalizer = "work.fleet.azure.com/placement-protection"
 )
+const (
+	// NetworkingGroupName is the group name of the fleet networking
+	NetworkingGroupName = "networking.fleet.azure.com"
+)
 
 var (
 	FleetRule = rbacv1.PolicyRule{
@@ -75,7 +79,7 @@ var (
 	}
 	FleetNetworkRule = rbacv1.PolicyRule{
 		Verbs:     []string{"*"},
-		APIGroups: []string{"networking.fleet.azure.com"},
+		APIGroups: []string{NetworkingGroupName},
 		Resources: []string{"*"},
 	}
 	// LeaseRule Leases permissions are required for leader election of hub controller manager in member cluster.

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,12 @@ var (`
`31`	`31`	`Kind: "Node",`
`32`	`32`	`}`
`33`	`33`
	`34`	`+ serviceImportGVK = schema.GroupVersionKind{`
	`35`	`+ Group: NetworkingGroupName,`
	`36`	`+ Version: "v1alpha1",`
	`37`	`+ Kind: "ServiceImport",`
	`38`	`+ }`
	`39`	`+`
`34`	`40`	// we use `;` to separate the different api groups
`35`	`41`	`apiGroupSepToken = ";"`
`36`	`42`	`)`
`@@ -61,6 +67,7 @@ func NewDisabledResourceConfig() *DisabledResourceConfig {`
`61`	`67`	`r.DisableGroup(coordv1.GroupName)`
`62`	`68`	`r.DisableGroupVersionKind(corev1PodGVK)`
`63`	`69`	`r.DisableGroupVersionKind(corev1NodeGVK)`
	`70`	`+ r.DisableGroupVersionKind(serviceImportGVK)`
`64`	`71`	`return r`
`65`	`72`	`}`
`66`	`73`
Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,10 @@ const (`
`56`	`56`	`// PlacementFinalizer is used to make sure that we handle gc of placement resources`
`57`	`57`	`PlacementFinalizer = "work.fleet.azure.com/placement-protection"`
`58`	`58`	`)`
	`59`	`+const (`
	`60`	`+ // NetworkingGroupName is the group name of the fleet networking`
	`61`	`+ NetworkingGroupName = "networking.fleet.azure.com"`
	`62`	`+)`
`59`	`63`
`60`	`64`	`var (`
`61`	`65`	`FleetRule = rbacv1.PolicyRule{`
`@@ -75,7 +79,7 @@ var (`
`75`	`79`	`}`
`76`	`80`	`FleetNetworkRule = rbacv1.PolicyRule{`
`77`	`81`	`Verbs: []string{"*"},`
`78`		`- APIGroups: []string{"networking.fleet.azure.com"},`
	`82`	`+ APIGroups: []string{NetworkingGroupName},`
`79`	`83`	`Resources: []string{"*"},`
`80`	`84`	`}`
`81`	`85`	`// LeaseRule Leases permissions are required for leader election of hub controller manager in member cluster.`