fix: Fix the case, one service account has multiple roles (#63)

horis233 · web-flow · commit 70f43db17b01 · 2021-01-27T05:18:22.000+08:00
diff --git a/controllers/namespacescope_controller.go b/controllers/namespacescope_controller.go
@@ -421,6 +421,9 @@ func (r *NamespaceScopeReconciler) generateRBACToNamespace(instance *operatorv1.
 	}
 	for _, sa := range saNames {
 		roleList, err := r.GetRolesFromServiceAccount(sa, fromNs)
+
+		klog.V(2).Infof("Roles waiting to be copied: %v", roleList)
+
 		if err != nil {
 			return err
 		}
@@ -512,7 +515,7 @@ func (r *NamespaceScopeReconciler) CreateRole(roleNames []string, labels map[str
 			klog.Errorf("Failed to get role %s in namespace %s: %v", roleName, fromNs, err)
 			return err
 		}
-		hashedServiceAccount := sha256.Sum256([]byte(saName + fromNs))
+		hashedServiceAccount := sha256.Sum256([]byte(roleName + saName + fromNs))
 		name := strings.Split(roleName, ".")[0] + "-" + hex.EncodeToString(hashedServiceAccount[:7])
 		namespace := toNs
 		role := &rbacv1.Role{
@@ -529,7 +532,7 @@ func (r *NamespaceScopeReconciler) CreateRole(roleNames []string, labels map[str
 					klog.Errorf("Failed to update role %s/%s: %v", namespace, name, err)
 					return err
 				}
-				return nil
+				continue
 			}
 			klog.Errorf("Failed to create role %s/%s: %v", namespace, name, err)
 			return err

Original file line number	Diff line number	Diff line change
`@@ -421,6 +421,9 @@ func (r NamespaceScopeReconciler) generateRBACToNamespace(instance operatorv1.`
`421`	`421`	`}`
`422`	`422`	`for _, sa := range saNames {`
`423`	`423`	`roleList, err := r.GetRolesFromServiceAccount(sa, fromNs)`
	`424`	`+`
	`425`	`+ klog.V(2).Infof("Roles waiting to be copied: %v", roleList)`
	`426`	`+`
`424`	`427`	`if err != nil {`
`425`	`428`	`return err`
`426`	`429`	`}`
`@@ -512,7 +515,7 @@ func (r *NamespaceScopeReconciler) CreateRole(roleNames []string, labels map[str`
`512`	`515`	`klog.Errorf("Failed to get role %s in namespace %s: %v", roleName, fromNs, err)`
`513`	`516`	`return err`
`514`	`517`	`}`
`515`		`- hashedServiceAccount := sha256.Sum256([]byte(saName + fromNs))`
	`518`	`+ hashedServiceAccount := sha256.Sum256([]byte(roleName + saName + fromNs))`
`516`	`519`	`name := strings.Split(roleName, ".")[0] + "-" + hex.EncodeToString(hashedServiceAccount[:7])`
`517`	`520`	`namespace := toNs`
`518`	`521`	`role := &rbacv1.Role{`
`@@ -529,7 +532,7 @@ func (r *NamespaceScopeReconciler) CreateRole(roleNames []string, labels map[str`
`529`	`532`	`klog.Errorf("Failed to update role %s/%s: %v", namespace, name, err)`
`530`	`533`	`return err`
`531`	`534`	`}`
`532`		`- return nil`
	`535`	`+ continue`
`533`	`536`	`}`
`534`	`537`	`klog.Errorf("Failed to create role %s/%s: %v", namespace, name, err)`
`535`	`538`	`return err`