rename bootstrap sa name (#466)

Signed-off-by: Zhiwei Yin <[email protected]>

Author: zhiweiyin318

go.mod

@@ -31,7 +31,7 @@ require (
 	open-cluster-management.io/api v0.15.1-0.20250109024121-1a5e25a78a43
 	open-cluster-management.io/cluster-proxy v0.4.0
 	open-cluster-management.io/managed-serviceaccount v0.6.0
-	open-cluster-management.io/ocm v0.15.1-0.20250110031959-11896ccda197
+	open-cluster-management.io/ocm v0.15.1-0.20250116085531-34275ef1eac8
 	open-cluster-management.io/sdk-go v0.15.1-0.20241125015855-1536c3970f8f
 	sigs.k8s.io/apiserver-network-proxy v0.29.0
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3

go.sum

@@ -563,8 +563,8 @@ open-cluster-management.io/cluster-proxy v0.4.0 h1:rm0UDaDWe3/P3xLzwqdHtqNksKwSz
 open-cluster-management.io/cluster-proxy v0.4.0/go.mod h1:gTvfDHAhGezhdg4BD3ECBn6jbg2Y5PbHhV2ceW5nrB0=
 open-cluster-management.io/managed-serviceaccount v0.6.0 h1:qIi5T9WQJBuoGqnYGIktXbtqfQoiN2H9XU2P/6lAQiw=
 open-cluster-management.io/managed-serviceaccount v0.6.0/go.mod h1:G4LUTbZiyrB8c0+rqi/xnDmGlsg7Rdr4T7MPLCWhyQI=
-open-cluster-management.io/ocm v0.15.1-0.20250110031959-11896ccda197 h1:ECwQuYbtUxDbKUKHfnmQYwLG2cV3i7OwsU4dJP/XrDg=
-open-cluster-management.io/ocm v0.15.1-0.20250110031959-11896ccda197/go.mod h1:daPkqFxkVqKb4O8UTX+7jCyEcJWarGOG7uDie9rFfck=
+open-cluster-management.io/ocm v0.15.1-0.20250116085531-34275ef1eac8 h1:IDjk8EeKajwqezVM1eDNYPHyaJx4V0N/sZoSAVhIUJk=
+open-cluster-management.io/ocm v0.15.1-0.20250116085531-34275ef1eac8/go.mod h1:daPkqFxkVqKb4O8UTX+7jCyEcJWarGOG7uDie9rFfck=
 open-cluster-management.io/sdk-go v0.15.1-0.20241125015855-1536c3970f8f h1:zeC7QrFNarfK2zY6jGtd+mX+yDrQQmnH/J8A7n5Nh38=
 open-cluster-management.io/sdk-go v0.15.1-0.20241125015855-1536c3970f8f/go.mod h1:fi5WBsbC5K3txKb8eRLuP0Sim/Oqz/PHX18skAEyjiA=
 oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo=

pkg/cmd/accept/exec.go

@@ -27,7 +27,7 @@ import (
 const (
 	groupNameBootstrap               = "system:bootstrappers:managedcluster"
 	userNameSignatureBootstrapPrefix = "system:bootstrap:"
-	userNameSignatureSA              = "system:serviceaccount:open-cluster-management:cluster-bootstrap"
+	userNameSignatureSA              = "system:serviceaccount:open-cluster-management:agent-registration-bootstrap"
 	groupNameSA                      = "system:serviceaccounts:open-cluster-management"
 	clusterLabel                     = "open-cluster-management.io/cluster-name"
 )
@@ -124,12 +124,12 @@ func (o *Options) approveCSR(kubeClient *kubernetes.Clientset, clusterName strin
 		passedCSRs = csrs.Items
 	} else {
 		for _, item := range csrs.Items {
-			//Does not have the correct name prefix
+			// Does not have the correct name prefix
 			if !strings.HasPrefix(item.Spec.Username, userNameSignatureBootstrapPrefix) &&
 				!strings.HasPrefix(item.Spec.Username, userNameSignatureSA) {
 				continue
 			}
-			//Check groups
+			// Check groups
 			groups := sets.NewString(item.Spec.Groups...)
 			if !groups.Has(groupNameBootstrap) &&
 				!groups.Has(groupNameSA) {
@@ -173,14 +173,14 @@ func (o *Options) approveCSR(kubeClient *kubernetes.Clientset, clusterName strin
 			fmt.Fprintf(o.Streams.Out, "CSR %s with requester %s is not in the approve list\n", passedCSR.Name, cn)
 			continue
 		}
-		//Check if already approved or denied
+		// Check if already approved or denied
 		approved, denied := GetCertApprovalCondition(&passedCSR.Status)
-		//if already denied, then nothing to do
+		// if already denied, then nothing to do
 		if denied {
 			fmt.Fprintf(o.Streams.Out, "CSR %s already denied\n", passedCSR.Name)
 			continue
 		}
-		//if already approved, then nothing to do
+		// if already approved, then nothing to do
 		if approved {
 			fmt.Fprintf(o.Streams.Out, "CSR %s already approved\n", passedCSR.Name)
 			hasApproved = true
@@ -189,15 +189,15 @@ func (o *Options) approveCSR(kubeClient *kubernetes.Clientset, clusterName strin
 		csrToApprove = append(csrToApprove, passedCSR)
 	}
 
-	//no csr found
+	// no csr found
 	if len(csrToApprove) == 0 {
 		if waitMode {
 			fmt.Fprintf(o.Streams.Out, "no CSR to approve for cluster %s\n", clusterName)
 		}
 
 		return hasApproved, nil
 	}
-	//if dry-run don't approve
+	// if dry-run don't approve
 	if o.ClusteradmFlags.DryRun {
 		return hasApproved, nil
 	}

pkg/config/env.go

@@ -4,10 +4,10 @@ package config
 
 const (
 	OpenClusterManagementNamespace    = "open-cluster-management"
-	BootstrapSAName                   = "cluster-bootstrap"
-	BootstrapClusterRoleBindingName   = "cluster-bootstrap"
-	BootstrapClusterRoleBindingSAName = "cluster-bootstrap-sa"
-	BootstrapClusterRoleName          = "system:open-cluster-management:bootstrap"
+	BootstrapSAName                   = "agent-registration-bootstrap"
+	BootstrapClusterRoleBindingName   = "open-cluster-management:bootstrap:agent-registration"
+	BootstrapClusterRoleBindingSAName = "agent-registration-bootstrap"
+	BootstrapClusterRoleName          = "open-cluster-management:bootstrap"
 	ClusterManagerName                = "cluster-manager"
 	LabelApp                          = "app"
 	BootstrapSecretPrefix             = "bootstrap-token-"

vendor/modules.txt

@@ -1282,7 +1282,7 @@ open-cluster-management.io/managed-serviceaccount/pkg/generated/clientset/versio
 open-cluster-management.io/managed-serviceaccount/pkg/generated/clientset/versioned/scheme
 open-cluster-management.io/managed-serviceaccount/pkg/generated/clientset/versioned/typed/authentication/v1alpha1
 open-cluster-management.io/managed-serviceaccount/pkg/generated/clientset/versioned/typed/authentication/v1beta1
-# open-cluster-management.io/ocm v0.15.1-0.20250110031959-11896ccda197
+# open-cluster-management.io/ocm v0.15.1-0.20250116085531-34275ef1eac8
 ## explicit; go 1.22.5
 open-cluster-management.io/ocm/deploy/cluster-manager/chart
 open-cluster-management.io/ocm/deploy/klusterlet/chart