Document the spec.hubTemplateOptions.serviceAccountName field

mprahl · openshift-merge-bot[bot] · commit 166702f77bfa · 2024-09-17T20:26:02.000Z
Relates: https://issues.redhat.com/browse/ACM-13572 Signed-off-by: mprahl <mprahl@users.noreply.github.com>
diff --git a/api/v1/policy_types.go b/api/v1/policy_types.go
@@ -67,6 +67,10 @@ type PolicyDependency struct {
 }
 
 type HubTemplateOptions struct {
+	// ServiceAccountName is the name of a service account in the same namespace as the policy to use for all hub
+	// template lookups. The service account must have list and watch permissions on any object the hub templates
+	// look up. If not specified, lookups are restricted to namespaced objects in the same namespace as the policy and
+	// to the `ManagedCluster` object associated with the propagated policy.
 	ServiceAccountName string `json:"serviceAccountName,omitempty"`
 }
 
diff --git a/deploy/crds/kustomize/policy.open-cluster-management.io_policies.yaml b/deploy/crds/kustomize/policy.open-cluster-management.io_policies.yaml
@@ -122,6 +122,11 @@ spec:
                   templates.
                 properties:
                   serviceAccountName:
+                    description: |-
+                      ServiceAccountName is the name of a service account in the same namespace as the policy to use for all hub
+                      template lookups. The service account must have list and watch permissions on any object the hub templates
+                      look up. If not specified, lookups are restricted to namespaced objects in the same namespace as the policy and
+                      to the `ManagedCluster` object associated with the propagated policy.
                     type: string
                 type: object
               policy-templates:
diff --git a/deploy/crds/policy.open-cluster-management.io_policies.yaml b/deploy/crds/policy.open-cluster-management.io_policies.yaml
@@ -134,6 +134,11 @@ spec:
                   templates.
                 properties:
                   serviceAccountName:
+                    description: >-
+                      ServiceAccountName is the name of a service account in the same namespace as the policy to use for all hub
+                      template lookups. The service account must have list and watch permissions on any object the hub templates
+                      look up. If not specified, lookups are restricted to namespaced objects in the same namespace as the policy and
+                      to the `ManagedCluster` object associated with the propagated policy.
                     type: string
                 type: object
               policy-templates:

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,10 @@ type PolicyDependency struct {`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`type HubTemplateOptions struct {`
	`70`	`+ // ServiceAccountName is the name of a service account in the same namespace as the policy to use for all hub`
	`71`	`+ // template lookups. The service account must have list and watch permissions on any object the hub templates`
	`72`	`+ // look up. If not specified, lookups are restricted to namespaced objects in the same namespace as the policy and`
	`73`	+ // to the `ManagedCluster` object associated with the propagated policy.
`70`	`74`	ServiceAccountName string `json:"serviceAccountName,omitempty"`
`71`	`75`	`}`
`72`	`76`