Skip to content

Commit 759f362

Browse files
bertinattobertinatto
committed
Populate OM output-resources with discovered resources
Generated with Claude Code
1 parent e175379 commit 759f362

File tree

1 file changed

+75
-3
lines changed

1 file changed

+75
-3
lines changed

pkg/cmd/mom/input_resources_command.go

Lines changed: 75 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -50,17 +50,89 @@ func runInputResources(ctx context.Context) (*libraryinputresources.InputResourc
5050
}
5151

5252
// runOutputResources is defined here to support the input-resources command
53-
// The actual implementation will be in output_resources_command.go
53+
// This is shared with output_resources_command.go
5454
func runOutputResources(ctx context.Context) (*libraryoutputresources.OutputResources, error) {
5555
return &libraryoutputresources.OutputResources{
5656
ConfigurationResources: libraryoutputresources.ResourceList{
5757
ExactResources: []libraryoutputresources.ExactResourceID{},
5858
},
5959
ManagementResources: libraryoutputresources.ResourceList{
60-
ExactResources: []libraryoutputresources.ExactResourceID{},
60+
ExactResources: []libraryoutputresources.ExactResourceID{
61+
// ClusterOperator status
62+
libraryoutputresources.ExactClusterOperator("kube-controller-manager"),
63+
64+
// Namespaces managed by the operator
65+
libraryoutputresources.ExactNamespace("openshift-kube-controller-manager"),
66+
libraryoutputresources.ExactNamespace("openshift-kube-controller-manager-operator"),
67+
libraryoutputresources.ExactNamespace("openshift-infra"),
68+
69+
// Operator deployment and service
70+
libraryoutputresources.ExactDeployment("openshift-kube-controller-manager-operator", "kube-controller-manager-operator"),
71+
libraryoutputresources.ExactService("openshift-kube-controller-manager-operator", "kube-controller-manager-operator"),
72+
libraryoutputresources.ExactServiceAccount("openshift-kube-controller-manager-operator", "kube-controller-manager-operator"),
73+
74+
// Static pod resources in target namespace
75+
libraryoutputresources.ExactService("openshift-kube-controller-manager", "kube-controller-manager"),
76+
libraryoutputresources.ExactServiceAccount("openshift-kube-controller-manager", "kube-controller-manager"),
77+
libraryoutputresources.ExactServiceAccount("openshift-kube-controller-manager", "localhost-recovery-client"),
78+
libraryoutputresources.ExactServiceAccount("openshift-kube-controller-manager", "kube-controller-manager-sa"),
79+
80+
// ConfigMaps
81+
libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "config"),
82+
libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "kube-controller-manager-pod"),
83+
libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "cluster-policy-controller-config"),
84+
libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "controller-manager-kubeconfig"),
85+
libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "kube-controller-cert-syncer-kubeconfig"),
86+
libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "serviceaccount-ca"),
87+
libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "service-ca"),
88+
libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "recycler-config"),
89+
libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "trusted-ca-bundle"),
90+
libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "aggregator-client-ca"),
91+
libraryoutputresources.ExactConfigMap("openshift-kube-controller-manager", "client-ca"),
92+
93+
// Secrets
94+
libraryoutputresources.ExactSecret("openshift-kube-controller-manager", "service-account-private-key"),
95+
libraryoutputresources.ExactSecret("openshift-kube-controller-manager", "serving-cert"),
96+
libraryoutputresources.ExactSecret("openshift-kube-controller-manager", "localhost-recovery-client-token"),
97+
libraryoutputresources.ExactSecret("openshift-kube-controller-manager", "kube-controller-manager-client-cert-key"),
98+
libraryoutputresources.ExactSecret("openshift-kube-controller-manager", "csr-signer"),
99+
100+
// Roles and RoleBindings in target namespace
101+
libraryoutputresources.ExactRole("kube-system", "system:openshift:controller:cluster-policy-controller"),
102+
libraryoutputresources.ExactRoleBinding("kube-system", "system:openshift:controller:cluster-policy-controller"),
103+
104+
// PodDisruptionBudget
105+
libraryoutputresources.ExactPDB("openshift-kube-controller-manager-operator", "kube-controller-manager-operator"),
106+
},
107+
EventingNamespaces: []string{
108+
"openshift-kube-controller-manager",
109+
"openshift-kube-controller-manager-operator",
110+
},
61111
},
62112
UserWorkloadResources: libraryoutputresources.ResourceList{
63-
ExactResources: []libraryoutputresources.ExactResourceID{},
113+
ExactResources: []libraryoutputresources.ExactResourceID{
114+
// CSR-related resources
115+
libraryoutputresources.ExactClusterRole("system:openshift:controller:cluster-csr-approver"),
116+
libraryoutputresources.ExactClusterRoleBinding("system:openshift:controller:cluster-csr-approver"),
117+
118+
// Namespace security allocation controller
119+
libraryoutputresources.ExactClusterRole("system:openshift:controller:namespace-security-allocation-controller"),
120+
libraryoutputresources.ExactClusterRoleBinding("system:openshift:controller:namespace-security-allocation-controller"),
121+
122+
// PodSecurity admission label syncer controller
123+
libraryoutputresources.ExactClusterRole("system:openshift:controller:podsecurity-admission-label-syncer-controller"),
124+
libraryoutputresources.ExactClusterRoleBinding("system:openshift:controller:podsecurity-admission-label-syncer-controller"),
125+
126+
// PodSecurity admission label privileged namespaces syncer controller
127+
libraryoutputresources.ExactClusterRole("system:openshift:controller:podsecurity-admission-label-privileged-namespaces-syncer-controller"),
128+
libraryoutputresources.ExactClusterRoleBinding("system:openshift:controller:podsecurity-admission-label-privileged-namespaces-syncer-controller"),
129+
130+
// Localhost recovery
131+
libraryoutputresources.ExactClusterRoleBinding("system:openshift:operator:kube-controller-manager-recovery"),
132+
133+
// Operator RBAC
134+
libraryoutputresources.ExactClusterRoleBinding("system:openshift:operator:kube-controller-manager-operator"),
135+
},
64136
},
65137
}, nil
66138
}

0 commit comments

Comments
 (0)