Skip to content

Commit 61720ed

Browse files
author
Per Goncalves da Silva
committed
Update syntheric user format
Signed-off-by: Per Goncalves da Silva <[email protected]>
1 parent d24e616 commit 61720ed

File tree

4 files changed

+12
-12
lines changed

4 files changed

+12
-12
lines changed

internal/operator-controller/action/restconfig.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ import (
1414
"github.com/operator-framework/operator-controller/internal/operator-controller/features"
1515
)
1616

17-
const syntheticServiceAccountName = "olmv1:synthetic"
17+
const syntheticServiceAccountName = "olm:synthetic-user"
1818

1919
type clusterExtensionRestConfigMapper struct {
2020
saRestConfigMapper func(ctx context.Context, o client.Object, c *rest.Config) (*rest.Config, error)

internal/operator-controller/action/restconfig_test.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -44,13 +44,13 @@ func TestMapper_SyntheticPermissionsEnabled(t *testing.T) {
4444
fgEnabled bool
4545
}{
4646
{
47-
description: "user service account wrapper if extension service account is _not_ called olmv1:synthetic",
48-
serviceAccountName: "_not_:olmv1:synthetic",
47+
description: "user service account wrapper if extension service account is _not_ called olm:synthetic-user",
48+
serviceAccountName: "_not_:olm:synthetic-user",
4949
expectedMapper: saAccountWrapper,
5050
fgEnabled: true,
5151
}, {
52-
description: "user synthetic user wrapper is extension service account is called olmv1:synthetic",
53-
serviceAccountName: "olmv1:synthetic",
52+
description: "user synthetic user wrapper is extension service account is called olm:synthetic-user",
53+
serviceAccountName: "olm:synthetic-user",
5454
expectedMapper: synthUserWrapper,
5555
fgEnabled: true,
5656
},
@@ -80,7 +80,7 @@ func TestMapper_SyntheticPermissionsDisabled(t *testing.T) {
8080
ext := &ocv1.ClusterExtension{
8181
Spec: ocv1.ClusterExtensionSpec{
8282
ServiceAccount: ocv1.ServiceAccountReference{
83-
Name: "olmv1:synthetic",
83+
Name: "olm:synthetic-user",
8484
},
8585
},
8686
}

internal/operator-controller/authentication/synthetic.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,12 @@ import (
99
)
1010

1111
func SyntheticUserName(ext ocv1.ClusterExtension) string {
12-
return fmt.Sprintf("olmv1:clusterextensions:%s:admin", ext.Name)
12+
return fmt.Sprintf("olm:clusterextensions:%s", ext.Name)
1313
}
1414

1515
func SyntheticGroups(_ ocv1.ClusterExtension) []string {
1616
return []string{
17-
"olmv1:clusterextensions:admin",
17+
"olmv1:clusterextensions",
1818
"system:authenticated",
1919
}
2020
}

internal/operator-controller/authentication/synthetic_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,13 +16,13 @@ func TestSyntheticUserName(t *testing.T) {
1616
Name: "my-ext",
1717
},
1818
})
19-
require.Equal(t, "olmv1:clusterextensions:my-ext:admin", syntheticUserName)
19+
require.Equal(t, "olm:clusterextensions:my-ext", syntheticUserName)
2020
}
2121

2222
func TestSyntheticGroups(t *testing.T) {
2323
syntheticGroups := authentication.SyntheticGroups(ocv1.ClusterExtension{})
2424
require.Equal(t, []string{
25-
"olmv1:clusterextensions:admin",
25+
"olmv1:clusterextensions",
2626
"system:authenticated",
2727
}, syntheticGroups)
2828
}
@@ -33,9 +33,9 @@ func TestSyntheticImpersonationConfig(t *testing.T) {
3333
Name: "my-ext",
3434
},
3535
})
36-
require.Equal(t, "olmv1:clusterextensions:my-ext:admin", config.UserName)
36+
require.Equal(t, "olm:clusterextensions:my-ext", config.UserName)
3737
require.Equal(t, []string{
38-
"olmv1:clusterextensions:admin",
38+
"olmv1:clusterextensions",
3939
"system:authenticated",
4040
}, config.Groups)
4141
require.Empty(t, config.UID)

0 commit comments

Comments
 (0)