Conversation
chrisseto
requested review from
RafalKorepta,
andrewstucki and
gene-redpanda
as code owners
chrisseto
force-pushed
the
chris/p/operator-itemize-rbac
branch
from
7447063 to
64752d5
Compare
|
My apologies for the massive diff. Everything I've been doing this sprint somehow resulted in me needing to update permission checking tests and it's abysmal to do without this. |
chrisseto
force-pushed
the
chris/p/operator-itemize-rbac
branch
from
64752d5 to
eb18640
Compare
andrewstucki
left a comment
andrewstucki
left a comment
There was a problem hiding this comment.
This generally looks fine to me so long as the tests still pass. Only potential change would be to move the decommissioning package to follow everything else, i.e. internal/controller/decommission or something like that.
|
Huh, chart integration tests are failing but the controller tests are passing.
I was trying to minimize changes but it does stick out like a sore thumb now doesn't it. I'll add move it as well if any other changes are required otherwise I might try to dance around CI times... |
chrisseto
force-pushed
the
chris/p/operator-itemize-rbac
branch
from
eb18640 to
7b22e36
Compare
|
I moved the decommissioning package as well. There's no changes out side of the operator so I have to assume the chart failures are pre-existing :( Going to flick on auto merge as I've seen that integration tests work as expected for the operator package. TFTR! |
Prior to this commit the RBAC declarations of the various controllers were littered across the repo. This made it exceptionally difficult to understand where permissions came from. It also made any attempt to test that the redpanda and operator charts' RBACs were correctly configured nearly impossible as the charts themselves had to itemize permissions while their sources did not. This commit divides each distinct controller into its own package which allows `controller-gen` to build the (Cluster)Roles for a specific controller. The vast majority of changes in the commit is just code movement. Notable exceptions are: - Duplication of `redpanda_controller_utils.go`. This file is cursed and will be removed soon any how. I'm accepting the evil of duplicating it. - RBAC is now spit into `./operator/config/rbac/itemized/` - An empty `rpkdebugbundle` package has been added to track the permissions required for `rpk debug bundle`. See also: [K8S-537], [K8S-495]
RafalKorepta
force-pushed
the
chris/p/operator-itemize-rbac
branch
from
7b22e36 to
8da779b
Compare
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
3 participants
Prior to this commit the RBAC declarations of the various controllers were littered across the repo. This made it exceptionally difficult to understand where permissions came from. It also made any attempt to test that the redpanda and operator charts' RBACs were correctly configured nearly impossible as the charts themselves had to itemize permissions while their sources did not.
This commit divides each distinct controller into its own package which allows
controller-gento build the (Cluster)Roles for a specific controller.The vast majority of changes in the commit is just code movement. Notable exceptions are:
redpanda_controller_utils.go. This file is cursed and will be removed soon any how. I'm accepting the evil of duplicating it../operator/config/rbac/itemized/rpkdebugbundlepackage has been added to track the permissions required forrpk debug bundle.https://redpandadata.atlassian.net/browse/K8S-495