@@ -3,6 +3,7 @@ use stackable_hdfs_crd::{
33 constants:: { APP_NAME , FIELD_MANAGER_SCOPE } ,
44 HdfsCluster ,
55} ;
6+ use stackable_operator:: kube:: ResourceExt ;
67use stackable_operator:: {
78 commons:: rbac:: build_rbac_resources,
89 k8s_openapi:: api:: rbac:: v1:: { ClusterRoleBinding , Subject } ,
@@ -49,16 +50,27 @@ pub async fn reconcile(
4950 let subjects: Vec < Subject > = store
5051 . state ( )
5152 . into_iter ( )
52- . map ( |object| {
53- (
54- object. metadata . clone ( ) ,
55- build_rbac_resources ( & * object, APP_NAME , Labels :: default ( ) )
56- . expect ( "failed to get serviceAccount for object" )
57- . 0
58- . metadata
59- . name
60- . unwrap ( ) ,
61- )
53+ . filter_map ( |object| {
54+ // The call to 'build_rbac_resources' can fail, so we
55+ // use filter_map here, log an error for any failures and keep
56+ // going with all the non-broken elements
57+ // Usually we'd rather opt for failing completely here, but in this specific instance
58+ // this could mean that one broken cluster somewhere could impact other working clusters
59+ // within the namespace, so we opted for doing everything we can here, instead of failing
60+ // completely.
61+ match build_rbac_resources ( & * object, APP_NAME , Labels :: default ( ) ) {
62+ Ok ( ( service_account, _role_binding) ) => {
63+ Some ( ( object. metadata . clone ( ) , service_account. name_any ( ) ) )
64+ }
65+ Err ( e) => {
66+ error ! (
67+ ?object,
68+ ?e,
69+ "Failed to build serviceAccount name for hdfs cluster"
70+ ) ;
71+ None
72+ }
73+ }
6274 } )
6375 . map ( |( meta, sa_name) | Subject {
6476 kind : "ServiceAccount" . to_string ( ) ,
0 commit comments