You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by as...@apache.org on 2022/01/31 13:23:11 UTC

[camel-k] 03/09: feat(knative): Bind the Addressable resolver aggregated ClusterRole to the operator SA

This is an automated email from the ASF dual-hosted git repository.

astefanutti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git

commit 3439d711e88ed5c71a2279adc350f0d36e2bde3d
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Fri Jan 28 12:17:36 2022 +0100

    feat(knative): Bind the Addressable resolver aggregated ClusterRole to the operator SA
---
 pkg/install/common.go   |  2 ++
 pkg/install/knative.go  | 60 +++++++++++++++++++++++++++++++++++++++++++++++++
 pkg/install/optional.go |  8 ++++++-
 3 files changed, 69 insertions(+), 1 deletion(-)

diff --git a/pkg/install/common.go b/pkg/install/common.go
index e131298..a8606ed 100644
--- a/pkg/install/common.go
+++ b/pkg/install/common.go
@@ -35,6 +35,8 @@ import (
 	"github.com/apache/camel-k/pkg/util/openshift"
 )
 
+const serviceAccountName = "camel-k-operator"
+
 // ResourceCustomizer can be used to inject code that changes the objects before they are created.
 type ResourceCustomizer func(object ctrl.Object) ctrl.Object
 
diff --git a/pkg/install/knative.go b/pkg/install/knative.go
new file mode 100644
index 0000000..db77b87
--- /dev/null
+++ b/pkg/install/knative.go
@@ -0,0 +1,60 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package install
+
+import (
+	"context"
+	"fmt"
+
+	rbacv1 "k8s.io/api/rbac/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	rbacv1ac "k8s.io/client-go/applyconfigurations/rbac/v1"
+
+	"github.com/apache/camel-k/pkg/client"
+	"github.com/apache/camel-k/pkg/util/knative"
+)
+
+const knativeAddressableResolverClusterRoleName = "addressable-resolver"
+
+// BindKnativeAddressableResolverClusterRole binds the Knative Addressable resolver aggregated ClusterRole
+// to the operator ServiceAccount.
+func BindKnativeAddressableResolverClusterRole(ctx context.Context, c client.Client, namespace string) error {
+	if isKnative, err := knative.IsInstalled(ctx, c); err != nil {
+		return err
+	} else if !isKnative {
+		return nil
+	}
+
+	crb := rbacv1ac.ClusterRoleBinding(fmt.Sprintf("%s-addressable-resolver", serviceAccountName)).
+		WithSubjects(
+			rbacv1ac.Subject().
+				WithKind("ServiceAccount").
+				WithNamespace(namespace).
+				WithName(serviceAccountName),
+		).
+		WithRoleRef(rbacv1ac.RoleRef().
+			WithAPIGroup(rbacv1.GroupName).
+			WithKind("ClusterRole").
+			WithName(knativeAddressableResolverClusterRoleName))
+
+	_, err := c.RbacV1().ClusterRoleBindings().
+		Apply(ctx, crb, metav1.ApplyOptions{FieldManager: serviceAccountName, Force: true})
+
+	return err
+}
diff --git a/pkg/install/optional.go b/pkg/install/optional.go
index 10da131..dd3d0fc 100644
--- a/pkg/install/optional.go
+++ b/pkg/install/optional.go
@@ -21,10 +21,10 @@ import (
 	"context"
 	"strings"
 
-	"github.com/apache/camel-k/pkg/util/defaults"
 	"github.com/go-logr/logr"
 
 	"github.com/apache/camel-k/pkg/client"
+	"github.com/apache/camel-k/pkg/util/defaults"
 )
 
 // OperatorStartupOptionalTools tries to install optional tools at operator startup and warns if something goes wrong.
@@ -63,4 +63,10 @@ func OperatorStartupOptionalTools(ctx context.Context, c client.Client, namespac
 			}
 		}
 	}
+
+	// Try to bind the Knative Addressable resolver aggregated ClusterRole to the operator ServiceAccount
+	if err := BindKnativeAddressableResolverClusterRole(ctx, c, namespace); err != nil {
+		log.Info("Cannot bind the Knative Addressable resolver aggregated ClusterRole: skipping.")
+		log.V(8).Info("Error while binding the Knative Addressable resolver aggregated ClusterRole", "error", err)
+	}
 }