Support typeless kubernetes resources when generating manifests #931
Conversation
Typeless kubernetes resource has no Group and Plural value, so generating wrong policy rule. Commit summary: 1) Use ApiGroup value from GVK and '*' for Plural value if dependent resource is assignable from GenericKubernetesDependentResource 2) Merge verbs in rule for optimization if with same ApiGroups and Resources
|
|
||
| return clusterRoleBuilder.build(); | ||
| } | ||
|
|
||
| @NotNull | ||
| private static Set<PolicyRule> getNormalizedRules(Set<PolicyRule> collectedRules) { |
There was a problem hiding this comment.
Can you add tests for this method and maybe add more comments about what it's doing?
| @@ -108,6 +99,8 @@ public void shouldCreateRolesAndRoleBindings() throws IOException { | |||
| .filter(rule -> rule.getResources().equals(List.of(RBACRule.ALL))) | |||
| .anyMatch(rule -> rule.getVerbs().equals(List.of(UPDATE)) | |||
| && rule.getApiGroups().equals(List.of(RBACRule.ALL)))); | |||
| rules.stream().filter(rule -> rule.getApiGroups().equals(List.of(TypelessKubeResource.GROUP))) | |||
|
Generally speaking, I will have some improvements, especially after operator-framework/java-operator-sdk#2515 is available in a release, as this will be more precise. |
I agree. |
|
Thank you for the improvements. However, I think that the merging of rules targeting the same apiGroup/kind should be done while we're gathering them, not after, as this would be clearer to understand, in my opinion. Would you mind modifying your PR to do that? |
|
Maybe the naming is the key, not about before or after. |
Typeless kubernetes resource has no Group and Plural value, so generating wrong policy rule.
Commit summary: