Combine the cluster / machine permissions per review

k0rdent · Nov 13, 2024 · 56bd578 · 56bd578
1 parent 199a194
commit 56bd578
Show file tree

Hide file tree

Showing 9 changed files with 29 additions and 35 deletions.
diff --git a/api/v1alpha1/common.go b/api/v1alpha1/common.go
@@ -58,6 +58,9 @@ type ServicesType struct {
 	// that could be installed on the target cluster.
 	Services []ServiceSpec `json:"services,omitempty"`
 
+	// +kubebuilder:default:=100
+	// +kubebuilder:validation:Minimum=1
+	// +kubebuilder:validation:Maximum=2147483646
 	// ServicesPriority sets the priority for the services defined in this spec.
 	// Higher value means higher priority and lower means lower.
 	// In case of conflict with another object managing the service,

diff --git a/internal/controller/managedcluster_controller_test.go b/internal/controller/managedcluster_controller_test.go
@@ -180,10 +180,12 @@ var _ = Describe("ManagedCluster Controller", func() {
 					Spec: hmc.ManagedClusterSpec{
 						Template:   templateName,
 						Credential: credentialName,
-						Services: []hmc.ServiceSpec{
-							{
-								Template: svcTemplateName,
-								Name:     "test-svc-name",
+						ServicesType: hmc.ServicesType{
+							Services: []hmc.ServiceSpec{
+								{
+									Template: svcTemplateName,
+									Name:     "test-svc-name",
+								},
 							},
 						},
 					},

diff --git a/internal/controller/multiclusterservice_controller_test.go b/internal/controller/multiclusterservice_controller_test.go
@@ -176,10 +176,12 @@ var _ = Describe("MultiClusterService Controller", func() {
 						},
 					},
 					Spec: hmc.MultiClusterServiceSpec{
-						Services: []hmc.ServiceSpec{
-							{
-								Template: serviceTemplateName,
-								Name:     helmChartReleaseName,
+						ServicesType: hmc.ServicesType{
+							Services: []hmc.ServiceSpec{
+								{
+									Template: serviceTemplateName,
+									Name:     helmChartReleaseName,
+								},
 							},
 						},
 					},

diff --git a/internal/controller/unmanagedcluster_controller.go b/internal/controller/unmanagedcluster_controller.go
@@ -33,7 +33,6 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 	"sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/util/kubeconfig"
-	"sigs.k8s.io/cluster-api/util/secret"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
@@ -311,18 +310,6 @@ func (r *UnmanagedClusterReconciler) reconcileDeletion(ctx context.Context, unma
 		return ctrl.Result{Requeue: true}, fmt.Errorf("failed to delete unmanaged machines: %w", err)
 	}
 
-	if err := r.Delete(ctx, &corev1.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			Namespace: unmanagedCluster.Namespace,
-			Name:      secret.Name(unmanagedCluster.Name, secret.Kubeconfig),
-			Labels: map[string]string{
-				v1beta1.ClusterNameLabel: unmanagedCluster.Name,
-			},
-		},
-	}); err != nil && !apierrors.IsNotFound(err) {
-		return ctrl.Result{Requeue: true}, fmt.Errorf("failed to delete cluster secret: %w", err)
-	}
-
 	if err := r.Delete(ctx, &v1beta1.Cluster{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: unmanagedCluster.Namespace,

diff --git a/internal/controller/unmanagedcluster_controller_test.go b/internal/controller/unmanagedcluster_controller_test.go
@@ -76,11 +76,7 @@ var _ = Describe("UnmanagedCluster Controller", func() {
 						Name:      unmanagedClusterName,
 						Namespace: unmanagedClusterNamespace,
 					},
-					Spec: hmc.UnmanagedClusterSpec{
-						Services:         nil,
-						ServicesPriority: 1,
-						StopOnConflict:   true,
-					},
+					Spec: hmc.UnmanagedClusterSpec{},
 				}
 				Expect(k8sClient.Create(ctx, resource)).To(Succeed())
 			}

diff --git a/templates/provider/hmc/templates/crds/hmc.mirantis.com_managedclusters.yaml b/templates/provider/hmc/templates/crds/hmc.mirantis.com_managedclusters.yaml
@@ -103,12 +103,15 @@ spec:
                   type: object
                 type: array
               servicesPriority:
+                default: 100
                 description: |-
                   ServicesPriority sets the priority for the services defined in this spec.
                   Higher value means higher priority and lower means lower.
                   In case of conflict with another object managing the service,
                   the one with higher priority will get to deploy its services.
                 format: int32
+                maximum: 2147483646
+                minimum: 1
                 type: integer
               stopOnConflict:
                 default: false

diff --git a/templates/provider/hmc/templates/crds/hmc.mirantis.com_multiclusterservices.yaml b/templates/provider/hmc/templates/crds/hmc.mirantis.com_multiclusterservices.yaml
@@ -121,12 +121,15 @@ spec:
                   type: object
                 type: array
               servicesPriority:
+                default: 100
                 description: |-
                   ServicesPriority sets the priority for the services defined in this spec.
                   Higher value means higher priority and lower means lower.
                   In case of conflict with another object managing the service,
                   the one with higher priority will get to deploy its services.
                 format: int32
+                maximum: 2147483646
+                minimum: 1
                 type: integer
               stopOnConflict:
                 default: false

diff --git a/templates/provider/hmc/templates/crds/hmc.mirantis.com_unmanagedclusters.yaml b/templates/provider/hmc/templates/crds/hmc.mirantis.com_unmanagedclusters.yaml
@@ -75,12 +75,15 @@ spec:
                   type: object
                 type: array
               servicesPriority:
+                default: 100
                 description: |-
                   ServicesPriority sets the priority for the services defined in this spec.
                   Higher value means higher priority and lower means lower.
                   In case of conflict with another object managing the service,
                   the one with higher priority will get to deploy its services.
                 format: int32
+                maximum: 2147483646
+                minimum: 1
                 type: integer
               stopOnConflict:
                 default: false

diff --git a/templates/provider/hmc/templates/rbac/controller/roles.yaml b/templates/provider/hmc/templates/rbac/controller/roles.yaml
@@ -19,7 +19,8 @@ rules:
   - cluster.x-k8s.io
   resources:
   - clusters
-  verbs: {{ include "rbac.viewerVerbs" . | nindent 4 }}
+  verbs: {{ include "rbac.editorVerbs" . | nindent 4 }}
+    - delete
 - apiGroups:
   - helm.toolkit.fluxcd.io
   resources:
@@ -145,7 +146,8 @@ rules:
   - cluster.x-k8s.io
   resources:
   - machines
-  verbs: {{ include "rbac.viewerVerbs" . | nindent 4 }}
+  verbs: {{ include "rbac.editorVerbs" . | nindent 4 }}
+    - delete
 - apiGroups:
   - ""
   resources:
@@ -250,13 +252,6 @@ rules:
     - get
     - patch
     - update
-- apiGroups:
-    - cluster.x-k8s.io
-  resources:
-    - clusters
-    - machines
-  verbs: {{ include "rbac.editorVerbs" . | nindent 4 }}
-    - delete
 - apiGroups:
     - config.projectsveltos.io
   resources: