Skip to content

Commit

Permalink
handle bootstrap pod user-defined mode
Browse files Browse the repository at this point in the history 
- [x] update Makefile to copy operator config from vendored openshift/api
- [x] copy config CRD into bindata so that render subcommand has access to the file
- [x] update render subcommand to check the operator config CR to determine static Pod rendering
- [x] render will now also create the operator config CRD and a operator config CR (reflecting legacy configmap and/or operator config)
- [x] update disabled detection util to error if there is no operator config CR present
- [x] remove legacy default operator configmap (set to disabled: "false") as it is now deprecated
- [x] add default operator config CR with default behavior (where credentialsMode is "")
- [x] update test cases so that an operator config resource does exist
- [x] add test cases to cover the various render subcommand behaviors
- [x] add test cases for passthrough mode where the permissions simulation should not happen

New operator behavior will now refuse to take actions until the operator config CR (named "cluster") is present.
  • Loading branch information
Joel Diaz committed Jul 29, 2020
1 parent caef52c commit 17bd3ee
Show file tree
Hide file tree
Showing 18 changed files with 1,052 additions and 154 deletions.
8 changes: 7 additions & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,13 @@ $(call build-image,ocp-cloud-credential-operator,$(IMAGE_REGISTRY)/ocp/4.5:cloud
$(call add-crd-gen,cloudcredential-manifests,./pkg/apis/cloudcredential/v1,./manifests,./manifests)
$(call add-crd-gen,cloudcredential-bindata,./pkg/apis/cloudcredential/v1,./bindata/bootstrap,./bindata/bootstrap)

update: update-codegen
update: update-vendored-crds update-codegen update-bindata

update-vendored-crds:
# copy config CRD from openshift/api
cp vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml ./manifests/00-config-crd.yaml
# ...and into where we generate bindata from
cp vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml ./bindata/bootstrap/cloudcredential_v1_operator_config_crd.yaml

update-codegen: update-codegen-crds
./hack/update-codegen.sh
Expand Down
0 ...loudcredential_v1_credentialsrequest.yaml → ...credential_v1_credentialsrequest_crd.yaml
View file
File renamed without changes.
155 changes: 155 additions & 0 deletions bindata/bootstrap/cloudcredential_v1_operator_config_crd.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,155 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: cloudcredentials.operator.openshift.io
spec:
scope: Cluster
preserveUnknownFields: false
group: operator.openshift.io
names:
kind: CloudCredential
listKind: CloudCredentialList
plural: cloudcredentials
singular: cloudcredential
subresources:
status: {}
versions:
- name: v1
served: true
storage: true
validation:
openAPIV3Schema:
description: CloudCredential provides a means to configure an operator to manage
CredentialsRequests.
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CloudCredentialSpec is the specification of the desired behavior
of the cloud-credential-operator.
type: object
properties:
credentialsMode:
description: CredentialsMode allows informing CCO that it should not
attempt to dynamically determine the root cloud credentials capabilities,
and it should just run in the specified mode. It also allows putting
the operator into "manual" mode if desired. Leaving the field in default
mode runs CCO so that the cluster's cloud credentials will be dynamically
probed for capabilities (on supported clouds/platforms).
type: string
enum:
- ""
- Manual
- Mint
- Passthrough
logLevel:
description: logLevel is an intent based logging for an overall component. It
does not give fine grained control, but it is a simple way to manage
coarse grained logging choices that operators have to interpret for
their operands.
type: string
managementState:
description: managementState indicates whether and how the operator
should manage the component
type: string
pattern: ^(Managed|Unmanaged|Force|Removed)$
observedConfig:
description: observedConfig holds a sparse config that controller has
observed from the cluster state. It exists in spec because it is
an input to the level for the operator
type: object
nullable: true
x-kubernetes-preserve-unknown-fields: true
operatorLogLevel:
description: operatorLogLevel is an intent based logging for the operator
itself. It does not give fine grained control, but it is a simple
way to manage coarse grained logging choices that operators have to
interpret for themselves.
type: string
unsupportedConfigOverrides:
description: 'unsupportedConfigOverrides holds a sparse config that
will override any previously set options. It only needs to be the
fields to override it will end up overlaying in the following order:
1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides'
type: object
nullable: true
x-kubernetes-preserve-unknown-fields: true
status:
description: CloudCredentialStatus defines the observed status of the cloud-credential-operator.
type: object
properties:
conditions:
description: conditions is a list of conditions and their status
type: array
items:
description: OperatorCondition is just the standard condition fields.
type: object
properties:
lastTransitionTime:
type: string
format: date-time
message:
type: string
reason:
type: string
status:
type: string
type:
type: string
generations:
description: generations are used to determine when an item needs to
be reconciled or has changed in a way that needs a reaction.
type: array
items:
description: GenerationStatus keeps track of the generation for a
given resource so that decisions about forced updates can be made.
type: object
properties:
group:
description: group is the group of the thing you're tracking
type: string
hash:
description: hash is an optional field set for resources without
generation that are content sensitive like secrets and configmaps
type: string
lastGeneration:
description: lastGeneration is the last generation of the workload
controller involved
type: integer
format: int64
name:
description: name is the name of the thing you're tracking
type: string
namespace:
description: namespace is where the thing you're tracking is
type: string
resource:
description: resource is the resource type of the thing you're
tracking
type: string
observedGeneration:
description: observedGeneration is the last generation change you've
dealt with
type: integer
format: int64
readyReplicas:
description: readyReplicas indicates how many replicas are ready and
at the desired state
type: integer
format: int32
version:
description: version is the level this availability applies to
type: string
6 changes: 6 additions & 0 deletions manifests/01-operator-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: operator.openshift.io/v1
kind: CloudCredential
metadata:
name: cluster
annotations:
release.openshift.io/create-only: "true"
9 changes: 0 additions & 9 deletions manifests/01-operator_configmap.yaml
View file

This file was deleted.

Loading

0 comments on commit 17bd3ee

Please sign in to comment.