From aa3695e76c19a91776bab43d8b6bc496df3b8ebc Mon Sep 17 00:00:00 2001 From: estevesm Date: Tue, 7 Sep 2021 15:18:36 +0200 Subject: [PATCH 1/2] Added view role for PaaS users on DelegatedDomainAlias --- .../deletegateddomainalias_view_role.yaml | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 chart/templates/deletegateddomainalias_view_role.yaml diff --git a/chart/templates/deletegateddomainalias_view_role.yaml b/chart/templates/deletegateddomainalias_view_role.yaml new file mode 100644 index 0000000..10f6e95 --- /dev/null +++ b/chart/templates/deletegateddomainalias_view_role.yaml @@ -0,0 +1,29 @@ +# On the PaaS cluster use case we have to allow users to +# read what DelegatedDomainAlias their projects have, to support the +# custom domains use case. +# We will use these aggregated-clusterroles +# to allow admins of a namespace to read these resources +# This might change in the future, for more info refer to https://gitlab.cern.ch/webservices/webframeworks-planning/-/issues/86 +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: delegateddomainalias-view-role + # Labels that grant the privileges listed in rules to the default roles on the labels + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: + - landb.operator.cern.ch + resources: + - delegateddomainalias + verbs: + - get + - list + - watch +- apiGroups: + - landb.operator.cern.ch + resources: + - delegateddomainalias/status + verbs: + - get -- GitLab From b70834f95b72dc39e952a0ab865b222fbe2ace88 Mon Sep 17 00:00:00 2001 From: estevesm Date: Tue, 7 Sep 2021 15:20:37 +0200 Subject: [PATCH 2/2] Removed CI related with outdate operator-ci --- .gitlab-ci.yml | 40 +--------------------------------------- 1 file changed, 1 insertion(+), 39 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e6bad59..4c6abcb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,44 +1,6 @@ include: - project: 'paas-tools/infrastructure-ci' file: 'docker-images-ci-templates/DockerImages.gitlab-ci.yml' - - project: 'paas-tools/infrastructure-ci' - file: '/operator-ci-templates/operatorci.gitlab-ci.yml' variables: - DOCKERFILE_PATH: build/Dockerfile - OPERATOR_NAME: landb-operator - WATCH_NAMESPACE: default - -stages: - - build - - provision-cluster - - test - - deprovision-cluster - -Provision OKD4 cluster: - rules: - - when: manual - -Test: - stage: test - image: gitlab-registry.cern.ch/paas-tools/operators/operator-sdk-client:v0.19.3 - before_script: - # Packages specific to this operator needed for it to run - - pip-3.6 install --no-cache-dir -r requirements.txt - # Exporting variables necessary for the operator to run - - export KUBECONFIG=kubeconfig - - export LANDB_RESPONSIBLE=okd-landb-resources-manager - # Scaling down in cluster landb operator so it doens't interfere, - # TODO: to be seen if this is the best approach since instead of running it - # with sdk we could try to use the one already in the cluster - - oc scale deploy/argocd-application-controller -n openshift-cern-argocd --replicas=0 - - oc scale deploy/landb-operator -n openshift-cern-landb --replicas=0 - script: - - if [ -n "${CI_INTERACTIVE_DEBUG}" ]; then sleep "${CI_INTERACTIVE_DEBUG}"; fi - # TODO remove just checking is env var is correctly set here - - echo ${CLUSTER_NAME} - - operator-sdk run --local --kubeconfig $KUBECONFIG --watch-namespace ${WATCH_NAMESPACE} > out.txt 2>&1 & - - TERM=xterm bats -tpr tests/ - after_script: - # Scaling ArgoCD back up to allow for cleanup of LanDB resources when deprovisioning cluster - - oc scale deploy/argocd-application-controller -n openshift-cern-argocd --replicas=1 + DOCKERFILE_PATH: build/Dockerfile \ No newline at end of file -- GitLab