Skip to content

Commit

Permalink
forklift: add missing expected events
Browse files Browse the repository at this point in the history
Signed-off-by: Benny Zlotnik <[email protected]>
  • Loading branch information
bennyz committed Jun 25, 2024
1 parent 05c53a2 commit e0b0dc2
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 26 deletions.
8 changes: 8 additions & 0 deletions pkg/operator/controller/controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1934,5 +1934,13 @@ func createNotReadyEventValidationMap() map[string]bool {
match[normalCreateSuccess+" *v1.Secret cdi-uploadserver-client-cert"] = false
match[normalCreateSuccess+" *v1.Service cdi-prometheus-metrics"] = false
match[normalCreateEnsured+" SecurityContextConstraint exists"] = false

// Forklift
match[normalCreateSuccess+" *v1.ClusterRole forklift.cdi.kubevirt.io:admin"] = false
match[normalCreateSuccess+" *v1.ClusterRole forklift.cdi.kubevirt.io:edit"] = false
match[normalCreateSuccess+" *v1.ClusterRole forklift.cdi.kubevirt.io:view"] = false
match[normalCreateSuccess+" *v1.ClusterRole forklift.cdi.kubevirt.io:config-reader"] = false
match[normalCreateSuccess+" *v1.ClusterRoleBinding forklift.cdi.kubevirt.io:config-reader"] = false

return match
}
14 changes: 2 additions & 12 deletions pkg/operator/resources/cluster/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -165,9 +165,11 @@ func getControllerClusterPolicyRules() []rbacv1.PolicyRule {
"get",
},
},
// "*" permissions are usually bad, but it makes sense for CDI to have them as it controls everything related
{
APIGroups: []string{
"cdi.kubevirt.io",
"forklift.cdi.kubevirt.io",
},
Resources: []string{
"*",
Expand Down Expand Up @@ -266,18 +268,6 @@ func getControllerClusterPolicyRules() []rbacv1.PolicyRule {
"update",
},
},
{
APIGroups: []string{
"forklift.cdi.kubevirt.io",
},
Resources: []string{
"ovirtvolumepopulators",
"openstackvolumepopulators",
},
Verbs: []string{
"*",
},
},
}
}

Expand Down
14 changes: 0 additions & 14 deletions pkg/operator/resources/cluster/rbac.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,20 +168,6 @@ func createConfigReaderClusterRole(name string) *rbacv1.ClusterRole {
"watch",
},
},
{
APIGroups: []string{
"forklift.cdi.kubevirt.io",
},
Resources: []string{
"ovirtvolumepopulators",
"openstackvolumepopulators",
},
Verbs: []string{
"get",
"list",
"watch",
},
},
}

return utils.ResourceBuilder.CreateClusterRole(name, rules)
Expand Down

0 comments on commit e0b0dc2

Please sign in to comment.