refactor: cleanup tekton operands

Cleanup Tekton operands to improve code quality and readability. Also set specific RBAC groups to core instead of the wildcard. Signed-off-by: Ben Oukhanov <[email protected]>
kubevirt · Oct 4, 2023 · 459407a · 459407a
1 parent c9a8ae0
commit 459407a
Show file tree

Hide file tree

Showing 9 changed files with 290 additions and 312 deletions.
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -25,33 +25,6 @@ rules:
   - list
   - update
   - watch
-- apiGroups:
-  - '*'
-  resources:
-  - configmaps
-  verbs:
-  - create
-  - delete
-  - list
-  - watch
-- apiGroups:
-  - '*'
-  resources:
-  - persistentvolumeclaims
-  verbs:
-  - '*'
-- apiGroups:
-  - '*'
-  resources:
-  - pods
-  verbs:
-  - create
-- apiGroups:
-  - '*'
-  resources:
-  - secrets
-  verbs:
-  - '*'
 - apiGroups:
   - admissionregistration.k8s.io
   resources:
@@ -153,6 +126,15 @@ rules:
   - infrastructures
   verbs:
   - get
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+  - delete
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -180,6 +162,7 @@ rules:
   resources:
   - persistentvolumeclaims
   verbs:
+  - '*'
   - create
   - delete
   - get
@@ -208,9 +191,16 @@ rules:
   resources:
   - pods
   verbs:
+  - create
   - get
   - list
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - '*'
 - apiGroups:
   - ""
   resources:

diff --git a/controllers/setup.go b/controllers/setup.go
@@ -65,12 +65,14 @@ func setupManager(ctx context.Context, cancel context.CancelFunc, mgr controller
 		return fmt.Errorf("failed to read vm-console-proxy bundle: %w", err)
 	}
 
-	tektonPipelinesBundle, err := tekton_bundle.ReadPipelineBundle()
+	tektonPipelinesBundlePaths := tekton_bundle.GetTektonPipelineBundlePaths()
+	tektonPipelinesBundle, err := tekton_bundle.ReadBundle(tektonPipelinesBundlePaths)
 	if err != nil {
 		return err
 	}
 
-	tektonTasksBundle, err := tekton_bundle.ReadTasksBundle(runningOnOpenShift)
+	tektonTasksBundlePath := tekton_bundle.GetTektonTasksBundlePath(runningOnOpenShift)
+	tektonTasksBundle, err := tekton_bundle.ReadBundle([]string{tektonTasksBundlePath})
 	if err != nil {
 		return err
 	}

diff --git a/data/olm-catalog/ssp-operator.clusterserviceversion.yaml b/data/olm-catalog/ssp-operator.clusterserviceversion.yaml
@@ -83,33 +83,6 @@ spec:
           - list
           - update
           - watch
-        - apiGroups:
-          - '*'
-          resources:
-          - configmaps
-          verbs:
-          - create
-          - delete
-          - list
-          - watch
-        - apiGroups:
-          - '*'
-          resources:
-          - persistentvolumeclaims
-          verbs:
-          - '*'
-        - apiGroups:
-          - '*'
-          resources:
-          - pods
-          verbs:
-          - create
-        - apiGroups:
-          - '*'
-          resources:
-          - secrets
-          verbs:
-          - '*'
         - apiGroups:
           - admissionregistration.k8s.io
           resources:
@@ -211,6 +184,15 @@ spec:
           - infrastructures
           verbs:
           - get
+        - apiGroups:
+          - ""
+          resources:
+          - configmaps
+          verbs:
+          - create
+          - delete
+          - list
+          - watch
         - apiGroups:
           - ""
           resources:
@@ -238,6 +220,7 @@ spec:
           resources:
           - persistentvolumeclaims
           verbs:
+          - '*'
           - create
           - delete
           - get
@@ -266,9 +249,16 @@ spec:
           resources:
           - pods
           verbs:
+          - create
           - get
           - list
           - watch
+        - apiGroups:
+          - ""
+          resources:
+          - secrets
+          verbs:
+          - '*'
         - apiGroups:
           - ""
           resources:

diff --git a/internal/common/resource.go b/internal/common/resource.go
@@ -549,3 +549,32 @@ func defaultStatusFunc(obj client.Object) ResourceStatus {
 	}
 	return status
 }
+
+// AppendDeepCopies appends deep copies of objects from a source slice to a destination slice.
+// This function is useful for creating a new slice containing deep copies of the provided objects.
+//
+// The PT interface {*T ; client.Object } is a trick. It means that type PT satisfies
+// an anonymous typeset defined directly in the function signature.
+// This typeset interface { *T; client.Object } means that it is a pointer to T
+// and implements interface client.Object.
+//
+// Parameters:
+//   - destination: The destination slice where the deep copies of objects will be appended.
+//   - objects: A slice of objects (of type T) to be deep copied and appended to the destination slice.
+//
+// Returns:
+//   - The updated destination slice containing the appended deep copies of objects.
+//
+// Type Parameters:
+//   - PT: A type that is a pointer to the object type (should implement *T and client.Object interfaces).
+//   - T: The actual object type.
+func AppendDeepCopies[PT interface {
+	*T
+	client.Object
+}, T any](destination []client.Object, objects []T) []client.Object {
+	for i := range objects {
+		var object = PT(&objects[i])
+		destination = append(destination, object.DeepCopyObject().(client.Object))
+	}
+	return destination
+}
diff --git a/internal/operands/tekton-pipelines/reconcile.go b/internal/operands/tekton-pipelines/reconcile.go
@@ -17,7 +17,7 @@ import (
 )
 
 // +kubebuilder:rbac:groups=tekton.dev,resources=pipelines,verbs=list;watch;create;update;delete
-// +kubebuilder:rbac:groups=*,resources=configmaps,verbs=list;watch;create;delete
+// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=list;watch;create;delete
 // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=list;watch;create;update;delete
 
 const (
@@ -116,25 +116,15 @@ func (t *tektonPipelines) Reconcile(request *common.Request) ([]common.Reconcile
 
 func (t *tektonPipelines) Cleanup(request *common.Request) ([]common.CleanupResult, error) {
 	var objects []client.Object
+
 	if request.CrdList.CrdExists(tektonCrd) {
-		for _, p := range t.pipelines {
-			o := p.DeepCopy()
-			objects = append(objects, o)
-		}
-	}
-	for _, cm := range t.configMaps {
-		o := cm.DeepCopy()
-		objects = append(objects, o)
-	}
-	for _, rb := range t.roleBindings {
-		o := rb.DeepCopy()
-		objects = append(objects, o)
-	}
-	for _, sa := range t.serviceAccounts {
-		o := sa.DeepCopy()
-		objects = append(objects, o)
+		objects = common.AppendDeepCopies(objects, t.pipelines)
 	}
 
+	objects = common.AppendDeepCopies(objects, t.configMaps)
+	objects = common.AppendDeepCopies(objects, t.roleBindings)
+	objects = common.AppendDeepCopies(objects, t.serviceAccounts)
+
 	namespace, isUserDefinedNamespace := getTektonPipelinesNamespace(request)
 	for i, o := range objects {
 		objectNamespace := namespace
@@ -144,10 +134,7 @@ func (t *tektonPipelines) Cleanup(request *common.Request) ([]common.CleanupResu
 		objects[i].SetNamespace(objectNamespace)
 	}
 
-	for _, cr := range t.clusterRoles {
-		o := cr.DeepCopy()
-		objects = append(objects, o)
-	}
+	objects = common.AppendDeepCopies(objects, t.clusterRoles)
 
 	return common.DeleteAll(request, objects...)
 }