Merge pull request #214 from ayushsatyam146/reconcile-rbac-resources

Deleting "shipwright-build-webhook" clusterrole and clusterrolebinding
shipwright-io · Jun 10, 2024 · a35fed8 · a35fed8
2 parents e27cffb + e00a28a
commit a35fed8
Show file tree

Hide file tree

Showing 37 changed files with 5,442 additions and 1,219 deletions.
diff --git a/controllers/buildstrategies_test.go b/controllers/buildstrategies_test.go
@@ -8,7 +8,7 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	buildv1alpha1 "github.com/shipwright-io/build/pkg/apis/build/v1alpha1"
+	buildv1beta1 "github.com/shipwright-io/build/pkg/apis/build/v1beta1"
 	"github.com/shipwright-io/operator/api/v1alpha1"
 	"github.com/shipwright-io/operator/test"
 )
@@ -29,7 +29,7 @@ var _ = Describe("Install embedded build strategies", func() {
 			expectedBuildStrategies, err := test.ParseBuildStrategyNames()
 			Expect(err).NotTo(HaveOccurred())
 			for _, strategy := range expectedBuildStrategies {
-				strategyObj := &buildv1alpha1.ClusterBuildStrategy{
+				strategyObj := &buildv1beta1.ClusterBuildStrategy{
 					ObjectMeta: metav1.ObjectMeta{
 						Name: strategy,
 					},

diff --git a/controllers/shipwrightbuild_controller.go b/controllers/shipwrightbuild_controller.go
@@ -13,6 +13,7 @@ import (
 	"github.com/manifestival/manifestival"
 	tektonoperatorv1alpha1client "github.com/tektoncd/operator/pkg/client/clientset/versioned/typed/operator/v1alpha1"
 	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
 	crdclientv1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
@@ -85,6 +86,24 @@ func (r *ShipwrightBuildReconciler) unsetFinalizer(ctx context.Context, b *v1alp
 	return r.Update(ctx, b, &client.UpdateOptions{})
 }
 
+// deleteObjectsIfPresent deletes all the given objects if they are present in the cluster.
+func deleteObjectsIfPresent(ctx context.Context, k8sClient client.Client, objs []client.Object) error {
+	for _, obj := range objs {
+		err := k8sClient.Get(ctx, types.NamespacedName{Name: obj.GetName(), Namespace: obj.GetNamespace()}, obj)
+		if err != nil {
+			if errors.IsNotFound(err) {
+				return nil
+			}
+			return fmt.Errorf("getting object %s: %v", obj.GetName(), err)
+		}
+		err = k8sClient.Delete(ctx, obj)
+		if err != nil {
+			return fmt.Errorf("deleting object %s: %v", obj.GetName(), err)
+		}
+	}
+	return nil
+}
+
 // Reconcile performs the resource reconciliation steps to deploy or remove Shipwright Build
 // instances. When deletion-timestamp is found, the removal of the previously deploy resources is
 // executed, otherwise the regular deploy workflow takes place.
@@ -233,6 +252,18 @@ func (r *ShipwrightBuildReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		err = r.Client.Status().Update(ctx, b)
 		return RequeueWithError(err)
 	}
+
+	// Builds 0.12.0 created a ClusterRole and ClusterRolebinding for the Build API conversion webhook.
+	// These were removed in v0.13.0 - when upgrading, these should be removed if present.
+	err = deleteObjectsIfPresent(ctx, r.Client, []client.Object{
+		&rbacv1.ClusterRoleBinding{ObjectMeta: metav1.ObjectMeta{Name: "shipwright-build-webhook"}},
+		&rbacv1.ClusterRole{ObjectMeta: metav1.ObjectMeta{Name: "shipwright-build-webhook"}},
+	})
+	if err != nil {
+		logger.Error(err, "deleting shipwright-build-webhook ClusterRole and ClusterRoleBinding")
+		return RequeueWithError(err)
+	}
+
 	if err := r.setFinalizer(ctx, b); err != nil {
 		logger.Info(fmt.Sprintf("%#v", b))
 		logger.Error(err, "setting the finalizer")

diff --git a/controllers/shipwrightbuild_controller_test.go b/controllers/shipwrightbuild_controller_test.go
@@ -11,6 +11,7 @@ import (
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
 	crdclientv1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/fake"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -41,6 +42,8 @@ func bootstrapShipwrightBuildReconciler(
 	s.AddKnownTypes(corev1.SchemeGroupVersion, &corev1.Namespace{})
 	s.AddKnownTypes(appsv1.SchemeGroupVersion, &appsv1.Deployment{})
 	s.AddKnownTypes(v1alpha1.GroupVersion, &v1alpha1.ShipwrightBuild{})
+	s.AddKnownTypes(rbacv1.SchemeGroupVersion, &rbacv1.ClusterRoleBinding{})
+	s.AddKnownTypes(rbacv1.SchemeGroupVersion, &rbacv1.ClusterRole{})
 
 	logger := zap.New()
 

diff --git a/controllers/suite_test.go b/controllers/suite_test.go
@@ -29,7 +29,7 @@ import (
 
 	tektonoperatorv1alpha1client "github.com/tektoncd/operator/pkg/client/clientset/versioned/typed/operator/v1alpha1"
 
-	buildv1alpha1 "github.com/shipwright-io/build/pkg/apis/build/v1alpha1"
+	buildv1beta1 "github.com/shipwright-io/build/pkg/apis/build/v1beta1"
 	operatorv1alpha1 "github.com/shipwright-io/operator/api/v1alpha1"
 	"github.com/shipwright-io/operator/pkg/common"
 	"github.com/shipwright-io/operator/test"
@@ -187,7 +187,7 @@ var _ = BeforeSuite(func() {
 	err = crdv1.AddToScheme(scheme.Scheme)
 	Expect(err).NotTo(HaveOccurred())
 
-	err = buildv1alpha1.AddToScheme(scheme.Scheme)
+	err = buildv1beta1.AddToScheme(scheme.Scheme)
 	Expect(err).NotTo(HaveOccurred())
 
 	// +kubebuilder:scaffold:scheme

diff --git a/kodata/release.yaml b/kodata/release.yaml
diff --git a/kodata/samples/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml b/kodata/samples/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml