search

kubewarden / kubewarden-controller

Manage admission policies in your Kubernetes cluster with ease
https://kubewarden.io
Apache License 2.0
189 stars 33 forks source link

feat: Use rbac from controller repo in the development environment and sync rbac with helm charts #704

Closed jvanz closed 5 months ago

jvanz commented 5 months ago

Description

Updates the Tiltfile to change the Roles and ClusterRoles defined in the Helm charts to use the rules defined in the RBAC defined in the local directory. Therefore, when permissions are added,changed or removed, there is no need to copy the content to the Helm chart directory.

During this process I've found out that some kubebuilder directives does not match what we use in the Helm charts. Thus, I've updated them. Furthermore, for some reason, kubebuilder generates a duplicate rule in the manager-role role. Witch is causing the resultant role to not have create/update access to the deployments resource. A Kustomize patch to remove that rule has been added. This problematic rule is not present in the Helm chart roles as well.

This changes are written during my tests on #698

Test

tilt  up --stream

Additional Information

I found weird that a duplicate rule of a RBAC overwrite a previous rule defined in the same role. As far as I can remember, this should not happen. But it was happening in my local cluster. Furthermore, the same problematic rule is remove in the Helm charts. Maybe this is can be a problem indeed. I've also tried to change the Kubebuilder directives to avoid that, but I could not find a way to workaround that there. If you know why that happen or another workaround, let me know.

codecov[bot] commented 5 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 44.97%. Comparing base (7c588c4) to head (aa6b27d).

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #704 +/- ## ========================================== - Coverage 50.71% 44.97% -5.75% ========================================== Files 27 22 -5 Lines 2021 1543 -478 ========================================== - Hits 1025 694 -331 + Misses 889 788 -101 + Partials 107 61 -46 ``` | [Flag](https://app.codecov.io/gh/kubewarden/kubewarden-controller/pull/704/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=kubewarden) | Coverage Δ | | |---|---|---| | [integration-tests](https://app.codecov.io/gh/kubewarden/kubewarden-controller/pull/704/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=kubewarden) | `?` | | | [unit-tests](https://app.codecov.io/gh/kubewarden/kubewarden-controller/pull/704/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=kubewarden) | `44.97% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=kubewarden#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

viccuad commented 5 months ago

rebased via UI as it was needed.

viccuad commented 5 months ago

argh, now it complains about signed commits.

@jvanz could you rebase on your own? (and that way remove me as committer, leaving you as authored, which is more fitting).