Following #971 and #972, we need to wire up the logic such that a ServiceAccount referenced in a ClusterExtension is used to install/upgrade/uninstall content via the Helm client.
While exact implementation may vary, here are some things to consider during implementation:
The token for this should be retrieved via the implementation in #972
Updates to the existing unit + e2e tests as necessary for them to continue functioning as expected. It is anticipated that some work will need to be done to configure a ServiceAccount with appropriate permissions to be used during e2e tests.
Permissions on the operator-controller ServiceAccount should be updated to no longer require write permissions on content to be installed (and clean up any other permissions that are no longer necessary)
Any changes to the previously implemented interfaces to facilitate the wiring of components successfully are made
Following #971 and #972, we need to wire up the logic such that a
ServiceAccount
referenced in aClusterExtension
is used to install/upgrade/uninstall content via the Helm client.While exact implementation may vary, here are some things to consider during implementation:
client.RestConfigMapper
that is used withclient.NewActionConfigGetter
to configure the helm client created for a given ClusterExtension.client.NewActionConfigGetter
is configured here: https://github.com/operator-framework/operator-controller/blob/2eca31ddd520a558b063880b5db0bb3ece878a3b/cmd/manager/main.go#L168-L175Acceptance Criteria:
client.NewActionConfigGetter
setup in https://github.com/operator-framework/operator-controller/blob/2eca31ddd520a558b063880b5db0bb3ece878a3b/cmd/manager/main.go#L168-L175 is updated to use aclient.RestConfigMapper
that creates arest.Config
configured with a token from theServiceAccount
referenced in aClusterExtension