Following #971 and #972, we need to wire up the logic such that a ServiceAccount referenced in a ClusterExtension is used to install/upgrade/uninstall content via the Helm client.
While exact implementation may vary, here are some things to consider during implementation:
The token for this should be retrieved via the implementation in #972
Updates to the existing unit + e2e tests as necessary for them to continue functioning as expected. It is anticipated that some work will need to be done to configure a ServiceAccount with appropriate permissions to be used during e2e tests.
Permissions on the operator-controller ServiceAccount should be updated to no longer require write permissions on content to be installed (and clean up any other permissions that are no longer necessary)
Any changes to the previously implemented interfaces to facilitate the wiring of components successfully are made
Following #971 and #972, we need to wire up the logic such that a
ServiceAccountreferenced in aClusterExtensionis used to install/upgrade/uninstall content via the Helm client.While exact implementation may vary, here are some things to consider during implementation:
client.RestConfigMapperthat is used withclient.NewActionConfigGetterto configure the helm client created for a given ClusterExtension.client.NewActionConfigGetteris configured here: https://github.com/operator-framework/operator-controller/blob/2eca31ddd520a558b063880b5db0bb3ece878a3b/cmd/manager/main.go#L168-L175Acceptance Criteria:
client.NewActionConfigGettersetup in https://github.com/operator-framework/operator-controller/blob/2eca31ddd520a558b063880b5db0bb3ece878a3b/cmd/manager/main.go#L168-L175 is updated to use aclient.RestConfigMapperthat creates arest.Configconfigured with a token from theServiceAccountreferenced in aClusterExtension