Skip to content

Commit e0b0dc2

Browse files
bennyzbennyz
committed
forklift: add missing expected events
Signed-off-by: Benny Zlotnik <[email protected]>
1 parent 05c53a2 commit e0b0dc2

File tree

3 files changed

+10
-26
lines changed

3 files changed

+10
-26
lines changed

Diff for: pkg/operator/controller/controller_test.go

+8
Original file line numberDiff line numberDiff line change
@@ -1934,5 +1934,13 @@ func createNotReadyEventValidationMap() map[string]bool {
19341934
match[normalCreateSuccess+" *v1.Secret cdi-uploadserver-client-cert"] = false
19351935
match[normalCreateSuccess+" *v1.Service cdi-prometheus-metrics"] = false
19361936
match[normalCreateEnsured+" SecurityContextConstraint exists"] = false
1937+
1938+
// Forklift
1939+
match[normalCreateSuccess+" *v1.ClusterRole forklift.cdi.kubevirt.io:admin"] = false
1940+
match[normalCreateSuccess+" *v1.ClusterRole forklift.cdi.kubevirt.io:edit"] = false
1941+
match[normalCreateSuccess+" *v1.ClusterRole forklift.cdi.kubevirt.io:view"] = false
1942+
match[normalCreateSuccess+" *v1.ClusterRole forklift.cdi.kubevirt.io:config-reader"] = false
1943+
match[normalCreateSuccess+" *v1.ClusterRoleBinding forklift.cdi.kubevirt.io:config-reader"] = false
1944+
19371945
return match
19381946
}

Diff for: pkg/operator/resources/cluster/controller.go

+2-12
Original file line numberDiff line numberDiff line change
@@ -165,9 +165,11 @@ func getControllerClusterPolicyRules() []rbacv1.PolicyRule {
165165
"get",
166166
},
167167
},
168+
// "*" permissions are usually bad, but it makes sense for CDI to have them as it controls everything related
168169
{
169170
APIGroups: []string{
170171
"cdi.kubevirt.io",
172+
"forklift.cdi.kubevirt.io",
171173
},
172174
Resources: []string{
173175
"*",
@@ -266,18 +268,6 @@ func getControllerClusterPolicyRules() []rbacv1.PolicyRule {
266268
"update",
267269
},
268270
},
269-
{
270-
APIGroups: []string{
271-
"forklift.cdi.kubevirt.io",
272-
},
273-
Resources: []string{
274-
"ovirtvolumepopulators",
275-
"openstackvolumepopulators",
276-
},
277-
Verbs: []string{
278-
"*",
279-
},
280-
},
281271
}
282272
}
283273

Diff for: pkg/operator/resources/cluster/rbac.go

-14
Original file line numberDiff line numberDiff line change
@@ -168,20 +168,6 @@ func createConfigReaderClusterRole(name string) *rbacv1.ClusterRole {
168168
"watch",
169169
},
170170
},
171-
{
172-
APIGroups: []string{
173-
"forklift.cdi.kubevirt.io",
174-
},
175-
Resources: []string{
176-
"ovirtvolumepopulators",
177-
"openstackvolumepopulators",
178-
},
179-
Verbs: []string{
180-
"get",
181-
"list",
182-
"watch",
183-
},
184-
},
185171
}
186172

187173
return utils.ResourceBuilder.CreateClusterRole(name, rules)

0 commit comments

Comments
 (0)