Add RBAC for infrastructureproviders, update machine-api to v1.0.1

Author: ChrisRx

config/rbac/role.yaml

@@ -66,6 +66,15 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - machine.crit.sh
+  resources:
+  - infrastructureproviders
+  - infrastructureproviders/status
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - machine.crit.sh
   resources:

controllers/dockerinfrastructureprovider_controller.go

@@ -20,6 +20,8 @@ import (
 	"context"
 	"encoding/json"
 
+	cinderapi "github.com/criticalstack/crit/cmd/cinder/api"
+	"github.com/criticalstack/machine-api/util"
 	"github.com/go-logr/logr"
 	"github.com/go-openapi/spec"
 	corev1 "k8s.io/api/core/v1"
@@ -36,8 +38,6 @@ import (
 	"github.com/criticalstack/machine-api-provider-docker/api/v1alpha1"
 )
 
-const OpenAPISchemaSecretName = "config-schema"
-
 // DockerMachineReconciler reconciles a DockerMachine object
 type DockerInfrastructureProviderReconciler struct {
 	client.Client
@@ -56,6 +56,70 @@ func (r *DockerInfrastructureProviderReconciler) SetupWithManager(mgr ctrl.Manag
 		Complete(r)
 }
 
+// +kubebuilder:rbac:groups=infrastructure.crit.sh,resources=dockerinfrastructureproviders,verbs=get;list;watch
+// +kubebuilder:rbac:groups=infrastructure.crit.sh,resources=dockerinfrastructureproviders/status,verbs=create;update
+// +kubebuilder:rbac:groups=machine.crit.sh,resources=infrastructureproviders;infrastructureproviders/status,verbs=get;list;watch
+// +kubebuilder:rbac:groups=,resources=secrets,verbs=*
+
+func (r *DockerInfrastructureProviderReconciler) Reconcile(req ctrl.Request) (_ ctrl.Result, reterr error) {
+	ctx := context.Background()
+	log := r.Log.WithValues("dockerinfrastructureprovider", req.NamespacedName)
+
+	ip := &v1alpha1.DockerInfrastructureProvider{}
+	if err := r.Get(ctx, req.NamespacedName, ip); err != nil {
+		if apierrors.IsNotFound(err) {
+			return ctrl.Result{}, nil
+		}
+		return ctrl.Result{}, err
+	}
+
+	ipOwner, err := util.GetOwnerInfrastructureProvider(ctx, r.Client, ip.ObjectMeta)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+	if ipOwner == nil {
+		log.Info("InfrastructureProvider Controller has not yet set OwnerRef")
+		return ctrl.Result{}, nil
+	}
+
+	log = log.WithValues("infrastructureprovider", ipOwner.Name)
+
+	s := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      OpenAPISchemaSecretName,
+			Namespace: ip.Namespace,
+		},
+	}
+	if err := r.Get(ctx, client.ObjectKey{Name: s.Name, Namespace: s.Namespace}, s); client.IgnoreNotFound(err) != nil {
+		return ctrl.Result{}, err
+	}
+
+	ip.Status.Ready = !s.GetCreationTimestamp().Time.IsZero() // ready if secret already exists
+	ip.Status.LastUpdated = metav1.Now()
+	defer func() {
+		if err := r.Status().Update(ctx, ip); err != nil {
+			log.Error(err, "failed to update provider status")
+		}
+	}()
+
+	b, err := json.Marshal(schema)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
+	if _, err := controllerutil.CreateOrUpdate(ctx, r.Client, s, func() error {
+		s.Data = map[string][]byte{"schema": b}
+		return controllerutil.SetControllerReference(ip, s, r.Scheme)
+	}); err != nil {
+		return ctrl.Result{}, err
+	}
+
+	ip.Status.Ready = true
+	return ctrl.Result{}, nil
+}
+
+const OpenAPISchemaSecretName = "config-schema"
+
 var schema = spec.Schema{
 	SchemaProps: spec.SchemaProps{
 		Type:  spec.StringOrArray{"object"},
@@ -96,7 +160,7 @@ var schema = spec.Schema{
 							SchemaProps: spec.SchemaProps{
 								Type:        spec.StringOrArray{"string"},
 								Description: "container image to use",
-								Default:     "criticalstack/cinder:v1.0.0-beta.10",
+								Default:     cinderapi.DefaultNodeImage,
 							},
 						},
 						"containerName": {
@@ -121,49 +185,3 @@ var schema = spec.Schema{
 		Required: []string{"apiVersion", "kind"},
 	},
 }
-
-// +kubebuilder:rbac:groups=infrastructure.crit.sh,resources=dockerinfrastructureproviders,verbs=get;list;watch
-// +kubebuilder:rbac:groups=infrastructure.crit.sh,resources=dockerinfrastructureproviders/status,verbs=create;update
-// +kubebuilder:rbac:groups=,resources=secrets,verbs=*
-
-func (r *DockerInfrastructureProviderReconciler) Reconcile(req ctrl.Request) (_ ctrl.Result, reterr error) {
-	ctx := context.Background()
-	log := r.Log.WithValues("dockerinfrastructureprovider", req.NamespacedName)
-
-	ip := &v1alpha1.DockerInfrastructureProvider{}
-	if err := r.Get(ctx, req.NamespacedName, ip); err != nil {
-		if apierrors.IsNotFound(err) {
-			return ctrl.Result{}, nil
-		}
-		return ctrl.Result{}, err
-	}
-
-	var s corev1.Secret
-	s.SetName(OpenAPISchemaSecretName)
-	s.SetNamespace(ip.Namespace)
-	if err := r.Get(ctx, client.ObjectKey{Name: s.Name, Namespace: s.Namespace}, &s); client.IgnoreNotFound(err) != nil {
-		return ctrl.Result{}, err
-	}
-
-	ip.Status.Ready = !s.GetCreationTimestamp().Time.IsZero() // ready if secret already exists
-	ip.Status.LastUpdated = metav1.Now()
-	defer func() {
-		if err := r.Status().Update(ctx, ip); err != nil {
-			log.Error(err, "failed to update provider status")
-		}
-	}()
-	b, err := json.Marshal(schema)
-	if err != nil {
-		return ctrl.Result{}, err
-	}
-
-	if _, err := controllerutil.CreateOrUpdate(ctx, r.Client, &s, func() error {
-		s.Data = map[string][]byte{"schema": b}
-		return controllerutil.SetControllerReference(ip, &s, r.Scheme)
-	}); err != nil {
-		return ctrl.Result{}, err
-	}
-
-	ip.Status.Ready = true
-	return ctrl.Result{}, nil
-}

go.mod

@@ -4,7 +4,7 @@ go 1.14
 
 require (
 	github.com/criticalstack/crit v1.0.3
-	github.com/criticalstack/machine-api v1.0.0
+	github.com/criticalstack/machine-api v1.0.1
 	github.com/go-logr/logr v0.1.0
 	github.com/go-openapi/spec v0.19.3
 	github.com/onsi/ginkgo v1.12.1

go.sum

@@ -84,18 +84,11 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/criticalstack/crit v1.0.0-beta.4/go.mod h1:ULOKHjqXNtCGg4sH46kYxTBje0P9mgkpV8forMVxhGk=
-github.com/criticalstack/crit v1.0.0-beta.8 h1:Eg3Rm42LVwXo77J1blDwSuhQVsjCGTfzC5sWUWfJy/8=
-github.com/criticalstack/crit v1.0.0-beta.8/go.mod h1:ULOKHjqXNtCGg4sH46kYxTBje0P9mgkpV8forMVxhGk=
 github.com/criticalstack/crit v1.0.3 h1:1I/xyXzazV3d9u2Bg/NguqYiArNLwAQWSkWSnBM0Sgw=
 github.com/criticalstack/crit v1.0.3/go.mod h1:ULOKHjqXNtCGg4sH46kYxTBje0P9mgkpV8forMVxhGk=
 github.com/criticalstack/e2d v0.4.14/go.mod h1:Bxbt5zWKhtA81n/YibGi8dlOdTVjNuBzy2zkbjJBf98=
-github.com/criticalstack/machine-api v0.1.2 h1:jEwvqoFzKPwBLxqbxLh2eUJB0gTQGVaxHVdbzRW9YZc=
-github.com/criticalstack/machine-api v0.1.2/go.mod h1:kZG0Nn4bvefSvXR5c59i8uZhsrFN8QCqlrTbWK1enGg=
-github.com/criticalstack/machine-api v0.1.3 h1:KB/ZDSaADG7+BTrADJMpYrAHsJ8fuuhdbK25XWgUA18=
-github.com/criticalstack/machine-api v0.1.3/go.mod h1:9q7YROKFl0NwEeO9wMY5IG7zWqBTYJ7331+JhAjxF6U=
-github.com/criticalstack/machine-api v1.0.0 h1:tE7SlfmJT6tSOX0NVu/G5PIhWEjp9Sqte1zQwtbXkWQ=
-github.com/criticalstack/machine-api v1.0.0/go.mod h1:yrAmVXEoPnjNKtB+zz3/Hslqk5ewOm9HOM52xbfeMtg=
+github.com/criticalstack/machine-api v1.0.1 h1:6dXUYX+ZXNsDGI1xfWyvUXJ8rAMbliOVg0t5G3tbbkQ=
+github.com/criticalstack/machine-api v1.0.1/go.mod h1:yrAmVXEoPnjNKtB+zz3/Hslqk5ewOm9HOM52xbfeMtg=
 github.com/daaku/go.zipexe v1.0.0/go.mod h1:z8IiR6TsVLEYKwXAoE/I+8ys/sDkgTzSL0CLnGVd57E=
 github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -747,7 +740,6 @@ k8s.io/metrics v0.18.2/go.mod h1:qga8E7QfYNR9Q89cSCAjinC9pTZ7yv1XSVGUB0vJypg=
 k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20200229041039-0a110f9eb7ab/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
-k8s.io/utils v0.0.0-20200414100711-2df71ebbae66/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20200619165400-6e3d28b6ed19 h1:7Nu2dTj82c6IaWvL7hImJzcXoTPz1MsSCH7r+0m6rfo=
 k8s.io/utils v0.0.0-20200619165400-6e3d28b6ed19/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=