Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make it easy to generate roles for the dr-cluster and hub flavor of the operator #1676

Open
raghavendra-talur opened this issue Nov 25, 2024 · 1 comment

Comments

@raghavendra-talur
Copy link
Member

raghavendra-talur commented Nov 25, 2024

Currently, we run the make manifests target to generate the crds, roles, webhooks for the code we have in our repo.

This generates the config/rbac/role.yaml file for the roles. Then the developer has to copy the updated/generated lines over to the right file config/hub/rbac/role.yaml or config/dr-cluster/rbac/role.yaml depending on where the +kubebuilder:rbac: lines were updated.

This is

  1. manual
  2. error-prone
  3. not documented

We should make this process easier.

More details:

  1. output one shows where we have the +kubebuilder:rbac marker lines in our code.
  2. output two shows the current splits between dr-cluster and hub roles.
$ grep -nri "+kubebuilder:rbac:" ./* | grep -v "Binary file" | cut -d":" -f1 | sort | uniq
./internal/controller/drcluster_controller.go
./internal/controller/drclusterconfig_controller.go
./internal/controller/drplacementcontrol_controller.go
./internal/controller/drpolicy_controller.go
./internal/controller/kubeobjects/velero/requests.go
./internal/controller/protectedvolumereplicationgrouplist_controller.go
./internal/controller/replicationgroupdestination_controller.go
./internal/controller/replicationgroupsource_controller.go
./internal/controller/volumereplicationgroup_controller.go


$ wc -l config/rbac/role.yaml config/dr-cluster/rbac/role.yaml config/hub/rbac/role.yaml
     434 config/rbac/role.yaml
     275 config/dr-cluster/rbac/role.yaml
     220 config/hub/rbac/role.yaml
     929 total
@nirs
Copy link
Member

nirs commented Nov 25, 2024

Let's start by documenting the process of adding new rbac rules. I'm sure that if you ask current developers how to do this most will fail to describe the right process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants