From 48ce64f9920adaaf5a4f98fee22151639bc94a60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Drzewiecki?= Date: Mon, 16 Dec 2024 13:43:53 +0100 Subject: [PATCH 1/4] names of deleted ClusterRoleBindings are logged --- .../runtime_fsm_apply_clusterrolebindings.go | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go b/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go index dbefa9a5..40040d34 100644 --- a/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go +++ b/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go @@ -49,6 +49,7 @@ func sFnApplyClusterRoleBindings(ctx context.Context, m *fsm, s *systemState) (s m.log.Info("Cannot setup Cluster Role Bindings on shoot, scheduling for retry", "RuntimeCR", s.instance.Name, "shoot", s.shoot.Name) return requeue() } + logRemovedClusterRoleBindings(removed, m, s) } s.instance.UpdateStateReady( @@ -60,6 +61,16 @@ func sFnApplyClusterRoleBindings(ctx context.Context, m *fsm, s *systemState) (s return updateStatusAndStop() } +func logRemovedClusterRoleBindings(removed []rbacv1.ClusterRoleBinding, m *fsm, s *systemState) { + if cap(removed) > 0 { + var crbsNames []string + for _, binding := range removed { + crbsNames = append(crbsNames, binding.Name) + } + m.log.Info("Following CRBs were deleted", "deletedCRBs", crbsNames, "RuntimeCR", s.instance.Name, "shoot", s.shoot.Name) + } +} + //nolint:gochecknoglobals var GetShootClient = func(ctx context.Context, cnt client.Client, runtime imv1.Runtime) (client.Client, error) { runtimeID := runtime.Labels[imv1.LabelKymaRuntimeID] @@ -197,6 +208,31 @@ func toAdminClusterRoleBindingWithLabel(name string, key, value string) rbacv1.C } } +func toAdminClusterRoleBindingFromIncident() rbacv1.ClusterRoleBinding { + return rbacv1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + CreationTimestamp: metav1.Time{}, + Name: "name-operator-admin", + ResourceVersion: "38739378", + UID: "aaaaaaaa-1e51-415c-8f38-9d835ea36347", + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: "rbac.authorization.k8s.io", + Kind: "ClusterRole", + Name: "cluster-admin", + }, + Subjects: []rbacv1.Subject{ + {Kind: "User", Name: "xyz1@sap.com", APIGroup: "rbac.authorization.k8s.io"}, + {Kind: "User", Name: "xyz2@sap.com", APIGroup: "rbac.authorization.k8s.io"}, + {Kind: "User", Name: "xyz3@sap.com", APIGroup: "rbac.authorization.k8s.io"}, + {Kind: "User", Name: "xyz4@sap.com", APIGroup: "rbac.authorization.k8s.io"}, + {Kind: "User", Name: "xyz5@sap.com", APIGroup: "rbac.authorization.k8s.io"}, + {Kind: "User", Name: "xyz6@sap.com", APIGroup: "rbac.authorization.k8s.io"}, + {Kind: "User", Name: "xyz7@sap.com", APIGroup: "rbac.authorization.k8s.io"}, + }, + } +} + func toAdminClusterRoleBindingNoLabels(name string) rbacv1.ClusterRoleBinding { return toAdminClusterRoleBindingWithLabel(name, "", "") } @@ -213,6 +249,7 @@ var newDelCRBs = func(ctx context.Context, shootClient client.Client, crbs []rba return err } } + return nil } } From 4370cf44b068d6da58d0138728e28283dde7f032 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Drzewiecki?= Date: Mon, 16 Dec 2024 17:45:37 +0100 Subject: [PATCH 2/4] removes reduntant log parameters --- .../fsm/runtime_fsm_apply_clusterrolebindings.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go b/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go index 40040d34..ab5ac7a0 100644 --- a/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go +++ b/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go @@ -33,7 +33,7 @@ func sFnApplyClusterRoleBindings(ctx context.Context, m *fsm, s *systemState) (s var crbList rbacv1.ClusterRoleBindingList if err := shootAdminClient.List(ctx, &crbList); err != nil { updateCRBApplyFailed(&s.instance) - m.log.Info("Cannot list Cluster Role Bindings on shoot, scheduling for retry", "RuntimeCR", s.instance.Name, "shoot", s.shoot.Name) + m.log.Info("Cannot list Cluster Role Bindings on shoot, scheduling for retry") return requeue() } @@ -46,10 +46,10 @@ func sFnApplyClusterRoleBindings(ctx context.Context, m *fsm, s *systemState) (s } { if err := fn(); err != nil { updateCRBApplyFailed(&s.instance) - m.log.Info("Cannot setup Cluster Role Bindings on shoot, scheduling for retry", "RuntimeCR", s.instance.Name, "shoot", s.shoot.Name) + m.log.Info("Cannot setup Cluster Role Bindings on shoot, scheduling for retry") return requeue() } - logRemovedClusterRoleBindings(removed, m, s) + logDeletedClusterRoleBindings(removed, m, s) } s.instance.UpdateStateReady( @@ -61,13 +61,13 @@ func sFnApplyClusterRoleBindings(ctx context.Context, m *fsm, s *systemState) (s return updateStatusAndStop() } -func logRemovedClusterRoleBindings(removed []rbacv1.ClusterRoleBinding, m *fsm, s *systemState) { +func logDeletedClusterRoleBindings(removed []rbacv1.ClusterRoleBinding, m *fsm, s *systemState) { if cap(removed) > 0 { var crbsNames []string for _, binding := range removed { crbsNames = append(crbsNames, binding.Name) } - m.log.Info("Following CRBs were deleted", "deletedCRBs", crbsNames, "RuntimeCR", s.instance.Name, "shoot", s.shoot.Name) + m.log.Info("Following CRBs were deleted", "deletedCRBs", crbsNames) } } From 94a5343a88d5c57585bfa58272c2425ef8739b36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Drzewiecki?= Date: Tue, 17 Dec 2024 10:14:51 +0100 Subject: [PATCH 3/4] removes unused function --- .../runtime_fsm_apply_clusterrolebindings.go | 25 ------------------- 1 file changed, 25 deletions(-) diff --git a/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go b/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go index ab5ac7a0..fc7f27eb 100644 --- a/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go +++ b/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go @@ -208,31 +208,6 @@ func toAdminClusterRoleBindingWithLabel(name string, key, value string) rbacv1.C } } -func toAdminClusterRoleBindingFromIncident() rbacv1.ClusterRoleBinding { - return rbacv1.ClusterRoleBinding{ - ObjectMeta: metav1.ObjectMeta{ - CreationTimestamp: metav1.Time{}, - Name: "name-operator-admin", - ResourceVersion: "38739378", - UID: "aaaaaaaa-1e51-415c-8f38-9d835ea36347", - }, - RoleRef: rbacv1.RoleRef{ - APIGroup: "rbac.authorization.k8s.io", - Kind: "ClusterRole", - Name: "cluster-admin", - }, - Subjects: []rbacv1.Subject{ - {Kind: "User", Name: "xyz1@sap.com", APIGroup: "rbac.authorization.k8s.io"}, - {Kind: "User", Name: "xyz2@sap.com", APIGroup: "rbac.authorization.k8s.io"}, - {Kind: "User", Name: "xyz3@sap.com", APIGroup: "rbac.authorization.k8s.io"}, - {Kind: "User", Name: "xyz4@sap.com", APIGroup: "rbac.authorization.k8s.io"}, - {Kind: "User", Name: "xyz5@sap.com", APIGroup: "rbac.authorization.k8s.io"}, - {Kind: "User", Name: "xyz6@sap.com", APIGroup: "rbac.authorization.k8s.io"}, - {Kind: "User", Name: "xyz7@sap.com", APIGroup: "rbac.authorization.k8s.io"}, - }, - } -} - func toAdminClusterRoleBindingNoLabels(name string) rbacv1.ClusterRoleBinding { return toAdminClusterRoleBindingWithLabel(name, "", "") } From d7af1ca9e6dc53ec6fcd7349d5015296f761f159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Drzewiecki?= Date: Tue, 17 Dec 2024 13:30:06 +0100 Subject: [PATCH 4/4] should use len() instead of cap() when determining if log deleted CRBs --- .../runtime/fsm/runtime_fsm_apply_clusterrolebindings.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go b/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go index fc7f27eb..ce295874 100644 --- a/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go +++ b/internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go @@ -62,7 +62,7 @@ func sFnApplyClusterRoleBindings(ctx context.Context, m *fsm, s *systemState) (s } func logDeletedClusterRoleBindings(removed []rbacv1.ClusterRoleBinding, m *fsm, s *systemState) { - if cap(removed) > 0 { + if len(removed) > 0 { var crbsNames []string for _, binding := range removed { crbsNames = append(crbsNames, binding.Name)