adding backend resources for serviceaccount, clusterrole, and roles#4832
adding backend resources for serviceaccount, clusterrole, and roles#4832openshift-merge-bot[bot] merged 3 commits intostolostron:mainfrom
Conversation
|
/retest |
|
/lgtm |
Ginxo
left a comment
Ginxo
left a comment
There was a problem hiding this comment.
good job!! just few typing considerations.
| kind: ServiceAccountKindType | ||
| metadata: Metadata | ||
| secrets: string[] | ||
| imagePullSecrets: string[] |
There was a problem hiding this comment.
See https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/service-account-v1/#ServiceAccount so it is something like
"imagePullSecrets": [
{
"name": "builder-dockercfg-ggmbc"
}
]
so I guess it is fair to explicitly type like
| imagePullSecrets: string[] | |
| imagePullSecrets: LocalObjectReference[] |
and to create a new kubernetes-client.ts at frontend/src/resources containing
export interface LocalObjectReference {
name: string
}
wdyt?
There was a problem hiding this comment.
agreed with these comments, will make the appropriate changes
| apiVersion: ServiceAccountApiVersionType | ||
| kind: ServiceAccountKindType | ||
| metadata: Metadata | ||
| secrets: string[] |
There was a problem hiding this comment.
the same from imagePullSecrets applies to this but using ObjectReference from @openshift-console/dynamic-plugin-sdk library
| verbs: string[] | ||
| apiGroups: string[] | ||
| resources: string[] | ||
| resourceNames: string[] |
There was a problem hiding this comment.
| resourceNames: string[] | |
| resourceNames?: string[] |
There was a problem hiding this comment.
from https://kubernetes.io/docs/reference/kubernetes-api/authorization-resources/role-v1/#Role
ResourceNames is an optional white list of names...
There was a problem hiding this comment.
I would anyway create a new PolicyRule interface at frontend/src/resources/kubernetes-client.ts containing
import { ObjectReference } from '@openshift-console/dynamic-plugin-sdk'
export interface LocalObjectReference {
verbs: ObjectReference[]
apiGroups: string[]
resources: string[]
resourceNames?: string[]
}
and I would also replace ClusterRole.rules from the same file
| kind: 'User' | 'Group' | ||
| apiGroup: 'rbac.authorization.k8s.io' | ||
| name: string | ||
| namespace: string |
There was a problem hiding this comment.
| namespace: string | |
| namespace?: string |
There was a problem hiding this comment.
Signed-off-by: kurwang <madeof50gold@gmail.com>
There was a problem hiding this comment.
Perhaps consider creating subjects and roleref interfaces to be used in the RoleBinding and ClusterRoleBinding interfaces because RoleBinding and ClusterRoleBinding structures are almost identical:
ClusterRoleBinding_structure.txt
You can use "oc explain ObjectName --recursive" to get k8s object structures/fields.
| kind: RoleBindingKindType | ||
| metadata: Metadata | ||
| subjects?: { | ||
| kind: 'User' | 'Group' |
There was a problem hiding this comment.
| kind: 'User' | 'Group' | |
| kind: UserKindType | GroupKindType | ServiceAccountKindType |
There was a problem hiding this comment.
I think you should make a similar change in ClusterRoleBinding.
There was a problem hiding this comment.
agreed, created them and moved them in kubernetes-client.ts because they are generic kubernetes types that can be reused
Signed-off-by: kurwang <madeof50gold@gmail.com>
|
/lgtm |
|
/retest |
1 similar comment
|
/retest |
|
/lgtm |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
Signed-off-by: kurwang <madeof50gold@gmail.com>
|
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Ginxo, kurwang, mshort55, oksanabaza The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/lgtm |
4 participants
📝 Summary
Ticket Summary (Title):
Implement backend resources for rbac including serviceaccount and roles
Ticket Link:
(https://issues.redhat.com/browse/ACM-22617)
Type of Change:
✅ Checklist
General
ACM-12340 Fix bug with...)If Feature
If Bugfix
🗒️ Notes for Reviewers