Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automate the creation of the permissions needed by resourcedetection #2394

Merged
merged 30 commits into from
Jan 11, 2024

Conversation

iblancasa
Copy link
Contributor

Description:

  • Add a methods to create the ClusterRoles and ClusterRoleBindings needed
  • Add the structs and methods to parse the processors
  • Add support for the resourcedetection processor

Link to tracking Issue: #2393

@iblancasa iblancasa requested a review from a team November 28, 2023 10:57
Signed-off-by: Israel Blancas <[email protected]>
@iblancasa iblancasa changed the title Automate the creation of the permissions requested by resourcedetection Automate the creation of the permissions needed by resourcedetection Nov 28, 2023
internal/manifests/collector/rbac.go Outdated Show resolved Hide resolved
internal/manifests/collector/rbac.go Outdated Show resolved Hide resolved
internal/manifests/collector/rbac.go Outdated Show resolved Hide resolved
internal/naming/main.go Outdated Show resolved Hide resolved
Copy link
Contributor

@jaronoff97 jaronoff97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I love the spirit of this PR, and think it would be great if we continued this for other processors like the k8sattr processor

@pavolloffay
Copy link
Member

@iblancasa CI failed

Copy link
Contributor

@swiatekm swiatekm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but I'd like to see a e2e test added as well.

@pavolloffay
Copy link
Member

@iblancasa the PR needs to be rebased, also @swiatekm-sumo suggested adding e2e test

main.go Outdated Show resolved Hide resolved
main.go Show resolved Hide resolved
internal/manifests/collector/collector.go Outdated Show resolved Hide resolved
Copy link
Member

@pavolloffay pavolloffay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍🏼

just few nit comments before merning.

}

var logger = logf.Log.WithName("collector-unit-tests")
for _, test := range tests {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's good that the test table is used but the tests should be run in a separate execution t.Run

"github.com/open-telemetry/opentelemetry-operator/internal/manifests/collector/parser/processor"
)

func ConfigToRBAC(logger logr.Logger, config map[interface{}]interface{}) []rbacv1.PolicyRule {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: it's worth adding a comment to a public API

rbacv1 "k8s.io/api/rbac/v1"
)

type ProcessorParser interface {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: document public APIs

GetRBACRules() []rbacv1.PolicyRule
}

type Builder func(logr.Logger, string, map[interface{}]interface{}) ProcessorParser
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: document public APIs

@@ -124,6 +125,7 @@ func main() {
pflag.BoolVar(&enableLeaderElection, "enable-leader-election", false,
"Enable leader election for controller manager. "+
"Enabling this will ensure there is only one active controller manager.")
pflag.BoolVar(&createRBACPermissions, "create-rbac-permissions", false, "Automatically create RBAC permissions needed by the processors")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did we discuss whether it should be disabled by default?

I would prefer to ship the OSS distro with as much enabled functionality.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is disabled by default because otherwise, it would change the current behavior and could be considered as a breaking change. I think this approach is good for now and we can set it to true in the future.

@pavolloffay pavolloffay merged commit b9f9d04 into open-telemetry:main Jan 11, 2024
27 checks passed
@iblancasa iblancasa deleted the task/2393 branch January 11, 2024 16:19
ItielOlenick pushed a commit to ItielOlenick/opentelemetry-operator that referenced this pull request May 1, 2024
…pen-telemetry#2394)

* Automate the creation of the permissions requested by resourcedetection

Signed-off-by: Israel Blancas <[email protected]>

* Add changelog

Signed-off-by: Israel Blancas <[email protected]>

* Fix merge

Signed-off-by: Israel Blancas <[email protected]>

* Apply changes requested in code review

Signed-off-by: Israel Blancas <[email protected]>

* Fix lint

Signed-off-by: Israel Blancas <[email protected]>

* Add feature gate and test

Signed-off-by: Israel Blancas <[email protected]>

* Add unit tests

Signed-off-by: Israel Blancas <[email protected]>

* Apply feedback from pull request

Signed-off-by: Israel Blancas <[email protected]>

* Apply changes requested as part of the Pull Request

Signed-off-by: Israel Blancas <[email protected]>

* Apply changes requested as part of the Pull Request

Signed-off-by: Israel Blancas <[email protected]>

---------

Signed-off-by: Israel Blancas <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

grant default sa permissions to access openshift infrastructure api
4 participants