use actions/deploy and add requisite permissions

opendatahub-io · Dec 16, 2024 · 7a0feef · 7a0feef
1 parent d57191e
commit 7a0feef
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 13 deletions.
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -858,17 +858,18 @@ rules:
 - apiGroups:
   - services.platform.opendatahub.io
   resources:
-  - auths/status
-  - monitorings/status
+  - auths/finalizers
+  - monitorings/finalizers
   verbs:
-  - get
-  - patch
   - update
 - apiGroups:
   - services.platform.opendatahub.io
   resources:
-  - monitorings/finalizers
+  - auths/status
+  - monitorings/status
   verbs:
+  - get
+  - patch
   - update
 - apiGroups:
   - serving.knative.dev

diff --git a/controllers/datasciencecluster/kubebuilder_rbac.go b/controllers/datasciencecluster/kubebuilder_rbac.go
@@ -235,3 +235,4 @@ package datasciencecluster
 // Auth
 // +kubebuilder:rbac:groups=services.platform.opendatahub.io,resources=auths,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=services.platform.opendatahub.io,resources=auths/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=services.platform.opendatahub.io,resources=auths/finalizers,verbs=update
diff --git a/controllers/services/auth/auth_controller.go b/controllers/services/auth/auth_controller.go
@@ -25,6 +25,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 
 	serviceApi "github.com/opendatahub-io/opendatahub-operator/v2/apis/services/v1alpha1"
+	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/deploy"
 	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/render/template"
 	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/reconciler"
 )
@@ -54,6 +55,9 @@ func NewServiceReconciler(ctx context.Context, mgr ctrl.Manager) error {
 		)).
 		WithAction(copyGroups).
 		WithAction(managePermissions).
+		WithAction(deploy.NewAction(
+			deploy.WithCache(),
+		)).
 		WithAction(setStatus).
 		Build(ctx)
 

diff --git a/controllers/services/auth/auth_controller_actions.go b/controllers/services/auth/auth_controller_actions.go
@@ -141,7 +141,7 @@ func bindRole(ctx context.Context, rr *odhtypes.ReconciliationRequest, groups []
 			Name:     roleName,
 		},
 	}
-	err := rr.Client.Update(ctx, rb)
+	err := rr.AddResources(rb)
 	if err != nil {
 		return errors.New("error creating RoleBinding for group")
 	}
@@ -199,13 +199,6 @@ func managePermissions(ctx context.Context, rr *odhtypes.ReconciliationRequest)
 		return errors.New("instance is not of type *services.Auth")
 	}
 
-	for _, role := range rr.Resources {
-		err := rr.Client.Update(ctx, &role)
-		if err != nil {
-			return err
-		}
-	}
-
 	err := bindRole(ctx, rr, ai.Spec.AdminGroups, "admingroup-rolebinding", "admingroup-role")
 	if err != nil {
 		return err