From 50731a19432cccf03aa812047fd8737a9d8ae65d Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Mon, 2 May 2022 15:59:47 -0700 Subject: [PATCH] Add fixes for linting errors --- pkg/controllers/common/hardening.go | 2 +- pkg/controllers/common/operatorlabels.go | 2 +- pkg/controllers/common/runtime.go | 2 +- pkg/controllers/namespace/indexers.go | 2 ++ pkg/controllers/project/indexers.go | 35 +++++++++++++++++++----- pkg/crd/crds.go | 5 +--- 6 files changed, 34 insertions(+), 14 deletions(-) diff --git a/pkg/controllers/common/hardening.go b/pkg/controllers/common/hardening.go index e64ea58..42b402a 100644 --- a/pkg/controllers/common/hardening.go +++ b/pkg/controllers/common/hardening.go @@ -10,7 +10,7 @@ import ( networkingv1 "k8s.io/api/networking/v1" ) -// HardenedOptions are options that can be provided to override the default hardening resources applied to all namespaces +// HardeningOptions are options that can be provided to override the default hardening resources applied to all namespaces // created by this Project Operator. To disable this, specify DisableHardening in the RuntimeOptions. type HardeningOptions struct { // ServiceAccount represents the overrides to be supplied to the default service account patched by the hardening controller diff --git a/pkg/controllers/common/operatorlabels.go b/pkg/controllers/common/operatorlabels.go index c5a39ce..38a0d66 100644 --- a/pkg/controllers/common/operatorlabels.go +++ b/pkg/controllers/common/operatorlabels.go @@ -22,7 +22,7 @@ const ( HelmProjectOperatorProjectLabel = "helm.cattle.io/projectId" ) -// HasCleanupLabel returns whether a ProjectHelmChart has the Helm Project Operated label +// HasHelmProjectOperatedLabel returns whether a ProjectHelmChart has the Helm Project Operated label func HasHelmProjectOperatedLabel(labels map[string]string) bool { if labels == nil { return false diff --git a/pkg/controllers/common/runtime.go b/pkg/controllers/common/runtime.go index 4327650..17d99b5 100644 --- a/pkg/controllers/common/runtime.go +++ b/pkg/controllers/common/runtime.go @@ -125,7 +125,7 @@ func (opts RuntimeOptions) Validate() error { return nil } -// LoadHardeningOptionsFromFile unmarshalls the struct found at the file to YAML and reads it into memory +// LoadValuesOverrideFromFile unmarshalls the struct found at the file to YAML and reads it into memory func LoadValuesOverrideFromFile(path string) (v1alpha1.GenericMap, error) { var valuesOverride v1alpha1.GenericMap wd, err := os.Getwd() diff --git a/pkg/controllers/namespace/indexers.go b/pkg/controllers/namespace/indexers.go index 950141d..754bd5d 100644 --- a/pkg/controllers/namespace/indexers.go +++ b/pkg/controllers/namespace/indexers.go @@ -6,6 +6,8 @@ import ( ) const ( + // NamespacesByProjectExcludingRegistrationID is an index mapping namespaces to project that they belong into + // The index will omit any namespaces considered to be the Project Registration namespace or a system namespace NamespacesByProjectExcludingRegistrationID = "helm.cattle.io/namespaces-by-project-id-excluding-registration" ) diff --git a/pkg/controllers/project/indexers.go b/pkg/controllers/project/indexers.go index ee5e2a1..be7f3f7 100644 --- a/pkg/controllers/project/indexers.go +++ b/pkg/controllers/project/indexers.go @@ -9,18 +9,26 @@ import ( rbacv1 "k8s.io/api/rbac/v1" ) +// All namespaces const ( - // All namespaces + // ProjectHelmChartByReleaseName identifies a ProjectHelmChart by the underlying Helm release it is tied to ProjectHelmChartByReleaseName = "helm.cattle.io/project-helm-chart-by-release-name" +) - // Registration namespaces only +// Registration namespaces only +const ( + // RoleBindingInRegistrationNamespaceByRoleRef identifies the set of RoleBindings in a registration namespace + // that are tied to specific RoleRefs that need to be watched by the operator RoleBindingInRegistrationNamespaceByRoleRef = "helm.cattle.io/role-binding-in-registration-ns-by-role-ref" - ClusterRoleBindingByRoleRef = "helm.cattle.io/cluster-role-binding-by-role-ref" - BindingReferencesDefaultOperatorRole = "bound-to-default-role" - // Release namespaces only - RoleInReleaseNamespaceByReleaseNamespaceName = "helm.cattle.io/role-in-release-ns-by-release-namespace-name" - ConfigMapInReleaseNamespaceByReleaseNamespaceName = "helm.cattle.io/configmap-in-release-ns-by-release-namespace-name" + // ClusterRoleBindingByRoleRef identifies the set of ClusterRoleBindings that are tied to RoleRefs that need + // to be watched by the operator + ClusterRoleBindingByRoleRef = "helm.cattle.io/cluster-role-binding-by-role-ref" + + // BindingReferencesDefaultOperatorRole is the value of the both of the above indices when a ClusterRoleBinding or RoleBinding + // is tied to a RoleRef that matches a default ClusterRole that is watched by the operator to create admin, edit, or view RoleBindings + // in the Project Release Namespace + BindingReferencesDefaultOperatorRole = "bound-to-default-role" ) // NamespacedBindingReferencesDefaultOperatorRole is the index used to mark a RoleBinding as one that targets @@ -29,6 +37,19 @@ func NamespacedBindingReferencesDefaultOperatorRole(namespace string) string { return fmt.Sprintf("%s/%s", namespace, BindingReferencesDefaultOperatorRole) } +// Release namespaces only +const ( + // RoleInReleaseNamespaceByReleaseNamespaceName identifies a Role in a release namespace that needs to have RBAC synced + // on changes to RoleBindings in the Project Registration Namespace or ClusterRoleBindings. + // The value of this will be the namespace and name of the Helm release that it is for. + RoleInReleaseNamespaceByReleaseNamespaceName = "helm.cattle.io/role-in-release-ns-by-release-namespace-name" + + // ConfigMapInReleaseNamespaceByReleaseNamespaceName identifies a ConfigMap in a release namespace that is tied to the + // ProjectHelmChart's status in the release namespace. + // The value of this will be the namespace and name of the Helm release that it is for. + ConfigMapInReleaseNamespaceByReleaseNamespaceName = "helm.cattle.io/configmap-in-release-ns-by-release-namespace-name" +) + // initIndexers initializes indexers that allow for more efficient computations on related resources without relying on additional // calls to be made to the Kubernetes API by referencing the cache instead func (h *handler) initIndexers() { diff --git a/pkg/crd/crds.go b/pkg/crd/crds.go index 1d46beb..bdf72d1 100644 --- a/pkg/crd/crds.go +++ b/pkg/crd/crds.go @@ -37,10 +37,7 @@ func WriteFiles(crdDirpath, crdDepDirpath string) error { if err := writeFiles(crdDirpath, objs); err != nil { return err } - if err := writeFiles(crdDepDirpath, depObjs); err != nil { - return err - } - return nil + return writeFiles(crdDepDirpath, depObjs) } func writeFiles(dirpath string, objs []runtime.Object) error {