Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check for the permissions instead of using a CLI flag #2787

Merged
merged 43 commits into from
May 6, 2024

Conversation

iblancasa
Copy link
Contributor

@iblancasa iblancasa commented Mar 25, 2024

Closes #2588
Closes #2833
Closes #2862

@iblancasa iblancasa requested a review from a team March 25, 2024 12:01
main.go Show resolved Hide resolved
main.go Outdated Show resolved Hide resolved
internal/autodetect/operator.go Outdated Show resolved Hide resolved
apis/v1alpha1/collector_webhook.go Outdated Show resolved Hide resolved
…#2588

Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Copy link
Contributor

@swiatekm swiatekm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but I'd like to see a e2e or envtest test for this.

internal/autodetect/operator.go Outdated Show resolved Hide resolved
@iblancasa
Copy link
Contributor Author

LGTM, but I'd like to see a e2e or envtest test for this.

Sure. I'm implementing them.

Signed-off-by: Israel Blancas <iblancasa@gmail.com>
internal/autodetect/operator.go Outdated Show resolved Hide resolved
main.go Outdated Show resolved Hide resolved
internal/rbac/format.go Show resolved Hide resolved
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
internal/autodetect/main.go Outdated Show resolved Hide resolved
internal/autodetect/main.go Outdated Show resolved Hide resolved
internal/autodetect/main_test.go Outdated Show resolved Hide resolved
main.go Outdated Show resolved Hide resolved
main.go Outdated Show resolved Hide resolved
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Copy link
Contributor

@swiatekm swiatekm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick about the test setup, LGTM otherwise.

Makefile Outdated Show resolved Hide resolved
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

where does these files actually get used? How would a user know to add these into their rbac?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think these can go into the /tests/e2e-automatic-rbac directory. My request to use patches instead of overriding the whole default ClusterRole aimed to keep e2e test setup consistent. It's good if our e2e tests use the kustomize manifests roughly the way we expect users to, but these files don't literally need to be user-facing in any way.

Does that make sense?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah that makes sense to me! As it stands rn these feel very out of place here if we're not really expecting users to apply them

Copy link
Contributor Author

@iblancasa iblancasa Apr 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I put the files under config/rbac because this error is thrown by kustomize:

Error: accumulating resources: accumulation err='accumulating resources from '../rbac': '/home/iblancasa/projects/opentelemetry-operator/config/rbac' must resolve to a file': recursed accumulation of path '/home/iblancasa/projects/opentelemetry-operator/config/rbac': trouble configuring builtin PatchTransformer with config: `
path: ../../tests/e2e-automatic-rbac/extra-permissions-operator/namespaces.yaml
target:
  kind: ClusterRole
  name: manager-role
`: security; file '/home/iblancasa/projects/opentelemetry-operator/tests/e2e-automatic-rbac/extra-permissions-operator/namespaces.yaml' is not in or below '/home/iblancasa/projects/opentelemetry-operator/config/rbac'
error: no objects passed to apply

I added something to workaround this. Let me know what you think about :)

- apply:
file: 02-install.yaml
- assert:
file: 02-assert.yaml
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(can be done in a follow up) both this test and the k8sattr test would benefit from us actually verifying that the collector is doing the work as expected and not just failing. we could probably achieve this by using the debug exporter and send some telemetry through the system to verify it's logged with what we want.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have been thinking about that since I created the test. Is it ok to use the contrib image for that? I can do it in a different PR yes.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does the k8s distro have all the things we need?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, actually it should. Didn't remember you added/are adding that. Thanks!

@jaronoff97
Copy link
Contributor

Just a few more Qs, once those are answered I think we're ✅

@pavolloffay
Copy link
Member

The PR needs to be rebased

@iblancasa
Copy link
Contributor Author

Are any other changes required?

Copy link
Contributor

@swiatekm swiatekm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nitpick about the e2e tests, but it shouldn't block merging this PR. Thank you for being so patient with this review process!

Comment on lines +1 to +4
apiVersion: v1
kind: Namespace
metadata:
name: chainsaw-k8sattributes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can drop this and just use $(NAMESPACE) wherever we need it in tests.

@swiatekm swiatekm requested a review from jaronoff97 April 29, 2024 13:03
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Signed-off-by: Israel Blancas <iblancasa@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
4 participants