Skip to content

Commit

Permalink
fix: only add PATCH verb if resource is creatable
Browse files Browse the repository at this point in the history
Signed-off-by: Chris Laprun <[email protected]>
  • Loading branch information
metacosm committed Sep 3, 2024
1 parent 8109ab8 commit e7fa683
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,8 @@ private static Set<PolicyRule> getClusterRolePolicyRulesFromDependentResources(Q
if (Deleter.class.isAssignableFrom(dependentResourceClass)) {
verbs.add(RBACVerbs.DELETE);
}
if (Creator.class.isAssignableFrom(dependentResourceClass)) {
final var isCreator = Creator.class.isAssignableFrom(dependentResourceClass);
if (isCreator) {
verbs.add(RBACVerbs.CREATE);
}

Expand All @@ -140,8 +141,8 @@ private static Set<PolicyRule> getClusterRolePolicyRulesFromDependentResources(Q
resourcePlural = gvk.getPluralOrDefault();
}

// if we use SSA and the dependent resource class is not excluded from using SSA, we also need PATCH permissions for finalizer
if (cri.getConfigurationService().shouldUseSSA(kubeResource)) {
// if we use SSA and the dependent resource class is not excluded from using SSA, we also need PATCH permissions for finalizer when the dependent resource is creatable
if (isCreator && cri.getConfigurationService().shouldUseSSA(kubeResource)) {
verbs.add(RBACVerbs.PATCH);
}
} catch (Exception e) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -183,12 +183,10 @@ AnnotationConfigurablesBuildItem gatherAnnotationConfigurables(
* Gathers the CustomResource implementations that are not part of the application index because they are part of an
* external, reusable module for example.
*
* <p>
* Note that this will be obsolete once <a href="https://github.com/quarkusio/quarkus/pull/38586">Quarkus #38586</a> is
* usable
*
* @param combinedIndexBuildItem
* @param applicationIndexBuildItem
* @param reflectiveClassProducer
* </p>
*/
@BuildStep
void gatherOutOfAppCustomResourceImplementations(CombinedIndexBuildItem combinedIndexBuildItem,
Expand Down Expand Up @@ -250,7 +248,6 @@ void initializeRuntimeNamespacesFromBuildTimeValues(
ControllerConfigurationsBuildItem configurations,
BuildProducer<RunTimeConfigurationDefaultBuildItem> runtimeConfig) {
configurations.getControllerConfigs().forEach((name, configuration) -> {
@SuppressWarnings("unchecked")
final var namespaces = String.join(",", configuration.getNamespaces());
runtimeConfig.produce(new RunTimeConfigurationDefaultBuildItem(
"quarkus.operator-sdk.controllers." + configuration.getName() + ".namespaces",
Expand All @@ -263,7 +260,11 @@ void initializeRuntimeNamespacesFromBuildTimeValues(
* Ignore warnings related to non-indexed classes in the reflective hierarchy. At this point, we cannot know
* if they are actually needed for native compilation.
*
* This could probably be removed once https://github.com/quarkiverse/quarkus-operator-sdk/issues/941 is resolved.
* <p>
* This could probably be removed once <a href=
* "https://github.com/quarkiverse/quarkus-operator-sdk/issues/941">https://github.com/quarkiverse/quarkus-operator-sdk/issues/941</a>
* is resolved.
* </p>
*
*/
@BuildStep
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@ static QuarkusControllerConfiguration createConfiguration(
final var interval = ConfigurationUtils.annotationValueOrDefault(
intervalFromAnnotation, "interval", AnnotationValue::asLong,
() -> MaxReconciliationInterval.DEFAULT_INTERVAL);
final var timeUnit = (TimeUnit) ConfigurationUtils.annotationValueOrDefault(
final var timeUnit = ConfigurationUtils.annotationValueOrDefault(
intervalFromAnnotation,
"timeUnit",
av -> TimeUnit.valueOf(av.asEnum()),
Expand Down

0 comments on commit e7fa683

Please sign in to comment.