move rbac from hard code to generate (openshift#189)

* move rbac from hard code to generate

use control-gen tool to
generate rbac/rbac_role*.yaml files instead of hard code them

Fixes openshift#155

* make crd file generated automatically

use
go run vendor/sigs.k8s.io/controller-tools/cmd/controller-gen/main.go crd
to create instead of using hard code

Author: jichenjc

Makefile

@@ -128,12 +128,16 @@ shell:
 	$(SHELL) -i
 
 # Generate code
-generate:
+generate: manifests
 	go generate ./pkg/... ./cmd/...
 
-images: openstack-cluster-api-controller
+manifests:
+	go run vendor/sigs.k8s.io/controller-tools/cmd/controller-gen/main.go --name openstack-provider-manager rbac
+	go run vendor/sigs.k8s.io/controller-tools/cmd/controller-gen/main.go crd
 
-openstack-cluster-api-controller: depend manager
+images: openstack-cluster-api-controller manifests
+
+openstack-cluster-api-controller: depend manager manifests
 ifeq ($(GOOS),linux)
 	cp bin/manager cmd/manager
 	docker build -t $(REGISTRY)/openstack-cluster-api-controller:$(VERSION) cmd/manager
@@ -169,4 +173,4 @@ dist: build-cross
 	)
 
 .PHONY: build clean cover depend docs fmt functional lint realclean \
-	relnotes test translation version build-cross dist
+	relnotes test translation version build-cross dist manifests

PROJECT

@@ -0,0 +1,3 @@
+version: "1"
+domain: k8s.io
+repo: sigs.k8s.io/cluster-api-provider-openstack

cmd/clusterctl/examples/openstack/generate-yaml.sh

@@ -108,7 +108,7 @@ PWD=$(cd `dirname $0`; pwd)
 TEMPLATES_PATH=${TEMPLATES_PATH:-$PWD/$SUPPORTED_PROVIDER_OS}
 HOME_DIR=${PWD%%/cmd/clusterctl/examples/*}
 OUTPUT_DIR="${TEMPLATES_PATH}/out"
-PROVIDER_CRD_DIR="${HOME_DIR}/config/crd"
+PROVIDER_CRD_DIR="${HOME_DIR}/config/crds"
 PROVIDER_RBAC_DIR="${HOME_DIR}/config/rbac"
 PROVIDER_MANAGER_DIR="${HOME_DIR}/config/manager"
 CLUSTER_CRD_DIR="${HOME_DIR}/vendor/sigs.k8s.io/cluster-api/config/crds"

config/crd/openstackproviderconfig_v1alpha1.yaml

@@ -0,0 +1,33 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  creationTimestamp: null
+  labels:
+    controller-tools.k8s.io: "1.0"
+  name: openstackclusterproviderspecs.openstackproviderconfig.k8s.io
+spec:
+  group: openstackproviderconfig.k8s.io
+  names:
+    kind: OpenstackClusterProviderSpec
+    plural: openstackclusterproviderspecs
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      properties:
+        apiVersion:
+          type: string
+        externalNetworkId:
+          type: string
+        kind:
+          type: string
+        metadata:
+          type: object
+        nodeCidr:
+          type: string
+  version: v1alpha1
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/crds/openstackproviderconfig_v1alpha1_openstackclusterproviderspec.yaml

@@ -0,0 +1,62 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  creationTimestamp: null
+  labels:
+    controller-tools.k8s.io: "1.0"
+  name: openstackclusterproviderstatuses.openstackproviderconfig.k8s.io
+spec:
+  group: openstackproviderconfig.k8s.io
+  names:
+    kind: OpenstackClusterProviderStatus
+    plural: openstackclusterproviderstatuses
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      properties:
+        apiVersion:
+          type: string
+        kind:
+          type: string
+        metadata:
+          type: object
+        network:
+          properties:
+            id:
+              type: string
+            name:
+              type: string
+            router:
+              properties:
+                id:
+                  type: string
+                name:
+                  type: string
+              required:
+              - name
+              - id
+              type: object
+            subnet:
+              properties:
+                cidr:
+                  type: string
+                id:
+                  type: string
+                name:
+                  type: string
+              required:
+              - name
+              - id
+              - cidr
+              type: object
+          required:
+          - name
+          - id
+          type: object
+  version: v1alpha1
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/crds/openstackproviderconfig_v1alpha1_openstackclusterproviderstatus.yaml

@@ -1,6 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  creationTimestamp: null
   name: openstack-provider-manager-role
 rules:
 - apiGroups:
@@ -20,9 +21,9 @@ rules:
   resources:
   - clusters
   - clusters/status
-  - machines
   - machinedeployments
   - machinesets
+  - machines
   verbs:
   - get
   - list

config/rbac/rbac_role.yaml

@@ -10,4 +10,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: default
-  namespace: openstack-provider-system
+  namespace: system

config/rbac/rbac_role_binding.yaml

@@ -27,6 +27,11 @@ func NewActuator(params providerv1openstack.ActuatorParams) (*Actuator, error) {
 }
 
 // Reconcile creates or applies updates to the cluster.
+// TODO: those are copied from original rbac_role.yaml, need remove them if not needed later
+// +kubebuilder:rbac:groups=openstackproviderconfig.k8s.io,resources=openstackmachineproviderconfigs,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=cluster.k8s.io,resources=clusters;clusters/status;machinedeployments;machinesets;machines,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=,resources=nodes,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=,resources=secrets,verbs=get;list;watch
 func (a *Actuator) Reconcile(cluster *clusterv1.Cluster) error {
 	klog.Infof("Reconciling cluster %v.", cluster.Name)