From 420a20178db70c69c1b087d9e6d46082e199617e Mon Sep 17 00:00:00 2001
From: Henry Chen <henryhenry0512@gmail.com>
Date: Sat, 2 May 2026 05:27:27 +0800
Subject: [PATCH] [chart/v1-2x-test] Fix launcher RBAC for executor class paths
 (#66208) (cherry picked from commit 8f5ac08c439758289fa236df958def266a5b312c)

Co-authored-by: Henry Chen <henryhenry0512@gmail.com>
---
 .../rbac/job-launcher-rolebinding.yaml        |  6 ++++--
 .../rbac/pod-launcher-rolebinding.yaml        |  6 ++++--
 .../airflow_aux/test_job_launcher_role.py     | 19 +++++++++++++++++++
 .../airflow_aux/test_pod_launcher_role.py     | 19 +++++++++++++++++++
 4 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/chart/templates/rbac/job-launcher-rolebinding.yaml b/chart/templates/rbac/job-launcher-rolebinding.yaml
index 6b80e319646db..7fd321d1ce620 100644
--- a/chart/templates/rbac/job-launcher-rolebinding.yaml
+++ b/chart/templates/rbac/job-launcher-rolebinding.yaml
@@ -59,7 +59,8 @@ roleRef:
   {{- end }}
 subjects:
   {{- range $executor := $executors }}
-  {{- if has $executor $schedulerLaunchExecutors }}
+  {{- $executorClass := last (splitList "." ($executor | trim)) }}
+  {{- if has $executorClass $schedulerLaunchExecutors }}
   - kind: ServiceAccount
     name: {{ include "scheduler.serviceAccountName" $ }}
     namespace: "{{ $.Release.Namespace }}"
@@ -67,7 +68,8 @@ subjects:
   {{- end }}
   {{- end }}
   {{- range $executor := $executors }}
-  {{- if has $executor $workerLaunchExecutors }}
+  {{- $executorClass := last (splitList "." ($executor | trim)) }}
+  {{- if has $executorClass $workerLaunchExecutors }}
   - kind: ServiceAccount
     name: {{ include "worker.serviceAccountName" $ }}
     namespace: "{{ $.Release.Namespace }}"
diff --git a/chart/templates/rbac/pod-launcher-rolebinding.yaml b/chart/templates/rbac/pod-launcher-rolebinding.yaml
index d4eb37af051e6..f3f772c4f7621 100644
--- a/chart/templates/rbac/pod-launcher-rolebinding.yaml
+++ b/chart/templates/rbac/pod-launcher-rolebinding.yaml
@@ -59,7 +59,8 @@ roleRef:
   {{- end }}
 subjects:
   {{- range $executor := $executors }}
-  {{- if has $executor $schedulerLaunchExecutors }}
+  {{- $executorClass := last (splitList "." ($executor | trim)) }}
+  {{- if has $executorClass $schedulerLaunchExecutors }}
   - kind: ServiceAccount
     name: {{ include "scheduler.serviceAccountName" $ }}
     namespace: "{{ $.Release.Namespace }}"
@@ -67,7 +68,8 @@ subjects:
   {{- end }}
   {{- end }}
   {{- range $executor := $executors }}
-  {{- if has $executor $workerLaunchExecutors }}
+  {{- $executorClass := last (splitList "." ($executor | trim)) }}
+  {{- if has $executorClass $workerLaunchExecutors }}
   - kind: ServiceAccount
     name: {{ include "worker.serviceAccountName" $ }}
     namespace: "{{ $.Release.Namespace }}"
diff --git a/helm-tests/tests/helm_tests/airflow_aux/test_job_launcher_role.py b/helm-tests/tests/helm_tests/airflow_aux/test_job_launcher_role.py
index 5557f2c2c67a7..056cc81d2391e 100644
--- a/helm-tests/tests/helm_tests/airflow_aux/test_job_launcher_role.py
+++ b/helm-tests/tests/helm_tests/airflow_aux/test_job_launcher_role.py
@@ -29,10 +29,29 @@ class TestJobLauncher:
         [
             ("CeleryKubernetesExecutor", True, True, ["scheduler", "worker"]),
             ("KubernetesExecutor", True, True, ["scheduler", "worker"]),
+            (
+                "airflow.providers.cncf.kubernetes.executors.kubernetes_executor.KubernetesExecutor",
+                True,
+                True,
+                ["scheduler", "worker"],
+            ),
             ("CeleryExecutor", True, True, ["worker"]),
+            (
+                "airflow.providers.celery.executors.celery_executor.CeleryExecutor",
+                True,
+                True,
+                ["worker"],
+            ),
             ("LocalExecutor", True, True, ["scheduler"]),
+            ("airflow.executors.local_executor.LocalExecutor", True, True, ["scheduler"]),
             ("LocalExecutor", False, False, []),
             ("CeleryExecutor,KubernetesExecutor", True, True, ["scheduler", "worker"]),
+            (
+                "CeleryExecutor,airflow.providers.cncf.kubernetes.executors.kubernetes_executor.KubernetesExecutor",
+                True,
+                True,
+                ["scheduler", "worker"],
+            ),
         ],
     )
     def test_job_launcher_rolebinding(self, executor, rbac, allow, expected_accounts):
diff --git a/helm-tests/tests/helm_tests/airflow_aux/test_pod_launcher_role.py b/helm-tests/tests/helm_tests/airflow_aux/test_pod_launcher_role.py
index f51b7f0d6a951..744d2d2ede401 100644
--- a/helm-tests/tests/helm_tests/airflow_aux/test_pod_launcher_role.py
+++ b/helm-tests/tests/helm_tests/airflow_aux/test_pod_launcher_role.py
@@ -29,10 +29,29 @@ class TestPodLauncher:
         [
             ("CeleryKubernetesExecutor", True, True, ["scheduler", "worker"]),
             ("KubernetesExecutor", True, True, ["scheduler", "worker"]),
+            (
+                "airflow.providers.cncf.kubernetes.executors.kubernetes_executor.KubernetesExecutor",
+                True,
+                True,
+                ["scheduler", "worker"],
+            ),
             ("CeleryExecutor", True, True, ["worker"]),
+            (
+                "airflow.providers.celery.executors.celery_executor.CeleryExecutor",
+                True,
+                True,
+                ["worker"],
+            ),
             ("LocalExecutor", True, True, ["scheduler"]),
+            ("airflow.executors.local_executor.LocalExecutor", True, True, ["scheduler"]),
             ("LocalExecutor", False, False, []),
             ("CeleryExecutor,KubernetesExecutor", True, True, ["scheduler", "worker"]),
+            (
+                "CeleryExecutor,airflow.providers.cncf.kubernetes.executors.kubernetes_executor.KubernetesExecutor",
+                True,
+                True,
+                ["scheduler", "worker"],
+            ),
         ],
     )
     def test_pod_launcher_role(self, executor, rbac, allow, expected_accounts):