Merge pull request #710 from openshift-cherrypick-robot/cherry-pick-7…

…08-to-release-4.15 [release-4.15] OCPBUGS-30147: Wait for required RBAC before creating packageserver CSV
openshift · Mar 4, 2024 · ba75b4f · ba75b4f
2 parents 0e8b957 + 7572c6c
commit ba75b4f
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/cmd/package-server-manager/main.go b/cmd/package-server-manager/main.go
@@ -11,6 +11,9 @@ import (
 	"k8s.io/apimachinery/pkg/fields"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
+	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -79,6 +82,9 @@ func run(cmd *cobra.Command, args []string) error {
 	le := leaderelection.GetLeaderElectionConfig(setupLog, restConfig, !disableLeaderElection)
 
 	packageserverCSVFields := fields.Set{"metadata.name": name}
+	serviceaccountFields := fields.Set{"metadata.name": "olm-operator-serviceaccount"}
+	clusterroleFields := fields.Set{"metadata.name": "system:controller:operator-lifecycle-manager"}
+	clusterrolebindingFields := fields.Set{"metadata.name": "olm-operator-binding-openshift-operator-lifecycle-manager"}
 	mgr, err := ctrl.NewManager(restConfig, manager.Options{
 		Scheme:                        setupScheme(),
 		Namespace:                     namespace,
@@ -97,6 +103,15 @@ func run(cmd *cobra.Command, args []string) error {
 				&olmv1alpha1.ClusterServiceVersion{}: {
 					Field: packageserverCSVFields.AsSelector(),
 				},
+				&corev1.ServiceAccount{}: {
+					Field: serviceaccountFields.AsSelector(),
+				},
+				&rbacv1.ClusterRole{}: {
+					Field: clusterroleFields.AsSelector(),
+				},
+				&rbacv1.ClusterRoleBinding{}: {
+					Field: clusterrolebindingFields.AsSelector(),
+				},
 			},
 		},
 	})

diff --git a/pkg/package-server-manager/controller.go b/pkg/package-server-manager/controller.go
@@ -27,6 +27,8 @@ import (
 	"github.com/openshift/operator-framework-olm/pkg/manifests"
 	olmv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
 
+	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 
@@ -67,6 +69,10 @@ func (r *PackageServerCSVReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	log.Info("handling current request", "request", req.String())
 	defer log.Info("finished request reconciliation")
 
+	if err := ensureRBAC(r.Client, ctx, r.Namespace, log); err != nil {
+		return ctrl.Result{}, err
+	}
+
 	var infra configv1.Infrastructure
 	if err := r.Client.Get(ctx, types.NamespacedName{Name: infrastructureName}, &infra); err != nil {
 		return ctrl.Result{}, err
@@ -102,6 +108,21 @@ func (r *PackageServerCSVReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	return ctrl.Result{}, nil
 }
 
+func ensureRBAC(client client.Client, ctx context.Context, namespace string, log logr.Logger) error {
+	log.Info("checking to see if required RBAC exists")
+	if err := client.Get(ctx, types.NamespacedName{Name: "olm-operator-serviceaccount", Namespace: namespace}, &corev1.ServiceAccount{}); err != nil {
+		return fmt.Errorf("could not get service account:%v", err)
+	}
+	if err := client.Get(ctx, types.NamespacedName{Name: "system:controller:operator-lifecycle-manager"}, &rbacv1.ClusterRole{}); err != nil {
+		return fmt.Errorf("could not get ClusterRole:% v", err)
+	}
+	if err := client.Get(ctx, types.NamespacedName{Name: "olm-operator-binding-openshift-operator-lifecycle-manager"}, &rbacv1.ClusterRoleBinding{}); err != nil {
+		return fmt.Errorf("could not get ClusterRoleBinding: %v", err)
+	}
+	log.Info("confimed required RBAC exists")
+	return nil
+}
+
 func reconcileCSV(log logr.Logger, image string, interval string, csv *olmv1alpha1.ClusterServiceVersion, highAvailabilityMode bool) error {
 	if csv.ObjectMeta.CreationTimestamp.IsZero() {
 		log.Info("attempting to create the packageserver csv")