Ensure the ServiceAccount/Role/ClusterRole resourcs are created in order

Fix #32640 Partially reverts #32208
quarkusio · Apr 14, 2023 · c86dbaf · c86dbaf
1 parent 2799b22
commit c86dbaf
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 20 deletions.
diff --git a/...yment/src/main/java/io/quarkus/kubernetes/deployment/AddClusterRoleResourceDecorator.java b/...yment/src/main/java/io/quarkus/kubernetes/deployment/AddClusterRoleResourceDecorator.java
@@ -7,7 +7,6 @@
 import java.util.List;
 import java.util.Map;
 
-import io.dekorate.kubernetes.decorator.Decorator;
 import io.dekorate.kubernetes.decorator.ResourceProvidingDecorator;
 import io.fabric8.kubernetes.api.model.KubernetesListBuilder;
 import io.fabric8.kubernetes.api.model.ObjectMeta;
@@ -46,9 +45,4 @@ public void visit(KubernetesListBuilder list) {
                 .endMetadata()
                 .withRules(rules));
     }
-
-    @Override
-    public Class<? extends Decorator>[] before() {
-        return new Class[] { AddRoleBindingResourceDecorator.class };
-    }
 }
diff --git a/...a/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddRoleResourceDecorator.java b/...a/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddRoleResourceDecorator.java
@@ -7,7 +7,6 @@
 import java.util.List;
 import java.util.Map;
 
-import io.dekorate.kubernetes.decorator.Decorator;
 import io.dekorate.kubernetes.decorator.ResourceProvidingDecorator;
 import io.fabric8.kubernetes.api.model.KubernetesListBuilder;
 import io.fabric8.kubernetes.api.model.ObjectMeta;
@@ -49,9 +48,4 @@ public void visit(KubernetesListBuilder list) {
                 .endMetadata()
                 .withRules(rules));
     }
-
-    @Override
-    public Class<? extends Decorator>[] before() {
-        return new Class[] { AddRoleBindingResourceDecorator.class };
-    }
 }
diff --git a/...nt/src/main/java/io/quarkus/kubernetes/deployment/AddServiceAccountResourceDecorator.java b/...nt/src/main/java/io/quarkus/kubernetes/deployment/AddServiceAccountResourceDecorator.java
@@ -5,7 +5,6 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import io.dekorate.kubernetes.decorator.Decorator;
 import io.dekorate.kubernetes.decorator.ResourceProvidingDecorator;
 import io.fabric8.kubernetes.api.model.KubernetesListBuilder;
 import io.fabric8.kubernetes.api.model.ObjectMeta;
@@ -44,9 +43,4 @@ public void visit(KubernetesListBuilder list) {
                 .endMetadata()
                 .endServiceAccountItem();
     }
-
-    @Override
-    public Class<? extends Decorator>[] before() {
-        return new Class[] { AddRoleBindingResourceDecorator.class };
-    }
 }
diff --git a/...anilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KubernetesProcessor.java b/...anilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KubernetesProcessor.java
@@ -30,7 +30,6 @@
 import io.dekorate.kubernetes.decorator.Decorator;
 import io.dekorate.logger.NoopLogger;
 import io.dekorate.processor.SimpleFileReader;
-import io.dekorate.processor.SimpleFileWriter;
 import io.dekorate.project.Project;
 import io.dekorate.utils.Maps;
 import io.dekorate.utils.Strings;
@@ -146,7 +145,7 @@ public void build(ApplicationInfoBuildItem applicationInfo,
                         .map(DeploymentTargetEntry::getName)
                         .collect(Collectors.toSet()));
                 final Map<String, String> generatedResourcesMap;
-                final SessionWriter sessionWriter = new SimpleFileWriter(project, false);
+                final SessionWriter sessionWriter = new QuarkusFileWriter(project);
                 final SessionReader sessionReader = new SimpleFileReader(
                         project.getRoot().resolve("src").resolve("main").resolve("kubernetes"), targets);
                 sessionWriter.setProject(project);

diff --git a/.../vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/QuarkusFileWriter.java b/.../vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/QuarkusFileWriter.java
@@ -0,0 +1,59 @@
+package io.quarkus.kubernetes.deployment;
+
+import static io.quarkus.kubernetes.deployment.Constants.CLUSTER_ROLE;
+import static io.quarkus.kubernetes.deployment.Constants.ROLE;
+import static io.quarkus.kubernetes.deployment.Constants.SERVICE_ACCOUNT;
+
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+
+import io.dekorate.processor.SimpleFileWriter;
+import io.dekorate.project.Project;
+import io.fabric8.kubernetes.api.model.HasMetadata;
+import io.fabric8.kubernetes.api.model.KubernetesList;
+import io.fabric8.kubernetes.api.model.KubernetesListBuilder;
+
+public class QuarkusFileWriter extends SimpleFileWriter {
+
+    private static final List<String> RESOURCE_KIND_ORDER = List.of(SERVICE_ACCOUNT, ROLE, CLUSTER_ROLE);
+
+    public QuarkusFileWriter(Project project) {
+        super(project, false);
+    }
+
+    @Override
+    public Map<String, String> write(String group, KubernetesList list) {
+        // sort resources in list by: ServiceAccount, Role, ClusterRole, the rest...
+        return super.write(group, new KubernetesListBuilder().addAllToItems(sort(list.getItems())).build());
+    }
+
+    private List<HasMetadata> sort(List<HasMetadata> items) {
+        // Resources that we need the order.
+        Map<String, List<HasMetadata>> groups = new HashMap<>();
+        // List of resources with unknown order: we preserve the order of creation in this case
+        List<HasMetadata> rest = new LinkedList<>();
+        for (HasMetadata item : items) {
+            String kind = item.getKind();
+            if (RESOURCE_KIND_ORDER.contains(kind)) {
+                groups.computeIfAbsent(kind, k -> new LinkedList())
+                        .add(item);
+            } else {
+                rest.add(item);
+            }
+        }
+
+        List<HasMetadata> sorted = new LinkedList<>();
+        // we first add the resources with order
+        for (String kind : RESOURCE_KIND_ORDER) {
+            List<HasMetadata> group = groups.get(kind);
+            if (group != null) {
+                sorted.addAll(group);
+            }
+        }
+
+        sorted.addAll(rest);
+        return sorted;
+    }
+}
diff --git a/...arkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java b/...arkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java
@@ -53,6 +53,12 @@ public void assertGeneratedResources() throws IOException {
         assertTrue(lastIndexOfRoleRefKind < firstIndexOfRoleBinding, "RoleBinding resource is created before "
                 + "the Role/ClusterRole/ServiceAccount resource!");
 
+        // ensure service account resource is generated before the Deployment resource:
+        int lastIndexOfServiceAccount = lastIndexOfKind(kubernetesFileContent, "ServiceAccount");
+        int firstIndexOfDeployment = kubernetesFileContent.indexOf("kind: Deployment");
+        assertTrue(lastIndexOfServiceAccount < firstIndexOfDeployment, "ServiceAccount resource is created after "
+                + "the Deployment resource!");
+
         List<HasMetadata> kubernetesList = DeserializationUtil.deserializeAsList(kubernetesFile);
 
         Deployment deployment = getDeploymentByName(kubernetesList, APP_NAME);