Skip to content

Commit

Permalink
Patch scc instead of using Update
Browse files Browse the repository at this point in the history 
Signed-off-by: David Vossel <[email protected]>
  • Loading branch information
@davidvossel
davidvossel committed Mar 8, 2019
1 parent 7f875ac commit 71f986d
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 20 deletions.
1 change: 1 addition & 0 deletions pkg/virt-operator/install-strategy/BUILD.bazel
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ go_library(
"//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
],
)

Expand Down
24 changes: 18 additions & 6 deletions pkg/virt-operator/install-strategy/strategy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ package installstrategy
import (
"bufio"
"bytes"
"encoding/json"
"fmt"
"strings"

Expand All @@ -34,6 +35,7 @@ import (
extv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"

"kubevirt.io/kubevirt/pkg/api/v1"
"kubevirt.io/kubevirt/pkg/controller"
Expand Down Expand Up @@ -658,10 +660,15 @@ func DeleteAll(kv *v1.KubeVirt,
}

if modified {
privSccCopy.Users = users
_, err = scc.SecurityContextConstraints().Update(privSccCopy)
userBytes, err := json.Marshal(users)
if err != nil {
return fmt.Errorf("unable to update scc: %v", err)
return err
}

data := []byte(fmt.Sprintf(`{"users": %s}`, userBytes))
_, err = scc.SecurityContextConstraints().Patch(sccPriv.TargetScc, types.StrategicMergePatchType, data)
if err != nil {
return fmt.Errorf("unable to patch scc: %v", err)
}
}
}
Expand Down Expand Up @@ -863,10 +870,15 @@ func CreateAll(kv *v1.KubeVirt,
}

if modified {
privSccCopy.Users = users
_, err = scc.SecurityContextConstraints().Update(privSccCopy)
userBytes, err := json.Marshal(users)
if err != nil {
return objectsAdded, err
}

data := []byte(fmt.Sprintf(`{"users": %s}`, userBytes))
_, err = scc.SecurityContextConstraints().Patch(sccPriv.TargetScc, types.StrategicMergePatchType, data)
if err != nil {
return objectsAdded, fmt.Errorf("unable to update scc: %v", err)
return objectsAdded, fmt.Errorf("unable to patch scc: %v", err)
}
}
}
Expand Down
32 changes: 18 additions & 14 deletions pkg/virt-operator/kubevirt_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
package virt_operator

import (
"encoding/json"
"fmt"
"os"
"time"
Expand Down Expand Up @@ -577,10 +578,15 @@ var _ = Describe("KubeVirt Operator", func() {
deleteResource(delete.GetResource().Resource, key)
return true, nil, nil
}
expectUsers := func(sccObj runtime.Object, count int) {
scc, ok := sccObj.(*secv1.SecurityContextConstraints)
ExpectWithOffset(2, ok).To(BeTrue())
ExpectWithOffset(2, len(scc.Users)).To(Equal(count))
expectUsers := func(userBytes []byte, count int) {

type _users struct {
Users []string `json:"users"`
}
users := &_users{}

json.Unmarshal(userBytes, users)
ExpectWithOffset(2, len(users.Users)).To(Equal(count))
}

shouldExpectInstallStrategyDeletion := func() {
Expand All @@ -605,11 +611,10 @@ var _ = Describe("KubeVirt Operator", func() {
kubeClient.Fake.PrependReactor("delete", "roles", genericDeleteFunc)
kubeClient.Fake.PrependReactor("delete", "rolebindings", genericDeleteFunc)

secClient.Fake.PrependReactor("update", "securitycontextconstraints", func(action testing.Action) (handled bool, obj runtime.Object, err error) {
update, _ := action.(testing.UpdateAction)
updatedObj := update.GetObject()
expectUsers(updatedObj, 1)
return true, updatedObj, nil
secClient.Fake.PrependReactor("patch", "securitycontextconstraints", func(action testing.Action) (handled bool, obj runtime.Object, err error) {
patch, _ := action.(testing.PatchAction)
expectUsers(patch.GetPatch(), 1)
return true, nil, nil
})
extClient.Fake.PrependReactor("delete", "customresourcedefinitions", genericDeleteFunc)

Expand All @@ -633,11 +638,10 @@ var _ = Describe("KubeVirt Operator", func() {
kubeClient.Fake.PrependReactor("create", "roles", genericCreateFunc)
kubeClient.Fake.PrependReactor("create", "rolebindings", genericCreateFunc)

secClient.Fake.PrependReactor("update", "securitycontextconstraints", func(action testing.Action) (handled bool, obj runtime.Object, err error) {
update, _ := action.(testing.UpdateAction)
updatedObj := update.GetObject()
expectUsers(updatedObj, 4)
return true, updatedObj, nil
secClient.Fake.PrependReactor("patch", "securitycontextconstraints", func(action testing.Action) (handled bool, obj runtime.Object, err error) {
patch, _ := action.(testing.PatchAction)
expectUsers(patch.GetPatch(), 4)
return true, nil, nil
})
extClient.Fake.PrependReactor("create", "customresourcedefinitions", genericCreateFunc)

Expand Down

0 comments on commit 71f986d

Please sign in to comment.