diff --git a/pkg/virt-operator/install-strategy/BUILD.bazel b/pkg/virt-operator/install-strategy/BUILD.bazel index 063000cfe82e..e1cb18314450 100644 --- a/pkg/virt-operator/install-strategy/BUILD.bazel +++ b/pkg/virt-operator/install-strategy/BUILD.bazel @@ -23,6 +23,7 @@ go_library( "//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/types:go_default_library", ], ) diff --git a/pkg/virt-operator/install-strategy/strategy.go b/pkg/virt-operator/install-strategy/strategy.go index 052f9bb95527..7e042a8e040e 100644 --- a/pkg/virt-operator/install-strategy/strategy.go +++ b/pkg/virt-operator/install-strategy/strategy.go @@ -22,6 +22,7 @@ package installstrategy import ( "bufio" "bytes" + "encoding/json" "fmt" "strings" @@ -34,6 +35,7 @@ import ( extv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" "kubevirt.io/kubevirt/pkg/api/v1" "kubevirt.io/kubevirt/pkg/controller" @@ -658,10 +660,15 @@ func DeleteAll(kv *v1.KubeVirt, } if modified { - privSccCopy.Users = users - _, err = scc.SecurityContextConstraints().Update(privSccCopy) + userBytes, err := json.Marshal(users) if err != nil { - return fmt.Errorf("unable to update scc: %v", err) + return err + } + + data := []byte(fmt.Sprintf(`{"users": %s}`, userBytes)) + _, err = scc.SecurityContextConstraints().Patch(sccPriv.TargetScc, types.StrategicMergePatchType, data) + if err != nil { + return fmt.Errorf("unable to patch scc: %v", err) } } } @@ -863,10 +870,15 @@ func CreateAll(kv *v1.KubeVirt, } if modified { - privSccCopy.Users = users - _, err = scc.SecurityContextConstraints().Update(privSccCopy) + userBytes, err := json.Marshal(users) + if err != nil { + return objectsAdded, err + } + + data := []byte(fmt.Sprintf(`{"users": %s}`, userBytes)) + _, err = scc.SecurityContextConstraints().Patch(sccPriv.TargetScc, types.StrategicMergePatchType, data) if err != nil { - return objectsAdded, fmt.Errorf("unable to update scc: %v", err) + return objectsAdded, fmt.Errorf("unable to patch scc: %v", err) } } } diff --git a/pkg/virt-operator/kubevirt_test.go b/pkg/virt-operator/kubevirt_test.go index b8ced720c7c5..cc320752ee86 100644 --- a/pkg/virt-operator/kubevirt_test.go +++ b/pkg/virt-operator/kubevirt_test.go @@ -20,6 +20,7 @@ package virt_operator import ( + "encoding/json" "fmt" "os" "time" @@ -577,10 +578,15 @@ var _ = Describe("KubeVirt Operator", func() { deleteResource(delete.GetResource().Resource, key) return true, nil, nil } - expectUsers := func(sccObj runtime.Object, count int) { - scc, ok := sccObj.(*secv1.SecurityContextConstraints) - ExpectWithOffset(2, ok).To(BeTrue()) - ExpectWithOffset(2, len(scc.Users)).To(Equal(count)) + expectUsers := func(userBytes []byte, count int) { + + type _users struct { + Users []string `json:"users"` + } + users := &_users{} + + json.Unmarshal(userBytes, users) + ExpectWithOffset(2, len(users.Users)).To(Equal(count)) } shouldExpectInstallStrategyDeletion := func() { @@ -605,11 +611,10 @@ var _ = Describe("KubeVirt Operator", func() { kubeClient.Fake.PrependReactor("delete", "roles", genericDeleteFunc) kubeClient.Fake.PrependReactor("delete", "rolebindings", genericDeleteFunc) - secClient.Fake.PrependReactor("update", "securitycontextconstraints", func(action testing.Action) (handled bool, obj runtime.Object, err error) { - update, _ := action.(testing.UpdateAction) - updatedObj := update.GetObject() - expectUsers(updatedObj, 1) - return true, updatedObj, nil + secClient.Fake.PrependReactor("patch", "securitycontextconstraints", func(action testing.Action) (handled bool, obj runtime.Object, err error) { + patch, _ := action.(testing.PatchAction) + expectUsers(patch.GetPatch(), 1) + return true, nil, nil }) extClient.Fake.PrependReactor("delete", "customresourcedefinitions", genericDeleteFunc) @@ -633,11 +638,10 @@ var _ = Describe("KubeVirt Operator", func() { kubeClient.Fake.PrependReactor("create", "roles", genericCreateFunc) kubeClient.Fake.PrependReactor("create", "rolebindings", genericCreateFunc) - secClient.Fake.PrependReactor("update", "securitycontextconstraints", func(action testing.Action) (handled bool, obj runtime.Object, err error) { - update, _ := action.(testing.UpdateAction) - updatedObj := update.GetObject() - expectUsers(updatedObj, 4) - return true, updatedObj, nil + secClient.Fake.PrependReactor("patch", "securitycontextconstraints", func(action testing.Action) (handled bool, obj runtime.Object, err error) { + patch, _ := action.(testing.PatchAction) + expectUsers(patch.GetPatch(), 4) + return true, nil, nil }) extClient.Fake.PrependReactor("create", "customresourcedefinitions", genericCreateFunc)