From 748ea1109d31602a0c5016310a7fd84f5c88ea35 Mon Sep 17 00:00:00 2001 From: Jonathan MacMillan Date: Wed, 24 May 2017 12:04:16 -0700 Subject: [PATCH] [Federation] Uniquify the ClusterRole and ClusterRoleBinding names created by . --- federation/pkg/kubefed/join.go | 2 +- federation/pkg/kubefed/join_test.go | 4 ++-- federation/pkg/kubefed/unjoin_test.go | 4 ++-- federation/pkg/kubefed/util/util.go | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/federation/pkg/kubefed/join.go b/federation/pkg/kubefed/join.go index 8027ce73da5..4fcc5e332a3 100644 --- a/federation/pkg/kubefed/join.go +++ b/federation/pkg/kubefed/join.go @@ -593,7 +593,7 @@ func createServiceAccount(clusterClientset internalclientset.Interface, namespac // service account identified by saName to access all resources in all namespaces // in the cluster associated with clusterClientset. func createClusterRoleBinding(clusterClientset internalclientset.Interface, saName, namespace, federationName, joiningClusterName string, dryRun bool) (*rbac.ClusterRoleBinding, error) { - roleName := util.ClusterRoleName(saName) + roleName := util.ClusterRoleName(federationName, saName) role := &rbac.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: roleName, diff --git a/federation/pkg/kubefed/join_test.go b/federation/pkg/kubefed/join_test.go index e87b9596998..9677593ed7a 100644 --- a/federation/pkg/kubefed/join_test.go +++ b/federation/pkg/kubefed/join_test.go @@ -475,7 +475,7 @@ func fakeJoinTargetClusterFactory(clusterName, clusterCtx, dnsProvider, tmpDirPa }, } - roleName := util.ClusterRoleName(saName) + roleName := util.ClusterRoleName(testFederationName, saName) clusterRole := rbacv1beta1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: roleName, @@ -595,7 +595,7 @@ func fakeCluster(clusterName, secretName, server string, isRBACAPIAvailable bool saName := serviceAccountName(clusterName) annotations := map[string]string{ kubectl.ServiceAccountNameAnnotation: saName, - kubectl.ClusterRoleNameAnnotation: util.ClusterRoleName(saName), + kubectl.ClusterRoleNameAnnotation: util.ClusterRoleName(testFederationName, saName), } cluster.ObjectMeta.SetAnnotations(annotations) } diff --git a/federation/pkg/kubefed/unjoin_test.go b/federation/pkg/kubefed/unjoin_test.go index 0050a5c75d6..41c1c2b725b 100644 --- a/federation/pkg/kubefed/unjoin_test.go +++ b/federation/pkg/kubefed/unjoin_test.go @@ -275,7 +275,7 @@ func fakeUnjoinHostFactory(clusterName string) cmdutil.Factory { return &http.Response{StatusCode: http.StatusOK, Header: kubefedtesting.DefaultHeader(), Body: kubefedtesting.ObjBody(codec, &status)}, nil case strings.HasPrefix(p, clusterRoleBindingPrefix) && m == http.MethodDelete: got := strings.TrimPrefix(p, clusterRoleBindingPrefix) - want := util.ClusterRoleName(serviceAccountName(clusterName)) + want := util.ClusterRoleName(testFederationName, serviceAccountName(clusterName)) if got != want { return nil, errors.NewNotFound(api.Resource("clusterrolebindings"), got) } @@ -286,7 +286,7 @@ func fakeUnjoinHostFactory(clusterName string) cmdutil.Factory { return &http.Response{StatusCode: http.StatusOK, Header: kubefedtesting.DefaultHeader(), Body: kubefedtesting.ObjBody(codec, &status)}, nil case strings.HasPrefix(p, clusterRolePrefix) && m == http.MethodDelete: got := strings.TrimPrefix(p, clusterRolePrefix) - want := util.ClusterRoleName(serviceAccountName(clusterName)) + want := util.ClusterRoleName(testFederationName, serviceAccountName(clusterName)) if got != want { return nil, errors.NewNotFound(api.Resource("clusterroles"), got) } diff --git a/federation/pkg/kubefed/util/util.go b/federation/pkg/kubefed/util/util.go index f76d422a6c9..8ded3da17a2 100644 --- a/federation/pkg/kubefed/util/util.go +++ b/federation/pkg/kubefed/util/util.go @@ -302,6 +302,6 @@ func ClusterServiceAccountName(joiningClusterName, hostContext string) string { // ClusterRoleName returns the name of a ClusterRole and its associated // ClusterRoleBinding that are used to allow the service account to // access necessary resources on the cluster. -func ClusterRoleName(serviceAccountName string) string { - return fmt.Sprintf("federation-controller-manager:%s", serviceAccountName) +func ClusterRoleName(federationName, serviceAccountName string) string { + return fmt.Sprintf("federation-controller-manager:%s-%s", federationName, serviceAccountName) }