Skip to content
This repository was archived by the owner on May 28, 2021. It is now read-only.

Independent mysql-agent ClusterRole and RBAC #121

Merged
merged 1 commit into from
Jun 1, 2018
Merged

Independent mysql-agent ClusterRole and RBAC #121

merged 1 commit into from
Jun 1, 2018

Conversation

prydie
Copy link

@prydie prydie commented Jun 1, 2018

Separates the mysql-operator and mysql-agent ClusterRoles and scopes the RBAC to the minimal permissions required by each.

Changelog

- Independent ServiceAccounts for the operator and agents.
- Scope RBAC to the minimum required permissions.
- Drop support for Kubernetes 1.7.

@prydie
Independent mysql-agent ClusterRole and RBAC
34f44e4 
Separates the mysql-operator and mysql-agent ClusterRoles and scopes the
RBAC to the minimal permissions required by each.
@prydie prydie added this to the 0.2.0 milestone Jun 1, 2018
@prydie prydie requested a review from owainlewis June 1, 2018 11:11
@prydie prydie mentioned this pull request Jun 1, 2018
Closed
@owainlewis owainlewis self-assigned this Jun 1, 2018
owainlewis
owainlewis reviewed Jun 1, 2018
View reviewed changes
pkg/controllers/cluster/statefulset_control.go
@@ -29,12 +27,11 @@ import (
)

// StatefulSetControlInterface defines the interface that the
// MySQLClusterController uses to create, update, and delete StatefulSets. It
// MySQLClusterController uses to create and update StatefulSets. It
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MySQLClusterController uses [this interface] to create

owainlewis
owainlewis reviewed Jun 1, 2018
View reviewed changes
pkg/controllers/cluster/statefulset_control.go
@@ -29,12 +27,11 @@ import (
)

// StatefulSetControlInterface defines the interface that the
// MySQLClusterController uses to create, update, and delete StatefulSets. It
// MySQLClusterController uses to create and update StatefulSets. It
// is implemented as an interface to enable testing.
type StatefulSetControlInterface interface {
CreateStatefulSet(ss *apps.StatefulSet) error
Copy link
Member

@owainlewis owainlewis Jun 1, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally we'd rename CreateStatefulSet to align with the name changes to PatchStatefulSet below i.e.

m.statefulSetControl.Patch
m.statefulSetControl.Create(...)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’m actually planning a follow on to remove all the control interfaces and just use the client directly. With the fake client we don’t need the interfaces for testing and they just add a bunch of complexity and indirection.

owainlewis
owainlewis approved these changes Jun 1, 2018
View reviewed changes
Copy link
Member

@owainlewis owainlewis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes are good. Some minor commentary on ensuring we maintain naming consistency in interfaces etc.

@owainlewis owainlewis merged commit 23e2cda into master Jun 1, 2018
@owainlewis owainlewis deleted the ap/scope-rbac branch June 1, 2018 14:07
@prydie prydie mentioned this pull request Jun 5, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@owainlewis owainlewis owainlewis approved these changes

Assignees

@owainlewis owainlewis

Labels
enhancement security
Projects
None yet
Milestone
0.2.0
Development

Successfully merging this pull request may close these issues.
2 participants
@prydie @owainlewis