fix: Run migrations with service accounts (#325)

* Run migrations with service accounts Signed-off-by: Jason Parraga <sovietaced@gmail.com> * update unit tests Signed-off-by: Jason Parraga <sovietaced@gmail.com> --------- Signed-off-by: Jason Parraga <sovietaced@gmail.com>
armadaproject · Sep 7, 2024 · c05bd2f · c05bd2f
1 parent e3bcf44
commit c05bd2f
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 6 deletions.
diff --git a/internal/controller/install/lookout_controller.go b/internal/controller/install/lookout_controller.go
@@ -237,7 +237,7 @@ func generateLookoutInstallComponents(lookout *installv1alpha1.Lookout, scheme *
 		}
 	}
 
-	job, err := createLookoutMigrationJob(lookout)
+	job, err := createLookoutMigrationJob(lookout, serviceAccountName)
 	if err != nil {
 		return nil, err
 	}
@@ -440,7 +440,7 @@ func createLookoutIngressHttp(lookout *installv1alpha1.Lookout) (*networking.Ing
 }
 
 // createLookoutMigrationJob returns a batch Job or an error if the app config is not correct
-func createLookoutMigrationJob(lookout *installv1alpha1.Lookout) (*batchv1.Job, error) {
+func createLookoutMigrationJob(lookout *installv1alpha1.Lookout, serviceAccountName string) (*batchv1.Job, error) {
 	runAsUser := int64(1000)
 	runAsGroup := int64(2000)
 	var terminationGracePeriodSeconds int64
@@ -483,6 +483,7 @@ func createLookoutMigrationJob(lookout *installv1alpha1.Lookout) (*batchv1.Job,
 					Labels:    AllLabels(lookout.Name, lookout.Labels),
 				},
 				Spec: corev1.PodSpec{
+					ServiceAccountName:            serviceAccountName,
 					RestartPolicy:                 "Never",
 					TerminationGracePeriodSeconds: &terminationGracePeriodSeconds,
 					SecurityContext: &corev1.PodSecurityContext{

diff --git a/internal/controller/install/lookout_controller_test.go b/internal/controller/install/lookout_controller_test.go
@@ -491,6 +491,7 @@ func Test_createLookoutMigrationJob(t *testing.T) {
 				assert.Equal(t, "postgres3000", job.Spec.Template.Spec.InitContainers[0].Env[0].Value)
 				assert.Equal(t, "PGPORT", job.Spec.Template.Spec.InitContainers[0].Env[1].Name)
 				assert.Equal(t, "4000", job.Spec.Template.Spec.InitContainers[0].Env[1].Value)
+				assert.Equal(t, "sa", job.Spec.Template.Spec.ServiceAccountName)
 			},
 			wantErr: false,
 		},
@@ -508,6 +509,7 @@ func Test_createLookoutMigrationJob(t *testing.T) {
 				assert.Equal(t, "", job.Spec.Template.Spec.InitContainers[0].Env[0].Value)
 				assert.Equal(t, "PGPORT", job.Spec.Template.Spec.InitContainers[0].Env[1].Name)
 				assert.Equal(t, "", job.Spec.Template.Spec.InitContainers[0].Env[1].Value)
+				assert.Equal(t, "sa", job.Spec.Template.Spec.ServiceAccountName)
 			},
 			wantErr: false,
 		},
@@ -532,7 +534,7 @@ func Test_createLookoutMigrationJob(t *testing.T) {
 			if tt.modifyInput != nil {
 				tt.modifyInput(&cr)
 			}
-			rslt, err := createLookoutMigrationJob(&cr)
+			rslt, err := createLookoutMigrationJob(&cr, "sa")
 
 			if tt.wantErr {
 				assert.Error(t, err)

diff --git a/internal/controller/install/scheduler_controller.go b/internal/controller/install/scheduler_controller.go
@@ -231,7 +231,7 @@ func generateSchedulerInstallComponents(scheduler *installv1alpha1.Scheduler, sc
 		}
 	}
 
-	job, err := createSchedulerMigrationJob(scheduler)
+	job, err := createSchedulerMigrationJob(scheduler, serviceAccountName)
 	if err != nil {
 		return nil, err
 	}
@@ -431,7 +431,7 @@ func createSchedulerIngressGrpc(scheduler *installv1alpha1.Scheduler) (*networki
 }
 
 // createSchedulerMigrationJob returns a batch Job or an error if the app config is not correct
-func createSchedulerMigrationJob(scheduler *installv1alpha1.Scheduler) (*batchv1.Job, error) {
+func createSchedulerMigrationJob(scheduler *installv1alpha1.Scheduler, serviceAccountName string) (*batchv1.Job, error) {
 	runAsUser := int64(1000)
 	runAsGroup := int64(2000)
 	var terminationGracePeriodSeconds int64
@@ -474,6 +474,7 @@ func createSchedulerMigrationJob(scheduler *installv1alpha1.Scheduler) (*batchv1
 					Labels:    AllLabels(scheduler.Name, scheduler.Labels),
 				},
 				Spec: corev1.PodSpec{
+					ServiceAccountName:            serviceAccountName,
 					RestartPolicy:                 "Never",
 					TerminationGracePeriodSeconds: &terminationGracePeriodSeconds,
 					SecurityContext: &corev1.PodSecurityContext{

diff --git a/internal/controller/install/scheduler_controller_test.go b/internal/controller/install/scheduler_controller_test.go
@@ -713,6 +713,7 @@ func Test_createSchedulerMigrationJob(t *testing.T) {
 				assert.Equal(t, "postgres3000", job.Spec.Template.Spec.InitContainers[0].Env[0].Value)
 				assert.Equal(t, "PGPORT", job.Spec.Template.Spec.InitContainers[0].Env[1].Name)
 				assert.Equal(t, "4000", job.Spec.Template.Spec.InitContainers[0].Env[1].Value)
+				assert.Equal(t, "sa", job.Spec.Template.Spec.ServiceAccountName)
 			},
 			wantErr: false,
 		},
@@ -730,6 +731,7 @@ func Test_createSchedulerMigrationJob(t *testing.T) {
 				assert.Equal(t, "", job.Spec.Template.Spec.InitContainers[0].Env[0].Value)
 				assert.Equal(t, "PGPORT", job.Spec.Template.Spec.InitContainers[0].Env[1].Name)
 				assert.Equal(t, "", job.Spec.Template.Spec.InitContainers[0].Env[1].Value)
+				assert.Equal(t, "sa", job.Spec.Template.Spec.ServiceAccountName)
 			},
 			wantErr: false,
 		},
@@ -754,7 +756,7 @@ func Test_createSchedulerMigrationJob(t *testing.T) {
 			if tt.modifyInput != nil {
 				tt.modifyInput(&cr)
 			}
-			rslt, err := createSchedulerMigrationJob(&cr)
+			rslt, err := createSchedulerMigrationJob(&cr, "sa")
 
 			if tt.wantErr {
 				assert.Error(t, err)