From c05bd2f982e2ae921677dc3c0514471133afb65b Mon Sep 17 00:00:00 2001 From: Jason Parraga Date: Sat, 7 Sep 2024 14:35:56 -0700 Subject: [PATCH] fix: Run migrations with service accounts (#325) * Run migrations with service accounts Signed-off-by: Jason Parraga * update unit tests Signed-off-by: Jason Parraga --------- Signed-off-by: Jason Parraga --- internal/controller/install/lookout_controller.go | 5 +++-- internal/controller/install/lookout_controller_test.go | 4 +++- internal/controller/install/scheduler_controller.go | 5 +++-- internal/controller/install/scheduler_controller_test.go | 4 +++- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/internal/controller/install/lookout_controller.go b/internal/controller/install/lookout_controller.go index e9ff02e0..d80e50b1 100644 --- a/internal/controller/install/lookout_controller.go +++ b/internal/controller/install/lookout_controller.go @@ -237,7 +237,7 @@ func generateLookoutInstallComponents(lookout *installv1alpha1.Lookout, scheme * } } - job, err := createLookoutMigrationJob(lookout) + job, err := createLookoutMigrationJob(lookout, serviceAccountName) if err != nil { return nil, err } @@ -440,7 +440,7 @@ func createLookoutIngressHttp(lookout *installv1alpha1.Lookout) (*networking.Ing } // createLookoutMigrationJob returns a batch Job or an error if the app config is not correct -func createLookoutMigrationJob(lookout *installv1alpha1.Lookout) (*batchv1.Job, error) { +func createLookoutMigrationJob(lookout *installv1alpha1.Lookout, serviceAccountName string) (*batchv1.Job, error) { runAsUser := int64(1000) runAsGroup := int64(2000) var terminationGracePeriodSeconds int64 @@ -483,6 +483,7 @@ func createLookoutMigrationJob(lookout *installv1alpha1.Lookout) (*batchv1.Job, Labels: AllLabels(lookout.Name, lookout.Labels), }, Spec: corev1.PodSpec{ + ServiceAccountName: serviceAccountName, RestartPolicy: "Never", TerminationGracePeriodSeconds: &terminationGracePeriodSeconds, SecurityContext: &corev1.PodSecurityContext{ diff --git a/internal/controller/install/lookout_controller_test.go b/internal/controller/install/lookout_controller_test.go index 472d6592..1e1c0545 100644 --- a/internal/controller/install/lookout_controller_test.go +++ b/internal/controller/install/lookout_controller_test.go @@ -491,6 +491,7 @@ func Test_createLookoutMigrationJob(t *testing.T) { assert.Equal(t, "postgres3000", job.Spec.Template.Spec.InitContainers[0].Env[0].Value) assert.Equal(t, "PGPORT", job.Spec.Template.Spec.InitContainers[0].Env[1].Name) assert.Equal(t, "4000", job.Spec.Template.Spec.InitContainers[0].Env[1].Value) + assert.Equal(t, "sa", job.Spec.Template.Spec.ServiceAccountName) }, wantErr: false, }, @@ -508,6 +509,7 @@ func Test_createLookoutMigrationJob(t *testing.T) { assert.Equal(t, "", job.Spec.Template.Spec.InitContainers[0].Env[0].Value) assert.Equal(t, "PGPORT", job.Spec.Template.Spec.InitContainers[0].Env[1].Name) assert.Equal(t, "", job.Spec.Template.Spec.InitContainers[0].Env[1].Value) + assert.Equal(t, "sa", job.Spec.Template.Spec.ServiceAccountName) }, wantErr: false, }, @@ -532,7 +534,7 @@ func Test_createLookoutMigrationJob(t *testing.T) { if tt.modifyInput != nil { tt.modifyInput(&cr) } - rslt, err := createLookoutMigrationJob(&cr) + rslt, err := createLookoutMigrationJob(&cr, "sa") if tt.wantErr { assert.Error(t, err) diff --git a/internal/controller/install/scheduler_controller.go b/internal/controller/install/scheduler_controller.go index a881b9b0..fc19fde3 100644 --- a/internal/controller/install/scheduler_controller.go +++ b/internal/controller/install/scheduler_controller.go @@ -231,7 +231,7 @@ func generateSchedulerInstallComponents(scheduler *installv1alpha1.Scheduler, sc } } - job, err := createSchedulerMigrationJob(scheduler) + job, err := createSchedulerMigrationJob(scheduler, serviceAccountName) if err != nil { return nil, err } @@ -431,7 +431,7 @@ func createSchedulerIngressGrpc(scheduler *installv1alpha1.Scheduler) (*networki } // createSchedulerMigrationJob returns a batch Job or an error if the app config is not correct -func createSchedulerMigrationJob(scheduler *installv1alpha1.Scheduler) (*batchv1.Job, error) { +func createSchedulerMigrationJob(scheduler *installv1alpha1.Scheduler, serviceAccountName string) (*batchv1.Job, error) { runAsUser := int64(1000) runAsGroup := int64(2000) var terminationGracePeriodSeconds int64 @@ -474,6 +474,7 @@ func createSchedulerMigrationJob(scheduler *installv1alpha1.Scheduler) (*batchv1 Labels: AllLabels(scheduler.Name, scheduler.Labels), }, Spec: corev1.PodSpec{ + ServiceAccountName: serviceAccountName, RestartPolicy: "Never", TerminationGracePeriodSeconds: &terminationGracePeriodSeconds, SecurityContext: &corev1.PodSecurityContext{ diff --git a/internal/controller/install/scheduler_controller_test.go b/internal/controller/install/scheduler_controller_test.go index d2079c74..f900fdcc 100644 --- a/internal/controller/install/scheduler_controller_test.go +++ b/internal/controller/install/scheduler_controller_test.go @@ -713,6 +713,7 @@ func Test_createSchedulerMigrationJob(t *testing.T) { assert.Equal(t, "postgres3000", job.Spec.Template.Spec.InitContainers[0].Env[0].Value) assert.Equal(t, "PGPORT", job.Spec.Template.Spec.InitContainers[0].Env[1].Name) assert.Equal(t, "4000", job.Spec.Template.Spec.InitContainers[0].Env[1].Value) + assert.Equal(t, "sa", job.Spec.Template.Spec.ServiceAccountName) }, wantErr: false, }, @@ -730,6 +731,7 @@ func Test_createSchedulerMigrationJob(t *testing.T) { assert.Equal(t, "", job.Spec.Template.Spec.InitContainers[0].Env[0].Value) assert.Equal(t, "PGPORT", job.Spec.Template.Spec.InitContainers[0].Env[1].Name) assert.Equal(t, "", job.Spec.Template.Spec.InitContainers[0].Env[1].Value) + assert.Equal(t, "sa", job.Spec.Template.Spec.ServiceAccountName) }, wantErr: false, }, @@ -754,7 +756,7 @@ func Test_createSchedulerMigrationJob(t *testing.T) { if tt.modifyInput != nil { tt.modifyInput(&cr) } - rslt, err := createSchedulerMigrationJob(&cr) + rslt, err := createSchedulerMigrationJob(&cr, "sa") if tt.wantErr { assert.Error(t, err)