diff --git a/controllers/components/dashboard/dashboard_controller.go b/controllers/components/dashboard/dashboard_controller.go index ab00e315642..f4fc644a488 100644 --- a/controllers/components/dashboard/dashboard_controller.go +++ b/controllers/components/dashboard/dashboard_controller.go @@ -33,7 +33,6 @@ import ( "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/deploy" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/gc" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/render/kustomize" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/security" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/updatestatus" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/handlers" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/predicates/component" @@ -91,7 +90,6 @@ func (s *componentHandler) NewComponentReconciler(ctx context.Context, mgr ctrl. WithAction(initialize). WithAction(devFlags). WithAction(configureDependencies). - WithAction(security.NewUpdatePodSecurityRoleBindingAction(serviceAccounts)). WithAction(kustomize.NewAction( kustomize.WithCache(), // Those are the default labels added by the legacy deploy method diff --git a/controllers/components/dashboard/dashboard_support.go b/controllers/components/dashboard/dashboard_support.go index 4b2068703b3..70c59cd2264 100644 --- a/controllers/components/dashboard/dashboard_support.go +++ b/controllers/components/dashboard/dashboard_support.go @@ -57,13 +57,6 @@ var ( cluster.Unknown: "/odh", } - serviceAccounts = map[cluster.Platform][]string{ - cluster.SelfManagedRhoai: {"rhods-dashboard"}, - cluster.ManagedRhoai: {"rhods-dashboard"}, - cluster.OpenDataHub: {"odh-dashboard"}, - cluster.Unknown: {"odh-dashboard"}, - } - imagesMap = map[string]string{ "odh-dashboard-image": "RELATED_IMAGE_ODH_DASHBOARD_IMAGE", } diff --git a/controllers/components/modelcontroller/modelcontroller_controller.go b/controllers/components/modelcontroller/modelcontroller_controller.go index a31254708b3..6417c5e65ee 100644 --- a/controllers/components/modelcontroller/modelcontroller_controller.go +++ b/controllers/components/modelcontroller/modelcontroller_controller.go @@ -33,7 +33,6 @@ import ( "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/deploy" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/gc" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/render/kustomize" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/security" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/updatestatus" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/handlers" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/predicates/component" @@ -70,7 +69,6 @@ func (s *componentHandler) NewComponentReconciler(ctx context.Context, mgr ctrl. // Add ModelController specific actions WithAction(initialize). WithAction(devFlags). // devFlags triggerd by changes in DSC kserve and ModelMeshServing, also update .status.devflagurl - WithAction(security.NewUpdatePodSecurityRoleBindingAction(serviceAccounts)). WithAction(kustomize.NewAction( kustomize.WithCache(), kustomize.WithLabel(labels.ODH.Component(LegacyComponentName), labels.True), diff --git a/controllers/components/modelcontroller/modelcontroller_support.go b/controllers/components/modelcontroller/modelcontroller_support.go index 36affb1e4a1..49fe24a8189 100644 --- a/controllers/components/modelcontroller/modelcontroller_support.go +++ b/controllers/components/modelcontroller/modelcontroller_support.go @@ -5,7 +5,6 @@ import ( componentApi "github.com/opendatahub-io/opendatahub-operator/v2/apis/components/v1alpha1" "github.com/opendatahub-io/opendatahub-operator/v2/controllers/status" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/types" odhdeploy "github.com/opendatahub-io/opendatahub-operator/v2/pkg/deploy" ) @@ -25,13 +24,6 @@ var ( imageParamMap = map[string]string{ "odh-model-controller": "RELATED_IMAGE_ODH_MODEL_CONTROLLER_IMAGE", } - - serviceAccounts = map[cluster.Platform][]string{ - cluster.SelfManagedRhoai: {LegacyComponentName}, - cluster.ManagedRhoai: {LegacyComponentName}, - cluster.OpenDataHub: {LegacyComponentName}, - cluster.Unknown: {LegacyComponentName}, - } ) func manifestsPath() types.ManifestInfo { diff --git a/controllers/components/modelmeshserving/modelmeshserving_controller.go b/controllers/components/modelmeshserving/modelmeshserving_controller.go index 662ae1206fb..d3c4a674558 100644 --- a/controllers/components/modelmeshserving/modelmeshserving_controller.go +++ b/controllers/components/modelmeshserving/modelmeshserving_controller.go @@ -32,7 +32,6 @@ import ( "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/deploy" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/gc" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/render/kustomize" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/security" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/updatestatus" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/handlers" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/predicates/clusterrole" @@ -69,7 +68,6 @@ func (s *componentHandler) NewComponentReconciler(ctx context.Context, mgr ctrl. // Add ModelMeshServing specific actions WithAction(initialize). WithAction(devFlags). - WithAction(security.NewUpdatePodSecurityRoleBindingAction(serviceAccounts)). WithAction(kustomize.NewAction( kustomize.WithCache(), kustomize.WithLabel(labels.ODH.Component(LegacyComponentName), labels.True), diff --git a/controllers/components/modelmeshserving/modelmeshserving_support.go b/controllers/components/modelmeshserving/modelmeshserving_support.go index 1f8d8a150a0..f90066198d4 100644 --- a/controllers/components/modelmeshserving/modelmeshserving_support.go +++ b/controllers/components/modelmeshserving/modelmeshserving_support.go @@ -5,7 +5,6 @@ import ( componentApi "github.com/opendatahub-io/opendatahub-operator/v2/apis/components/v1alpha1" "github.com/opendatahub-io/opendatahub-operator/v2/controllers/status" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster" odhtypes "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/types" odhdeploy "github.com/opendatahub-io/opendatahub-operator/v2/pkg/deploy" ) @@ -28,13 +27,6 @@ var ( "odh-modelmesh": "RELATED_IMAGE_ODH_MODELMESH_IMAGE", "odh-modelmesh-controller": "RELATED_IMAGE_ODH_MODELMESH_CONTROLLER_IMAGE", } - - serviceAccounts = map[cluster.Platform][]string{ - cluster.SelfManagedRhoai: {"modelmesh", "modelmesh-controller"}, - cluster.ManagedRhoai: {"modelmesh", "modelmesh-controller"}, - cluster.OpenDataHub: {"modelmesh", "modelmesh-controller"}, - cluster.Unknown: {"modelmesh", "modelmesh-controller"}, - } ) func manifestsPath() odhtypes.ManifestInfo { diff --git a/controllers/components/workbenches/workbenches_controller.go b/controllers/components/workbenches/workbenches_controller.go index 6eb7a099cec..0a790c2ab81 100644 --- a/controllers/components/workbenches/workbenches_controller.go +++ b/controllers/components/workbenches/workbenches_controller.go @@ -30,7 +30,6 @@ import ( "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/deploy" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/gc" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/render/kustomize" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/security" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/updatestatus" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/handlers" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/predicates/component" @@ -62,7 +61,6 @@ func (s *componentHandler) NewComponentReconciler(ctx context.Context, mgr ctrl. WithAction(initialize). WithAction(devFlags). WithAction(configureDependencies). - WithAction(security.NewUpdatePodSecurityRoleBindingAction(serviceAccounts)). WithAction(kustomize.NewAction( kustomize.WithCache(), kustomize.WithLabel(labels.ODH.Component(LegacyComponentName), labels.True), diff --git a/controllers/components/workbenches/workbenches_support.go b/controllers/components/workbenches/workbenches_support.go index 7e3a33edc70..436f7f2bebb 100644 --- a/controllers/components/workbenches/workbenches_support.go +++ b/controllers/components/workbenches/workbenches_support.go @@ -7,7 +7,6 @@ import ( componentApi "github.com/opendatahub-io/opendatahub-operator/v2/apis/components/v1alpha1" "github.com/opendatahub-io/opendatahub-operator/v2/controllers/status" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster" odhtypes "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/types" odhdeploy "github.com/opendatahub-io/opendatahub-operator/v2/pkg/deploy" ) @@ -26,8 +25,6 @@ const ( kfNotebookControllerPath = "kf-notebook-controller" kfNotebookControllerManifestSourcePath = "overlays/openshift" - nbcServiceAccountName = "notebook-controller-service-account" - // LegacyComponentName is the name of the component that is assigned to deployments // via Kustomize. Since a deployment selector is immutable, we can't upgrade existing // deployment to the new component name, so keep it around till we figure out a solution. @@ -38,13 +35,6 @@ var ( notebookControllerContextDir = path.Join(ComponentName, notebookControllerPath) kfNotebookControllerContextDir = path.Join(ComponentName, kfNotebookControllerPath) notebookContextDir = path.Join(ComponentName, notebooksPath) - - serviceAccounts = map[cluster.Platform][]string{ - cluster.SelfManagedRhoai: {nbcServiceAccountName}, - cluster.ManagedRhoai: {nbcServiceAccountName}, - cluster.OpenDataHub: {nbcServiceAccountName}, - cluster.Unknown: {nbcServiceAccountName}, - } ) // manifests for nbc in ODH and RHOAI + downstream use it for imageparams. diff --git a/pkg/controller/actions/security/actions.go b/pkg/controller/actions/security/actions.go deleted file mode 100644 index ad1d441796a..00000000000 --- a/pkg/controller/actions/security/actions.go +++ /dev/null @@ -1,26 +0,0 @@ -package security - -import ( - "context" - "fmt" - - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/types" -) - -func NewUpdatePodSecurityRoleBindingAction(roles map[cluster.Platform][]string) actions.Fn { - return func(ctx context.Context, rr *types.ReconciliationRequest) error { - v := roles[rr.Release.Name] - if len(v) == 0 { - return nil - } - - err := cluster.UpdatePodSecurityRolebinding(ctx, rr.Client, rr.DSCI.Spec.ApplicationsNamespace, v...) - if err != nil { - return fmt.Errorf("failed to update PodSecurityRolebinding for %s: %w", v, err) - } - - return nil - } -} diff --git a/pkg/controller/actions/security/actions_test.go b/pkg/controller/actions/security/actions_test.go deleted file mode 100644 index bb72feda9bc..00000000000 --- a/pkg/controller/actions/security/actions_test.go +++ /dev/null @@ -1,78 +0,0 @@ -package security_test - -import ( - "context" - "testing" - - "github.com/rs/xid" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/controller-runtime/pkg/client" - - dsciv1 "github.com/opendatahub-io/opendatahub-operator/v2/apis/dscinitialization/v1" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster/gvk" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/actions/security" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/types" - "github.com/opendatahub-io/opendatahub-operator/v2/pkg/utils/test/fakeclient" - - . "github.com/onsi/gomega" -) - -func TestUpdatePodSecurityRoleBindingAction(t *testing.T) { - t.Parallel() - - ctx := context.Background() - - m := map[cluster.Platform][]string{ - cluster.OpenDataHub: {"odh-dashboard"}, - cluster.SelfManagedRhoai: {"rhods-dashboard"}, - cluster.ManagedRhoai: {"rhods-dashboard", "fake-account"}, - } - - action := security.NewUpdatePodSecurityRoleBindingAction(m) - - for p, s := range m { - k := p - vl := s - - t.Run(string(k), func(t *testing.T) { - t.Parallel() - - g := NewWithT(t) - ns := xid.New().String() - - cl, err := fakeclient.New( - &rbacv1.RoleBinding{ - TypeMeta: metav1.TypeMeta{ - APIVersion: gvk.RoleBinding.GroupVersion().String(), - Kind: gvk.RoleBinding.Kind, - }, - ObjectMeta: metav1.ObjectMeta{ - Name: ns, - Namespace: ns, - }, - }, - ) - - g.Expect(err).ShouldNot(HaveOccurred()) - - err = action(ctx, &types.ReconciliationRequest{ - Client: cl, - Instance: nil, - DSCI: &dsciv1.DSCInitialization{Spec: dsciv1.DSCInitializationSpec{ApplicationsNamespace: ns}}, - Release: cluster.Release{Name: k}, - }) - - g.Expect(err).ShouldNot(HaveOccurred()) - - rb := rbacv1.RoleBinding{} - err = cl.Get(ctx, client.ObjectKey{Namespace: ns, Name: ns}, &rb) - - g.Expect(err).ShouldNot(HaveOccurred()) - for _, v := range vl { - g.Expect(cluster.SubjectExistInRoleBinding(rb.Subjects, v, ns)).Should(BeTrue()) - } - }) - } -}