Merge pull request #389 from periklis/revert-bz1803196

Bug 1807739:  Revert "Bug 1803196: Move shared config map to openshift-config-managed NS"

Makefile

@@ -18,7 +18,6 @@ MAIN_PKG=cmd/manager/main.go
 export OCP_VERSION?=$(shell basename $(shell find manifests/  -maxdepth 1  -not -name manifests -type d))
 export CSV_FILE=$(CURDIR)/manifests/$(OCP_VERSION)/cluster-logging.v$(OCP_VERSION).0.clusterserviceversion.yaml
 export NAMESPACE?=openshift-logging
-export MANAGED_CONFIG_NAMESPACE?=openshift-config-managed
 export EO_CSV_FILE=$(CURDIR)/vendor/github.com/openshift/elasticsearch-operator/manifests/$(OCP_VERSION)/elasticsearch-operator.v$(OCP_VERSION).0.clusterserviceversion.yaml
 
 FLUENTD_IMAGE?=quay.io/openshift/origin-logging-fluentd:latest

hack/testing/assertions

@@ -1,21 +1,16 @@
 #!/bin/bash
 source "$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )/utils"
 assert_resources_exist(){
-    # verify deployments -- kibana, curator
-    try_until_success "oc -n $NAMESPACE get deployment kibana" "${TIMEOUT_MIN}"
+	# verify deployments -- kibana, curator
+	try_until_success "oc -n $NAMESPACE get deployment kibana" ${TIMEOUT_MIN}	
 
-    # verify cron
-    try_until_success "oc -n $NAMESPACE get cronjob curator" "${TIMEOUT_MIN}"
+	# verify cron
+	try_until_success "oc -n $NAMESPACE get cronjob curator" ${TIMEOUT_MIN}
 
-    # verify DS
-    try_until_success "oc -n $NAMESPACE get ds fluentd" "${TIMEOUT_MIN}"
+	# verify DS
+	try_until_success "oc -n $NAMESPACE get ds fluentd" ${TIMEOUT_MIN}
 
-    # verify ER
-    try_until_success "oc -n $NAMESPACE get elasticsearch elasticsearch" "${TIMEOUT_MIN}"
+	# verify ER
+	try_until_success "oc -n $NAMESPACE get elasticsearch elasticsearch" ${TIMEOUT_MIN}
 
 }
-
-assert_kibana_shared_config_exist() {
-    # verify kibana shared config map
-    try_until_success "oc -n $MANAGED_CONFIG_NAMESPACE get configmap logging-shared-config" "${TIMEOUT_MIN}"
-}

hack/testing/test-010-deploy-via-olm-minimal.sh

@@ -5,9 +5,8 @@
 
 set -e
 
-source "$(dirname "${BASH_SOURCE[0]}")/../lib/init.sh"
-source "$(dirname "${BASH_SOURCE[0]}")/assertions"
-source "$(dirname "${BASH_SOURCE[0]}")/utils"
+source "$(dirname "${BASH_SOURCE[0]}" )/../lib/init.sh"
+source "$(dirname $0)/assertions"
 
 os::test::junit::declare_suite_start "${BASH_SOURCE[0]}"
 
@@ -27,8 +26,6 @@ cleanup(){
   oc delete ns ${NAMESPACE} --wait=true --ignore-not-found
   oc delete crd elasticsearches.logging.openshift.io --wait=false --ignore-not-found
   os::cmd::try_until_failure "oc get project ${NAMESPACE}" "$((1 * $minute))"
-
-  cleanup_olm_catalog_unsupported_resources
 
   os::cleanup::all "${return_code}"
 
@@ -51,8 +48,6 @@ oc create ns ${NAMESPACE} || :
 eo_version=$(basename $(find  ${repo_dir}/vendor/github.com/openshift/elasticsearch-operator/manifests -type d | sort -r | head -n 1))
 os::cmd::expect_success "oc create -f ${repo_dir}/vendor/github.com/openshift/elasticsearch-operator/manifests/${eo_version}/elasticsearches.crd.yaml"
 
-# Create static cluster roles and rolebindings
-deploy_olm_catalog_unsupported_resources
 
 os::log::info "Deploying operator from ${manifest}"
 NAMESPACE=${NAMESPACE} \
@@ -70,15 +65,10 @@ fi
 
 TIMEOUT_MIN=$((2 * $minute))
 
-# verify metrics rbac
-# extra resources not support for ConfigMap based catalogs for now.
-os::cmd::expect_success "oc get clusterrole clusterlogging-collector-metrics"
-os::cmd::expect_success "oc get clusterrolebinding clusterlogging-collector-metrics"
-
-# verify shared config rbac
-# extra resources not support for ConfigMap based catalogs for now.
-os::cmd::expect_success "oc -n ${MANAGED_CONFIG_NAMESPACE} get role clusterlogging-shared-config"
-os::cmd::expect_success "oc -n ${MANAGED_CONFIG_NAMESPACE} get rolebinding clusterlogging-shared-config"
+##verify metrics rbac
+# extra resources not support for ConfigMap based catelogs for now.
+#os::cmd::expect_success "oc get clusterrole clusterlogging-collector-metrics"
+#os::cmd::expect_success "oc get clusterrolebinding clusterlogging-collector-metrics"
 
 # wait for operator to be ready
 os::cmd::try_until_text "oc -n $NAMESPACE get deployment cluster-logging-operator -o jsonpath={.status.availableReplicas} --ignore-not-found" "1" ${TIMEOUT_MIN}
@@ -88,6 +78,3 @@ os::cmd::expect_success "oc -n $NAMESPACE create -f ${repo_dir}/hack/cr.yaml"
 
 # assert deployment
 assert_resources_exist
-
-# assert kibana shared config
-assert_kibana_shared_config_exist

hack/testing/test-020-olm-upgrade.sh

@@ -91,7 +91,6 @@ assert_resources_exist
 oc describe -n ${NAMESPACE} deployment/cluster-logging-operator > $ARTIFACT_DIR/cluster-logging-operator.describe.before_update 2>&1
 
 deploy_config_map_catalog_source $NAMESPACE ${repo_dir}/manifests "${IMAGE_CLUSTER_LOGGING_OPERATOR}"
-deploy_olm_catalog_unsupported_resources
 
 # patch subscription
 payload="{\"op\":\"replace\",\"path\":\"/spec/source\",\"value\":\"cluster-logging\"}"
@@ -105,8 +104,4 @@ try_until_text "oc -n openshift-logging get deployment cluster-logging-operator
 # verify operator is ready
 try_until_text "oc -n openshift-logging get deployment cluster-logging-operator -o jsonpath={.status.updatedReplicas} --ignore-not-found" "1" ${TIMEOUT_MIN}
 
-# assert deployment
 assert_resources_exist
-
-# assert kibana shared config
-assert_kibana_shared_config_exist

hack/testing/test-367-logforwarding.sh

@@ -71,7 +71,5 @@ for dir in $(ls -d $TEST_DIR); do
     oc delete $ns --ignore-not-found --force --grace-period=0||:
     try_until_failure "oc get $ns" "$((1 * $minute))"
   done
-
-  cleanup_olm_catalog_unsupported_resources
 done
 exit $failed

hack/testing/utils

@@ -111,17 +111,11 @@ deploy_olm_catalog_unsupported_resources(){
     # Create static cluster roles and rolebindings
     oc create -f ${manifest}/$version/0100_clusterroles.yaml ||:
     oc create -f ${manifest}/$version/0110_clusterrolebindings.yaml ||:
-
-    # Create static cluster roles and rolebindings
-    oc create -f ${manifest}/$version/0200_roles.yaml ||:
-    oc create -f ${manifest}/$version/0210_rolebindings.yaml ||:
 }
 
 cleanup_olm_catalog_unsupported_resources(){
     oc delete clusterrolebinding clusterlogging-collector-metrics --wait=false --ignore-not-found
     oc delete clusterrole clusterlogging-collector-metrics --wait=false --ignore-not-found
-    oc -n "${MANAGED_CONFIG_NAMESPACE}" delete role clusterlogging-shared-config
-    oc -n "${MANAGED_CONFIG_NAMESPACE}" delete rolebinding clusterlogging-shared-config
 }
 
 deploy_marketplace_operator(){
@@ -262,8 +256,6 @@ function deploy_clusterlogging_operator() {
         -e "/name: FLUENTD_IMAGE/,/value:/s,value:.*\$,value: ${f_img}," \
         -e "/name: OAUTH_PROXY_IMAGE/,/value:/s,value:.*\$,value: ${op_img}," \
         -i $csv
-
-    deploy_olm_catalog_unsupported_resources
     deploy_operator "openshift-logging" "cluster-logging-operator" $manifest $IMAGE_CLUSTER_LOGGING_OPERATOR $((2 * $minute))
 }
 

manifests/4.5/0110_clusterrolebindings.yaml

@@ -9,4 +9,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: prometheus-k8s
-  namespace: openshift-monitoring
+  namespace: openshift-monitoring 

pkg/k8shandler/configmap.go

@@ -88,21 +88,12 @@ func (clusterRequest *ClusterLoggingRequest) createOrUpdateConfigMap(configMap *
 	return nil
 }
 
-//RemoveConfigMap with a given name and the cluster request namespace
+//RemoveConfigMap with a given name and namespace
 func (clusterRequest *ClusterLoggingRequest) RemoveConfigMap(configmapName string) error {
-	return clusterRequest.removeConfigMapFromNs(configmapName, clusterRequest.cluster.Namespace)
-}
-
-//RemoveSharedConfigMap with a given a name and a shared cluster namespace
-func (clusterRequest *ClusterLoggingRequest) RemoveSharedConfigMap(configMapName, namespace string) error {
-	return clusterRequest.removeConfigMapFromNs(configMapName, namespace)
-}
-
-func (clusterRequest *ClusterLoggingRequest) removeConfigMapFromNs(configmapName, namespace string) error {
 
 	configMap := NewConfigMap(
 		configmapName,
-		namespace,
+		clusterRequest.cluster.Namespace,
 		map[string]string{},
 	)
 

pkg/k8shandler/consoleexternalloglink.go

@@ -26,8 +26,8 @@ func NewConsoleExternalLogLink(resourceName, namespace, consoleText, hrefTemplat
 			},
 		},
 		Spec: consolev1.ConsoleExternalLogLinkSpec{
-			Text:            consoleText,
-			HrefTemplate:    hrefTemplate,
+			Text:         consoleText,
+			HrefTemplate: hrefTemplate,
 			NamespaceFilter: namespaceFilter,
 		},
 	}

pkg/k8shandler/visualization.go

@@ -29,12 +29,6 @@ const (
 	// The following strings are turned into JavaScript RegExps. Online tool to test them: https://regex101.com/
 	nodesAndContainersNamespaceFilter = "^(openshift-.*|kube-.*|openshift$|kube$|default$)"
 	appsNamespaceFilter               = "^((?!" + nodesAndContainersNamespaceFilter + ").)*$" // ^((?!^(openshift-.*|kube-.*|openshift$|kube$|default$)).)*$
-
-	loggingSharedConfigMapNamePre44x     = "sharing-config"
-	loggingSharedConfigRolePre44x        = "sharing-config-reader"
-	loggingSharedConfigRoleBindingPre44x = "openshift-logging-sharing-config-reader-binding"
-	loggingSharedConfigMapName           = "logging-shared-config"
-	loggingSharedConfigNs                = "openshift-config-managed"
 )
 
 var (
@@ -207,11 +201,7 @@ func (clusterRequest *ClusterLoggingRequest) removeKibana() (err error) {
 			return
 		}
 
-		if err = clusterRequest.RemoveConfigMap(loggingSharedConfigMapNamePre44x); err != nil {
-			return
-		}
-
-		if err = clusterRequest.RemoveSharedConfigMap(loggingSharedConfigMapName, loggingSharedConfigNs); err != nil {
+		if err = clusterRequest.RemoveConfigMap("sharing-config"); err != nil {
 			return
 		}
 
@@ -453,42 +443,56 @@ func (clusterRequest *ClusterLoggingRequest) createOrUpdateKibanaRoute() error {
 		}
 	}
 
-	if err := clusterRequest.createOrUpdateKibanaSharedConfigMap(); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (clusterRequest *ClusterLoggingRequest) createOrUpdateKibanaSharedConfigMap() error {
-	cluster := clusterRequest.cluster
-
 	kibanaURL, err := clusterRequest.GetRouteURL("kibana")
 	if err != nil {
 		return err
 	}
 
-	sharedConfig := createSharedConfig(loggingSharedConfigNs, kibanaURL, kibanaURL)
+	sharedConfig := createSharedConfig(cluster.Namespace, kibanaURL, kibanaURL)
 	utils.AddOwnerRefToObject(sharedConfig, utils.AsOwner(cluster))
 
-	err = clusterRequest.CreateOrUpdateConfigMap(sharedConfig)
+	err = clusterRequest.Create(sharedConfig)
 	if err != nil && !errors.IsAlreadyExists(err) {
 		return fmt.Errorf("Failure creating Kibana route shared config: %v", err)
 	}
 
-	oldSharedConfig := NewConfigMap(loggingSharedConfigMapNamePre44x, cluster.GetNamespace(), map[string]string{})
-	if err = clusterRequest.Delete(oldSharedConfig); err != nil && !errors.IsNotFound(err) {
-		return fmt.Errorf("Failure delete old Kibana route shared config for %q: %v", cluster.Name, err)
-	}
+	sharedRole := NewRole(
+		"sharing-config-reader",
+		cluster.Namespace,
+		NewPolicyRules(
+			NewPolicyRule(
+				[]string{""},
+				[]string{"configmaps"},
+				[]string{"sharing-config"},
+				[]string{"get"},
+			),
+		),
+	)
+
+	utils.AddOwnerRefToObject(sharedRole, utils.AsOwner(clusterRequest.cluster))
 
-	oldSharedRole := NewRole(loggingSharedConfigRolePre44x, cluster.GetNamespace(), nil)
-	if err = clusterRequest.Delete(oldSharedRole); err != nil && !errors.IsNotFound(err) {
-		return fmt.Errorf("Failure deleting old Kibana shared config role for %q: %v", cluster.Name, err)
+	err = clusterRequest.Create(sharedRole)
+	if err != nil && !errors.IsAlreadyExists(err) {
+		return fmt.Errorf("Failure creating Kibana route shared config role for %q: %v", cluster.Name, err)
 	}
 
-	oldSharedRoleBinding := NewRoleBinding(loggingSharedConfigRoleBindingPre44x, cluster.GetNamespace(), loggingSharedConfigRolePre44x, nil)
-	if err = clusterRequest.Delete(oldSharedRoleBinding); err != nil && !errors.IsNotFound(err) {
-		return fmt.Errorf("Failure deleting old Kibana shared config role binding for %q: %v", cluster.Name, err)
+	sharedRoleBinding := NewRoleBinding(
+		"openshift-logging-sharing-config-reader-binding",
+		cluster.Namespace,
+		"sharing-config-reader",
+		NewSubjects(
+			NewSubject(
+				"Group",
+				"system:authenticated",
+			),
+		),
+	)
+
+	utils.AddOwnerRefToObject(sharedRoleBinding, utils.AsOwner(clusterRequest.cluster))
+
+	err = clusterRequest.Create(sharedRoleBinding)
+	if err != nil && !errors.IsAlreadyExists(err) {
+		return fmt.Errorf("Failure creating Kibana route shared config role binding for %q: %v", cluster.Name, err)
 	}
 
 	return nil
@@ -807,13 +811,13 @@ func newKibanaPodSpec(cluster *logging.ClusterLogging, kibanaName string, elasti
 	return kibanaPodSpec
 }
 
-func createSharedConfig(namespace, kibanaAppPublicURL, kibanaInfraAppPublicURL string) *v1.ConfigMap {
+func createSharedConfig(namespace, kibanaAppURL, kibanaInfraURL string) *v1.ConfigMap {
 	return NewConfigMap(
-		loggingSharedConfigMapName,
+		"sharing-config",
 		namespace,
 		map[string]string{
-			"kibanaAppPublicURL":      kibanaAppPublicURL,
-			"kibanaInfraAppPublicURL": kibanaInfraAppPublicURL,
+			"kibanaAppURL":   kibanaAppURL,
+			"kibanaInfraURL": kibanaInfraURL,
 		},
 	)
 }