From 0014bc2aed77118431cde9ea1255c23e406697c1 Mon Sep 17 00:00:00 2001 From: chaunceyjiang Date: Mon, 20 Jun 2022 17:27:39 +0800 Subject: [PATCH] Propagate dependencies add support propagate ServiceAccount Signed-off-by: chaunceyjiang --- docs/userguide/propagate-dependencies.md | 2 +- .../defaultinterpreter/dependencies.go | 19 ++++++++++-- .../defaultinterpreter/dependencies_test.go | 29 +++++++++++++++++++ 3 files changed, 47 insertions(+), 3 deletions(-) diff --git a/docs/userguide/propagate-dependencies.md b/docs/userguide/propagate-dependencies.md index f954f2c83..271ed73af 100644 --- a/docs/userguide/propagate-dependencies.md +++ b/docs/userguide/propagate-dependencies.md @@ -1,5 +1,5 @@ # Propagate dependencies -Deployment, Job, Pod, DaemonSet and StatefulSet dependencies (ConfigMaps and Secrets) can be propagated to member +Deployment, Job, Pod, DaemonSet and StatefulSet dependencies (ConfigMaps, Secrets and ServiceAccounts) can be propagated to member clusters automatically. This document demonstrates how to use this feature. For more design details, please refer to [dependencies-automatically-propagation](../proposals/dependencies-automatically-propagation/README.md) diff --git a/pkg/resourceinterpreter/defaultinterpreter/dependencies.go b/pkg/resourceinterpreter/defaultinterpreter/dependencies.go index 3309d9f15..faaf8fca0 100644 --- a/pkg/resourceinterpreter/defaultinterpreter/dependencies.go +++ b/pkg/resourceinterpreter/defaultinterpreter/dependencies.go @@ -96,7 +96,7 @@ func getStatefulSetDependencies(object *unstructured.Unstructured) ([]configv1al func getDependenciesFromPodTemplate(podObj *corev1.Pod) ([]configv1alpha1.DependentObjectReference, error) { dependentConfigMaps := getConfigMapNames(podObj) dependentSecrets := getSecretNames(podObj) - + dependentSas := getServiceAccountNames(podObj) var dependentObjectRefs []configv1alpha1.DependentObjectReference for cm := range dependentConfigMaps { dependentObjectRefs = append(dependentObjectRefs, configv1alpha1.DependentObjectReference{ @@ -115,7 +115,14 @@ func getDependenciesFromPodTemplate(podObj *corev1.Pod) ([]configv1alpha1.Depend Name: secret, }) } - + for sa := range dependentSas { + dependentObjectRefs = append(dependentObjectRefs, configv1alpha1.DependentObjectReference{ + APIVersion: "v1", + Kind: "ServiceAccount", + Namespace: podObj.Namespace, + Name: sa, + }) + } return dependentObjectRefs, nil } @@ -128,6 +135,14 @@ func getSecretNames(pod *corev1.Pod) sets.String { return result } +func getServiceAccountNames(pod *corev1.Pod) sets.String { + result := sets.NewString() + if pod.Spec.ServiceAccountName != "" && pod.Spec.ServiceAccountName != "default" { + result.Insert(pod.Spec.ServiceAccountName) + } + return result +} + func getConfigMapNames(pod *corev1.Pod) sets.String { result := sets.NewString() lifted.VisitPodConfigmapNames(pod, func(name string) bool { diff --git a/pkg/resourceinterpreter/defaultinterpreter/dependencies_test.go b/pkg/resourceinterpreter/defaultinterpreter/dependencies_test.go index a15978376..8368338b6 100644 --- a/pkg/resourceinterpreter/defaultinterpreter/dependencies_test.go +++ b/pkg/resourceinterpreter/defaultinterpreter/dependencies_test.go @@ -158,3 +158,32 @@ func TestGetDependenciesFromPodTemplate(t *testing.T) { }) } } + +func Test_getServiceAccountNames(t *testing.T) { + type args struct { + pod *corev1.Pod + } + tests := []struct { + name string + args args + want sets.String + }{ + { + name: "get ServiceAccountName from pod ", + args: args{pod: &corev1.Pod{Spec: corev1.PodSpec{ServiceAccountName: "test"}}}, + want: sets.NewString("test"), + }, + { + name: "get default ServiceAccountName from pod ", + args: args{pod: &corev1.Pod{Spec: corev1.PodSpec{ServiceAccountName: "default"}}}, + want: sets.NewString(), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := getServiceAccountNames(tt.args.pod); !reflect.DeepEqual(got, tt.want) { + t.Errorf("getServiceAccountNames() = %v, want %v", got, tt.want) + } + }) + } +}