From 734f3b1065f02d2568dc6bdcc4b2f7f66c1ee053 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Thu, 21 Nov 2024 19:15:43 +0100 Subject: [PATCH 01/10] Use a patched version of op-rs to hopefully fix SUP-148 --- Cargo.lock | 8 ++++---- Cargo.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 44c7c69d..94b6865d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2212,8 +2212,8 @@ dependencies = [ [[package]] name = "stackable-operator" -version = "0.80.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#6fbe32300b60f95e0baa2ab0ff2daf961b06531c" +version = "0.81.0" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#ad2dd708836428942058ac72b225fa27ea130fc4" dependencies = [ "chrono", "clap", @@ -2251,7 +2251,7 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#6fbe32300b60f95e0baa2ab0ff2daf961b06531c" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#ad2dd708836428942058ac72b225fa27ea130fc4" dependencies = [ "darling", "proc-macro2", @@ -2262,7 +2262,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.0.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#6fbe32300b60f95e0baa2ab0ff2daf961b06531c" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#ad2dd708836428942058ac72b225fa27ea130fc4" dependencies = [ "kube", "semver", diff --git a/Cargo.toml b/Cargo.toml index e670b12d..a235280c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,4 +30,4 @@ tracing-futures = { version = "0.2", features = ["futures-03"] } [patch."https://github.com/stackabletech/operator-rs.git"] #stackable-operator = { path = "../operator-rs/crates/stackable-operator" } -#stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" } +stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "fix/SUP-148" } From f7fd64d454fbb5dda8c5ee6bb030ae7b3631ac8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Fri, 22 Nov 2024 11:50:36 +0100 Subject: [PATCH 02/10] Update revision of op-rs pr --- Cargo.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 94b6865d..24483d50 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2213,7 +2213,7 @@ dependencies = [ [[package]] name = "stackable-operator" version = "0.81.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#ad2dd708836428942058ac72b225fa27ea130fc4" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#d04b987c75beecd5bc65d40a07084d9e991babf2" dependencies = [ "chrono", "clap", @@ -2251,7 +2251,7 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#ad2dd708836428942058ac72b225fa27ea130fc4" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#d04b987c75beecd5bc65d40a07084d9e991babf2" dependencies = [ "darling", "proc-macro2", @@ -2262,7 +2262,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.0.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#ad2dd708836428942058ac72b225fa27ea130fc4" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#d04b987c75beecd5bc65d40a07084d9e991babf2" dependencies = [ "kube", "semver", From b4b9232df4983bd6b5ba37eeb2c2162da98edfcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Fri, 22 Nov 2024 17:07:57 +0100 Subject: [PATCH 03/10] Make necessary changes to reflect now private fns in op-rs due. --- Cargo.lock | 6 +++--- ...dfs_clusterrolebinding_nodes_controller.rs | 20 +++++++++++++++---- rust/operator-binary/src/hdfs_controller.rs | 10 +++++++--- 3 files changed, 26 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 24483d50..cd55b13e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2213,7 +2213,7 @@ dependencies = [ [[package]] name = "stackable-operator" version = "0.81.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#d04b987c75beecd5bc65d40a07084d9e991babf2" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#c219c2a0fd63ffac17738f9c869239f5772681cf" dependencies = [ "chrono", "clap", @@ -2251,7 +2251,7 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#d04b987c75beecd5bc65d40a07084d9e991babf2" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#c219c2a0fd63ffac17738f9c869239f5772681cf" dependencies = [ "darling", "proc-macro2", @@ -2262,7 +2262,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.0.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#d04b987c75beecd5bc65d40a07084d9e991babf2" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#c219c2a0fd63ffac17738f9c869239f5772681cf" dependencies = [ "kube", "semver", diff --git a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs index 797d9f39..469b2565 100644 --- a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs +++ b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs @@ -4,7 +4,7 @@ use stackable_hdfs_crd::{ HdfsCluster, }; use stackable_operator::{ - commons::rbac::service_account_name, + commons::rbac::build_rbac_resources, k8s_openapi::api::rbac::v1::{ClusterRoleBinding, Subject}, kube::{ api::{Patch, PatchParams}, @@ -15,6 +15,7 @@ use stackable_operator::{ }, Api, Client, }, + kvp::Labels, }; use tracing::{error, info}; @@ -41,16 +42,27 @@ pub async fn reconcile( ) } } + // Build a list of SubjectRef objects for all deployed HdfsClusters. // To do this we only need the metadata for that, as we only really // need name and namespace of the objects let subjects: Vec = store .state() .into_iter() - .map(|object| object.metadata.clone()) - .map(|meta| Subject { + .map(|object| { + ( + object.metadata.clone(), + build_rbac_resources(&*object, APP_NAME, Labels::default()) + .expect("failed to get serviceAccount for object") + .0 + .metadata + .name + .unwrap(), + ) + }) + .map(|(meta, sa_name)| Subject { kind: "ServiceAccount".to_string(), - name: service_account_name(APP_NAME), + name: sa_name, namespace: meta.namespace.clone(), ..Subject::default() }) diff --git a/rust/operator-binary/src/hdfs_controller.rs b/rust/operator-binary/src/hdfs_controller.rs index bb72c1c6..9fad3726 100644 --- a/rust/operator-binary/src/hdfs_controller.rs +++ b/rust/operator-binary/src/hdfs_controller.rs @@ -19,7 +19,7 @@ use stackable_operator::{ cluster_resources::{ClusterResourceApplyStrategy, ClusterResources}, commons::{ product_image_selection::ResolvedProductImage, - rbac::{build_rbac_resources, service_account_name}, + rbac::build_rbac_resources, }, iter::reverse_if, k8s_openapi::{ @@ -50,6 +50,7 @@ use stackable_operator::{ time::Duration, utils::cluster_info::KubernetesClusterInfo, }; +use stackable_operator::k8s_openapi::api::core::v1::ServiceAccount; use strum::{EnumDiscriminants, IntoEnumIterator, IntoStaticStr}; use stackable_hdfs_crd::{ @@ -326,7 +327,8 @@ pub async fn reconcile_hdfs( .context(BuildRbacResourcesSnafu)?; cluster_resources - .add(client, rbac_sa) + // We clone here because we need to use rbac_sa further down + .add(client, rbac_sa.clone()) .await .context(ApplyServiceAccountSnafu)?; cluster_resources @@ -434,6 +436,7 @@ pub async fn reconcile_hdfs( env_overrides, &merged_config, &namenode_podrefs, + &rbac_sa )?; let rg_service_name = rg_service.name_any(); @@ -818,6 +821,7 @@ fn rolegroup_statefulset( env_overrides: Option<&BTreeMap>, merged_config: &AnyNodeConfig, namenode_podrefs: &[HdfsPodRef], + service_account: &ServiceAccount, ) -> HdfsOperatorResult { tracing::info!("Setting up StatefulSet for {:?}", rolegroup_ref); @@ -837,7 +841,7 @@ fn rolegroup_statefulset( pb.metadata(pb_metadata) .image_pull_secrets_from_product_image(resolved_product_image) .affinity(&merged_config.affinity) - .service_account_name(service_account_name(APP_NAME)) + .service_account_name(service_account.name_any()) .security_context( PodSecurityContextBuilder::new() .run_as_user(HDFS_UID) From eec75abbc81381bcfe1ea48f0e020b382f9bdf35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Sun, 24 Nov 2024 17:34:13 +0100 Subject: [PATCH 04/10] Added changelog entry. Removed patched op-rs version and referenced release 0.82 --- CHANGELOG.md | 3 +++ Cargo.lock | 8 ++++---- Cargo.toml | 6 +++--- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b4e93130..2e67996b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,10 +20,13 @@ All notable changes to this project will be documented in this file. ### Fixed - An invalid `HdfsCluster` doesn't cause the operator to stop functioning ([#594]). +- BREAKING: Use distinct ServiceAccounts for the Stacklets, so that multiple Stacklets can be deployed in one namespace. Existing Stacklets will use the newly created ServiceAccounts after restart ([#616]). + [#574]: https://github.com/stackabletech/hdfs-operator/pull/574 [#591]: https://github.com/stackabletech/hdfs-operator/pull/591 [#594]: https://github.com/stackabletech/hdfs-operator/pull/594 +[#616]: https://github.com/stackabletech/hdfs-operator/pull/616 ## [24.7.0] - 2024-07-24 diff --git a/Cargo.lock b/Cargo.lock index cd55b13e..789f13e8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2212,8 +2212,8 @@ dependencies = [ [[package]] name = "stackable-operator" -version = "0.81.0" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#c219c2a0fd63ffac17738f9c869239f5772681cf" +version = "0.82.0" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.82.0#415bbd031bd52e9c0c5392060235030e9930b46b" dependencies = [ "chrono", "clap", @@ -2251,7 +2251,7 @@ dependencies = [ [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#c219c2a0fd63ffac17738f9c869239f5772681cf" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.82.0#415bbd031bd52e9c0c5392060235030e9930b46b" dependencies = [ "darling", "proc-macro2", @@ -2262,7 +2262,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.0.1" -source = "git+https://github.com/stackabletech//operator-rs.git?branch=fix/SUP-148#c219c2a0fd63ffac17738f9c869239f5772681cf" +source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.82.0#415bbd031bd52e9c0c5392060235030e9930b46b" dependencies = [ "kube", "semver", diff --git a/Cargo.toml b/Cargo.toml index a235280c..a9434f35 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,13 +21,13 @@ serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" serde_yaml = "0.9" snafu = "0.8" -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.80.0" } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.82.0" } product-config = { git = "https://github.com/stackabletech/product-config.git", tag = "0.7.0" } strum = { version = "0.26", features = ["derive"] } tokio = { version = "1.40", features = ["full"] } tracing = "0.1" tracing-futures = { version = "0.2", features = ["futures-03"] } -[patch."https://github.com/stackabletech/operator-rs.git"] +#[patch."https://github.com/stackabletech/operator-rs.git"] #stackable-operator = { path = "../operator-rs/crates/stackable-operator" } -stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "fix/SUP-148" } +#stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "fix/SUP-148" } From 2e8455498391b24d456b2cb93ac2a9b3dee84922 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Sun, 24 Nov 2024 22:45:05 +0100 Subject: [PATCH 05/10] rustfmt --- rust/operator-binary/src/hdfs_controller.rs | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/rust/operator-binary/src/hdfs_controller.rs b/rust/operator-binary/src/hdfs_controller.rs index 9fad3726..0862bba2 100644 --- a/rust/operator-binary/src/hdfs_controller.rs +++ b/rust/operator-binary/src/hdfs_controller.rs @@ -9,6 +9,7 @@ use product_config::{ ProductConfigManager, }; use snafu::{OptionExt, ResultExt, Snafu}; +use stackable_operator::k8s_openapi::api::core::v1::ServiceAccount; use stackable_operator::{ builder::{ configmap::ConfigMapBuilder, @@ -17,10 +18,7 @@ use stackable_operator::{ }, client::Client, cluster_resources::{ClusterResourceApplyStrategy, ClusterResources}, - commons::{ - product_image_selection::ResolvedProductImage, - rbac::build_rbac_resources, - }, + commons::{product_image_selection::ResolvedProductImage, rbac::build_rbac_resources}, iter::reverse_if, k8s_openapi::{ api::{ @@ -50,7 +48,6 @@ use stackable_operator::{ time::Duration, utils::cluster_info::KubernetesClusterInfo, }; -use stackable_operator::k8s_openapi::api::core::v1::ServiceAccount; use strum::{EnumDiscriminants, IntoEnumIterator, IntoStaticStr}; use stackable_hdfs_crd::{ @@ -436,7 +433,7 @@ pub async fn reconcile_hdfs( env_overrides, &merged_config, &namenode_podrefs, - &rbac_sa + &rbac_sa, )?; let rg_service_name = rg_service.name_any(); From bdb93eb270c1ae96ac9a7476d623f081955b7f8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Mon, 25 Nov 2024 10:38:30 +0100 Subject: [PATCH 06/10] Removed use of unwrap and expect in favor of proper error logging. --- ...dfs_clusterrolebinding_nodes_controller.rs | 32 +++++++++++++------ 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs index 469b2565..1cc606e7 100644 --- a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs +++ b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs @@ -3,6 +3,7 @@ use stackable_hdfs_crd::{ constants::{APP_NAME, FIELD_MANAGER_SCOPE}, HdfsCluster, }; +use stackable_operator::kube::ResourceExt; use stackable_operator::{ commons::rbac::build_rbac_resources, k8s_openapi::api::rbac::v1::{ClusterRoleBinding, Subject}, @@ -49,16 +50,27 @@ pub async fn reconcile( let subjects: Vec = store .state() .into_iter() - .map(|object| { - ( - object.metadata.clone(), - build_rbac_resources(&*object, APP_NAME, Labels::default()) - .expect("failed to get serviceAccount for object") - .0 - .metadata - .name - .unwrap(), - ) + .filter_map(|object| { + // The call to 'build_rbac_resources' can fail, so we + // use filter_map here, log an error for any failures and keep + // going with all the non-broken elements + // Usually we'd rather opt for failing completely here, but in this specific instance + // this could mean that one broken cluster somewhere could impact other working clusters + // within the namespace, so we opted for doing everything we can here, instead of failing + // completely. + match build_rbac_resources(&*object, APP_NAME, Labels::default()) { + Ok((service_account, _role_binding)) => { + Some((object.metadata.clone(), service_account.name_any())) + } + Err(e) => { + error!( + ?object, + ?e, + "Failed to build serviceAccount name for hdfs cluster" + ); + None + } + } }) .map(|(meta, sa_name)| Subject { kind: "ServiceAccount".to_string(), From 51c8fc3c5395071c8b51ee203738ff5853dedfbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Mon, 25 Nov 2024 11:00:03 +0100 Subject: [PATCH 07/10] Added legacy serviceAccount name to clusterrolebinding. --- ...dfs_clusterrolebinding_nodes_controller.rs | 27 +++++++++++++++---- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs index 1cc606e7..65afc4a7 100644 --- a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs +++ b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs @@ -72,12 +72,29 @@ pub async fn reconcile( } } }) - .map(|(meta, sa_name)| Subject { - kind: "ServiceAccount".to_string(), - name: sa_name, - namespace: meta.namespace.clone(), - ..Subject::default() + .map(|(meta, sa_name)| { + vec![ + Subject { + kind: "ServiceAccount".to_string(), + name: sa_name, + namespace: meta.namespace.clone(), + ..Subject::default() + }, + // This extra Serviceaccount is being written for legacy/compatibility purposes + // to ensure that running clusters don't lose access to anything during an upgrade + // of the Stackable operators, this code can be removed in later releases + // The value is hardcoded here, as we have removed access to the private fns that + // would have built it, since this is a known target though, and will be removed soon + // this should not be an issue. + Subject { + kind: "ServiceAccount".to_string(), + name: "hdfs-serviceaccount".to_string(), + namespace: meta.namespace.clone(), + ..Subject::default() + }, + ] }) + .flat_map(|vec| vec.into_iter()) .collect(); let patch = Patch::Apply(json!({ From bbaa5fc04f5908a4e94af9dab539bd8def999d34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Mon, 25 Nov 2024 11:17:31 +0100 Subject: [PATCH 08/10] Added removal of duplicate roleBindings in case a cluster is called hdfs. --- Cargo.nix | 14 +++++++------- crate-hashes.json | 6 +++--- .../hdfs_clusterrolebinding_nodes_controller.rs | 10 ++++++++-- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/Cargo.nix b/Cargo.nix index 9e2eb5a9..c01b2ea7 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -6837,13 +6837,13 @@ rec { }; "stackable-operator" = rec { crateName = "stackable-operator"; - version = "0.80.0"; + version = "0.82.0"; edition = "2021"; workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "6fbe32300b60f95e0baa2ab0ff2daf961b06531c"; - sha256 = "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3"; + rev = "415bbd031bd52e9c0c5392060235030e9930b46b"; + sha256 = "0phasjwb64rxgn5hs8vks92icmx9255bd5v9dms280clrfpcg4hy"; }; libName = "stackable_operator"; authors = [ @@ -7000,8 +7000,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "6fbe32300b60f95e0baa2ab0ff2daf961b06531c"; - sha256 = "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3"; + rev = "415bbd031bd52e9c0c5392060235030e9930b46b"; + sha256 = "0phasjwb64rxgn5hs8vks92icmx9255bd5v9dms280clrfpcg4hy"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -7035,8 +7035,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/operator-rs.git"; - rev = "6fbe32300b60f95e0baa2ab0ff2daf961b06531c"; - sha256 = "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3"; + rev = "415bbd031bd52e9c0c5392060235030e9930b46b"; + sha256 = "0phasjwb64rxgn5hs8vks92icmx9255bd5v9dms280clrfpcg4hy"; }; libName = "stackable_shared"; authors = [ diff --git a/crate-hashes.json b/crate-hashes.json index 562fb18b..0ca37e6e 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -1,6 +1,6 @@ { - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#stackable-operator-derive@0.3.1": "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#stackable-operator@0.80.0": "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.80.0#stackable-shared@0.0.1": "16jrq3wdwz63210jgmqbx3snrr15wxw6l1smqhzv7b7jpq8qvya3", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.82.0#stackable-operator-derive@0.3.1": "0phasjwb64rxgn5hs8vks92icmx9255bd5v9dms280clrfpcg4hy", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.82.0#stackable-operator@0.82.0": "0phasjwb64rxgn5hs8vks92icmx9255bd5v9dms280clrfpcg4hy", + "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.82.0#stackable-shared@0.0.1": "0phasjwb64rxgn5hs8vks92icmx9255bd5v9dms280clrfpcg4hy", "git+https://github.com/stackabletech/product-config.git?tag=0.7.0#product-config@0.7.0": "0gjsm80g6r75pm3824dcyiz4ysq1ka4c1if6k1mjm9cnd5ym0gny" } \ No newline at end of file diff --git a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs index 65afc4a7..f8423453 100644 --- a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs +++ b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs @@ -73,7 +73,7 @@ pub async fn reconcile( } }) .map(|(meta, sa_name)| { - vec![ + let mut result = vec![ Subject { kind: "ServiceAccount".to_string(), name: sa_name, @@ -92,7 +92,13 @@ pub async fn reconcile( namespace: meta.namespace.clone(), ..Subject::default() }, - ] + ]; + // If a cluster is called hdfs this would result in the same subject + // being written twicex. + // Since we know this vec only contains two elements we can use dedup for + // simply removing this duplicate. + result.dedup(); + result }) .flat_map(|vec| vec.into_iter()) .collect(); From 3ae19c3a581027e62ae4bb4e5e5e072bf78f6214 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Mon, 25 Nov 2024 12:26:33 +0100 Subject: [PATCH 09/10] Addressed review comments. --- Cargo.toml | 2 +- .../src/hdfs_clusterrolebinding_nodes_controller.rs | 5 ++--- rust/operator-binary/src/hdfs_controller.rs | 1 - 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index a9434f35..f5e32b48 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,4 +30,4 @@ tracing-futures = { version = "0.2", features = ["futures-03"] } #[patch."https://github.com/stackabletech/operator-rs.git"] #stackable-operator = { path = "../operator-rs/crates/stackable-operator" } -#stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "fix/SUP-148" } +#stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" } diff --git a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs index f8423453..93e57ee1 100644 --- a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs +++ b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs @@ -65,14 +65,14 @@ pub async fn reconcile( Err(e) => { error!( ?object, - ?e, + error = &e as &dyn std::error::Error, "Failed to build serviceAccount name for hdfs cluster" ); None } } }) - .map(|(meta, sa_name)| { + .flat_map(|(meta, sa_name)| { let mut result = vec![ Subject { kind: "ServiceAccount".to_string(), @@ -100,7 +100,6 @@ pub async fn reconcile( result.dedup(); result }) - .flat_map(|vec| vec.into_iter()) .collect(); let patch = Patch::Apply(json!({ diff --git a/rust/operator-binary/src/hdfs_controller.rs b/rust/operator-binary/src/hdfs_controller.rs index 0862bba2..fa0ed484 100644 --- a/rust/operator-binary/src/hdfs_controller.rs +++ b/rust/operator-binary/src/hdfs_controller.rs @@ -324,7 +324,6 @@ pub async fn reconcile_hdfs( .context(BuildRbacResourcesSnafu)?; cluster_resources - // We clone here because we need to use rbac_sa further down .add(client, rbac_sa.clone()) .await .context(ApplyServiceAccountSnafu)?; From 2fa631dac9d938fe788eef32703e8007242d8762 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Mon, 25 Nov 2024 14:09:49 +0100 Subject: [PATCH 10/10] markdownlint --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e67996b..e144e0e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,7 +22,6 @@ All notable changes to this project will be documented in this file. - An invalid `HdfsCluster` doesn't cause the operator to stop functioning ([#594]). - BREAKING: Use distinct ServiceAccounts for the Stacklets, so that multiple Stacklets can be deployed in one namespace. Existing Stacklets will use the newly created ServiceAccounts after restart ([#616]). - [#574]: https://github.com/stackabletech/hdfs-operator/pull/574 [#591]: https://github.com/stackabletech/hdfs-operator/pull/591 [#594]: https://github.com/stackabletech/hdfs-operator/pull/594