chore: support NewUpdatePodSecurityRoleBindingAction with multiple se…

…rviceaccounts (#1358) Signed-off-by: Wen Zhou <wenzhou@redhat.com>
opendatahub-io · Nov 8, 2024 · 10197da · 10197da
1 parent f941791
commit 10197da
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 15 deletions.
diff --git a/controllers/components/dashboard/dashboard_support.go b/controllers/components/dashboard/dashboard_support.go
@@ -52,11 +52,11 @@ var (
 		cluster.Unknown:          PathUpstream,
 	}
 
-	serviceAccounts = map[cluster.Platform]string{
-		cluster.SelfManagedRhods: "rhods-dashboard",
-		cluster.ManagedRhods:     "rhods-dashboard",
-		cluster.OpenDataHub:      "odh-dashboard",
-		cluster.Unknown:          "odh-dashboard",
+	serviceAccounts = map[cluster.Platform][]string{
+		cluster.SelfManagedRhods: {"rhods-dashboard"},
+		cluster.ManagedRhods:     {"rhods-dashboard"},
+		cluster.OpenDataHub:      {"odh-dashboard"},
+		cluster.Unknown:          {"odh-dashboard"},
 	}
 
 	imagesMap = map[string]string{

diff --git a/pkg/controller/actions/security/actions.go b/pkg/controller/actions/security/actions.go
@@ -9,14 +9,14 @@ import (
 	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/controller/types"
 )
 
-func NewUpdatePodSecurityRoleBindingAction(roles map[cluster.Platform]string) actions.Fn {
+func NewUpdatePodSecurityRoleBindingAction(roles map[cluster.Platform][]string) actions.Fn {
 	return func(ctx context.Context, rr *types.ReconciliationRequest) error {
 		v := roles[rr.Release.Name]
-		if v == "" {
+		if len(v) == 0 {
 			return nil
 		}
 
-		err := cluster.UpdatePodSecurityRolebinding(ctx, rr.Client, rr.DSCI.Spec.ApplicationsNamespace, v)
+		err := cluster.UpdatePodSecurityRolebinding(ctx, rr.Client, rr.DSCI.Spec.ApplicationsNamespace, v...)
 		if err != nil {
 			return fmt.Errorf("failed to update PodSecurityRolebinding for %s: %w", v, err)
 		}

diff --git a/pkg/controller/actions/security/actions_test.go b/pkg/controller/actions/security/actions_test.go
@@ -25,18 +25,17 @@ func TestUpdatePodSecurityRoleBindingAction(t *testing.T) {
 
 	ctx := context.Background()
 
-	m := map[cluster.Platform]string{
-		cluster.Unknown:          "odh-dashboard",
-		cluster.OpenDataHub:      "odh-dashboard",
-		cluster.SelfManagedRhods: "rhods-dashboard",
-		cluster.ManagedRhods:     "rhods-dashboard",
+	m := map[cluster.Platform][]string{
+		cluster.OpenDataHub:      {"odh-dashboard"},
+		cluster.SelfManagedRhods: {"rhods-dashboard"},
+		cluster.ManagedRhods:     {"rhods-dashboard", "fake-account"},
 	}
 
 	action := security.NewUpdatePodSecurityRoleBindingAction(m)
 
 	for p, s := range m {
 		k := p
-		v := s
+		vl := s
 
 		t.Run(string(k), func(t *testing.T) {
 			t.Parallel()
@@ -74,7 +73,9 @@ func TestUpdatePodSecurityRoleBindingAction(t *testing.T) {
 			err = cl.Get(ctx, client.ObjectKey{Namespace: ns, Name: ns}, &rb)
 
 			g.Expect(err).ShouldNot(HaveOccurred())
-			g.Expect(cluster.SubjectExistInRoleBinding(rb.Subjects, v, ns)).Should(BeTrue())
+			for _, v := range vl {
+				g.Expect(cluster.SubjectExistInRoleBinding(rb.Subjects, v, ns)).Should(BeTrue())
+			}
 		})
 	}
 }