From 0a04458a5d7e292d1765b1699e911f0b763d0158 Mon Sep 17 00:00:00 2001 From: Israel Blancas Date: Tue, 9 Apr 2024 11:23:30 +0200 Subject: [PATCH 1/4] Add replicaset resources by default Signed-off-by: Israel Blancas --- .../processor/processor_k8sattributes.go | 40 +++++++++---------- .../processor/processor_k8sattributes_test.go | 26 ++++-------- 2 files changed, 25 insertions(+), 41 deletions(-) diff --git a/internal/manifests/collector/parser/processor/processor_k8sattributes.go b/internal/manifests/collector/parser/processor/processor_k8sattributes.go index 3fcbfb0911..e0d1e9fb83 100644 --- a/internal/manifests/collector/parser/processor/processor_k8sattributes.go +++ b/internal/manifests/collector/parser/processor/processor_k8sattributes.go @@ -50,15 +50,24 @@ func (o *K8sAttributesParser) ParserName() string { } func (o *K8sAttributesParser) GetRBACRules() []rbacv1.PolicyRule { - var prs []rbacv1.PolicyRule - - // This one needs to be added always - policy := rbacv1.PolicyRule{ - APIGroups: []string{""}, - Resources: []string{"pods", "namespaces"}, - Verbs: []string{"get", "watch", "list"}, + // These policies need to be added always + var prs []rbacv1.PolicyRule = []rbacv1.PolicyRule{ + { + APIGroups: []string{""}, + Resources: []string{"pods", "namespaces"}, + Verbs: []string{"get", "watch", "list"}, + }, + { + APIGroups: []string{"apps"}, + Resources: []string{"replicasets"}, + Verbs: []string{"get", "watch", "list"}, + }, + { + APIGroups: []string{"extensions"}, + Resources: []string{"replicasets"}, + Verbs: []string{"get", "watch", "list"}, + }, } - prs = append(prs, policy) extractCfg, ok := o.config["extract"] if !ok { @@ -77,20 +86,7 @@ func (o *K8sAttributesParser) GetRBACRules() []rbacv1.PolicyRule { for _, m := range metadata { metadataField := fmt.Sprint(m) - if metadataField == "k8s.deployment.uid" || metadataField == "k8s.deployment.name" { - prs = append(prs, - rbacv1.PolicyRule{ - APIGroups: []string{"apps"}, - Resources: []string{"replicasets"}, - Verbs: []string{"get", "watch", "list"}, - }, - rbacv1.PolicyRule{ - APIGroups: []string{"extensions"}, - Resources: []string{"replicasets"}, - Verbs: []string{"get", "watch", "list"}, - }, - ) - } else if strings.Contains(metadataField, "k8s.node") { + if strings.Contains(metadataField, "k8s.node") { prs = append(prs, rbacv1.PolicyRule{ APIGroups: []string{""}, diff --git a/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go b/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go index 5b5c044bca..86b8cadfb7 100644 --- a/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go +++ b/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go @@ -34,23 +34,6 @@ func TestK8sAttributesRBAC(t *testing.T) { { name: "no extra parameters", config: nil, - expectedRules: []rbacv1.PolicyRule{ - { - APIGroups: []string{""}, - Resources: []string{"pods", "namespaces"}, - Verbs: []string{"get", "watch", "list"}, - }, - }, - }, - { - name: "extract k8s.deployment.uid", - config: map[interface{}]interface{}{ - "extract": map[interface{}]interface{}{ - "metadata": []interface{}{ - "k8s.deployment.uid", - }, - }, - }, expectedRules: []rbacv1.PolicyRule{ { APIGroups: []string{""}, @@ -70,11 +53,11 @@ func TestK8sAttributesRBAC(t *testing.T) { }, }, { - name: "extract k8s.deployment.name", + name: "extract k8s.node", config: map[interface{}]interface{}{ "extract": map[interface{}]interface{}{ "metadata": []interface{}{ - "k8s.deployment.name", + "k8s.node", }, }, }, @@ -94,6 +77,11 @@ func TestK8sAttributesRBAC(t *testing.T) { Resources: []string{"replicasets"}, Verbs: []string{"get", "watch", "list"}, }, + { + APIGroups: []string{""}, + Resources: []string{"nodes"}, + Verbs: []string{"get", "watch", "list"}, + }, }, }, } From bb1d4705e15f0228d90d23022e8cd88aac8dc03f Mon Sep 17 00:00:00 2001 From: Israel Blancas Date: Tue, 9 Apr 2024 11:24:59 +0200 Subject: [PATCH 2/4] Add missing changelog Signed-off-by: Israel Blancas --- .chloggen/bug_2823.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100755 .chloggen/bug_2823.yaml diff --git a/.chloggen/bug_2823.yaml b/.chloggen/bug_2823.yaml new file mode 100755 index 0000000000..e8465e9994 --- /dev/null +++ b/.chloggen/bug_2823.yaml @@ -0,0 +1,16 @@ +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: bug_fix + +# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action) +component: collector + +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: "Create automatically the RBAC permissions to manage replicasets when using the k8sattributesprocessor" + +# One or more tracking issues related to the change +issues: [] + +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: From 35c0a1e6af03667cfc07e1c1f2d82242594f1a59 Mon Sep 17 00:00:00 2001 From: Israel Blancas Date: Tue, 9 Apr 2024 18:56:10 +0200 Subject: [PATCH 3/4] Fix changelog Signed-off-by: Israel Blancas --- .chloggen/bug_2823.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.chloggen/bug_2823.yaml b/.chloggen/bug_2823.yaml index e8465e9994..290fa42991 100755 --- a/.chloggen/bug_2823.yaml +++ b/.chloggen/bug_2823.yaml @@ -8,7 +8,7 @@ component: collector note: "Create automatically the RBAC permissions to manage replicasets when using the k8sattributesprocessor" # One or more tracking issues related to the change -issues: [] +issues: [2823] # (Optional) One or more lines of additional information to render under the primary note. # These lines will be padded with 2 spaces and then inserted directly into the document. From 01c8c94f646db0ab9888286fd87b21d6693c8cc5 Mon Sep 17 00:00:00 2001 From: Israel Blancas Date: Wed, 10 Apr 2024 18:18:08 +0200 Subject: [PATCH 4/4] Remove not needed permissions Signed-off-by: Israel Blancas --- .../parser/processor/processor_k8sattributes.go | 5 ----- .../parser/processor/processor_k8sattributes_test.go | 10 ---------- 2 files changed, 15 deletions(-) diff --git a/internal/manifests/collector/parser/processor/processor_k8sattributes.go b/internal/manifests/collector/parser/processor/processor_k8sattributes.go index e0d1e9fb83..293411acbf 100644 --- a/internal/manifests/collector/parser/processor/processor_k8sattributes.go +++ b/internal/manifests/collector/parser/processor/processor_k8sattributes.go @@ -62,11 +62,6 @@ func (o *K8sAttributesParser) GetRBACRules() []rbacv1.PolicyRule { Resources: []string{"replicasets"}, Verbs: []string{"get", "watch", "list"}, }, - { - APIGroups: []string{"extensions"}, - Resources: []string{"replicasets"}, - Verbs: []string{"get", "watch", "list"}, - }, } extractCfg, ok := o.config["extract"] diff --git a/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go b/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go index 86b8cadfb7..c6328cc51f 100644 --- a/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go +++ b/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go @@ -45,11 +45,6 @@ func TestK8sAttributesRBAC(t *testing.T) { Resources: []string{"replicasets"}, Verbs: []string{"get", "watch", "list"}, }, - { - APIGroups: []string{"extensions"}, - Resources: []string{"replicasets"}, - Verbs: []string{"get", "watch", "list"}, - }, }, }, { @@ -72,11 +67,6 @@ func TestK8sAttributesRBAC(t *testing.T) { Resources: []string{"replicasets"}, Verbs: []string{"get", "watch", "list"}, }, - { - APIGroups: []string{"extensions"}, - Resources: []string{"replicasets"}, - Verbs: []string{"get", "watch", "list"}, - }, { APIGroups: []string{""}, Resources: []string{"nodes"},