From 4cb837b7200233b307ccd505f29d32fa9dfc12a0 Mon Sep 17 00:00:00 2001
From: Derek Whatley <derekwhatley@gmail.com>
Date: Tue, 23 Apr 2019 16:45:46 -0400
Subject: [PATCH] Remove boilerplate RBAC, fix config structure for kustomize
 2.0

https://github.com/kubernetes-sigs/kubebuilder/issues/595#issuecomment-468471211
---
 config/default/kustomization.yaml             |  18 +---
 config/manager/kustomization.yaml             |   2 +
 config/rbac/kustomization.yaml                |   9 ++
 config/rbac/manager_role.yaml                 | 100 ------------------
 .../migcluster/migcluster_controller.go       |   2 -
 .../migmigration/migmigration_controller.go   |   3 -
 pkg/controller/migplan/migplan_controller.go  |   2 -
 .../migstage/migstage_controller.go           |   5 -
 .../migstorage/migstorage_controller.go       |   3 +-
 9 files changed, 15 insertions(+), 129 deletions(-)
 create mode 100644 config/manager/kustomization.yaml
 create mode 100644 config/rbac/kustomization.yaml

diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
index 6e60d1cc8..ed7779d2e 100644
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -12,21 +12,9 @@ namePrefix: mig-controller-
 #commonLabels:
 #  someName: someValue
 
-# Each entry in this list must resolve to an existing
-# resource definition in YAML.  These are the resource
-# files that kustomize reads, modifies and emits as a
-# YAML string, with resources separated by document
-# markers ("---").
-resources:
-- ../rbac/rbac_role.yaml
-- ../rbac/rbac_role_binding.yaml
-- ../manager/manager.yaml
-  # Comment the following 3 lines if you want to disable
-  # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-  # which protects your /metrics endpoint.
-- ../rbac/auth_proxy_service.yaml
-- ../rbac/auth_proxy_role.yaml
-- ../rbac/auth_proxy_role_binding.yaml
+bases:
+- ../rbac
+- ../manager
 
 patches:
 - manager_image_patch.yaml
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
new file mode 100644
index 000000000..5c5f0b84c
--- /dev/null
+++ b/config/manager/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+- manager.yaml
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
new file mode 100644
index 000000000..8c6d6a5b9
--- /dev/null
+++ b/config/rbac/kustomization.yaml
@@ -0,0 +1,9 @@
+resources:
+- rbac_role.yaml
+- rbac_role_binding.yaml
+  # Comment the following 3 lines if you want to disable
+  # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
+  # which protects your /metrics endpoint.
+- auth_proxy_service.yaml
+- auth_proxy_role.yaml
+- auth_proxy_role_binding.yaml
diff --git a/config/rbac/manager_role.yaml b/config/rbac/manager_role.yaml
index f7b6c6c9d..706556953 100644
--- a/config/rbac/manager_role.yaml
+++ b/config/rbac/manager_role.yaml
@@ -44,26 +44,6 @@ rules:
   - get
   - update
   - patch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps
-  resources:
-  - deployments/status
-  verbs:
-  - get
-  - update
-  - patch
 - apiGroups:
   - migration.openshift.io
   resources:
@@ -84,26 +64,6 @@ rules:
   - get
   - update
   - patch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps
-  resources:
-  - deployments/status
-  verbs:
-  - get
-  - update
-  - patch
 - apiGroups:
   - migration.openshift.io
   resources:
@@ -124,26 +84,6 @@ rules:
   - get
   - update
   - patch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps
-  resources:
-  - deployments/status
-  verbs:
-  - get
-  - update
-  - patch
 - apiGroups:
   - migration.openshift.io
   resources:
@@ -164,26 +104,6 @@ rules:
   - get
   - update
   - patch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps
-  resources:
-  - deployments/status
-  verbs:
-  - get
-  - update
-  - patch
 - apiGroups:
   - migration.openshift.io
   resources:
@@ -204,26 +124,6 @@ rules:
   - get
   - update
   - patch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps
-  resources:
-  - deployments/status
-  verbs:
-  - get
-  - update
-  - patch
 - apiGroups:
   - migration.openshift.io
   resources:
diff --git a/pkg/controller/migcluster/migcluster_controller.go b/pkg/controller/migcluster/migcluster_controller.go
index 62b630857..a77977e7d 100644
--- a/pkg/controller/migcluster/migcluster_controller.go
+++ b/pkg/controller/migcluster/migcluster_controller.go
@@ -111,8 +111,6 @@ type ReconcileMigCluster struct {
 
 // Reconcile reads that state of the cluster for a MigCluster object and makes changes based on the state read
 // and what is in the MigCluster.Spec
-// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migclusters,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migclusters/status,verbs=get;update;patch
 func (r *ReconcileMigCluster) Reconcile(request reconcile.Request) (reconcile.Result, error) {
diff --git a/pkg/controller/migmigration/migmigration_controller.go b/pkg/controller/migmigration/migmigration_controller.go
index 445e898be..a4c7888cb 100644
--- a/pkg/controller/migmigration/migmigration_controller.go
+++ b/pkg/controller/migmigration/migmigration_controller.go
@@ -88,9 +88,6 @@ type ReconcileMigMigration struct {
 }
 
 // Reconcile performs Migrations based on the data in MigMigration
-// Automatically generate RBAC rules to allow the Controller to read and write Deployments
-// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migmigrations,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migmigrations/status,verbs=get;update;patch
 func (r *ReconcileMigMigration) Reconcile(request reconcile.Request) (reconcile.Result, error) {
diff --git a/pkg/controller/migplan/migplan_controller.go b/pkg/controller/migplan/migplan_controller.go
index 1399ea774..f975ec991 100644
--- a/pkg/controller/migplan/migplan_controller.go
+++ b/pkg/controller/migplan/migplan_controller.go
@@ -114,8 +114,6 @@ type ReconcileMigPlan struct {
 }
 
 // Automatically generate RBAC rules to allow the Controller to read and write Deployments
-// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migplans,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migplans/status,verbs=get;update;patch
 func (r *ReconcileMigPlan) Reconcile(request reconcile.Request) (reconcile.Result, error) {
diff --git a/pkg/controller/migstage/migstage_controller.go b/pkg/controller/migstage/migstage_controller.go
index 7d4ab3a75..593754e75 100644
--- a/pkg/controller/migstage/migstage_controller.go
+++ b/pkg/controller/migstage/migstage_controller.go
@@ -105,11 +105,6 @@ type ReconcileMigStage struct {
 
 // Reconcile reads that state of the cluster for a MigStage object and makes changes based on the state read
 // and what is in the MigStage.Spec
-// TODO(user): Modify this Reconcile function to implement your Controller logic.  The scaffolding writes
-// a Deployment as an example
-// Automatically generate RBAC rules to allow the Controller to read and write Deployments
-// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migstages,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migstages/status,verbs=get;update;patch
 func (r *ReconcileMigStage) Reconcile(request reconcile.Request) (reconcile.Result, error) {
diff --git a/pkg/controller/migstorage/migstorage_controller.go b/pkg/controller/migstorage/migstorage_controller.go
index e73001080..33361b2c5 100644
--- a/pkg/controller/migstorage/migstorage_controller.go
+++ b/pkg/controller/migstorage/migstorage_controller.go
@@ -18,6 +18,7 @@ package migstorage
 
 import (
 	"context"
+
 	migapi "github.com/fusor/mig-controller/pkg/apis/migration/v1alpha1"
 	migref "github.com/fusor/mig-controller/pkg/reference"
 	kapi "k8s.io/api/core/v1"
@@ -92,8 +93,6 @@ type ReconcileMigStorage struct {
 }
 
 // Automatically generate RBAC rules to allow the Controller to read and write Deployments
-// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migstorages,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migstorages/status,verbs=get;update;patch
 func (r *ReconcileMigStorage) Reconcile(request reconcile.Request) (reconcile.Result, error) {