Skip to content

[patch] Prepare Install RBAC Helper functions #266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
unnati-solanki-git wants to merge 5 commits into
base: stable
Choose a base branch
from
Draft

[patch] Prepare Install RBAC Helper functions #266

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
bfcd291
[patch] Prepare Install RBAC Helper functions
unnati-solanki-git Apr 12, 2026
36d2566
[patch] fix typo and argument
unnati-solanki-git Apr 12, 2026
918cd08
re-run jobs
unnati-solanki-git Apr 13, 2026
652bb5e
[patch] Fix resource arguments
unnati-solanki-git Apr 13, 2026
d138eef
Merge branch 'stable' into mascore-13212
unnati-solanki-git Apr 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions src/mas/devops/tekton.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -850,3 +850,59 @@ def launchAiServiceUpgradePipeline(dynClient: DynamicClient,

pipelineURL = f"{getConsoleURL(dynClient)}/k8s/ns/aiservice-{aiserviceInstanceId}-pipelines/tekton.dev~v1beta1~PipelineRun/{aiserviceInstanceId}-upgrade-{timestamp}"
return pipelineURL


def prepareInstallRBAC(dynClient: DynamicClient, namespace: str, instanceId: str, installRBACDir: str) -> None:
"""
Apply the minimal install RBAC bundle for a MAS instance.

The bundle is defined by the kustomization under cli/rbac/install and creates the install-user and install-pipeline service accounts
and their associated role bindings.

Parameters:
dynClient (DynamicClient): OpenShift Dynamic Client
instanceId (str): MAS instance ID used to render the RBAC templates
installRBACDir (str): Path to the directory containing the RBAC kustomization and templates

Returns:
None

Raises:
FileNotFoundError: If the RBAC bundle directory or kustomization file does not exists
"""
kustomizationFile = path.join(installRBACDir, "kustomization.yaml")
if not path.isfile(kustomizationFile):
logger.error(f"Cannot find kustomization file for install RBAC at {kustomizationFile}")
raise FileNotFoundError(f"Cannot find kustomization file for install RBAC at {kustomizationFile}")

with open(kustomizationFile, "r") as file:
kustomization = yaml.safe_load(file)

env = Environment()
for resourcePath in kustomization.get("resources", []):
manifestFile = path.join(installRBACDir, resourcePath)
if not path.isfile(manifestFile):
logger.error(f"Cannot find RBAC manifest file at {manifestFile}")
raise FileNotFoundError(f"Cannot find RBAC manifest file at {manifestFile}")

with open(manifestFile, "r") as file:
template = env.from_string(file.read())
renderedManifest = template.render(mas_instance_id=instanceId)
logger.debug(f"Applying RBAC manifest {manifestFile} for instance {instanceId}:\n{renderedManifest}")

for resourceBody in yaml.safe_load_all(renderedManifest):
if resourceBody is None:
continue

apiVersion = resourceBody["apiVersion"]
kind = resourceBody["kind"]
metadata = resourceBody.get("metadata", {})
name = metadata.get("name", "<unnamed>")
namespace = metadata.get("namespace")

logger.debug(f"Applying RBAC resource {kind}/{name} in namespace {namespace} for instance {instanceId}")
resourceAPI = dynClient.resources.get(api_version=apiVersion, kind=kind)
if namespace:
resourceAPI.apply(body=resourceBody, namespace=namespace)
else:
resourceAPI.apply(body=resourceBody)
Loading