pkg/scaffold/role,pkg/operator-sdk/new.go: generate role rules from helm chart (#1188)

* pkg/scaffold/role.go: support adding custom rules
* pkg/scaffold/,commands/operator-sdk/new.go: generate role rules from helm chart
* internal/pkg/scaffold/helm/chart.go: fetch chart dependencies
* CHANGELOG.md,doc/helm/user-guide.md: include note about RBAC rule generation

Author: joelanford

CHANGELOG.md

@@ -4,6 +4,8 @@
 
 ### Changed
 
+- When Helm operator projects are created, the SDK now generates RBAC rules in `deploy/role.yaml` based on the chart's default manifest. ([#1188](https://github.com/operator-framework/operator-sdk/pull/1188))
+
 ### Deprecated
 
 ### Removed

Gopkg.lock

@@ -30,6 +30,7 @@ import (
 	"github.com/pkg/errors"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+	"sigs.k8s.io/controller-runtime/pkg/client/config"
 )
 
 func NewCmd() *cobra.Command {
@@ -281,6 +282,15 @@ func doHelmScaffold() error {
 	valuesPath := filepath.Join("<project_dir>", helm.HelmChartsDir, chart.GetMetadata().GetName(), "values.yaml")
 	crSpec := fmt.Sprintf("# Default values copied from %s\n\n%s", valuesPath, chart.GetValues().GetRaw())
 
+	k8sCfg, err := config.GetConfig()
+	if err != nil {
+		return fmt.Errorf("failed to get kubernetes config: %s", err)
+	}
+	roleScaffold, err := helm.CreateRoleScaffold(k8sCfg, chart, isClusterScoped)
+	if err != nil {
+		return fmt.Errorf("failed to generate role scaffold: %s", err)
+	}
+
 	s := &scaffold.Scaffold{}
 	err = s.Execute(cfg,
 		&helm.Dockerfile{},
@@ -289,7 +299,7 @@ func doHelmScaffold() error {
 			ChartName: chart.GetMetadata().GetName(),
 		},
 		&scaffold.ServiceAccount{},
-		&scaffold.Role{IsClusterScoped: isClusterScoped},
+		roleScaffold,
 		&scaffold.RoleBinding{IsClusterScoped: isClusterScoped},
 		&helm.Operator{IsClusterScoped: isClusterScoped},
 		&scaffold.CRD{Resource: resource},

cmd/operator-sdk/new/cmd.go

@@ -10,7 +10,7 @@ powered by Helm using tools and libraries provided by the Operator SDK.
 - [kubectl][kubectl_tool] version v1.11.3+.
 - [dep][dep_tool] version v0.5.0+. (Optional if you aren't installing from source)
 - [go][go_tool] version v1.10+. (Optional if you aren't installing from source)
-- Access to a Kubernetes v.1.11.3+ cluster.
+- Access to a Kubernetes v1.11.3+ cluster.
 
 **Note**: This guide uses [minikube][minikube_tool] version v0.25.0+ as the
 local Kubernetes cluster and [quay.io][quay_link] for the public registry.
@@ -53,6 +53,11 @@ This creates the nginx-operator project specifically for watching the
 Nginx resource with APIVersion `example.com/v1alpha1` and Kind
 `Nginx`.
 
+For Helm-based projects, `operator-sdk new` also generates the RBAC rules
+in `deploy/role.yaml` based on the resources that would be deployed by the
+chart's default manifest. Be sure to double check that the rules generated
+in `deploy/role.yaml` meet the operator's permission requirements.
+
 To learn more about the project directory structure, see the
 [project layout][layout_doc] doc.
 

doc/helm/user-guide.md

@@ -15,6 +15,7 @@
 package helm
 
 import (
+	"bytes"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -116,7 +117,7 @@ func CreateChart(projectDir string, opts CreateChartOptions) (*scaffold.Resource
 	chartsDir := filepath.Join(projectDir, HelmChartsDir)
 	err := os.MkdirAll(chartsDir, 0755)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("failed to create helm-charts directory: %s", err)
 	}
 
 	var (
@@ -128,13 +129,29 @@ func CreateChart(projectDir string, opts CreateChartOptions) (*scaffold.Resource
 	// from Helm's default template. Otherwise, fetch it.
 	if len(opts.Chart) == 0 {
 		r, c, err = scaffoldChart(chartsDir, opts.ResourceAPIVersion, opts.ResourceKind)
+		if err != nil {
+			return nil, nil, fmt.Errorf("failed to scaffold default chart: %s", err)
+		}
 	} else {
 		r, c, err = fetchChart(chartsDir, opts)
+		if err != nil {
+			return nil, nil, fmt.Errorf("failed to fetch chart: %s", err)
+		}
+	}
+
+	relChartPath := filepath.Join(HelmChartsDir, c.GetMetadata().GetName())
+	absChartPath := filepath.Join(projectDir, relChartPath)
+	if err := fetchChartDependencies(absChartPath); err != nil {
+		return nil, nil, fmt.Errorf("failed to fetch chart dependencies: %s", err)
 	}
+
+	// Reload chart in case dependencies changed
+	c, err = chartutil.Load(absChartPath)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("failed to load chart: %s", err)
 	}
-	log.Infof("Created %s/%s/", HelmChartsDir, c.GetMetadata().GetName())
+
+	log.Infof("Created %s", relChartPath)
 	return r, c, nil
 }
 
@@ -159,7 +176,7 @@ func scaffoldChart(destDir, apiVersion, kind string) (*scaffold.Resource, *chart
 		return nil, nil, err
 	}
 
-	chart, err := chartutil.LoadDir(chartPath)
+	chart, err := chartutil.Load(chartPath)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -198,17 +215,7 @@ func fetchChart(destDir string, opts CreateChartOptions) (*scaffold.Resource, *c
 }
 
 func createChartFromDisk(destDir, source string, isDir bool) (*chart.Chart, error) {
-	var (
-		chart *chart.Chart
-		err   error
-	)
-
-	// If source is a file or directory, attempt to load it
-	if isDir {
-		chart, err = chartutil.LoadDir(source)
-	} else {
-		chart, err = chartutil.LoadFile(source)
-	}
+	chart, err := chartutil.Load(source)
 	if err != nil {
 		return nil, err
 	}
@@ -265,3 +272,24 @@ func createChartFromRemote(destDir string, opts CreateChartOptions) (*chart.Char
 
 	return createChartFromDisk(destDir, chartArchive, false)
 }
+
+func fetchChartDependencies(chartPath string) error {
+	helmHome, ok := os.LookupEnv(environment.HomeEnvVar)
+	if !ok {
+		helmHome = environment.DefaultHelmHome
+	}
+	getters := getter.All(environment.EnvSettings{})
+
+	out := &bytes.Buffer{}
+	man := &downloader.Manager{
+		Out:       out,
+		ChartPath: chartPath,
+		HelmHome:  helmpath.Home(helmHome),
+		Getters:   getters,
+	}
+	if err := man.Build(); err != nil {
+		fmt.Println(out.String())
+		return err
+	}
+	return nil
+}