Skip to content

Commit ade171e

Browse files
GabriFedi97GabriFedi97
committed
fix: merge labels instead of replacing
Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
1 parent 9c2095f commit ade171e

1 file changed

Lines changed: 8 additions & 11 deletions

File tree

internal/cnpgi/operator/rbac/ensure.go

Lines changed: 8 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ func EnsureRoleRules(
9191
// the desired state.
9292
//
9393
// This function is called from the Pre hook (gRPC). It creates the RoleBinding
94-
// if it does not exist, otherwise it patches RoleRef, Subjects, and labels to match
94+
// if it does not exist, otherwise it patches Subjects and labels to match
9595
// the desired state.
9696
func EnsureRoleBinding(ctx context.Context, c client.Client, cluster *cnpgv1.Cluster) error {
9797
contextLogger := log.FromContext(ctx)
@@ -112,6 +112,7 @@ func EnsureRoleBinding(ctx context.Context, c client.Client, cluster *cnpgv1.Clu
112112
"namespace", desiredRoleBinding.Namespace)
113113
return c.Create(ctx, desiredRoleBinding)
114114
}
115+
return err
115116
}
116117

117118
if !roleBindingNeedsUpdate(roleBinding, desiredRoleBinding) {
@@ -122,8 +123,12 @@ func EnsureRoleBinding(ctx context.Context, c client.Client, cluster *cnpgv1.Clu
122123
"name", roleBinding.Name, "namespace", roleBinding.Namespace)
123124

124125
oldRoleBinding := roleBinding.DeepCopy()
125-
roleBinding.Labels = desiredRoleBinding.Labels
126-
roleBinding.RoleRef = desiredRoleBinding.RoleRef
126+
if roleBinding.Labels == nil {
127+
roleBinding.Labels = make(map[string]string, len(desiredRoleBinding.Labels))
128+
}
129+
for k, v := range desiredRoleBinding.Labels {
130+
roleBinding.Labels[k] = v
131+
}
127132
roleBinding.Subjects = desiredRoleBinding.Subjects
128133

129134
return c.Patch(ctx, roleBinding, client.MergeFrom(oldRoleBinding))
@@ -222,14 +227,6 @@ func labelsNeedUpdate(existing, desired map[string]string) bool {
222227
// roleBindingNeedsUpdate returns true if the existing RoleBinding's
223228
// RoleRef or Subjects differ from the desired, or if labels need update.
224229
func roleBindingNeedsUpdate(existing, desired *rbacv1.RoleBinding) bool {
225-
if existing == nil || desired == nil {
226-
return existing != desired
227-
}
228-
229-
if !equality.Semantic.DeepEqual(existing.RoleRef, desired.RoleRef) {
230-
return true
231-
}
232-
233230
if !equality.Semantic.DeepEqual(existing.Subjects, desired.Subjects) {
234231
return true
235232
}

0 commit comments

Comments
 (0)