disable aws pipe for now

2023-07-10 03:22:29 +01:00 · 2023-07-10 03:22:29 +01:00 · 4128a154f6
parent 613d7cc1c1
commit 4128a154f6
4 changed files with 125 additions and 1 deletions
--- a/dist/index.js
+++ b/dist/index.js
@ -3261,6 +3261,7 @@ const kubernetes_service_account_1 = __importDefault(__nccwpck_require__(47319))
 const cloud_runner_logger_1 = __importDefault(__nccwpck_require__(42864));
 const cloud_runner_1 = __importDefault(__nccwpck_require__(79144));
 const remote_client_logger_1 = __nccwpck_require__(59412);
+const kubernetes_role_1 = __nccwpck_require__(88231);
 class Kubernetes {
    // eslint-disable-next-line no-unused-vars
    constructor(buildParameters) {
@ -3409,6 +3410,7 @@ class Kubernetes {
            try {
                const jobSpec = kubernetes_job_spec_factory_1.default.getJobSpec(commands, image, mountdir, workingdir, environment, secrets, this.buildGuid, this.buildParameters, this.secretName, this.pvcName, this.jobName, k8s, this.containerName);
                await new Promise((promise) => setTimeout(promise, 15000));
+                await kubernetes_role_1.KubernetesRole.createRole(this.serviceAccountName, this.namespace);
                const result = await this.kubeClientBatch.createNamespacedJob(this.namespace, jobSpec);
                cloud_runner_logger_1.default.log(`Build job created`);
                await new Promise((promise) => setTimeout(promise, 5000));
@ -3430,6 +3432,7 @@ class Kubernetes {
        try {
            await this.kubeClientBatch.deleteNamespacedJob(this.jobName, this.namespace);
            await this.kubeClient.deleteNamespacedPod(this.podName, this.namespace);
+            await kubernetes_role_1.KubernetesRole.deleteRole(this.serviceAccountName, this.namespace);
        }
        catch (error) {
            cloud_runner_logger_1.default.log(`Failed to cleanup`);
@ -3625,6 +3628,68 @@ class KubernetesPods {
 exports["default"] = KubernetesPods;


+/***/ }),
+
+/***/ 88231:
+/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
+
+"use strict";
+
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.KubernetesRole = void 0;
+const client_node_1 = __nccwpck_require__(89679);
+class KubernetesRole {
+    static async createRole(serviceAccountName, namespace) {
+        const rbac = new client_node_1.RbacAuthorizationV1Api();
+        // create admin kubernetes role and role binding
+        const roleBinding = {
+            apiVersion: 'rbac.authorization.k8s.io/v1',
+            kind: 'RoleBinding',
+            metadata: {
+                name: `${serviceAccountName}-admin`,
+                namespace,
+            },
+            subjects: [
+                {
+                    kind: 'ServiceAccount',
+                    name: serviceAccountName,
+                    namespace,
+                },
+            ],
+            roleRef: {
+                apiGroup: 'rbac.authorization.k8s.io',
+                kind: 'Role',
+                name: `${serviceAccountName}-admin`,
+            },
+        };
+        const role = {
+            apiVersion: 'rbac.authorization.k8s.io/v1',
+            kind: 'Role',
+            metadata: {
+                name: `${serviceAccountName}-admin`,
+                namespace,
+            },
+            rules: [
+                {
+                    apiGroups: ['*'],
+                    resources: ['*'],
+                    verbs: ['*'],
+                },
+            ],
+        };
+        const roleBindingResponse = await rbac.createNamespacedRoleBinding(namespace, roleBinding);
+        const roleResponse = await rbac.createNamespacedRole(namespace, role);
+        return { roleBindingResponse, roleResponse };
+    }
+    static async deleteRole(serviceAccountName, namespace) {
+        const rbac = new client_node_1.RbacAuthorizationV1Api();
+        await rbac.deleteNamespacedRoleBinding(`${serviceAccountName}-admin`, namespace);
+        await rbac.deleteNamespacedRole(`${serviceAccountName}-admin`, namespace);
+    }
+}
+exports.KubernetesRole = KubernetesRole;
+
+
 /***/ }),

 /***/ 95875:
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/src/model/cloud-runner/providers/k8s/index.ts
+++ b/src/model/cloud-runner/providers/k8s/index.ts
@ -15,6 +15,7 @@ import CloudRunner from '../../cloud-runner';
 import { ProviderResource } from '../provider-resource';
 import { ProviderWorkflow } from '../provider-workflow';
 import { RemoteClientLogger } from '../../remote-client/remote-client-logger';
+import { KubernetesRole } from './kubernetes-role';

 class Kubernetes implements ProviderInterface {
  public static Instance: Kubernetes;
@ -244,6 +245,7 @@ class Kubernetes implements ProviderInterface {
          this.containerName,
        );
        await new Promise((promise) => setTimeout(promise, 15000));
+        await KubernetesRole.createRole(this.serviceAccountName, this.namespace);
        const result = await this.kubeClientBatch.createNamespacedJob(this.namespace, jobSpec);
        CloudRunnerLogger.log(`Build job created`);
        await new Promise((promise) => setTimeout(promise, 5000));
@ -267,6 +269,7 @@ class Kubernetes implements ProviderInterface {
    try {
      await this.kubeClientBatch.deleteNamespacedJob(this.jobName, this.namespace);
      await this.kubeClient.deleteNamespacedPod(this.podName, this.namespace);
+      await KubernetesRole.deleteRole(this.serviceAccountName, this.namespace);
    } catch (error: any) {
      CloudRunnerLogger.log(`Failed to cleanup`);
      if (error.response.body.reason !== `NotFound`) {
--- a/src/model/cloud-runner/providers/k8s/kubernetes-role.ts
+++ b/src/model/cloud-runner/providers/k8s/kubernetes-role.ts
@ -0,0 +1,56 @@
+import { RbacAuthorizationV1Api } from '@kubernetes/client-node';
+
+class KubernetesRole {
+  static async createRole(serviceAccountName: string, namespace: string) {
+    const rbac = new RbacAuthorizationV1Api();
+
+    // create admin kubernetes role and role binding
+    const roleBinding = {
+      apiVersion: 'rbac.authorization.k8s.io/v1',
+      kind: 'RoleBinding',
+      metadata: {
+        name: `${serviceAccountName}-admin`,
+        namespace,
+      },
+      subjects: [
+        {
+          kind: 'ServiceAccount',
+          name: serviceAccountName,
+          namespace,
+        },
+      ],
+      roleRef: {
+        apiGroup: 'rbac.authorization.k8s.io',
+        kind: 'Role',
+        name: `${serviceAccountName}-admin`,
+      },
+    };
+
+    const role = {
+      apiVersion: 'rbac.authorization.k8s.io/v1',
+      kind: 'Role',
+      metadata: {
+        name: `${serviceAccountName}-admin`,
+        namespace,
+      },
+      rules: [
+        {
+          apiGroups: ['*'],
+          resources: ['*'],
+          verbs: ['*'],
+        },
+      ],
+    };
+    const roleBindingResponse = await rbac.createNamespacedRoleBinding(namespace, roleBinding);
+    const roleResponse = await rbac.createNamespacedRole(namespace, role);
+
+    return { roleBindingResponse, roleResponse };
+  }
+
+  public static async deleteRole(serviceAccountName: string, namespace: string) {
+    const rbac = new RbacAuthorizationV1Api();
+    await rbac.deleteNamespacedRoleBinding(`${serviceAccountName}-admin`, namespace);
+    await rbac.deleteNamespacedRole(`${serviceAccountName}-admin`, namespace);
+  }
+}
+export { KubernetesRole };