Upgrade dotnet-operator-sdk, use RbacVerb.AllExplicit instead of RbacVerb.All, update rbac, fix generator script.

Author: gamingrobot

.config/dotnet-tools.json

@@ -3,11 +3,11 @@
   "isRoot": true,
   "tools": {
     "kubeops.cli": {
-      "version": "9.4.1",
+      "version": "9.5.0",
       "commands": [
         "kubeops"
       ],
       "rollForward": false
     }
   }
-}
+}

manifests/generate-manifests.ps1

@@ -2,8 +2,8 @@
 # Run under powershell core
 #Requires -Version 6.0
 
-$project = [System.IO.Path]::GetFullPath("..\src\Contrast.K8s.AgentOperator\Contrast.K8s.AgentOperator.csproj")
-$output = [System.IO.Path]::GetFullPath(".\generated\")
+$project = [System.IO.Path]::GetFullPath("$PSScriptroot\..\src\Contrast.K8s.AgentOperator\Contrast.K8s.AgentOperator.csproj")
+$output = [System.IO.Path]::GetFullPath("$PSScriptroot\generated\")
 
 Write-Host "Project: $project"
 Write-Host "Output: $output"
@@ -19,4 +19,4 @@ dotnet kubeops generate operator contrast-agent-operator $project --out $output
     Remove-Item $_
 }
 
-Write-Host "Done. Compare with manifests in `manifests/install/all` and `manifests/helm/templates/operator` folders and merge changes."
+Write-Host "Done. Compare with manifests in `manifests/install/all` and `manifests/helm/templates/operator` folders and merge changes (CRDs and RBAC)."

manifests/install/all/operator/base/rbac/cluster-role.yaml

@@ -31,7 +31,12 @@ rules:
   resources:
   - secrets
   verbs:
-  - '*'
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
 - apiGroups:
   - admissionregistration.k8s.io
   resources:
@@ -48,7 +53,13 @@ rules:
   - agentconnections
   - agentinjectors
   verbs:
-  - '*'
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
 - apiGroups:
   - agents.contrastsecurity.com
   resources:
@@ -98,7 +109,13 @@ rules:
   resources:
   - leases
   verbs:
-  - '*'
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
 - apiGroups:
   - apps
   resources:

src/Contrast.K8s.AgentOperator/Contrast.K8s.AgentOperator.csproj

@@ -15,8 +15,6 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="System.Text.Json" Version="8.0.5" />
-        <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="8.0.1" />
         <PackageReference Include="Portable.BouncyCastle" Version="1.9.0" />
         <PackageReference Include="CertificateManager" Version="1.0.9" />
         <PackageReference Include="Autofac" Version="8.2.0" />
@@ -39,8 +37,8 @@
         </PackageReference>
 
         <PackageReference Include="Sigil" Version="5.0.0" />
-        <PackageReference Include="KubeOps.Operator.Web" Version="9.4.1" />
-        <PackageReference Include="KubeOps.Generator" Version="9.4.1">
+        <PackageReference Include="KubeOps.Operator.Web" Version="9.5.0" />
+        <PackageReference Include="KubeOps.Generator" Version="9.5.0">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
         </PackageReference>

src/Contrast.K8s.AgentOperator/Core/Kube/VerbConstants.cs

@@ -9,10 +9,10 @@ public static class VerbConstants
 {
     public const RbacVerb ReadAndPatch = RbacVerb.Get | RbacVerb.List | RbacVerb.Patch | RbacVerb.Watch;
 
-    // TODO This math is wrong?
-    public const RbacVerb AllButDelete = RbacVerb.All & ~RbacVerb.Delete;
+    public const RbacVerb AllButDelete =
+        RbacVerb.Get | RbacVerb.List | RbacVerb.Watch | RbacVerb.Create | RbacVerb.Update | RbacVerb.Patch;
 
     public const RbacVerb ReadOnly = RbacVerb.Get | RbacVerb.List | RbacVerb.Watch;
 
-    public const RbacVerb FullControl = RbacVerb.All;
+    public const RbacVerb FullControl = RbacVerb.AllExplicit;
 }

src/Contrast.K8s.AgentOperator/Core/YamlParser.cs

@@ -120,13 +120,13 @@ private static void RecurseYaml(YamlNode? currentNode,
 }
 
 public record ParseResult(bool IsValid,
-                          int LineNumber = -1,
-                          int StartColumn = -1,
-                          int EndColumn = -1,
+                          long LineNumber = -1,
+                          long StartColumn = -1,
+                          long EndColumn = -1,
                           string? Error = null);
 
 public record YamlSetting(string Key,
                           string? Value,
-                          int Line,
-                          int KeyColumn,
-                          int ValueColumn);
+                          long Line,
+                          long KeyColumn,
+                          long ValueColumn);

tests/Contrast.K8s.AgentOperator.FunctionalTests/Contrast.K8s.AgentOperator.FunctionalTests.csproj

@@ -25,7 +25,7 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="KubeOps.KubernetesClient" Version="9.4.1" />
+    <PackageReference Include="KubeOps.KubernetesClient" Version="9.5.0" />
   </ItemGroup>
 
   <ItemGroup>

tests/performance-tests/Contrast.K8s.AgentOperator.Performance.ClusterFaker/Contrast.K8s.AgentOperator.Performance.ClusterFaker.csproj

@@ -10,7 +10,7 @@
         <PackageReference Include="CommandLineParser" Version="2.9.1" />
         <PackageReference Include="AutoFixture" Version="4.18.1" />
         <PackageReference Include="Punchclock" Version="3.4.143" />
-        <PackageReference Include="KubeOps.KubernetesClient" Version="9.1.5" />
+        <PackageReference Include="KubeOps.KubernetesClient" Version="9.5.0" />
     </ItemGroup>
 
 </Project>