Bug 2061611 - [upstream] The marker of KubeBuilder doesn't work if it is close to the code
Summary: [upstream] The marker of KubeBuilder doesn't work if it is close to the code
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Operator SDK
Version: 4.11
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.11.0
Assignee: Jesus M. Rodriguez
QA Contact: Fan Jia
Alex Dellapenta
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-03-08 02:33 UTC by Fan Jia
Modified: 2022-08-10 10:52 UTC (History)
0 users

Fixed In Version:
Doc Type: Known Issue
Doc Text:
Cause: rbac markers not parsed correctly by controller-tools Consequence: rbac configuration not generated from markers in code Workaround (if any): Add a new line after the final rbac marker to allow the marker to be parsed correctly. Result: After new line is added, rbac markers are parsed correctly and configuration is generated correctly.
Clone Of:
Environment:
Last Closed: 2022-08-10 10:52:44 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github kubernetes-sigs controller-tools issues 436 0 None closed Marker comment block incorrectly parsed when it last comment block and surrounded by godoc 2022-04-01 20:43:41 UTC
Github kubernetes-sigs controller-tools issues 551 0 None open Marker comment ignored if immediately followed by anything other than newline 2022-04-01 20:44:49 UTC
Github operator-framework operator-sdk issues 5627 0 None open The marker of KubeBuilder doesn't work if it is close to the code 2022-04-01 21:41:04 UTC
Github operator-framework operator-sdk pull 5626 0 None open Notify users of rbac marker parsing error 2022-04-01 21:05:20 UTC
Red Hat Product Errata RHSA-2022:5069 0 None None None 2022-08-10 10:52:54 UTC

Description Fan Jia 2022-03-08 02:33:22 UTC 
Description of problem:
The marker of KubeBuilder doesn't work if it is close to the code. And no doc announce that the marker should have the blank-line before and after them.

Version-Release number of selected component (if applicable):
operator-sdk version: "v1.16.0-ocp", commit: "fb8834fb343f20bfd5931c6b9e036e7b01679ca1", kubernetes version: "v1.22", go version: "go1.17.5", GOOS: "linux", GOARCH: "amd64"


How reproducible:
always

Steps to Reproduce:
1.create one go operator memecached by https://docs.openshift.com/container-platform/4.9/operators/operator_sdk/golang/osdk-golang-tutorial.html
2. move the markers 
"// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;"
next to code 
"func (r *MemcachedReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
" in controllers/memcached_controller.go
like this:

'
// MemcachedReconciler reconciles a Memcached object
type MemcachedReconciler struct {
	client.Client
	Log    logr.Logger
	Scheme *runtime.Scheme
}

// +kubebuilder:rbac:groups=cache.example.com,resources=memcacheds,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=cache.example.com,resources=memcacheds/status,verbs=get;update;patch
// +kubebuilder:rbac:groups=cache.example.com,resources=memcacheds/finalizers,verbs=update

// Reconcile is part of the main kubernetes reconciliation loop which aims to
// move the current state of the cluster closer to the desired state.
// TODO(user): Modify the Reconcile function to compare the state specified by
// the Memcached object against the actual cluster state, and then
// perform operations to make the cluster state reflect the state specified by
// the user.
//
// For more details, check Reconcile and its Result here:
// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.7.0/pkg/reconcile
// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;
func (r *MemcachedReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
	log := r.Log.WithValues("memcached", req.NamespacedName)

	// Fetch the Memcached instance
	memcached := &cachev1alpha1.Memcached{}
	err := r.Get(ctx, req.NamespacedName, memcached)
	if err != nil {
......

3.make manifests

Actual results:
1. The generated config/rbac/role.yaml doesn't have the apps,pods related content.
The role.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  name: manager-role
rules:
- apiGroups:
  - cache.example.com
  resources:
  - memcacheds
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - cache.example.com
  resources:
  - memcacheds/finalizers
  verbs:
  - update
- apiGroups:
  - cache.example.com
  resources:
  - memcacheds/status
  verbs:
  - get
  - patch
  - update

Expected results:
1. generate the yaml file with the apps,pods related content. Or notice the customers that the marker should have the blank-line before and after them like this (black line after the marker):

`
..............
	Scheme *runtime.Scheme
}

// +kubebuilder:rbac:groups=cache.example.com,resources=memcacheds,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=cache.example.com,resources=memcacheds/status,verbs=get;update;patch
// +kubebuilder:rbac:groups=cache.example.com,resources=memcacheds/finalizers,verbs=update
// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;

// Reconcile is part of the main kubernetes reconciliation loop which aims to
...........
`


The expected role.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  name: manager-role
rules:
- apiGroups:
  - apps
  resources:
  - deployments
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - cache.example.com
  resources:
  - memcacheds
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - cache.example.com
  resources:
  - memcacheds/finalizers
  verbs:
  - update
- apiGroups:
  - cache.example.com
  resources:
  - memcacheds/status
  verbs:
  - get
  - patch
  - update
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
  - list

Additional info:
Comment 1 Jesus M. Rodriguez 2022-04-01 20:00:20 UTC 
Confirmed this happens. Looking at what the requirements are for these markers are.
Comment 2 Jesus M. Rodriguez 2022-04-01 20:43:27 UTC 
This is a known issue with `controller-gen`.  https://github.com/kubernetes-sigs/controller-tools/issues/436
Comment 3 Jesus M. Rodriguez 2022-04-01 20:45:47 UTC 
Another related issue with controller-gen https://github.com/kubernetes-sigs/controller-tools/issues/551
Comment 4 Jesus M. Rodriguez 2022-04-01 21:05:21 UTC 
Added an FAQ upstream to mention this known issue. We will not be fixing this in operator-sdk.
Comment 5 Jesus M. Rodriguez 2022-04-06 15:54:13 UTC 
This is merged into upstream master now. Once released it can be seen in the upstream sdk FAQ document: https://master.sdk.operatorframework.io/docs/faqs/
Comment 6 Fan Jia 2022-04-07 01:25:34 UTC 
verified.
Comment 9 errata-xmlrpc 2022-08-10 10:52:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069
Note You need to log in before you can comment on or make changes to this bug.