From bfcd2917c4210c154d24809464ecdfc11350c162 Mon Sep 17 00:00:00 2001 From: Unnati Solanki Date: Sun, 12 Apr 2026 18:02:42 +0530 Subject: [PATCH 1/4] [patch] Prepare Install RBAC Helper functions --- src/mas/devops/tekton.py | 56 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/src/mas/devops/tekton.py b/src/mas/devops/tekton.py index 96054c99..1a2eb58b 100644 --- a/src/mas/devops/tekton.py +++ b/src/mas/devops/tekton.py @@ -850,3 +850,59 @@ def launchAiServiceUpgradePipeline(dynClient: DynamicClient, pipelineURL = f"{getConsoleURL(dynClient)}/k8s/ns/aiservice-{aiserviceInstanceId}-pipelines/tekton.dev~v1beta1~PipelineRun/{aiserviceInstanceId}-upgrade-{timestamp}" return pipelineURL + + +def prepareInstallRBAC(dynClient: DynamicClient, namespace: str, instanceId: str, installRBACDir: str) -> None: + """ + Apply the minimal install RBAC bundle for a MAS instance. + + The bundle is defined by the kustomization under cli/rbac/install and creates the install-user and install-pipeline service accounts + and their associated role bindings. + + Parameters: + dynClient (DynamicClient): OpenShift Dynamic Client + instanceId (str): MAS instance ID used to render the RBAC templates + installRBACDir (str): Path to the directory containing the RBAC kustomization and templates + + Returns: + None + + Raises: + FileNotFoundError: If the RBAC bundle directory or kustomization file does not exists + """ + kustomizationFile = path.join(installRBACDir, "kustomization.yaml") + if not path.isfile(kustomizationFile): + logger.error(f"Cannot find kustomization file for install RBAC at {kustomizationFile}") + raise FileNotFoundError(f"Cannot find kustomization file for install RBAC at {kustomizationFile}") + + with open(kustomizationFile, "r") as file: + kustomization = yaml.safe_load(file) + + env = Environment() + for resourcePath in kustomization.get("resources", []): + manifestFile = path.join(installRBACDir, resourcePath) + if not path.isfile(manifestFile): + logger.error(f"Cannot find RBAC manifest file at {manifestFile}") + raise FileNotFoundError(f"Cannot find RBAC manifest file at {manifestFile}") + + with open(manifestFile, "r") as file: + template = env.from_string(file.read()) + renderedManifest = template.render(mas_instance_id=instanceId) + logger.debug(f"Applying RBAC manifest {manifestFile} for instance {instanceId}:\n{renderedManifest}") + + for resourceBody in yaml.safe_load_all(renderedManifest): + if resourceBody is None: + continue + + apiVersion = resourceBody.get["apiVersion"] + kind = resourceBody.get["kind"] + metadata = resourceBody.get("metadata", {}) + name = metadata.get("name", "") + namespace = metadata.get("namespace") + + logger.debug(f"Applying RBAC resource {kind}/{name} in namespace {namespace} for instance {instanceId}") + resourceAPI = dynClient.resources.get(api_version=apiVersion, kind=kind) + if namespace: + resourceAPI.apply(body=resourceBody, namespace=namespace) + else: + resourceAPI.apply(body=resourceBody) From 36d256663896da1a77eab6fae928466435be5fba Mon Sep 17 00:00:00 2001 From: Unnati Solanki Date: Sun, 12 Apr 2026 19:48:49 +0530 Subject: [PATCH 2/4] [patch] fix typo and argument --- src/mas/devops/tekton.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mas/devops/tekton.py b/src/mas/devops/tekton.py index 1a2eb58b..12b1a0f0 100644 --- a/src/mas/devops/tekton.py +++ b/src/mas/devops/tekton.py @@ -894,8 +894,8 @@ def prepareInstallRBAC(dynClient: DynamicClient, namespace: str, instanceId: str if resourceBody is None: continue - apiVersion = resourceBody.get["apiVersion"] - kind = resourceBody.get["kind"] + apiVersion = resourceBody.get("apiVersion") + kind = resourceBody.get("kind") metadata = resourceBody.get("metadata", {}) name = metadata.get("name", "") namespace = metadata.get("namespace") From 918cd08aaa0b8b764268fcee41c3e1666460a475 Mon Sep 17 00:00:00 2001 From: Unnati Solanki Date: Mon, 13 Apr 2026 12:56:03 +0530 Subject: [PATCH 3/4] re-run jobs From 652bb5e2a19aaf017f68e74613975616e72d7e22 Mon Sep 17 00:00:00 2001 From: Unnati Solanki Date: Mon, 13 Apr 2026 13:20:33 +0530 Subject: [PATCH 4/4] [patch] Fix resource arguments --- src/mas/devops/tekton.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mas/devops/tekton.py b/src/mas/devops/tekton.py index 12b1a0f0..8dd542fe 100644 --- a/src/mas/devops/tekton.py +++ b/src/mas/devops/tekton.py @@ -894,8 +894,8 @@ def prepareInstallRBAC(dynClient: DynamicClient, namespace: str, instanceId: str if resourceBody is None: continue - apiVersion = resourceBody.get("apiVersion") - kind = resourceBody.get("kind") + apiVersion = resourceBody["apiVersion"] + kind = resourceBody["kind"] metadata = resourceBody.get("metadata", {}) name = metadata.get("name", "") namespace = metadata.get("namespace")