Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: option to disable create default userGroup on ODH and self-managed #1278

Closed
wants to merge 3 commits into from
Closed

feat: option to disable create default userGroup on ODH and self-managed #1278

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9491db9
feat: option to disable create default userGroup on ODH and self-managed
zdtsw Oct 7, 2024
1cb6612
update: change env variable name + only check if value is set to true
zdtsw Oct 7, 2024
a918fed
update: rename variable to make it for broad use.
zdtsw Oct 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,25 @@ Additionally installing `Authorino operator` & `Service Mesh operator` enhances
sourceNamespace: openshift-marketplace
EOF
```
If user would prefer skipping group "odh-admin" to be created by DSCI CR automatically, explicitly set env variable ODH_USE_EXTERNAL_AUTH to "true". example:

```console
cat <<EOF | oc create -f -
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: opendatahub-operator
namespace: openshift-operators
spec:
channel: fast
name: opendatahub-operator
source: community-operators
sourceNamespace: openshift-marketplace
config:
env:
- name: "ODH_USE_EXTERNAL_AUTH"
value: "true"
EOF

2. Create [DSCInitialization](#example-dscinitialization) CR manually.
You can also use operator to create default DSCI CR by removing env variable DISABLE_DSC_CONFIG from CSV or changing the value to "false", followed by restarting the operator pod.
Expand Down
23 changes: 17 additions & 6 deletions controllers/dscinitialization/dscinitialization_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package dscinitialization

import (
"context"
"os"
"path/filepath"
"reflect"

Expand Down Expand Up @@ -200,9 +201,14 @@ func (r *DSCInitializationReconciler) Reconcile(ctx context.Context, req ctrl.Re
default:
switch platform {
case cluster.SelfManagedRhods:
err := r.createUserGroup(ctx, instance, "rhods-admins")
if err != nil {
return reconcile.Result{}, err
// Check if user opted for disabling creating user groups
if os.Getenv("ODH_USE_EXTERNAL_AUTH") == "true" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When upgrading, what is the default value for this env variable?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If e value is set in the subscription, it will persist even later upgrade to new Operator version. Subscription should not get changed.

log.Info("DSCI disabled usergroup creation")
} else {
err := r.createUserGroup(ctx, instance, "rhods-admins")
if err != nil {
return reconcile.Result{}, err
}
}
if instance.Spec.Monitoring.ManagementState == operatorv1.Managed {
log.Info("Monitoring enabled, won't apply changes", "cluster", "Self-Managed RHODS Mode")
Expand Down Expand Up @@ -232,9 +238,14 @@ func (r *DSCInitializationReconciler) Reconcile(ctx context.Context, req ctrl.Re
}
}
default:
err := r.createUserGroup(ctx, instance, "odh-admins")
if err != nil {
return reconcile.Result{}, err
// Check if user opted for disabling creating user groups
if os.Getenv("ODH_USE_EXTERNAL_AUTH") == "true" {
log.Info("DSCI disabled usergroup creation")
} else {
err := r.createUserGroup(ctx, instance, "odh-admins")
if err != nil {
return reconcile.Result{}, err
}
}
if instance.Spec.Monitoring.ManagementState == operatorv1.Managed {
log.Info("Monitoring enabled, won't apply changes", "cluster", "ODH Mode")
Expand Down
Loading