From e6b8cfd998c856be2400f7ac799d02c94194cd6b Mon Sep 17 00:00:00 2001 From: Rui Vieira Date: Mon, 27 Nov 2023 09:36:48 +0000 Subject: [PATCH 1/2] Retrigger Snyk From 650d129ba9c82e095afc7e73aad446a1a5821981 Mon Sep 17 00:00:00 2001 From: Rui Vieira Date: Tue, 28 Nov 2023 08:28:01 +0000 Subject: [PATCH 2/2] Add YAML linting workflow and fix YAML formatting (#163) * Add YAML linting workflow and fix YAML formatting issues * Update .yamllint config file * Add YAML lint badge to README.md --- .github/workflows/lint-yaml.yaml | 14 + .yamllint.yaml | 6 + README.md | 2 +- config/base/kustomization.yaml | 13 +- config/base/manager_auth_proxy_patch.yaml | 3 +- config/base/manager_config_patch.yaml | 3 +- config/base/params.yaml | 3 +- ...styai.opendatahub.io_trustyaiservices.yaml | 186 ++++----- config/crd/kustomization.yaml | 4 +- config/crd/kustomizeconfig.yaml | 24 +- .../patches/webhook_in_trustyaiservices.yaml | 2 +- config/manager/kustomization.yaml | 4 +- config/manager/manager.yaml | 66 ++-- config/manifests/kustomization.yaml | 8 +- config/prometheus/kustomization.yaml | 2 +- .../rbac/auth_proxy_client_clusterrole.yaml | 8 +- config/rbac/auth_proxy_role.yaml | 24 +- config/rbac/auth_proxy_role_binding.yaml | 6 +- config/rbac/auth_proxy_service.yaml | 8 +- config/rbac/kustomization.yaml | 22 +- config/rbac/leader_election_role.yaml | 62 +-- config/rbac/leader_election_role_binding.yaml | 6 +- config/rbac/role.yaml | 354 +++++++++--------- config/rbac/role_binding.yaml | 6 +- config/rbac/trustyaiservice_editor_role.yaml | 36 +- config/rbac/trustyaiservice_viewer_role.yaml | 28 +- config/scorecard/bases/config.yaml | 4 +- config/scorecard/kustomization.yaml | 26 +- config/scorecard/patches/basic.config.yaml | 4 +- config/scorecard/patches/olm.config.yaml | 20 +- 30 files changed, 487 insertions(+), 467 deletions(-) create mode 100644 .github/workflows/lint-yaml.yaml create mode 100644 .yamllint.yaml diff --git a/.github/workflows/lint-yaml.yaml b/.github/workflows/lint-yaml.yaml new file mode 100644 index 00000000..a61a0ef9 --- /dev/null +++ b/.github/workflows/lint-yaml.yaml @@ -0,0 +1,14 @@ +name: YAML lint + +on: [push, pull_request] + +jobs: + lintAllTheThings: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: yaml-lint + uses: ibiqlik/action-yamllint@v3 + with: + file_or_dir: config/**/*.yaml + config_file: .yamllint.yaml \ No newline at end of file diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 00000000..75a3f8b6 --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,6 @@ +extends: default + +rules: + line-length: + max: 80 + level: warning \ No newline at end of file diff --git a/README.md b/README.md index edab78d2..98e2cf67 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Controller Tests](https://github.com/trustyai-explainability/trustyai-service-operator/actions/workflows/controller-tests.yaml/badge.svg)](https://github.com/trustyai-explainability/trustyai-service-operator/actions/workflows/controller-tests.yaml) +[![Controller Tests](https://github.com/trustyai-explainability/trustyai-service-operator/actions/workflows/controller-tests.yaml/badge.svg)](https://github.com/trustyai-explainability/trustyai-service-operator/actions/workflows/controller-tests.yaml)[![YAML lint](https://github.com/trustyai-explainability/trustyai-service-operator/actions/workflows/lint-yaml.yaml/badge.svg)](https://github.com/trustyai-explainability/trustyai-service-operator/actions/workflows/lint-yaml.yaml) # TrustyAI Kubernetes Operator ## Overview diff --git a/config/base/kustomization.yaml b/config/base/kustomization.yaml index 7e488d23..74947cbe 100644 --- a/config/base/kustomization.yaml +++ b/config/base/kustomization.yaml @@ -1,17 +1,16 @@ -#namespace: trustyai-service-operator-system - +--- namePrefix: trustyai-service-operator- resources: -- ../crd -- ../rbac -- ../manager + - ../crd + - ../rbac + - ../manager commonLabels: app.kubernetes.io/part-of: trustyai patchesStrategicMerge: -- manager_auth_proxy_patch.yaml + - manager_auth_proxy_patch.yaml configMapGenerator: - env: params.env @@ -37,4 +36,4 @@ vars: name: config apiVersion: v1 fieldref: - fieldpath: data.trustyaiOperatorImage \ No newline at end of file + fieldpath: data.trustyaiOperatorImage diff --git a/config/base/manager_auth_proxy_patch.yaml b/config/base/manager_auth_proxy_patch.yaml index 07c9db6a..2935b633 100644 --- a/config/base/manager_auth_proxy_patch.yaml +++ b/config/base/manager_auth_proxy_patch.yaml @@ -1,5 +1,4 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +--- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/config/base/manager_config_patch.yaml b/config/base/manager_config_patch.yaml index f6f58916..ee54324f 100644 --- a/config/base/manager_config_patch.yaml +++ b/config/base/manager_config_patch.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -7,4 +8,4 @@ spec: template: spec: containers: - - name: manager + - name: manager diff --git a/config/base/params.yaml b/config/base/params.yaml index 01ed557c..190afea0 100644 --- a/config/base/params.yaml +++ b/config/base/params.yaml @@ -1,3 +1,4 @@ +--- varReference: - kind: Deployment - path: spec/template/spec/containers[]/image \ No newline at end of file + path: spec/template/spec/containers[]/image diff --git a/config/crd/bases/trustyai.opendatahub.io.trustyai.opendatahub.io_trustyaiservices.yaml b/config/crd/bases/trustyai.opendatahub.io.trustyai.opendatahub.io_trustyaiservices.yaml index e7ee6e7e..7a44aa99 100644 --- a/config/crd/bases/trustyai.opendatahub.io.trustyai.opendatahub.io_trustyaiservices.yaml +++ b/config/crd/bases/trustyai.opendatahub.io.trustyai.opendatahub.io_trustyaiservices.yaml @@ -15,108 +15,108 @@ spec: singular: trustyaiservice scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: TrustyAIService is the Schema for the trustyaiservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation + - name: v1alpha1 + schema: + openAPIV3Schema: + description: TrustyAIService is the Schema for the trustyaiservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TrustyAIServiceSpec defines the desired state of TrustyAIService - properties: - data: - properties: - filename: - type: string - format: - type: string - required: - - filename - - format - type: object - metrics: - properties: - batchSize: - type: integer - schedule: - type: string - required: - - schedule - type: object - replicas: - description: Number of replicas - format: int32 - type: integer - storage: - properties: - folder: - type: string - format: - type: string - size: - type: string - required: - - folder - - format - - size - type: object - required: - - data - - metrics - - storage - type: object - status: - description: TrustyAIServiceStatus defines the observed state of TrustyAIService - properties: - conditions: - items: - description: Condition represents possible conditions of a TrustyAIServiceStatus + type: string + metadata: + type: object + spec: + description: TrustyAIServiceSpec defines the desired state of TrustyAIService + properties: + data: properties: - lastTransitionTime: - format: date-time + filename: type: string - message: + format: type: string - reason: + required: + - filename + - format + type: object + metrics: + properties: + batchSize: + type: integer + schedule: + type: string + required: + - schedule + type: object + replicas: + description: Number of replicas + format: int32 + type: integer + storage: + properties: + folder: type: string - status: + format: type: string - type: + size: type: string required: - - lastTransitionTime - - message - - reason - - status - - type + - folder + - format + - size type: object - type: array - phase: - description: Define your status fields here - type: string - ready: - type: string - replicas: - format: int32 - type: integer - required: - - conditions - - phase - - replicas - type: object - type: object - served: true - storage: true - subresources: - status: {} + required: + - data + - metrics + - storage + type: object + status: + description: TrustyAIServiceStatus defines the observed state of TrustyAIService + properties: + conditions: + items: + description: Condition represents possible conditions of a TrustyAIServiceStatus + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + phase: + description: Define your status fields here + type: string + ready: + type: string + replicas: + format: int32 + type: integer + required: + - conditions + - phase + - replicas + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 727bbeb4..9c272a2d 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -1,5 +1,5 @@ resources: -- bases/trustyai.opendatahub.io.trustyai.opendatahub.io_trustyaiservices.yaml + - bases/trustyai.opendatahub.io.trustyai.opendatahub.io_trustyaiservices.yaml #+kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: @@ -7,4 +7,4 @@ patchesStrategicMerge: #+kubebuilder:scaffold:crdkustomizecainjectionpatch configurations: -- kustomizeconfig.yaml + - kustomizeconfig.yaml diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml index e0dd2980..3eb36bdc 100644 --- a/config/crd/kustomizeconfig.yaml +++ b/config/crd/kustomizeconfig.yaml @@ -1,18 +1,18 @@ nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: CustomResourceDefinition + - kind: Service version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/name + fieldSpecs: + - kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/name namespace: -- kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/namespace - create: false + - kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/namespace + create: false varReference: -- path: metadata/annotations + - path: metadata/annotations diff --git a/config/crd/patches/webhook_in_trustyaiservices.yaml b/config/crd/patches/webhook_in_trustyaiservices.yaml index 3b364e68..9ee4f134 100644 --- a/config/crd/patches/webhook_in_trustyaiservices.yaml +++ b/config/crd/patches/webhook_in_trustyaiservices.yaml @@ -12,4 +12,4 @@ spec: name: webhook-service path: /convert conversionReviewVersions: - - v1 + - v1 diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 056cd6ec..be0410af 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,4 +1,4 @@ resources: -- manager.yaml + - manager.yaml apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization \ No newline at end of file +kind: Kustomization diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index c0d7c7b5..058fa9bc 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -28,38 +28,38 @@ spec: seccompProfile: type: RuntimeDefault containers: - - command: - - /manager - args: - - --leader-elect - image: $(trustyaiOperatorImage) - name: manager - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi + - command: + - /manager + args: + - --leader-elect + image: $(trustyaiOperatorImage) + name: manager + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index e2870a36..15b0ed36 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -1,5 +1,5 @@ resources: -- bases/trustyai-service-operator.clusterserviceversion.yaml -- ../default -- ../samples -- ../scorecard \ No newline at end of file + - bases/trustyai-service-operator.clusterserviceversion.yaml + - ../default + - ../samples + - ../scorecard diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml index ed137168..d556b996 100644 --- a/config/prometheus/kustomization.yaml +++ b/config/prometheus/kustomization.yaml @@ -1,2 +1,2 @@ resources: -- monitor.yaml + - monitor.yaml diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml index e0a7df64..f93de767 100644 --- a/config/rbac/auth_proxy_client_clusterrole.yaml +++ b/config/rbac/auth_proxy_client_clusterrole.yaml @@ -10,7 +10,7 @@ metadata: app.kubernetes.io/managed-by: kustomize name: metrics-reader rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get + - nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml index 51b0ff9a..1ba1c596 100644 --- a/config/rbac/auth_proxy_role.yaml +++ b/config/rbac/auth_proxy_role.yaml @@ -10,15 +10,15 @@ metadata: app.kubernetes.io/managed-by: kustomize name: proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml index 095756e6..b8d5e154 100644 --- a/config/rbac/auth_proxy_role_binding.yaml +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -14,6 +14,6 @@ roleRef: kind: ClusterRole name: proxy-role subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml index 2250889d..7741af7b 100644 --- a/config/rbac/auth_proxy_service.yaml +++ b/config/rbac/auth_proxy_service.yaml @@ -13,9 +13,9 @@ metadata: namespace: system spec: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https selector: control-plane: controller-manager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 34645515..02b3212f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -1,12 +1,12 @@ resources: -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml -- trustyaiservice_editor_role.yaml -- trustyaiservice_viewer_role.yaml \ No newline at end of file + - service_account.yaml + - role.yaml + - role_binding.yaml + - leader_election_role.yaml + - leader_election_role_binding.yaml + - auth_proxy_service.yaml + - auth_proxy_role.yaml + - auth_proxy_role_binding.yaml + - auth_proxy_client_clusterrole.yaml + - trustyaiservice_editor_role.yaml + - trustyaiservice_viewer_role.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index bde71fd2..66f5f64f 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -10,34 +10,34 @@ metadata: app.kubernetes.io/managed-by: kustomize name: leader-election-role rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 4736aefb..75689753 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -14,6 +14,6 @@ roleRef: kind: Role name: leader-election-role subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index f97deb4c..39497986 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -5,180 +5,180 @@ metadata: creationTimestamp: null name: manager-role rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments/finalizers - verbs: - - update -- apiGroups: - - apps - resources: - - deployments/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - create - - list - - watch -- apiGroups: - - route.openshift.io - resources: - - routes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.kserve.io - resources: - - inferenceservices - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.kserve.io - resources: - - inferenceservices/finalizers - verbs: - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.kserve.io - resources: - - servingruntimes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.kserve.io - resources: - - servingruntimes/status - verbs: - - get - - patch - - update -- apiGroups: - - trustyai.opendatahub.io.trustyai.opendatahub.io - resources: - - trustyaiservices - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - trustyai.opendatahub.io.trustyai.opendatahub.io - resources: - - trustyaiservices/finalizers - verbs: - - update -- apiGroups: - - trustyai.opendatahub.io.trustyai.opendatahub.io - resources: - - trustyaiservices/status - verbs: - - get - - patch - - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - list + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices/finalizers + verbs: + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - servingruntimes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - servingruntimes/status + verbs: + - get + - patch + - update + - apiGroups: + - trustyai.opendatahub.io.trustyai.opendatahub.io + resources: + - trustyaiservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - trustyai.opendatahub.io.trustyai.opendatahub.io + resources: + - trustyaiservices/finalizers + verbs: + - update + - apiGroups: + - trustyai.opendatahub.io.trustyai.opendatahub.io + resources: + - trustyaiservices/status + verbs: + - get + - patch + - update diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 2fefba7c..bf595d68 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -14,6 +14,6 @@ roleRef: kind: ClusterRole name: manager-role subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/trustyaiservice_editor_role.yaml b/config/rbac/trustyaiservice_editor_role.yaml index 1c0d4dcb..a238bff7 100644 --- a/config/rbac/trustyaiservice_editor_role.yaml +++ b/config/rbac/trustyaiservice_editor_role.yaml @@ -12,21 +12,21 @@ metadata: rbac.authorization.k8s.io/aggregate-to-admin: "true" name: trustyaiservice-editor-role rules: -- apiGroups: - - trustyai.opendatahub.io.trustyai.opendatahub.io - resources: - - trustyaiservices - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - trustyai.opendatahub.io.trustyai.opendatahub.io - resources: - - trustyaiservices/status - verbs: - - get + - apiGroups: + - trustyai.opendatahub.io.trustyai.opendatahub.io + resources: + - trustyaiservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - trustyai.opendatahub.io.trustyai.opendatahub.io + resources: + - trustyaiservices/status + verbs: + - get diff --git a/config/rbac/trustyaiservice_viewer_role.yaml b/config/rbac/trustyaiservice_viewer_role.yaml index a3a5ebf1..3a03ba46 100644 --- a/config/rbac/trustyaiservice_viewer_role.yaml +++ b/config/rbac/trustyaiservice_viewer_role.yaml @@ -13,17 +13,17 @@ metadata: rbac.authorization.k8s.io/aggregate-to-admin: "true" name: trustyaiservice-viewer-role rules: -- apiGroups: - - trustyai.opendatahub.io.trustyai.opendatahub.io - resources: - - trustyaiservices - verbs: - - get - - list - - watch -- apiGroups: - - trustyai.opendatahub.io.trustyai.opendatahub.io - resources: - - trustyaiservices/status - verbs: - - get + - apiGroups: + - trustyai.opendatahub.io.trustyai.opendatahub.io + resources: + - trustyaiservices + verbs: + - get + - list + - watch + - apiGroups: + - trustyai.opendatahub.io.trustyai.opendatahub.io + resources: + - trustyaiservices/status + verbs: + - get diff --git a/config/scorecard/bases/config.yaml b/config/scorecard/bases/config.yaml index c7704784..707a5c25 100644 --- a/config/scorecard/bases/config.yaml +++ b/config/scorecard/bases/config.yaml @@ -3,5 +3,5 @@ kind: Configuration metadata: name: config stages: -- parallel: true - tests: [] + - parallel: true + tests: [] diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml index 50cd2d08..ee7181bb 100644 --- a/config/scorecard/kustomization.yaml +++ b/config/scorecard/kustomization.yaml @@ -1,16 +1,16 @@ resources: -- bases/config.yaml + - bases/config.yaml patchesJson6902: -- path: patches/basic.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config -- path: patches/olm.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config + - path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config + - path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config #+kubebuilder:scaffold:patchesJson6902 diff --git a/config/scorecard/patches/basic.config.yaml b/config/scorecard/patches/basic.config.yaml index c8455f1b..b27e7397 100644 --- a/config/scorecard/patches/basic.config.yaml +++ b/config/scorecard/patches/basic.config.yaml @@ -2,8 +2,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - basic-check-spec + - scorecard-test + - basic-check-spec image: quay.io/operator-framework/scorecard-test:v1.28.1 labels: suite: basic diff --git a/config/scorecard/patches/olm.config.yaml b/config/scorecard/patches/olm.config.yaml index 8680989e..6f51a3d7 100644 --- a/config/scorecard/patches/olm.config.yaml +++ b/config/scorecard/patches/olm.config.yaml @@ -2,8 +2,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-bundle-validation + - scorecard-test + - olm-bundle-validation image: quay.io/operator-framework/scorecard-test:v1.28.1 labels: suite: olm @@ -12,8 +12,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-crds-have-validation + - scorecard-test + - olm-crds-have-validation image: quay.io/operator-framework/scorecard-test:v1.28.1 labels: suite: olm @@ -22,8 +22,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-crds-have-resources + - scorecard-test + - olm-crds-have-resources image: quay.io/operator-framework/scorecard-test:v1.28.1 labels: suite: olm @@ -32,8 +32,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-spec-descriptors + - scorecard-test + - olm-spec-descriptors image: quay.io/operator-framework/scorecard-test:v1.28.1 labels: suite: olm @@ -42,8 +42,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-status-descriptors + - scorecard-test + - olm-status-descriptors image: quay.io/operator-framework/scorecard-test:v1.28.1 labels: suite: olm