Add annotations to roles.

Signed-off-by: Monis Khan <[email protected]>

Author: enj

pkg/api/constants/constants.go

@@ -0,0 +1,10 @@
+package constants
+
+// annotation keys
+const (
+	// OpenShiftDisplayName is a common, optional annotation that stores the name displayed by a UI when referencing a resource.
+	OpenShiftDisplayName = "openshift.io/display-name"
+
+	// OpenShiftDescription is a common, optional annotation that stores the description for a resource.
+	OpenShiftDescription = "openshift.io/description"
+)

pkg/cmd/admin/project/new_project.go

@@ -11,6 +11,7 @@ import (
 	kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
 	errorsutil "k8s.io/kubernetes/pkg/util/errors"
 
+	"github.com/openshift/origin/pkg/api/constants"
 	"github.com/openshift/origin/pkg/client"
 	"github.com/openshift/origin/pkg/cmd/admin/policy"
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
@@ -99,8 +100,8 @@ func (o *NewProjectOptions) Run(useNodeSelector bool) error {
 	project := &projectapi.Project{}
 	project.Name = o.ProjectName
 	project.Annotations = make(map[string]string)
-	project.Annotations[projectapi.ProjectDescription] = o.Description
-	project.Annotations[projectapi.ProjectDisplayName] = o.DisplayName
+	project.Annotations[constants.OpenShiftDescription] = o.Description
+	project.Annotations[constants.OpenShiftDisplayName] = o.DisplayName
 	if useNodeSelector {
 		project.Annotations[projectapi.ProjectNodeSelector] = o.NodeSelector
 	}

pkg/cmd/cli/cmd/projects.go

@@ -11,6 +11,7 @@ import (
 	clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
 	kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
 
+	"github.com/openshift/origin/pkg/api/constants"
 	"github.com/openshift/origin/pkg/client"
 	cliconfig "github.com/openshift/origin/pkg/cmd/cli/config"
 	"github.com/openshift/origin/pkg/cmd/templates"
@@ -160,7 +161,7 @@ func (o ProjectsOptions) RunProjects() error {
 			sort.Sort(SortByProjectName(projects))
 			for _, project := range projects {
 				count = count + 1
-				displayName := project.Annotations["openshift.io/display-name"]
+				displayName := project.Annotations[constants.OpenShiftDisplayName]
 				linebreak := "\n"
 				if len(displayName) == 0 {
 					displayName = project.Annotations["displayName"]

pkg/cmd/cli/describe/describer.go

@@ -21,6 +21,7 @@ import (
 	"k8s.io/kubernetes/pkg/runtime"
 	"k8s.io/kubernetes/pkg/util/sets"
 
+	"github.com/openshift/origin/pkg/api/constants"
 	authorizationapi "github.com/openshift/origin/pkg/authorization/api"
 	buildapi "github.com/openshift/origin/pkg/build/api"
 	"github.com/openshift/origin/pkg/client"
@@ -827,8 +828,8 @@ func (d *ProjectDescriber) Describe(namespace, name string, settings kctl.Descri
 
 	return tabbedString(func(out *tabwriter.Writer) error {
 		formatMeta(out, project.ObjectMeta)
-		formatString(out, "Display Name", project.Annotations[projectapi.ProjectDisplayName])
-		formatString(out, "Description", project.Annotations[projectapi.ProjectDescription])
+		formatString(out, "Display Name", project.Annotations[constants.OpenShiftDisplayName])
+		formatString(out, "Description", project.Annotations[constants.OpenShiftDescription])
 		formatString(out, "Status", project.Status.Phase)
 		formatString(out, "Node Selector", nodeSelector)
 		if len(resourceQuotaList.Items) == 0 {

pkg/cmd/cli/describe/printer.go

@@ -14,6 +14,7 @@ import (
 	kctl "k8s.io/kubernetes/pkg/kubectl"
 	"k8s.io/kubernetes/pkg/util/sets"
 
+	"github.com/openshift/origin/pkg/api/constants"
 	authorizationapi "github.com/openshift/origin/pkg/authorization/api"
 	buildapi "github.com/openshift/origin/pkg/build/api"
 	deployapi "github.com/openshift/origin/pkg/deploy/api"
@@ -471,7 +472,7 @@ func printImageStreamList(streams *imageapi.ImageStreamList, w io.Writer, opts k
 
 func printProject(project *projectapi.Project, w io.Writer, opts kctl.PrintOptions) error {
 	name := formatResourceName(opts.Kind, project.Name, opts.WithKind)
-	_, err := fmt.Fprintf(w, "%s\t%s\t%s", name, project.Annotations[projectapi.ProjectDisplayName], project.Status.Phase)
+	_, err := fmt.Fprintf(w, "%s\t%s\t%s", name, project.Annotations[constants.OpenShiftDisplayName], project.Status.Phase)
 	if err := appendItemLabels(project.Labels, w, opts.ColumnLabels, opts.ShowLabels); err != nil {
 		return err
 	}

pkg/cmd/cli/describe/projectstatus_test.go

@@ -10,6 +10,7 @@ import (
 	"k8s.io/kubernetes/pkg/runtime"
 	utilerrors "k8s.io/kubernetes/pkg/util/errors"
 
+	"github.com/openshift/origin/pkg/api/constants"
 	"github.com/openshift/origin/pkg/client/testclient"
 	projectapi "github.com/openshift/origin/pkg/project/api"
 )
@@ -40,7 +41,7 @@ func TestProjectStatus(t *testing.T) {
 						Name:      "example",
 						Namespace: "",
 						Annotations: map[string]string{
-							projectapi.ProjectDisplayName: "Test",
+							constants.OpenShiftDisplayName: "Test",
 						},
 					},
 				},

pkg/cmd/server/bootstrappolicy/infra_sa_policy.go

@@ -131,6 +131,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: BuildControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// BuildControllerFactory.buildLW
@@ -178,6 +181,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: DeploymentConfigControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// DeploymentControllerFactory.deploymentLW
@@ -212,6 +218,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: DeploymentControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				{
@@ -253,6 +262,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: ReplicationControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// ReplicationManager.rcController.ListWatch
@@ -298,6 +310,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: ReplicaSetControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				{
@@ -330,6 +345,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: JobControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// JobController.jobController.ListWatch
@@ -381,6 +399,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: HPAControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// HPA Controller
@@ -431,6 +452,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: PersistentVolumeRecyclerControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// PersistentVolumeRecycler.volumeController.ListWatch
@@ -490,6 +514,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: PersistentVolumeAttachDetachControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// shared informer on PVs
@@ -539,6 +566,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: PersistentVolumeBinderControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// PersistentVolumeBinder.volumeController.ListWatch
@@ -620,6 +650,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: PersistentVolumeProvisionerControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// PersistentVolumeProvisioner.volumeController.ListWatch
@@ -664,6 +697,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: DaemonSetControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// DaemonSetsController.dsStore.ListWatch
@@ -715,6 +751,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: DisruptionControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// DisruptionBudgetController.dStore.ListWatch
@@ -759,6 +798,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: NamespaceControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// Watching/deleting namespaces
@@ -792,6 +834,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: GCControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// GCController.podStore.ListWatch
@@ -824,6 +869,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: ServiceLoadBalancerControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// ServiceController.cache.ListWatch
@@ -867,6 +915,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: PetSetControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// StatefulSetController.podCache.ListWatch
@@ -924,6 +975,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: UnidlingControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				{
@@ -973,6 +1027,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: ServiceServingCertControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				{
@@ -997,6 +1054,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: EndpointControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// Watching services and pods
@@ -1029,6 +1089,9 @@ func init() {
 		authorizationapi.ClusterRole{
 			ObjectMeta: kapi.ObjectMeta{
 				Name: ServiceIngressIPControllerRoleName,
+				Annotations: map[string]string{
+					roleSystemOnly: roleIsSystemOnly,
+				},
 			},
 			Rules: []authorizationapi.PolicyRule{
 				// Listing and watching services