add early return in goroutine for each SA (#345)

YCShen1010 · web-flow · commit de603b096fb8 · 2024-10-30T22:32:59.000+08:00
Signed-off-by: YuChen &lt;yuchen.shen@mail.utoronto.ca&gt;
diff --git a/controllers/namespacescope_controller.go b/controllers/namespacescope_controller.go
@@ -502,6 +502,7 @@ func (r *NamespaceScopeReconciler) generateRBACToNamespace(ctx context.Context,
 			roleList, err := r.GetRolesFromServiceAccount(ctx, sa, fromNs)
 			if err != nil {
 				errorChannel <- err
+				return
 			}
 
 			klog.V(2).Infof("Roles waiting to be copied for SA %s: %v", sa, roleList)
@@ -511,13 +512,15 @@ func (r *NamespaceScopeReconciler) generateRBACToNamespace(ctx context.Context,
 					r.Recorder.Eventf(instance, corev1.EventTypeWarning, "Forbidden", "cannot create resource roles in API group rbac.authorization.k8s.io in the namespace %s. Please authorize service account ibm-namespace-scope-operator namespace admin permission of %s namespace", toNs, toNs)
 				}
 				errorChannel <- err
+				return
 			}
 
 			if err := r.CreateRoleBinding(ctx, roleList, labels, sa, fromNs, toNs); err != nil {
 				if errors.IsForbidden(err) {
 					r.Recorder.Eventf(instance, corev1.EventTypeWarning, "Forbidden", "cannot create resource rolebindings in API group rbac.authorization.k8s.io in the namespace %s. Please authorize service account ibm-namespace-scope-operator namespace admin permission of %s namespace", toNs, toNs)
 				}
 				errorChannel <- err
+				return
 			}
 		}(sa)
 	}

Original file line number	Diff line number	Diff line change
`@@ -502,6 +502,7 @@ func (r *NamespaceScopeReconciler) generateRBACToNamespace(ctx context.Context,`
`502`	`502`	`roleList, err := r.GetRolesFromServiceAccount(ctx, sa, fromNs)`
`503`	`503`	`if err != nil {`
`504`	`504`	`errorChannel <- err`
	`505`	`+ return`
`505`	`506`	`}`
`506`	`507`
`507`	`508`	`klog.V(2).Infof("Roles waiting to be copied for SA %s: %v", sa, roleList)`
`@@ -511,13 +512,15 @@ func (r *NamespaceScopeReconciler) generateRBACToNamespace(ctx context.Context,`
`511`	`512`	`r.Recorder.Eventf(instance, corev1.EventTypeWarning, "Forbidden", "cannot create resource roles in API group rbac.authorization.k8s.io in the namespace %s. Please authorize service account ibm-namespace-scope-operator namespace admin permission of %s namespace", toNs, toNs)`
`512`	`513`	`}`
`513`	`514`	`errorChannel <- err`
	`515`	`+ return`
`514`	`516`	`}`
`515`	`517`
`516`	`518`	`if err := r.CreateRoleBinding(ctx, roleList, labels, sa, fromNs, toNs); err != nil {`
`517`	`519`	`if errors.IsForbidden(err) {`
`518`	`520`	`r.Recorder.Eventf(instance, corev1.EventTypeWarning, "Forbidden", "cannot create resource rolebindings in API group rbac.authorization.k8s.io in the namespace %s. Please authorize service account ibm-namespace-scope-operator namespace admin permission of %s namespace", toNs, toNs)`
`519`	`521`	`}`
`520`	`522`	`errorChannel <- err`
	`523`	`+ return`
`521`	`524`	`}`
`522`	`525`	`}(sa)`
`523`	`526`	`}`