kubevirt / containerized-data-importer / #5886
49%
main: 49%

LAST BUILD BRANCH: ann-pod-service-account
DEFAULT BRANCH: main
Ran
Jobs 1
Files 157
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 49.36% (+0.05%) from 49.313%
#5886

Pull #4056

travis-ci

Hazanel 
Add AnnPodServiceAccount to allow custom ServiceAccount for CDI pods

**What this PR does / why we need it**:

This PR adds support for specifying a custom ServiceAccount for importer,
cloner, and uploader pods via a new PVC/DV annotation. This enables
organizations with security policies that require migration workloads to
run under a specific ServiceAccount rather than the namespace default.

The feature can be used in two ways:
1. **DataVolume spec field**: Set `spec.serviceAccountName` on a DataVolume,
   which gets propagated as an annotation onto the underlying PVC.
2. **PVC annotation**: Set `cdi.kubevirt.io/storage.pod.serviceAccountName`
   directly on a PVC.

The implementation mirrors the existing AnnPriorityClassName pattern:
- Added AnnPodServiceAccount constant and GetPodServiceAccount() helper
- Added AnnPodServiceAccount to allowedAnnotations whitelist
- Set pod.Spec.ServiceAccountName in all 6 pod-creation sites: import,
  upload, clone, size-detection, prep, and populator controllers
- Added ServiceAccountName field to DataVolumeSpec and VolumeCloneSourceSpec
- Propagate annotation from DataVolume to PVC in controller-base.go
- Propagate ServiceAccountName through HostClonePhase in clone planner
- Updated OpenAPI and CRD generated schemas for the new spec fields
- Added unit tests following the AnnPriorityClassName test pattern

Note: prep-claim.go also adds the missing PriorityClassName to the pod spec.
This is a pre-existing bug — CopyAllowedAnnotations copied the annotation to
pod metadata, but PodSpec.PriorityClassName was never set, so Kubernetes
ignored it for scheduling. Fixed here since we're already touching the same
code block.

Also refactored planHostAssistedFromPVC/planHostAssistedFromSnapshot in
planner.go to extract shared helpers (applyCloneSourceSpec, newRebindPhase),
fixing a pre-existing bug where Preallocation was not set on the snapshot
clone path.

**After the fix**:

Users can set the annotation cdi.kubevirt.io... (continued)
Pull Request #4056: Add AnnPodServiceAccount to allow custom ServiceAccount for CDI pods

53 of 61 new or added lines in 9 files covered. (86.89%)

21 existing lines in 1 file now uncovered.

14761 of 29905 relevant lines covered (49.36%)

0.55 hits per line

New Missed Lines in Diff

Lines Coverage File
2
79.43
 -0.03% pkg/controller/clone/planner.go
2
62.0
 -0.09% pkg/controller/datavolume/controller-base.go
4
13.46
 -0.04% pkg/controller/common/util.go

Uncovered Existing Lines

Lines Coverage File
21
77.23
 -0.03% pkg/controller/upload-controller.go
Jobs
ID Job ID Ran Files Coverage
1 #5886.1 157
49.36
Source Files on build #5886