github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/pkg/kubernetes/resources/clusterrolebinding/adapt.go

github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/pkg/kubernetes/resources/clusterrolebinding/adapt.go (about)

     1  package clusterrolebinding
     2  
     3  import (
     4  	"github.com/caos/orbos/pkg/kubernetes"
     5  	"github.com/caos/orbos/pkg/kubernetes/resources"
     6  	"github.com/caos/orbos/pkg/labels"
     7  	rbac "k8s.io/api/rbac/v1"
     8  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
     9  )
    10  
    11  type Subject struct {
    12  	Kind      string
    13  	Name      string
    14  	Namespace string
    15  }
    16  
    17  func AdaptFuncToEnsure(nameLabels *labels.Name, subjects []Subject, clusterrole string) (resources.QueryFunc, error) {
    18  	subjectsList := make([]rbac.Subject, 0)
    19  	for _, subject := range subjects {
    20  		subjectsList = append(subjectsList, rbac.Subject{
    21  			Name:      subject.Name,
    22  			Namespace: subject.Namespace,
    23  			Kind:      subject.Kind,
    24  		})
    25  	}
    26  
    27  	crb := &rbac.ClusterRoleBinding{
    28  		ObjectMeta: metav1.ObjectMeta{
    29  			Name:   nameLabels.Name(),
    30  			Labels: labels.MustK8sMap(nameLabels),
    31  		},
    32  		Subjects: subjectsList,
    33  		RoleRef: rbac.RoleRef{
    34  			APIGroup: "rbac.authorization.k8s.io",
    35  			Name:     clusterrole,
    36  			Kind:     "ClusterRole",
    37  		},
    38  	}
    39  	return func(_ kubernetes.ClientInt, _ map[string]interface{}) (resources.EnsureFunc, error) {
    40  		return func(k8sClient kubernetes.ClientInt) error {
    41  			return k8sClient.ApplyClusterRoleBinding(crb)
    42  		}, nil
    43  	}, nil
    44  }
    45  
    46  func AdaptFuncToDestroy(name string) (resources.DestroyFunc, error) {
    47  	return func(client kubernetes.ClientInt) error {
    48  		return client.DeleteClusterRoleBinding(name)
    49  	}, nil
    50  }