github.com/operator-framework/operator-lifecycle-manager@v0.30.0/pkg/lib/scoped/util.go

github.com/operator-framework/operator-lifecycle-manager@v0.30.0/pkg/lib/scoped/util.go (about)

     1  package scoped
     2  
     3  import (
     4  	v1 "k8s.io/api/core/v1"
     5  	rbacv1 "k8s.io/api/rbac/v1"
     6  	"k8s.io/apimachinery/pkg/runtime"
     7  
     8  	"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/ownerutil"
     9  )
    10  
    11  const (
    12  	roleKind        = "Role"
    13  	roleBindingKind = "RoleBinding"
    14  )
    15  
    16  // IsServiceAccountToken returns true if the secret is a valid api token for the service account
    17  // This has been copied from https://github.com/kubernetes/kubernetes/blob/master/pkg/serviceaccount/util.go
    18  func IsServiceAccountToken(secret *v1.Secret, sa *v1.ServiceAccount) bool {
    19  	if secret.Type != v1.SecretTypeServiceAccountToken {
    20  		return false
    21  	}
    22  
    23  	name := secret.Annotations[v1.ServiceAccountNameKey]
    24  	uid := secret.Annotations[v1.ServiceAccountUIDKey]
    25  	if name != sa.Name {
    26  		// Name must match
    27  		return false
    28  	}
    29  	if len(uid) > 0 && uid != string(sa.UID) {
    30  		// If UID is specified, it must match
    31  		return false
    32  	}
    33  
    34  	return true
    35  }
    36  
    37  func IsObjectRBACRelated(obj interface{}) (related bool, object runtime.Object) {
    38  	object, ok := obj.(runtime.Object)
    39  	if !ok {
    40  		return
    41  	}
    42  
    43  	if err := ownerutil.InferGroupVersionKind(object); err != nil {
    44  		return
    45  	}
    46  
    47  	kind := object.GetObjectKind().GroupVersionKind().Kind
    48  	switch kind {
    49  	case roleKind:
    50  		fallthrough
    51  	case roleBindingKind:
    52  		fallthrough
    53  	case rbacv1.ServiceAccountKind:
    54  		related = true
    55  	}
    56  
    57  	return
    58  }