add namespace verification

[kong62]

cat 1.yaml
apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
metadata:
name: joe-access
rbacBindings:

• name: joe
  subjects:
  • kind: User
    name: joe@example.com
    roleBindings:
  • namespace: api
    clusterRole: view
  • namespace: web
    clusterRole: edit

kubectl apply -f 1.yaml
rbacdefinition.rbacmanager.reactiveops.io/joe-access created

kubectl logs -f -n rbac-manager rbac-manager-696c985976-55kv6
time="2019-11-05T02:21:34Z" level=info msg=----------------------------------
time="2019-11-05T02:21:34Z" level=info msg="rbac-manager 0.8.3 running"
time="2019-11-05T02:21:34Z" level=info msg=----------------------------------
time="2019-11-05T02:21:34Z" level=info msg="Registering components"
time="2019-11-05T02:21:34Z" level=info msg="Watching resources related to RBAC Definitions"
time="2019-11-05T02:21:34Z" level=info msg="Watching RBAC Definitions"
time="2019-11-05T02:26:24Z" level=info msg="Reconciling RBACDefinition joe-access"
time="2019-11-05T02:26:24Z" level=info msg="Creating Role Binding: joe-access-joe-view"
time="2019-11-05T02:26:24Z" level=error msg="Error creating Role Binding: namespaces "api" not found"
time="2019-11-05T02:26:24Z" level=info msg="Creating Role Binding: joe-access-joe-edit"
time="2019-11-05T02:26:24Z" level=error msg="Error creating Role Binding: namespaces "web" not found"

[sudermanjr]

@kong62 Thanks for the issue. Can you please describe what your desired behavior would look like? Would you prefer that the rbacDefinition is rejected by the API when you create it? Could this possibly be additional validation like what is requested in #99 ?

[kong62]

@sudermanjr This problem occurs when I create RBACDefinition, but my namespace does not exist, I think this problem should be verified, if the namespace does not exist, RBACDefinition does not allow creation

[sudermanjr]

Opened #103 to track this request