Add functionality to role.py and refactor clusetr_role.py

Anatw · Anatw · commit 1fdf52c78ef1 · 2022-12-05T15:15:25.000+02:00
- Refactor cluster_role.py.
 - Add common code to utils.py.
diff --git a/ocp_resources/cluster_role.py b/ocp_resources/cluster_role.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 from ocp_resources.constants import TIMEOUT_4MINUTES
 from ocp_resources.resource import Resource
+from ocp_resources.utils import add_rule
 
 
 class ClusterRole(Resource):
@@ -16,9 +17,9 @@ def __init__(
         client=None,
         api_groups=None,
         permissions_to_resources=None,
-        verbs=None,
         teardown=True,
         yaml_file=None,
+        verbs=None,
         delete_timeout=TIMEOUT_4MINUTES,
         **kwargs,
     ):
@@ -38,31 +39,13 @@ def __init__(
     def to_dict(self):
         if not self.res:
             super().to_dict()
+        if not self.verbs:
+            self.verbs = [""]
 
         if not self.yaml_file and self.permissions_to_resources:
-            self.add_rule(
+            add_rule(
+                role_object=self,
                 api_groups=self.api_groups,
                 permissions_to_resources=self.permissions_to_resources,
                 verbs=self.verbs,
             )
-
-    def add_rule(
-        self,
-        verbs,
-        api_groups=None,
-        permissions_to_resources=None,
-    ):
-        if not self.res:
-            super().to_dict()
-
-        rule = {"verbs": verbs}
-        if api_groups:
-            rule["apiGroups"] = api_groups
-        if permissions_to_resources:
-            rule["resources"] = permissions_to_resources
-        if rule:
-            self._set_rule(rule=rule)
-
-    def _set_rule(self, rule):
-        self.desired_state["rules"].append(rule)
-        self.res["rules"] = self.desired_state["rules"]
diff --git a/ocp_resources/role.py b/ocp_resources/role.py
@@ -1,6 +1,9 @@
 # -*- coding: utf-8 -*-
-
+#  API reference:
+#       https://docs.openshift.com/container-platform/4.11/rest_api/rbac_apis/role-rbac-authorization-k8s-io-v1.html
+from ocp_resources.constants import TIMEOUT_4MINUTES
 from ocp_resources.resource import NamespacedResource
+from ocp_resources.utils import add_rule
 
 
 class Role(NamespacedResource):
@@ -9,3 +12,50 @@ class Role(NamespacedResource):
     """
 
     api_group = NamespacedResource.ApiGroup.RBAC_AUTHORIZATION_K8S_IO
+
+    def __init__(
+        self,
+        name=None,
+        namespace=None,
+        client=None,
+        api_groups=None,
+        permissions_to_resources=None,
+        teardown=True,
+        yaml_file=None,
+        verbs=None,
+        delete_timeout=TIMEOUT_4MINUTES,
+        **kwargs,
+    ):
+        """
+        Args:
+            permissions_to_resources (list): List of string with resource/s to which you want to add permissions to.
+            Verbs (list): Determine the action/s (permissions) applicable on a specific resource.
+                    Available verbs per resource can be seen with the command 'oc api-resources --sort-by name -o wide'
+        """
+        super().__init__(
+            client=client,
+            namespace=namespace,
+            name=name,
+            teardown=teardown,
+            yaml_file=yaml_file,
+            delete_timeout=delete_timeout,
+            **kwargs,
+        )
+        self.api_groups = api_groups
+        self.permissions_to_resources = permissions_to_resources
+        self.verbs = verbs
+        self.desired_state = {"rules": []}
+
+    def to_dict(self):
+        if not self.res:
+            super().to_dict()
+        if not self.verbs:
+            self.verbs = [""]
+
+        if not self.yaml_file and self.permissions_to_resources:
+            add_rule(
+                role_object=self,
+                api_groups=self.api_groups,
+                permissions_to_resources=self.permissions_to_resources,
+                verbs=self.verbs,
+            )
diff --git a/ocp_resources/utils.py b/ocp_resources/utils.py
@@ -276,3 +276,24 @@ def _return_resource(_resource, _check_exists, _msg):
                     _check_exists=check_exists,
                     _msg=skip_create_warn_msg,
                 )
+
+
+def add_rule(
+    role_object,
+    verbs,
+    api_groups=None,
+    permissions_to_resources=None,
+):
+    def _set_rule(rule_to_set):
+        role_object.desired_state["rules"].append(rule_to_set)
+        role_object.res["rules"] = role_object.desired_state["rules"]
+
+    if not role_object.res:
+        role_object.super().to_dict()
+
+    rule = {"verbs": verbs}
+    if api_groups:
+        rule["apiGroups"] = api_groups
+    if permissions_to_resources:
+        rule["resources"] = permissions_to_resources
+    _set_rule(rule_to_set=rule)
