forked from rancher/rancher
-
Notifications
You must be signed in to change notification settings - Fork 0
/
indexes.go
52 lines (42 loc) · 1.09 KB
/
indexes.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
package auth
import (
v1 "k8s.io/api/rbac/v1"
)
func rbByOwner(obj interface{}) ([]string, error) {
rb, ok := obj.(*v1.RoleBinding)
if !ok {
return []string{}, nil
}
return getRBOwnerKey(rb), nil
}
func getRBOwnerKey(rb *v1.RoleBinding) []string {
var owners []string
for _, o := range rb.OwnerReferences {
owners = append(owners, string(o.UID))
}
return owners
}
func rbRoleSubjectKey(roleName string, subject v1.Subject) string {
return roleName + "." + subject.Kind + "." + subject.Name
}
func rbRoleSubjectKeys(roleName string, subjects []v1.Subject) []string {
var keys []string
for _, s := range subjects {
keys = append(keys, rbRoleSubjectKey(roleName, s))
}
return keys
}
func rbByRoleAndSubject(obj interface{}) ([]string, error) {
var subjects []v1.Subject
var roleName string
if rb, ok := obj.(*v1.ClusterRoleBinding); ok {
roleName = rb.RoleRef.Name
subjects = rb.Subjects
} else if rb, ok := obj.(*v1.RoleBinding); ok {
roleName = rb.RoleRef.Name
subjects = rb.Subjects
} else {
return []string{}, nil
}
return rbRoleSubjectKeys(roleName, subjects), nil
}