This repository has been archived by the owner on Dec 11, 2023. It is now read-only.
/
desired.go
94 lines (80 loc) · 2.64 KB
/
desired.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package clusterrolebinding
import (
"context"
"github.com/giantswarm/apiextensions/v3/pkg/apis/provider/v1alpha1"
"github.com/giantswarm/microerror"
apiv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/giantswarm/kvm-operator/v4/service/controller/key"
)
func (r *Resource) GetDesiredState(ctx context.Context, obj interface{}) (interface{}, error) {
customObject, err := key.ToCustomObject(obj)
if err != nil {
return nil, microerror.Mask(err)
}
r.logger.Debugf(ctx, "computing the new cluster role bindings")
clusterRoleBindings, err := r.newClusterRoleBindings(customObject)
if err != nil {
return nil, microerror.Mask(err)
}
r.logger.Debugf(ctx, "computed the %d new cluster role bindings", len(clusterRoleBindings))
return clusterRoleBindings, nil
}
func (r *Resource) newClusterRoleBindings(customObject v1alpha1.KVMConfig) ([]*apiv1.ClusterRoleBinding, error) {
var clusterRoleBindings []*apiv1.ClusterRoleBinding
generalClusterRoleBinding := &apiv1.ClusterRoleBinding{
TypeMeta: metav1.TypeMeta{
Kind: "ClusterRoleBinding",
APIVersion: apiv1.GroupName,
},
ObjectMeta: metav1.ObjectMeta{
Name: key.ClusterRoleBindingName(customObject),
Labels: map[string]string{
"app": "kvm-operator",
"giantswarm.io/cluster-id": key.ClusterID(customObject),
"giantswarm.io/customer-id": key.ClusterCustomer(customObject),
},
},
Subjects: []apiv1.Subject{
{
Kind: apiv1.ServiceAccountKind,
Namespace: key.ClusterID(customObject),
Name: key.ClusterID(customObject),
},
},
RoleRef: apiv1.RoleRef{
APIGroup: apiv1.GroupName,
Kind: "ClusterRole",
Name: r.clusterRoleGeneral,
},
}
clusterRoleBindings = append(clusterRoleBindings, generalClusterRoleBinding)
pspClusterRoleBinding := &apiv1.ClusterRoleBinding{
TypeMeta: metav1.TypeMeta{
Kind: "ClusterRoleBinding",
APIVersion: apiv1.GroupName,
},
ObjectMeta: metav1.ObjectMeta{
Name: key.ClusterRoleBindingPSPName(customObject),
Labels: map[string]string{
"app": "kvm-operator",
"giantswarm.io/cluster-id": key.ClusterID(customObject),
"giantswarm.io/customer-id": key.ClusterCustomer(customObject),
},
},
Subjects: []apiv1.Subject{
{
Kind: apiv1.ServiceAccountKind,
Namespace: key.ClusterID(customObject),
Name: key.ClusterID(customObject),
},
},
RoleRef: apiv1.RoleRef{
APIGroup: apiv1.GroupName,
Kind: "ClusterRole",
Name: r.clusterRolePSP,
},
}
clusterRoleBindings = append(clusterRoleBindings, pspClusterRoleBinding)
return clusterRoleBindings, nil
}