/
role_bindings.go
43 lines (38 loc) · 1.17 KB
/
role_bindings.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
package kubernetes
import (
"context"
"k8s.io/apimachinery/pkg/types"
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
)
func ConstructRoleBinding(roleBindingName, roleName, humioClusterName, humioClusterNamespace, serviceAccountName string) *rbacv1.RoleBinding {
return &rbacv1.RoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: roleBindingName,
Namespace: humioClusterNamespace,
Labels: LabelsForHumio(humioClusterName),
},
RoleRef: rbacv1.RoleRef{
Kind: "Role",
APIGroup: "rbac.authorization.k8s.io",
Name: roleName,
},
Subjects: []rbacv1.Subject{
{
Kind: "ServiceAccount",
Name: serviceAccountName,
Namespace: humioClusterNamespace,
},
},
}
}
// GetRoleBinding returns the given role if it exists
func GetRoleBinding(ctx context.Context, c client.Client, roleBindingName, roleBindingNamespace string) (*rbacv1.RoleBinding, error) {
var existingRoleBinding rbacv1.RoleBinding
err := c.Get(ctx, types.NamespacedName{
Name: roleBindingName,
Namespace: roleBindingNamespace,
}, &existingRoleBinding)
return &existingRoleBinding, err
}