-
Notifications
You must be signed in to change notification settings - Fork 155
/
rbac_project_controller.go
95 lines (76 loc) · 2.92 KB
/
rbac_project_controller.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/*
Copyright 2020 The Kubermatic Kubernetes Platform contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package rbac
import (
"context"
kubermaticv1 "k8c.io/kubermatic/v2/pkg/crd/kubermatic/v1"
"k8s.io/apimachinery/pkg/api/meta"
"k8s.io/client-go/util/workqueue"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/controller"
"sigs.k8s.io/controller-runtime/pkg/handler"
"sigs.k8s.io/controller-runtime/pkg/manager"
"sigs.k8s.io/controller-runtime/pkg/predicate"
"sigs.k8s.io/controller-runtime/pkg/reconcile"
"sigs.k8s.io/controller-runtime/pkg/source"
)
const (
metricNamespace = "kubermatic"
destinationSeed = "seed"
)
type projectController struct {
projectQueue workqueue.RateLimitingInterface
metrics *Metrics
projectResources []projectResource
client client.Client
restMapper meta.RESTMapper
seedClientMap map[string]client.Client
ctx context.Context
}
// newProjectRBACController creates a new controller that is responsible for
// managing RBAC roles for project's
// The controller will also set proper ownership chain through OwnerReferences
// so that whenever a project is deleted dependants object will be garbage collected.
func newProjectRBACController(ctx context.Context, metrics *Metrics, mgr manager.Manager, seedManagerMap map[string]manager.Manager, resources []projectResource, workerPredicate predicate.Predicate) error {
seedClientMap := make(map[string]client.Client)
for k, v := range seedManagerMap {
seedClientMap[k] = v.GetClient()
}
c := &projectController{
projectQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "rbac_generator_for_project"),
metrics: metrics,
projectResources: resources,
client: mgr.GetClient(),
restMapper: mgr.GetRESTMapper(),
seedClientMap: seedClientMap,
ctx: ctx,
}
// Create a new controller
cc, err := controller.New("rbac_generator_for_project", mgr, controller.Options{Reconciler: c})
if err != nil {
return err
}
// Watch for changes to UserProjectBinding
err = cc.Watch(&source.Kind{Type: &kubermaticv1.Project{}}, &handler.EnqueueRequestForObject{}, workerPredicate)
if err != nil {
return err
}
return nil
}
func (c *projectController) Reconcile(req reconcile.Request) (reconcile.Result, error) {
err := c.sync(req.NamespacedName)
if err != nil {
return reconcile.Result{}, err
}
return reconcile.Result{}, nil
}