forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
project_policy.go
44 lines (41 loc) · 1.3 KB
/
project_policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
package bootstrappolicy
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apiserver/pkg/authentication/serviceaccount"
kapi "k8s.io/kubernetes/pkg/api"
authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization"
)
func GetBootstrapServiceAccountProjectRoleBindings(namespace string) []authorizationapi.RoleBinding {
return []authorizationapi.RoleBinding{
{
ObjectMeta: metav1.ObjectMeta{
Name: ImagePullerRoleBindingName,
Namespace: namespace,
},
RoleRef: kapi.ObjectReference{
Name: ImagePullerRoleName,
},
Subjects: []kapi.ObjectReference{{Kind: authorizationapi.SystemGroupKind, Name: serviceaccount.MakeNamespaceGroupName(namespace)}},
},
{
ObjectMeta: metav1.ObjectMeta{
Name: ImageBuilderRoleBindingName,
Namespace: namespace,
},
RoleRef: kapi.ObjectReference{
Name: ImageBuilderRoleName,
},
Subjects: []kapi.ObjectReference{{Kind: authorizationapi.ServiceAccountKind, Name: BuilderServiceAccountName}},
},
{
ObjectMeta: metav1.ObjectMeta{
Name: DeployerRoleBindingName,
Namespace: namespace,
},
RoleRef: kapi.ObjectReference{
Name: DeployerRoleName,
},
Subjects: []kapi.ObjectReference{{Kind: authorizationapi.ServiceAccountKind, Name: DeployerServiceAccountName}},
},
}
}