-
Notifications
You must be signed in to change notification settings - Fork 9
/
main.go
58 lines (48 loc) · 1.92 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
// Copyright 2022 Namespace Labs Inc; All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
package main
import (
"context"
"fmt"
"path/filepath"
rbacv1 "k8s.io/client-go/applyconfigurations/rbac/v1"
"namespacelabs.dev/foundation/framework/kubernetes/kubedef"
"namespacelabs.dev/foundation/framework/kubernetes/kubenaming"
"namespacelabs.dev/foundation/framework/provisioning"
"namespacelabs.dev/foundation/internal/planning/tool/protocol"
"namespacelabs.dev/foundation/library/kubernetes/rbac"
"namespacelabs.dev/foundation/schema"
)
func main() {
h := provisioning.NewHandlers()
henv := h.MatchEnv(&schema.Environment{Runtime: "kubernetes"})
henv.HandleApply(func(ctx context.Context, req provisioning.StackRequest, out *provisioning.ApplyOutput) error {
intent := &rbac.ClusterRoleIntent{}
if err := req.UnpackInput(intent); err != nil {
return err
}
source := &protocol.ResourceInstance{}
if err := req.UnpackInput(source); err != nil {
return err
}
roleName := "ns:user:" + kubenaming.DomainFragLikeN("-", filepath.Base(source.ResourceInstance.PackageName), source.ResourceInstance.Name, kubenaming.StableIDN(source.ResourceInstanceId, 8))
labels := map[string]string{}
clusterRole := rbacv1.ClusterRole(roleName).
WithLabels(labels).
WithAnnotations(kubedef.BaseAnnotations())
for _, rule := range intent.Rules {
r := rbacv1.PolicyRule().WithAPIGroups(rule.ApiGroups...).WithResources(rule.Resources...).WithVerbs(rule.Verbs...).WithNonResourceURLs(rule.NonResourceUrls...)
clusterRole = clusterRole.WithRules(r)
}
out.Invocations = append(out.Invocations, kubedef.Apply{
Description: fmt.Sprintf("%s: Cluster Role", intent.Name),
Resource: clusterRole,
})
out.OutputResourceInstance = &rbac.ClusterRoleInstance{
Name: roleName,
}
return nil
})
provisioning.Handle(h)
}