-
Notifications
You must be signed in to change notification settings - Fork 4.7k
/
policy_binding.go
129 lines (104 loc) · 3.46 KB
/
policy_binding.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
package create
import (
"fmt"
"io"
"github.com/spf13/cobra"
"k8s.io/kubernetes/pkg/api/meta"
cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
"k8s.io/kubernetes/pkg/runtime"
authorizationapi "github.com/openshift/origin/pkg/authorization/api"
"github.com/openshift/origin/pkg/client"
"github.com/openshift/origin/pkg/cmd/util/clientcmd"
)
const (
PolicyBindingRecommendedName = "policybinding"
policyBindingLong = `
Create a policy binding that references the policy in the targetted namespace.`
policyBindingExample = ` # Create a policy binding in namespace "foo" that references the policy in namespace "bar"
%[1]s bar -n foo`
)
type CreatePolicyBindingOptions struct {
BindingNamespace string
PolicyNamespace string
BindingClient client.PolicyBindingsNamespacer
Mapper meta.RESTMapper
OutputFormat string
Out io.Writer
Printer ObjectPrinter
}
type ObjectPrinter func(runtime.Object, io.Writer) error
// NewCmdCreateServiceAccount is a macro command to create a new service account
func NewCmdCreatePolicyBinding(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command {
o := &CreatePolicyBindingOptions{Out: out}
cmd := &cobra.Command{
Use: name + " TARGET_POLICY_NAMESPACE",
Short: "Create a policy binding that references the policy in the targetted namespace.",
Long: policyBindingLong,
Example: fmt.Sprintf(policyBindingExample, fullName),
Run: func(cmd *cobra.Command, args []string) {
cmdutil.CheckErr(o.Complete(cmd, f, args))
cmdutil.CheckErr(o.Validate())
cmdutil.CheckErr(o.Run())
},
}
cmdutil.AddOutputFlagsForMutation(cmd)
return cmd
}
func (o *CreatePolicyBindingOptions) Complete(cmd *cobra.Command, f *clientcmd.Factory, args []string) error {
if len(args) != 1 {
return fmt.Errorf("exactly one argument (policy namespace) is supported, not: %v", args)
}
o.PolicyNamespace = args[0]
namespace, _, err := f.DefaultNamespace()
if err != nil {
return err
}
o.BindingNamespace = namespace
client, _, err := f.Clients()
if err != nil {
return err
}
o.BindingClient = client
o.Mapper, _ = f.Object(false)
o.OutputFormat = cmdutil.GetFlagString(cmd, "output")
o.Printer = func(obj runtime.Object, out io.Writer) error {
return f.PrintObject(cmd, o.Mapper, obj, out)
}
return nil
}
func (o *CreatePolicyBindingOptions) Validate() error {
if len(o.BindingNamespace) == 0 {
return fmt.Errorf("destination namespace is required")
}
if len(o.PolicyNamespace) == 0 {
return fmt.Errorf("referenced policy namespace is required")
}
if o.BindingClient == nil {
return fmt.Errorf("BindingClient is required")
}
if o.Mapper == nil {
return fmt.Errorf("Mapper is required")
}
if o.Out == nil {
return fmt.Errorf("Out is required")
}
if o.Printer == nil {
return fmt.Errorf("Printer is required")
}
return nil
}
func (o *CreatePolicyBindingOptions) Run() error {
binding := &authorizationapi.PolicyBinding{}
binding.PolicyRef.Namespace = o.PolicyNamespace
binding.PolicyRef.Name = authorizationapi.PolicyName
binding.Name = authorizationapi.GetPolicyBindingName(binding.PolicyRef.Namespace)
actualBinding, err := o.BindingClient.PolicyBindings(o.BindingNamespace).Create(binding)
if err != nil {
return err
}
if useShortOutput := o.OutputFormat == "name"; useShortOutput || len(o.OutputFormat) == 0 {
cmdutil.PrintSuccess(o.Mapper, useShortOutput, o.Out, "policybinding", actualBinding.Name, "created")
return nil
}
return o.Printer(actualBinding, o.Out)
}