/
role_api_client.go
107 lines (88 loc) · 3.61 KB
/
role_api_client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package elasticsearchapi
import (
"encoding/json"
eshandler "github.com/disaster37/es-handler/v8"
"github.com/disaster37/generic-objectmatcher/patch"
"github.com/disaster37/operator-sdk-extra/pkg/controller"
elasticsearchapicrd "github.com/webcenter-fr/elasticsearch-operator/apis/elasticsearchapi/v1"
)
type roleApiClient struct {
*controller.BasicRemoteExternalReconciler[*elasticsearchapicrd.Role, *eshandler.XPackSecurityRole, eshandler.ElasticsearchHandler]
}
func newRoleApiClient(client eshandler.ElasticsearchHandler) controller.RemoteExternalReconciler[*elasticsearchapicrd.Role, *eshandler.XPackSecurityRole, eshandler.ElasticsearchHandler] {
return &roleApiClient{
BasicRemoteExternalReconciler: controller.NewBasicRemoteExternalReconciler[*elasticsearchapicrd.Role, *eshandler.XPackSecurityRole, eshandler.ElasticsearchHandler](client),
}
}
func (h *roleApiClient) Build(o *elasticsearchapicrd.Role) (role *eshandler.XPackSecurityRole, err error) {
role = &eshandler.XPackSecurityRole{
Cluster: o.Spec.Cluster,
RunAs: o.Spec.RunAs,
}
if o.Spec.Global != "" {
global := make(map[string]any)
if err := json.Unmarshal([]byte(o.Spec.Global), &global); err != nil {
return nil, err
}
role.Global = global
}
if o.Spec.Metadata != "" {
meta := make(map[string]any)
if err := json.Unmarshal([]byte(o.Spec.Metadata), &meta); err != nil {
return nil, err
}
role.Metadata = meta
}
if o.Spec.TransientMetadata != "" {
tm := make(map[string]any)
if err := json.Unmarshal([]byte(o.Spec.TransientMetadata), &tm); err != nil {
return nil, err
}
role.TransientMetadata = tm
}
if o.Spec.Applications != nil {
role.Applications = make([]eshandler.XPackSecurityApplicationPrivileges, 0, len(o.Spec.Applications))
for _, application := range o.Spec.Applications {
role.Applications = append(role.Applications, eshandler.XPackSecurityApplicationPrivileges{
Application: application.Application,
Privileges: application.Privileges,
Resources: application.Resources,
})
}
}
if o.Spec.Indices != nil {
role.Indices = make([]eshandler.XPackSecurityIndicesPermissions, 0, len(o.Spec.Indices))
for _, indice := range o.Spec.Indices {
i := eshandler.XPackSecurityIndicesPermissions{
Names: indice.Names,
Privileges: indice.Privileges,
Query: indice.Query,
AllowRestrictedIndices: indice.AllowRestrictedIndices,
}
if indice.FieldSecurity != "" {
fs := make(map[string]any)
if err := json.Unmarshal([]byte(indice.FieldSecurity), &fs); err != nil {
return nil, err
}
i.FieldSecurity = fs
}
role.Indices = append(role.Indices, i)
}
}
return role, nil
}
func (h *roleApiClient) Get(o *elasticsearchapicrd.Role) (object *eshandler.XPackSecurityRole, err error) {
return h.Client().RoleGet(o.GetExternalName())
}
func (h *roleApiClient) Create(object *eshandler.XPackSecurityRole, o *elasticsearchapicrd.Role) (err error) {
return h.Client().RoleUpdate(o.GetExternalName(), object)
}
func (h *roleApiClient) Update(object *eshandler.XPackSecurityRole, o *elasticsearchapicrd.Role) (err error) {
return h.Client().RoleUpdate(o.GetExternalName(), object)
}
func (h *roleApiClient) Delete(o *elasticsearchapicrd.Role) (err error) {
return h.Client().RoleDelete(o.GetExternalName())
}
func (h *roleApiClient) Diff(currentOject *eshandler.XPackSecurityRole, expectedObject *eshandler.XPackSecurityRole, originalObject *eshandler.XPackSecurityRole, ignoresDiff ...patch.CalculateOption) (patchResult *patch.PatchResult, err error) {
return h.Client().RoleDiff(currentOject, expectedObject, originalObject)
}