/
clusterRoleBinding.go
135 lines (115 loc) · 3.48 KB
/
clusterRoleBinding.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
package beku
import (
"encoding/json"
"errors"
"fmt"
"reflect"
"github.com/ghodss/yaml"
"k8s.io/api/rbac/v1beta1"
)
// ClusterRoleBinding include kubernetes resource object ClusterRoleBinding and error
type ClusterRoleBinding struct {
crb *v1beta1.ClusterRoleBinding
err error
}
// NewClusterRoleBinding create NewClusterRoleBinding and chain function call begin with this function.
func NewClusterRoleBinding() *ClusterRoleBinding {
return &ClusterRoleBinding{crb: &v1beta1.ClusterRoleBinding{}}
}
// Finish Chain function call end with this function
// return Kubernetes resource object ClusterRoleBinding and error.
// In the function, it will check necessary parameters、input the default field。
func (obj *ClusterRoleBinding) Finish() (*v1beta1.ClusterRoleBinding, error) {
obj.verify()
return obj.crb, obj.err
}
// JSONNew use json data create ClusterRoleBinding
func (obj *ClusterRoleBinding) JSONNew(jsonbyts []byte) *ClusterRoleBinding {
obj.error(json.Unmarshal(jsonbyts, obj.crb))
return obj
}
// YAMLNew use yaml data create ClusterRoleBinding
func (obj *ClusterRoleBinding) YAMLNew(yamlbyts []byte) *ClusterRoleBinding {
obj.error(yaml.Unmarshal(yamlbyts, obj.crb))
return obj
}
// SetName set ClusterRoleBinding name
func (obj *ClusterRoleBinding) SetName(name string) *ClusterRoleBinding {
obj.crb.SetName(name)
return obj
}
// SubKind subject kind
type SubKind string
// subject kinds
const (
User SubKind = "User"
Group SubKind = "Group"
SA SubKind = "ServiceAccount"
)
var (
kindMaps = map[SubKind]string{
User: "rbac.authorization.k8s.io",
Group: "rbac.authorization.k8s.io",
SA: "namespace",
}
)
// Subject set ClusterRoleBinding subject
// kind only support "User", "Group", "ServiceAccount"
// namespace it is Required when kind is "ServiceAccount" default is "". it is Optional when kind is "User" or "Group"
func (obj *ClusterRoleBinding) Subject(name string, kind SubKind, namespace string) *ClusterRoleBinding {
if kindMaps[kind] == "" {
obj.error(fmt.Errorf("Set subject err. kind:%v is not supported, only support User/Group/ServiceAccount ", kind))
return obj
}
subject := v1beta1.Subject{
Name: name,
Kind: string(kind),
}
if kindMaps[kind] == "namespace" {
subject.Namespace = namespace
} else {
subject.APIGroup = kindMaps[kind]
}
if len(obj.crb.Subjects) <= 0 {
obj.crb.Subjects = []v1beta1.Subject{subject}
return obj
}
obj.crb.Subjects = append(obj.crb.Subjects, subject)
return obj
}
// SetRoleRef set ClusterRoleBinding RoleRef
func (obj *ClusterRoleBinding) SetRoleRef(name string) *ClusterRoleBinding {
if emptyString(name) {
obj.error(errors.New("set SetRoleRef err. name is not allow to be empty"))
return obj
}
obj.crb.RoleRef = v1beta1.RoleRef{
APIGroup: "rbac.authorization.k8s.io",
Kind: "ClusterRole",
Name: name,
}
return obj
}
var tmpRoleRef = v1beta1.RoleRef{}
func (obj *ClusterRoleBinding) verify() {
if obj.crb.GetName() == "" {
obj.error(errors.New("Set Name err,name is not allowed to be empty"))
return
}
if len(obj.crb.Subjects) <= 0 {
obj.error(errors.New("Set ClusterRoleBinding err,subejects is not allowed to be empty"))
return
}
if reflect.DeepEqual(tmpRoleRef, obj.crb.RoleRef) {
obj.error(errors.New("Set ClusterRoleBinding err,RoleRef is not allowed to be empty"))
return
}
obj.crb.APIVersion = "rbac.authorization.k8s.io/v1beta1"
obj.crb.Kind = "ClusterRoleBinding"
}
func (obj *ClusterRoleBinding) error(err error) {
if obj.err != nil {
return
}
obj.err = err
}