(clusterRoleName string, username string, builtIn bool)
| 65 | } |
| 66 | |
| 67 | func (k *Kubernetes) CreateOrUpdateClusterRoleBinding(clusterRoleName string, username string, builtIn bool) error { |
| 68 | client, err := k.Client() |
| 69 | if err != nil { |
| 70 | return err |
| 71 | } |
| 72 | name := fmt.Sprintf("%s:%s:%s", username, clusterRoleName, k.UUID) |
| 73 | labels := map[string]string{ |
| 74 | LabelManageKey: "kubepi", |
| 75 | LabelClusterId: k.UUID, |
| 76 | LabelUsername: username, |
| 77 | } |
| 78 | annotations := map[string]string{ |
| 79 | "built-in": strconv.FormatBool(builtIn), |
| 80 | "created-at": time.Now().Format("2006-01-02 15:04:05"), |
| 81 | } |
| 82 | item := rbacV1.ClusterRoleBinding{ |
| 83 | ObjectMeta: metav1.ObjectMeta{ |
| 84 | Name: name, |
| 85 | Labels: labels, |
| 86 | Annotations: annotations, |
| 87 | }, |
| 88 | Subjects: []rbacV1.Subject{ |
| 89 | { |
| 90 | Kind: "User", |
| 91 | Name: username, |
| 92 | }, |
| 93 | }, |
| 94 | RoleRef: rbacV1.RoleRef{ |
| 95 | Kind: "ClusterRole", |
| 96 | Name: clusterRoleName, |
| 97 | }, |
| 98 | } |
| 99 | baseItem, err := client.RbacV1().ClusterRoleBindings().Get(context.TODO(), name, metav1.GetOptions{}) |
| 100 | if err != nil { |
| 101 | if !strings.Contains(err.Error(), "not found") { |
| 102 | return err |
| 103 | } |
| 104 | } |
| 105 | if baseItem != nil && baseItem.Name != "" { |
| 106 | _, err := client.RbacV1().ClusterRoleBindings().Create(context.TODO(), &item, metav1.CreateOptions{}) |
| 107 | if err != nil { |
| 108 | return err |
| 109 | } |
| 110 | } else { |
| 111 | _, err := client.RbacV1().ClusterRoleBindings().Update(context.TODO(), &item, metav1.UpdateOptions{}) |
| 112 | if err != nil { |
| 113 | return err |
| 114 | } |
| 115 | } |
| 116 | return nil |
| 117 | } |
| 118 | |
| 119 | func (k *Kubernetes) CreateOrUpdateRolebinding(namespace string, clusterRoleName string, username string, builtIn bool) error { |
| 120 | client, err := k.Client() |
no test coverage detected