func (o *RoleModificationOptions) AddRole() error {
roleBindings, err := o.RoleBindingAccessor.GetExistingRoleBindingsForRole(o.RoleNamespace, o.RoleName)
if err != nil {
return err
}
roleBindingNames, err := o.RoleBindingAccessor.GetExistingRoleBindingNames()
if err != nil {
return err
}
var roleBinding *authorizationapi.RoleBinding
isUpdate := true
if len(roleBindings) == 0 {
roleBinding = &authorizationapi.RoleBinding{}
isUpdate = false
} else {
// only need to add the user or group to a single roleBinding on the role. Just choose the first one
roleBinding = roleBindings[0]
}
roleBinding.RoleRef.Namespace = o.RoleNamespace
roleBinding.RoleRef.Name = o.RoleName
newSubjects := authorizationapi.BuildSubjects(o.Users, o.Groups, uservalidation.ValidateUserName, uservalidation.ValidateGroupName)
newSubjects = append(newSubjects, o.Subjects...)
subjectCheck:
for _, newSubject := range newSubjects {
for _, existingSubject := range roleBinding.Subjects {
if existingSubject.Kind == newSubject.Kind &&
existingSubject.Name == newSubject.Name &&
existingSubject.Namespace == newSubject.Namespace {
continue subjectCheck
}
}
roleBinding.Subjects = append(roleBinding.Subjects, newSubject)
}
if isUpdate {
err = o.RoleBindingAccessor.UpdateRoleBinding(roleBinding)
} else {
roleBinding.Name = getUniqueName(o.RoleName, roleBindingNames)
err = o.RoleBindingAccessor.CreateRoleBinding(roleBinding)
// If the rolebinding was created in the meantime, rerun
if kapierrors.IsAlreadyExists(err) {
return o.AddRole()
}
}
if err != nil {
return err
}
return nil
}
func convert_v1_RoleBinding_To_api_RoleBinding(in *RoleBinding, out *newer.RoleBinding, s conversion.Scope) error {
if err := s.DefaultConvert(in, out, conversion.IgnoreMissingFields|conversion.AllowDifferentFieldTypeNames); err != nil {
return err
}
// if the users and groups fields are cleared, then respect only subjects. The field was set in the DefaultConvert above
if in.UserNames == nil && in.GroupNames == nil {
return nil
}
out.Subjects = newer.BuildSubjects(in.UserNames, in.GroupNames, uservalidation.ValidateUserName, uservalidation.ValidateGroupName)
return nil
}
func autoConvert_v1_RoleBinding_To_api_RoleBinding(in *RoleBinding, out *api.RoleBinding, s conversion.Scope) error {
if err := api_v1.Convert_v1_ObjectMeta_To_api_ObjectMeta(&in.ObjectMeta, &out.ObjectMeta, s); err != nil {
return err
}
// INFO: in.UserNames opted out of conversion generation
// INFO: in.GroupNames opted out of conversion generation
if in.Subjects != nil {
in, out := &in.Subjects, &out.Subjects
*out = make([]pkg_api.ObjectReference, len(*in))
for i := range *in {
if err := api_v1.Convert_v1_ObjectReference_To_api_ObjectReference(&(*in)[i], &(*out)[i], s); err != nil {
return err
}
}
} else {
out.Subjects = nil
}
if err := api_v1.Convert_v1_ObjectReference_To_api_ObjectReference(&in.RoleRef, &out.RoleRef, s); err != nil {
return err
}
return nil
}
func autoConvert_v1_RoleBinding_To_api_RoleBinding(in *RoleBinding, out *api.RoleBinding, s conversion.Scope) error {
if err := pkg_api.Convert_unversioned_TypeMeta_To_unversioned_TypeMeta(&in.TypeMeta, &out.TypeMeta, s); err != nil {
return err
}
if err := api_v1.Convert_v1_ObjectMeta_To_api_ObjectMeta(&in.ObjectMeta, &out.ObjectMeta, s); err != nil {
return err
}
if in.Subjects != nil {
in, out := &in.Subjects, &out.Subjects
*out = make([]pkg_api.ObjectReference, len(*in))
for i := range *in {
if err := api_v1.Convert_v1_ObjectReference_To_api_ObjectReference(&(*in)[i], &(*out)[i], s); err != nil {
return err
}
}
} else {
out.Subjects = nil
}
if err := api_v1.Convert_v1_ObjectReference_To_api_ObjectReference(&in.RoleRef, &out.RoleRef, s); err != nil {
return err
}
return nil
}