func (o *RoleModificationOptions) AddRole() error { roleBindings, err := o.RoleBindingAccessor.GetExistingRoleBindingsForRole(o.RoleNamespace, o.RoleName) if err != nil { return err } roleBindingNames, err := o.RoleBindingAccessor.GetExistingRoleBindingNames() if err != nil { return err } var roleBinding *authorizationapi.RoleBinding isUpdate := true if len(roleBindings) == 0 { roleBinding = &authorizationapi.RoleBinding{} isUpdate = false } else { // only need to add the user or group to a single roleBinding on the role. Just choose the first one roleBinding = roleBindings[0] } roleBinding.RoleRef.Namespace = o.RoleNamespace roleBinding.RoleRef.Name = o.RoleName newSubjects := authorizationapi.BuildSubjects(o.Users, o.Groups, uservalidation.ValidateUserName, uservalidation.ValidateGroupName) newSubjects = append(newSubjects, o.Subjects...) subjectCheck: for _, newSubject := range newSubjects { for _, existingSubject := range roleBinding.Subjects { if existingSubject.Kind == newSubject.Kind && existingSubject.Name == newSubject.Name && existingSubject.Namespace == newSubject.Namespace { continue subjectCheck } } roleBinding.Subjects = append(roleBinding.Subjects, newSubject) } if isUpdate { err = o.RoleBindingAccessor.UpdateRoleBinding(roleBinding) } else { roleBinding.Name = getUniqueName(o.RoleName, roleBindingNames) err = o.RoleBindingAccessor.CreateRoleBinding(roleBinding) // If the rolebinding was created in the meantime, rerun if kapierrors.IsAlreadyExists(err) { return o.AddRole() } } if err != nil { return err } return nil }
func (o *RoleModificationOptions) AddRole() error { roleBindings, err := o.RoleBindingAccessor.GetExistingRoleBindingsForRole(o.RoleNamespace, o.RoleName) if err != nil { return err } roleBindingNames, err := o.RoleBindingAccessor.GetExistingRoleBindingNames() if err != nil { return err } var roleBinding *authorizationapi.RoleBinding isUpdate := true if len(roleBindings) == 0 { roleBinding = &authorizationapi.RoleBinding{Users: util.NewStringSet(), Groups: util.NewStringSet()} isUpdate = false } else { // only need to add the user or group to a single roleBinding on the role. Just choose the first one roleBinding = roleBindings[0] } roleBinding.RoleRef.Namespace = o.RoleNamespace roleBinding.RoleRef.Name = o.RoleName roleBinding.Users.Insert(o.Users...) roleBinding.Groups.Insert(o.Groups...) if isUpdate { err = o.RoleBindingAccessor.UpdateRoleBinding(roleBinding) } else { roleBinding.Name = getUniqueName(o.RoleName, roleBindingNames) err = o.RoleBindingAccessor.CreateRoleBinding(roleBinding) } if err != nil { return err } return nil }