// Describe returns the description of a roleBinding func (d *ClusterRoleBindingDescriber) Describe(namespace, name string) (string, error) { c := d.ClusterRoleBindings() roleBinding, err := c.Get(name) if err != nil { return "", err } role, err := d.ClusterRoles().Get(roleBinding.RoleRef.Name) return DescribeRoleBinding(authorizationapi.ToRoleBinding(roleBinding), authorizationapi.ToRole(role), err) }
func (s *ClusterRoleBindingStorage) Update(ctx kapi.Context, obj runtime.Object) (runtime.Object, bool, error) { clusterObj := obj.(*authorizationapi.ClusterRoleBinding) convertedObj := authorizationapi.ToRoleBinding(clusterObj) ret, created, err := s.roleBindingStorage.Update(ctx, convertedObj) if ret == nil { return nil, created, err } return authorizationapi.ToClusterRoleBinding(ret.(*authorizationapi.RoleBinding)), created, err }
func printClusterRoleBinding(roleBinding *authorizationapi.ClusterRoleBinding, w io.Writer, withNamespace bool) error { return printRoleBinding(authorizationapi.ToRoleBinding(roleBinding), w, withNamespace) }
func OverwriteBootstrapPolicy(etcdHelper tools.EtcdHelper, policyFile, createBootstrapPolicyCommand string, change bool, out io.Writer) error { if !change { fmt.Fprintf(out, "Performing a dry run of policy overwrite:\n\n") } mapper := cmdclientcmd.ShortcutExpander{kubectl.ShortcutExpander{latest.RESTMapper}} typer := kapi.Scheme clientMapper := resource.ClientMapperFunc(func(mapping *meta.RESTMapping) (resource.RESTClient, error) { return nil, nil }) r := resource.NewBuilder(mapper, typer, clientMapper). FilenameParam(policyFile). Flatten(). Do() if r.Err() != nil { return r.Err() } policyRegistry := policyregistry.NewRegistry(policyetcd.NewStorage(etcdHelper)) policyBindingRegistry := policybindingregistry.NewRegistry(policybindingetcd.NewStorage(etcdHelper)) clusterPolicyRegistry := clusterpolicyregistry.NewRegistry(clusterpolicyetcd.NewStorage(etcdHelper)) clusterPolicyBindingRegistry := clusterpolicybindingregistry.NewRegistry(clusterpolicybindingetcd.NewStorage(etcdHelper)) roleRegistry := roleregistry.NewRegistry(rolestorage.NewVirtualStorage(policyRegistry)) roleBindingStorage := rolebindingstorage.NewVirtualStorage(policyRegistry, policyBindingRegistry, clusterPolicyRegistry, clusterPolicyBindingRegistry) clusterRoleStorage := clusterrolestorage.NewClusterRoleStorage(clusterPolicyRegistry) clusterRoleRegistry := clusterroleregistry.NewRegistry(clusterRoleStorage) clusterRoleBindingStorage := clusterrolebindingstorage.NewClusterRoleBindingStorage(clusterPolicyRegistry, clusterPolicyBindingRegistry) return r.Visit(func(info *resource.Info) error { template, ok := info.Object.(*templateapi.Template) if !ok { return errors.New("policy must be contained in a template. One can be created with '" + createBootstrapPolicyCommand + "'.") } runtime.DecodeList(template.Objects, kapi.Scheme) for _, item := range template.Objects { switch t := item.(type) { case *authorizationapi.Role: ctx := kapi.WithNamespace(kapi.NewContext(), t.Namespace) if change { roleRegistry.DeleteRole(ctx, t.Name) if _, err := roleRegistry.CreateRole(ctx, t); err != nil { return err } } else { fmt.Fprintf(out, "Overwrite role %s/%s\n", t.Namespace, t.Name) if s, err := describe.DescribeRole(t); err == nil { fmt.Fprintf(out, "%s\n", s) } } case *authorizationapi.RoleBinding: ctx := kapi.WithNamespace(kapi.NewContext(), t.Namespace) if change { roleBindingStorage.Delete(ctx, t.Name, nil) if _, err := roleBindingStorage.CreateRoleBindingWithEscalation(ctx, t); err != nil { return err } } else { fmt.Fprintf(out, "Overwrite role binding %s/%s\n", t.Namespace, t.Name) if s, err := describe.DescribeRoleBinding(t, nil, nil); err == nil { fmt.Fprintf(out, "%s\n", s) } } case *authorizationapi.ClusterRole: ctx := kapi.WithNamespace(kapi.NewContext(), t.Namespace) if change { clusterRoleRegistry.DeleteClusterRole(ctx, t.Name) if _, err := clusterRoleRegistry.CreateClusterRole(ctx, t); err != nil { return err } } else { fmt.Fprintf(out, "Overwrite role %s/%s\n", t.Namespace, t.Name) if s, err := describe.DescribeRole(authorizationapi.ToRole(t)); err == nil { fmt.Fprintf(out, "%s\n", s) } } case *authorizationapi.ClusterRoleBinding: ctx := kapi.WithNamespace(kapi.NewContext(), t.Namespace) if change { clusterRoleBindingStorage.Delete(ctx, t.Name, nil) if _, err := clusterRoleBindingStorage.CreateClusterRoleBindingWithEscalation(ctx, t); err != nil { return err } } else { fmt.Fprintf(out, "Overwrite role binding %s/%s\n", t.Namespace, t.Name) if s, err := describe.DescribeRoleBinding(authorizationapi.ToRoleBinding(t), nil, nil); err == nil { fmt.Fprintf(out, "%s\n", s) } } default: return errors.New("only roles and rolebindings may be created in this mode") } } if !change { fmt.Fprintf(out, "To make the changes described above, pass --force\n") } return nil }) }
func (m *ClusterRoleBindingStorage) UpdateClusterRoleBindingWithEscalation(ctx kapi.Context, obj *authorizationapi.ClusterRoleBinding) (*authorizationapi.ClusterRoleBinding, bool, error) { in := authorizationapi.ToRoleBinding(obj) ret, created, err := m.roleBindingStorage.UpdateRoleBindingWithEscalation(ctx, in) return authorizationapi.ToClusterRoleBinding(ret), created, err }
func ValidateClusterRoleBindingUpdate(policy *authorizationapi.ClusterRoleBinding, oldRoleBinding *authorizationapi.ClusterRoleBinding) fielderrors.ValidationErrorList { return ValidateRoleBindingUpdate(authorizationapi.ToRoleBinding(policy), authorizationapi.ToRoleBinding(oldRoleBinding), false) }