Katenary/katenary
2
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects 4 Releases 18 Wiki Activity
Files
19c2277d04a5d9582887bad6ab1d5031b6f40da3
katenary/internal/generator/rbac.go
Patrice Ferlet 569ca195df
All checks were successful
Go-Tests / sonar (push) Successful in 54s
Details
Go-Tests / tests (push) Successful in 2m7s
Details
chore(packages) Use compose-go v2 
This prepares the next release. We need to support the compose v2 syntax
as soon as possible to avoid accumulating technical debt.
2025-10-18 14:43:16 +02:00

144 lines
3.3 KiB
Go
Raw Blame History

package generator
import (
"katenary.io/internal/utils"
"github.com/compose-spec/compose-go/v2/types"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/yaml"
)
var (
_ Yaml = (*RoleBinding)(nil)
_ Yaml = (*Role)(nil)
_ Yaml = (*ServiceAccount)(nil)
)
// RBAC is a kubernetes RBAC containing a role, a rolebinding and an associated serviceaccount.
type RBAC struct {
RoleBinding *RoleBinding
Role *Role
ServiceAccount *ServiceAccount
}
// NewRBAC creates a new RBAC from a compose service. The appName is the name of the application taken from the project name.
func NewRBAC(service types.ServiceConfig, appName string) *RBAC {
role := &Role{
Role: &rbacv1.Role{
TypeMeta: metav1.TypeMeta{
Kind: "Role",
APIVersion: "rbac.authorization.k8s.io/v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: utils.TplName(service.Name, appName),
Labels: GetLabels(service.Name, appName),
Annotations: Annotations,
},
Rules: []rbacv1.PolicyRule{
{
APIGroups: []string{"", "extensions", "apps"},
Resources: []string{"*"},
Verbs: []string{"*"},
},
},
},
service: &service,
}
rolebinding := &RoleBinding{
RoleBinding: &rbacv1.RoleBinding{
TypeMeta: metav1.TypeMeta{
Kind: "RoleBinding",
APIVersion: "rbac.authorization.k8s.io/v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: utils.TplName(service.Name, appName),
Labels: GetLabels(service.Name, appName),
Annotations: Annotations,
},
Subjects: []rbacv1.Subject{
{
Kind: "ServiceAccount",
Name: utils.TplName(service.Name, appName),
Namespace: "{{ .Release.Namespace }}",
},
},
RoleRef: rbacv1.RoleRef{
Kind: "Role",
Name: utils.TplName(service.Name, appName),
APIGroup: "rbac.authorization.k8s.io",
},
},
service: &service,
}
serviceaccount := &ServiceAccount{
ServiceAccount: &corev1.ServiceAccount{
TypeMeta: metav1.TypeMeta{
Kind: "ServiceAccount",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: utils.TplName(service.Name, appName),
Labels: GetLabels(service.Name, appName),
Annotations: Annotations,
},
},
service: &service,
}
return &RBAC{
RoleBinding: rolebinding,
Role: role,
ServiceAccount: serviceaccount,
}
}
// RoleBinding is a kubernetes RoleBinding.
type RoleBinding struct {
*rbacv1.RoleBinding
service *types.ServiceConfig
}
func (r *RoleBinding) Filename() string {
return r.service.Name + ".rolebinding.yaml"
}
func (r *RoleBinding) Yaml() ([]byte, error) {
return yaml.Marshal(r)
}
// Role is a kubernetes Role.
type Role struct {
*rbacv1.Role
service *types.ServiceConfig
}
func (r *Role) Filename() string {
return r.service.Name + ".role.yaml"
}
func (r *Role) Yaml() ([]byte, error) {
if o, err := yaml.Marshal(r); err != nil {
return nil, err
} else {
return UnWrapTPL(o), nil
}
}
// ServiceAccount is a kubernetes ServiceAccount.
type ServiceAccount struct {
*corev1.ServiceAccount
service *types.ServiceConfig
}
func (r *ServiceAccount) Filename() string {
return r.service.Name + ".serviceaccount.yaml"
}
func (r *ServiceAccount) Yaml() ([]byte, error) {
return ToK8SYaml(r)
}
Reference in New Issue View Git Blame Copy Permalink