account_role

package
v0.34.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 14, 2023 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Example
package main

import (
	"embed"
	"os"

	testlog "knative.dev/reconciler-test/pkg/logging"
	"knative.dev/reconciler-test/pkg/manifest"
)

//go:embed *.yaml
var yaml embed.FS

func main() {
	ctx := testlog.NewContext()
	images := map[string]string{}
	cfg := map[string]interface{}{
		"name":        "foo",
		"namespace":   "bar",
		"role":        "baz",
		"matchLabels": "whomp",
	}

	files, err := manifest.ExecuteYAML(ctx, yaml, images, cfg)
	if err != nil {
		panic(err)
	}

	manifest.OutputYAML(os.Stdout, files)
}
Output:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: foo
  namespace: bar
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: foo
subjects:
  - kind: ServiceAccount
    name: foo
    namespace: bar
roleRef:
  kind: ClusterRole
  name: baz
  apiGroup: rbac.authorization.k8s.io
Example (AddressableResolver)
package main

import (
	"embed"
	"os"

	"knative.dev/eventing/test/rekt/resources/account_role"

	testlog "knative.dev/reconciler-test/pkg/logging"
	"knative.dev/reconciler-test/pkg/manifest"
)

//go:embed *.yaml
var yaml embed.FS

func main() {
	ctx := testlog.NewContext()
	images := map[string]string{}
	cfg := map[string]interface{}{
		"name":      "foo",
		"namespace": "bar",
	}

	account_role.AsAddressableResolver(cfg)

	files, err := manifest.ExecuteYAML(ctx, yaml, images, cfg)
	if err != nil {
		panic(err)
	}

	manifest.OutputYAML(os.Stdout, files)
}
Output:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: foo
  namespace: bar
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: addressable-resolver-collector-foo
aggregationRule:
  clusterRoleSelectors:
    - matchLabels:
        duck.knative.dev/addressable: "true"
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: foo
subjects:
  - kind: ServiceAccount
    name: foo
    namespace: bar
roleRef:
  kind: ClusterRole
  name: addressable-resolver-collector-foo
  apiGroup: rbac.authorization.k8s.io
Example (ChannelableManipulator)
package main

import (
	"embed"
	"os"

	"knative.dev/eventing/test/rekt/resources/account_role"

	testlog "knative.dev/reconciler-test/pkg/logging"
	"knative.dev/reconciler-test/pkg/manifest"
)

//go:embed *.yaml
var yaml embed.FS

func main() {
	ctx := testlog.NewContext()
	images := map[string]string{}
	cfg := map[string]interface{}{
		"name":      "foo",
		"namespace": "bar",
	}

	account_role.AsChannelableManipulator(cfg)

	files, err := manifest.ExecuteYAML(ctx, yaml, images, cfg)
	if err != nil {
		panic(err)
	}

	manifest.OutputYAML(os.Stdout, files)
}
Output:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: foo
  namespace: bar
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: channelable-manipulator-collector-foo
aggregationRule:
  clusterRoleSelectors:
    - matchLabels:
        duck.knative.dev/channelable: "true"
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: foo
subjects:
  - kind: ServiceAccount
    name: foo
    namespace: bar
roleRef:
  kind: ClusterRole
  name: channelable-manipulator-collector-foo
  apiGroup: rbac.authorization.k8s.io
Example (MatchLabel)
package main

import (
	"embed"
	"os"

	testlog "knative.dev/reconciler-test/pkg/logging"
	"knative.dev/reconciler-test/pkg/manifest"
)

//go:embed *.yaml
var yaml embed.FS

func main() {
	ctx := testlog.NewContext()
	images := map[string]string{}
	cfg := map[string]interface{}{
		"name":       "foo",
		"namespace":  "bar",
		"role":       "baz",
		"matchLabel": "whomp",
	}

	files, err := manifest.ExecuteYAML(ctx, yaml, images, cfg)
	if err != nil {
		panic(err)
	}

	manifest.OutputYAML(os.Stdout, files)
}
Output:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: foo
  namespace: bar
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: baz
aggregationRule:
  clusterRoleSelectors:
    - matchLabels:
        whomp: "true"
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: foo
subjects:
  - kind: ServiceAccount
    name: foo
    namespace: bar
roleRef:
  kind: ClusterRole
  name: baz
  apiGroup: rbac.authorization.k8s.io
Example (WithRoleAndRules)
package main

import (
	"embed"
	"os"

	rbacv1 "k8s.io/api/rbac/v1"
	"knative.dev/eventing/test/rekt/resources/account_role"

	testlog "knative.dev/reconciler-test/pkg/logging"
	"knative.dev/reconciler-test/pkg/manifest"
)

//go:embed *.yaml
var yaml embed.FS

func main() {
	ctx := testlog.NewContext()
	images := map[string]string{}
	cfg := map[string]interface{}{
		"name":      "foo",
		"namespace": "bar",
	}

	rule1 := rbacv1.PolicyRule{
		APIGroups: []string{"rule1ApiGroupA", "rule1ApiGroupB"},
		Resources: []string{"rule1ResourceA", "rule1ResourceB"},
		Verbs:     []string{"rule1VerbA", "rule1VerbB"},
	}

	rule2 := rbacv1.PolicyRule{
		APIGroups: []string{"rule2ApiGroupA", "rule2ApiGroupB"},
		Resources: []string{"rule2ResourceA", "rule2ResourceB"},
		Verbs:     []string{"rule2VerbA", "rule2VerbB"},
	}

	account_role.WithRole("baz")(cfg)
	account_role.WithRules(rule1, rule2)(cfg)

	files, err := manifest.ExecuteYAML(ctx, yaml, images, cfg)
	if err != nil {
		panic(err)
	}

	manifest.OutputYAML(os.Stdout, files)
}
Output:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: foo
  namespace: bar
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: baz
rules:
  - apiGroups:
      - rule1ApiGroupA
      - rule1ApiGroupB
    resources:
      - rule1ResourceA
      - rule1ResourceB
    verbs:
      - rule1VerbA
      - rule1VerbB
  - apiGroups:
      - rule2ApiGroupA
      - rule2ApiGroupB
    resources:
      - rule2ResourceA
      - rule2ResourceB
    verbs:
      - rule2VerbA
      - rule2VerbB
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: foo
subjects:
  - kind: ServiceAccount
    name: foo
    namespace: bar
roleRef:
  kind: ClusterRole
  name: baz
  apiGroup: rbac.authorization.k8s.io

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func AsAddressableResolver

func AsAddressableResolver(cfg map[string]interface{})

func AsChannelableManipulator

func AsChannelableManipulator(cfg map[string]interface{})

func Install

func Install(name string, opts ...manifest.CfgFn) feature.StepFn

Install will create a channelable-manipulator bound service account, augmented with the config fn options.

func WithRole

func WithRole(role string) manifest.CfgFn

func WithRoleMatchLabel

func WithRoleMatchLabel(matchLabel string) manifest.CfgFn

func WithRules added in v0.23.0

func WithRules(rules ...rbacv1.PolicyRule) manifest.CfgFn

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL