Source file src/github.com/GoogleCloudPlatform/k8s-config-connector/pkg/webhook/iam_utils.go

Documentation: github.com/GoogleCloudPlatform/k8s-config-connector/pkg/webhook

     1  // Copyright 2022 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package webhook
    16  
    17  import (
    18  	"reflect"
    19  
    20  	iamapi "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/iam/v1beta1"
    21  
    22  	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
    23  )
    24  
    25  func isIAMResource(obj *unstructured.Unstructured) bool {
    26  	return isIAMPolicy(obj) || isIAMPartialPolicy(obj) || isIAMPolicyMember(obj) || isIAMAuditConfig(obj)
    27  }
    28  
    29  func isIAMPolicy(obj *unstructured.Unstructured) bool {
    30  	return obj.GroupVersionKind() == iamapi.IAMPolicyGVK
    31  }
    32  
    33  func isIAMPartialPolicy(obj *unstructured.Unstructured) bool {
    34  	return obj.GroupVersionKind() == iamapi.IAMPartialPolicyGVK
    35  }
    36  
    37  func isIAMPolicyMember(obj *unstructured.Unstructured) bool {
    38  	return obj.GroupVersionKind() == iamapi.IAMPolicyMemberGVK
    39  }
    40  
    41  func isIAMAuditConfig(obj *unstructured.Unstructured) bool {
    42  	return obj.GroupVersionKind() == iamapi.IAMAuditConfigGVK
    43  }
    44  
    45  func isIAMSpecModified(oldSpec, newSpec map[string]interface{}) bool {
    46  	return !reflect.DeepEqual(oldSpec, newSpec)
    47  }
    48  
    49  func isIAMResourceReferenceModified(oldSpec, newSpec map[string]interface{}) bool {
    50  	return isRequiredFieldModified(oldSpec, newSpec, "resourceRef")
    51  }
    52  
    53  func isIAMAuditConfigServiceModified(oldSpec, newSpec map[string]interface{}) bool {
    54  	return isRequiredFieldModified(oldSpec, newSpec, "service")
    55  }
    56  
    57  // isRequiredFieldModified returns true if the given field has been modified.
    58  // It is assumed that the field is present in the spec (hence "required"). If
    59  // the field cannot be found, then the function defaults to true.
    60  func isRequiredFieldModified(oldSpec, newSpec map[string]interface{}, field ...string) bool {
    61  	oldVal, ok, err := unstructured.NestedFieldCopy(oldSpec, field...)
    62  	if !ok || err != nil {
    63  		return true
    64  	}
    65  	newVal, ok, err := unstructured.NestedFieldCopy(newSpec, field...)
    66  	if !ok || err != nil {
    67  		return true
    68  	}
    69  	return !reflect.DeepEqual(oldVal, newVal)
    70  }
    71  

View as plain text