...

Source file src/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/helpers.go

Documentation: k8s.io/kubernetes/pkg/apis/rbac/v1alpha1 

     1  /*
     2  Copyright 2016 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package v1alpha1
    18  
    19  import (
    20  	"fmt"
    21  
    22  	rbacv1alpha1 "k8s.io/api/rbac/v1alpha1"
    23  )
    24  
    25  // PolicyRuleBuilder let's us attach methods.  A no-no for API types.
    26  // We use it to construct rules in code.  It's more compact than trying to write them
    27  // out in a literal and allows us to perform some basic checking during construction
    28  type PolicyRuleBuilder struct {
    29  	PolicyRule rbacv1alpha1.PolicyRule `protobuf:"bytes,1,opt,name=policyRule"`
    30  }
    31  
    32  func (r *PolicyRuleBuilder) Groups(groups ...string) *PolicyRuleBuilder {
    33  	r.PolicyRule.APIGroups = append(r.PolicyRule.APIGroups, groups...)
    34  	return r
    35  }
    36  
    37  func (r *PolicyRuleBuilder) Resources(resources ...string) *PolicyRuleBuilder {
    38  	r.PolicyRule.Resources = append(r.PolicyRule.Resources, resources...)
    39  	return r
    40  }
    41  
    42  func (r *PolicyRuleBuilder) Names(names ...string) *PolicyRuleBuilder {
    43  	r.PolicyRule.ResourceNames = append(r.PolicyRule.ResourceNames, names...)
    44  	return r
    45  }
    46  
    47  func (r *PolicyRuleBuilder) URLs(urls ...string) *PolicyRuleBuilder {
    48  	r.PolicyRule.NonResourceURLs = append(r.PolicyRule.NonResourceURLs, urls...)
    49  	return r
    50  }
    51  
    52  func (r *PolicyRuleBuilder) RuleOrDie() rbacv1alpha1.PolicyRule {
    53  	ret, err := r.Rule()
    54  	if err != nil {
    55  		panic(err)
    56  	}
    57  	return ret
    58  }
    59  
    60  func (r *PolicyRuleBuilder) Rule() (rbacv1alpha1.PolicyRule, error) {
    61  	if len(r.PolicyRule.Verbs) == 0 {
    62  		return rbacv1alpha1.PolicyRule{}, fmt.Errorf("verbs are required: %#v", r.PolicyRule)
    63  	}
    64  
    65  	switch {
    66  	case len(r.PolicyRule.NonResourceURLs) > 0:
    67  		if len(r.PolicyRule.APIGroups) != 0 || len(r.PolicyRule.Resources) != 0 || len(r.PolicyRule.ResourceNames) != 0 {
    68  			return rbacv1alpha1.PolicyRule{}, fmt.Errorf("non-resource rule may not have apiGroups, resources, or resourceNames: %#v", r.PolicyRule)
    69  		}
    70  	case len(r.PolicyRule.Resources) > 0:
    71  		if len(r.PolicyRule.NonResourceURLs) != 0 {
    72  			return rbacv1alpha1.PolicyRule{}, fmt.Errorf("resource rule may not have nonResourceURLs: %#v", r.PolicyRule)
    73  		}
    74  		if len(r.PolicyRule.APIGroups) == 0 {
    75  			// this a common bug
    76  			return rbacv1alpha1.PolicyRule{}, fmt.Errorf("resource rule must have apiGroups: %#v", r.PolicyRule)
    77  		}
    78  	default:
    79  		return rbacv1alpha1.PolicyRule{}, fmt.Errorf("a rule must have either nonResourceURLs or resources: %#v", r.PolicyRule)
    80  	}
    81  
    82  	return r.PolicyRule, nil
    83  }
    84  
    85  // ClusterRoleBindingBuilder let's us attach methods.  A no-no for API types.
    86  // We use it to construct bindings in code.  It's more compact than trying to write them
    87  // out in a literal.
    88  type ClusterRoleBindingBuilder struct {
    89  	ClusterRoleBinding rbacv1alpha1.ClusterRoleBinding `protobuf:"bytes,1,opt,name=clusterRoleBinding"`
    90  }
    91  
    92  func (r *ClusterRoleBindingBuilder) Groups(groups ...string) *ClusterRoleBindingBuilder {
    93  	for _, group := range groups {
    94  		r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1alpha1.Subject{Kind: rbacv1alpha1.GroupKind, Name: group})
    95  	}
    96  	return r
    97  }
    98  
    99  func (r *ClusterRoleBindingBuilder) Users(users ...string) *ClusterRoleBindingBuilder {
   100  	for _, user := range users {
   101  		r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1alpha1.Subject{Kind: rbacv1alpha1.UserKind, Name: user})
   102  	}
   103  	return r
   104  }
   105  
   106  func (r *ClusterRoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *ClusterRoleBindingBuilder {
   107  	for _, saName := range serviceAccountNames {
   108  		r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1alpha1.Subject{Kind: rbacv1alpha1.ServiceAccountKind, Namespace: namespace, Name: saName})
   109  	}
   110  	return r
   111  }
   112  
   113  func (r *ClusterRoleBindingBuilder) BindingOrDie() rbacv1alpha1.ClusterRoleBinding {
   114  	ret, err := r.Binding()
   115  	if err != nil {
   116  		panic(err)
   117  	}
   118  	return ret
   119  }
   120  
   121  func (r *ClusterRoleBindingBuilder) Binding() (rbacv1alpha1.ClusterRoleBinding, error) {
   122  	if len(r.ClusterRoleBinding.Subjects) == 0 {
   123  		return rbacv1alpha1.ClusterRoleBinding{}, fmt.Errorf("subjects are required: %#v", r.ClusterRoleBinding)
   124  	}
   125  
   126  	return r.ClusterRoleBinding, nil
   127  }
   128  

View as plain text