Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extend KubernetesCluster status with registration settings #143

Merged
merged 15 commits into from
Sep 18, 2020
Merged
Prev Previous commit
Next Next commit
populate Role PolicyRules
harveyxia committed Sep 18, 2020
commit 086149906533886620fc4b6d5a6be7877687becc
45 changes: 32 additions & 13 deletions pkg/multicluster/register/helpers.go
Original file line number Diff line number Diff line change
@@ -144,19 +144,7 @@ func (opts RegistrationOptions) initialize(
return masterRestCfg, remoteCfg, registrationOpts, registrant, err
}

// Parse ClusterRole policy rules by iterating all cluster roles
var clusterRolePolicyRules []*v1alpha1.PolicyRule
for _, clusterRole := range opts.ClusterRoles {
for _, policyRules := range clusterRole.Rules {
clusterRolePolicyRules = append(clusterRolePolicyRules, &v1alpha1.PolicyRule{
Verbs: policyRules.Verbs,
ApiGroups: policyRules.APIGroups,
Resources: policyRules.Resources,
ResourceNames: policyRules.ResourceNames,
NonResourceUrls: policyRules.NonResourceURLs,
})
}
}
rolePolicyRules, clusterRolePolicyRules := collectPolicyRules(opts.Roles, opts.ClusterRoles)

registrationOpts = Options{
ClusterName: opts.ClusterName,
@@ -173,13 +161,44 @@ func (opts RegistrationOptions) initialize(
RegistrationMetadata: RegistrationMetadata{
ProviderInfo: providerInfo,
ResourceLabels: opts.ResourceLabels,
RolePolicyRules: rolePolicyRules,
ClusterRolePolicyRules: clusterRolePolicyRules,
},
}

return masterRestCfg, remoteCfg, registrationOpts, registrant, nil
}

// Iterate Roles and ClusterRoles to collect set of PolicyRules for each.
func collectPolicyRules(
roles []*k8s_rbac_types.Role,
clusterRoles []*k8s_rbac_types.ClusterRole,
) (rolePolicyRules []*v1alpha1.PolicyRule, clusterRolePolicyRules []*v1alpha1.PolicyRule) {
for _, role := range roles {
for _, policyRules := range role.Rules {
rolePolicyRules = append(rolePolicyRules, &v1alpha1.PolicyRule{
Verbs: policyRules.Verbs,
ApiGroups: policyRules.APIGroups,
Resources: policyRules.Resources,
ResourceNames: policyRules.ResourceNames,
NonResourceUrls: policyRules.NonResourceURLs,
})
}
}
for _, clusterRole := range clusterRoles {
for _, policyRules := range clusterRole.Rules {
clusterRolePolicyRules = append(clusterRolePolicyRules, &v1alpha1.PolicyRule{
Verbs: policyRules.Verbs,
ApiGroups: policyRules.APIGroups,
Resources: policyRules.Resources,
ResourceNames: policyRules.ResourceNames,
NonResourceUrls: policyRules.NonResourceURLs,
})
}
}
return rolePolicyRules, clusterRolePolicyRules
}

func RegisterClusterFromConfig(
ctx context.Context,
masterClusterCfg *rest.Config,
3 changes: 3 additions & 0 deletions pkg/multicluster/register/interfaces.go
Original file line number Diff line number Diff line change
@@ -60,6 +60,9 @@ type RegistrationMetadata struct {
// Labels to add to registration output resources (KubernetesCluster and Secret).
ResourceLabels map[string]string

// The set of PolicyRules for Roles created on the remote cluster upon registration.
RolePolicyRules []*v1alpha1.PolicyRule

// The set of PolicyRules for the cluster roles created on the remote cluster upon registration.
ClusterRolePolicyRules []*v1alpha1.PolicyRule
harveyxia marked this conversation as resolved.
Show resolved Hide resolved
}