depRicKubernetesOperator/internal/controller/getRole.go

   1 package controller\r
   2 \r
   3 import (\r
   4         metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"\r
   5 )\r
   6 \r
   7 func GetRole() []*rbacv1.Role {\r
   8 \r
   9         role1 := &rbacv1.Role{\r
  10                 ObjectMeta: metav1.ObjectMeta{\r
  11                         Name:      "svcacct-ricplt-alarmmanager-ricxapp-podreader",\r
  12                         Namespace: "ricxapp",\r
  13                 },\r
  14                 Rules: []rbacv1.PolicyRule{\r
  15 \r
  16                         rbacv1.PolicyRule{\r
  17                                 APIGroups: []string{\r
  18 \r
  19                                         "",\r
  20                                 },\r
  21                                 Resources: []string{\r
  22 \r
  23                                         "pods",\r
  24                                 },\r
  25                                 Verbs: []string{\r
  26 \r
  27                                         "get",\r
  28                                         "list",\r
  29                                         "watch",\r
  30                                 },\r
  31                         },\r
  32                 },\r
  33                 TypeMeta: metav1.TypeMeta{\r
  34                         APIVersion: "rbac.authorization.k8s.io/v1",\r
  35                         Kind:       "Role",\r
  36                 },\r
  37         }\r
  38 \r
  39         role2 := &rbacv1.Role{\r
  40                 ObjectMeta: metav1.ObjectMeta{\r
  41                         Labels: map[string]string{\r
  42                                 "app.kubernetes.io/managed-by": "Helm",\r
  43                                 "app.kubernetes.io/name":       "kong",\r
  44                                 "app.kubernetes.io/version":    "1.4",\r
  45                                 "helm.sh/chart":                "kong-0.36.6",\r
  46                                 "app.kubernetes.io/instance":   "release-name",\r
  47                         },\r
  48                         Name: "release-name-kong",\r
  49                 },\r
  50                 Rules: []rbacv1.PolicyRule{\r
  51 \r
  52                         rbacv1.PolicyRule{\r
  53                                 Resources: []string{\r
  54 \r
  55                                         "configmaps",\r
  56                                         "pods",\r
  57                                         "secrets",\r
  58                                         "namespaces",\r
  59                                 },\r
  60                                 Verbs: []string{\r
  61 \r
  62                                         "get",\r
  63                                 },\r
  64                                 APIGroups: []string{\r
  65 \r
  66                                         "",\r
  67                                 },\r
  68                         },\r
  69                         rbacv1.PolicyRule{\r
  70                                 Verbs: []string{\r
  71 \r
  72                                         "get",\r
  73                                         "update",\r
  74                                 },\r
  75                                 APIGroups: []string{\r
  76 \r
  77                                         "",\r
  78                                 },\r
  79                                 ResourceNames: []string{\r
  80 \r
  81                                         "kong-ingress-controller-leader-kong-kong",\r
  82                                 },\r
  83                                 Resources: []string{\r
  84 \r
  85                                         "configmaps",\r
  86                                 },\r
  87                         },\r
  88                         rbacv1.PolicyRule{\r
  89                                 APIGroups: []string{\r
  90 \r
  91                                         "",\r
  92                                 },\r
  93                                 Resources: []string{\r
  94 \r
  95                                         "configmaps",\r
  96                                 },\r
  97                                 Verbs: []string{\r
  98 \r
  99                                         "create",\r
 100                                 },\r
 101                         },\r
 102                         rbacv1.PolicyRule{\r
 103                                 APIGroups: []string{\r
 104 \r
 105                                         "",\r
 106                                 },\r
 107                                 Resources: []string{\r
 108 \r
 109                                         "endpoints",\r
 110                                 },\r
 111                                 Verbs: []string{\r
 112 \r
 113                                         "get",\r
 114                                 },\r
 115                         },\r
 116                 },\r
 117                 TypeMeta: metav1.TypeMeta{\r
 118                         APIVersion: "rbac.authorization.k8s.io/v1",\r
 119                         Kind:       "Role",\r
 120                 },\r
 121         }\r
 122 \r
 123         role3 := &rbacv1.Role{\r
 124                 TypeMeta: metav1.TypeMeta{\r
 125                         APIVersion: "rbac.authorization.k8s.io/v1",\r
 126                         Kind:       "Role",\r
 127                 },\r
 128                 ObjectMeta: metav1.ObjectMeta{\r
 129                         Name:      "ricxapp-tiller-base",\r
 130                         Namespace: "ricxapp",\r
 131                 },\r
 132                 Rules: []rbacv1.PolicyRule{\r
 133 \r
 134                         rbacv1.PolicyRule{\r
 135                                 APIGroups: []string{\r
 136 \r
 137                                         "",\r
 138                                 },\r
 139                                 ResourceNames: []string{\r
 140 \r
 141                                         "ricxapp-tiller-secret",\r
 142                                 },\r
 143                                 Resources: []string{\r
 144 \r
 145                                         "secrets",\r
 146                                 },\r
 147                                 Verbs: []string{\r
 148 \r
 149                                         "get",\r
 150                                 },\r
 151                         },\r
 152                         rbacv1.PolicyRule{\r
 153                                 APIGroups: []string{\r
 154 \r
 155                                         "",\r
 156                                 },\r
 157                                 Resources: []string{\r
 158 \r
 159                                         "pods/portforward",\r
 160                                 },\r
 161                                 Verbs: []string{\r
 162 \r
 163                                         "create",\r
 164                                 },\r
 165                         },\r
 166                         rbacv1.PolicyRule{\r
 167                                 APIGroups: []string{\r
 168 \r
 169                                         "",\r
 170                                 },\r
 171                                 Resources: []string{\r
 172 \r
 173                                         "namespaces",\r
 174                                 },\r
 175                                 Verbs: []string{\r
 176 \r
 177                                         "get",\r
 178                                 },\r
 179                         },\r
 180                         rbacv1.PolicyRule{\r
 181                                 APIGroups: []string{\r
 182 \r
 183                                         "",\r
 184                                 },\r
 185                                 Resources: []string{\r
 186 \r
 187                                         "pods",\r
 188                                         "configmaps",\r
 189                                         "deployments",\r
 190                                         "services",\r
 191                                 },\r
 192                                 Verbs: []string{\r
 193 \r
 194                                         "get",\r
 195                                         "list",\r
 196                                         "create",\r
 197                                         "delete",\r
 198                                 },\r
 199                         },\r
 200                 },\r
 201         }\r
 202 \r
 203         role4 := &rbacv1.Role{\r
 204                 TypeMeta: metav1.TypeMeta{\r
 205                         APIVersion: "rbac.authorization.k8s.io/v1",\r
 206                         Kind:       "Role",\r
 207                 },\r
 208                 ObjectMeta: metav1.ObjectMeta{\r
 209                         Name:      "ricxapp-tiller-operation",\r
 210                         Namespace: "ricinfra",\r
 211                 },\r
 212                 Rules: []rbacv1.PolicyRule{\r
 213 \r
 214                         rbacv1.PolicyRule{\r
 215                                 APIGroups: []string{\r
 216 \r
 217                                         "",\r
 218                                 },\r
 219                                 Resources: []string{\r
 220 \r
 221                                         "configmaps",\r
 222                                 },\r
 223                                 Verbs: []string{\r
 224 \r
 225                                         "get",\r
 226                                         "list",\r
 227                                         "create",\r
 228                                         "delete",\r
 229                                         "update",\r
 230                                 },\r
 231                         },\r
 232                 },\r
 233         }\r
 234 \r
 235         role5 := &rbacv1.Role{\r
 236                 ObjectMeta: metav1.ObjectMeta{\r
 237                         Name:      "ricxapp-tiller-deployer",\r
 238                         Namespace: "ricxapp",\r
 239                 },\r
 240                 Rules: []rbacv1.PolicyRule{\r
 241 \r
 242                         rbacv1.PolicyRule{\r
 243                                 APIGroups: []string{\r
 244 \r
 245                                         "",\r
 246                                 },\r
 247                                 Resources: []string{\r
 248 \r
 249                                         "pods",\r
 250                                         "configmaps",\r
 251                                         "services",\r
 252                                 },\r
 253                                 Verbs: []string{\r
 254 \r
 255                                         "get",\r
 256                                         "list",\r
 257                                         "create",\r
 258                                         "delete",\r
 259                                 },\r
 260                         },\r
 261                         rbacv1.PolicyRule{\r
 262                                 Verbs: []string{\r
 263 \r
 264                                         "get",\r
 265                                         "list",\r
 266                                         "create",\r
 267                                         "delete",\r
 268                                 },\r
 269                                 APIGroups: []string{\r
 270 \r
 271                                         "extensions",\r
 272                                         "apps",\r
 273                                 },\r
 274                                 Resources: []string{\r
 275 \r
 276                                         "deployments",\r
 277                                 },\r
 278                         },\r
 279                 },\r
 280                 TypeMeta: metav1.TypeMeta{\r
 281                         APIVersion: "rbac.authorization.k8s.io/v1",\r
 282                         Kind:       "Role",\r
 283                 },\r
 284         }\r
 285 \r
 286         role6 := &rbacv1.Role{\r
 287                 ObjectMeta: metav1.ObjectMeta{\r
 288                         Name:      "tiller-secret-creator-xzhjjg-secret-create",\r
 289                         Namespace: "ricinfra",\r
 290                 },\r
 291                 Rules: []rbacv1.PolicyRule{\r
 292 \r
 293                         rbacv1.PolicyRule{\r
 294                                 APIGroups: []string{\r
 295 \r
 296                                         "",\r
 297                                 },\r
 298                                 Resources: []string{\r
 299 \r
 300                                         "secrets",\r
 301                                 },\r
 302                                 Verbs: []string{\r
 303 \r
 304                                         "create",\r
 305                                         "get",\r
 306                                         "patch",\r
 307                                 },\r
 308                         },\r
 309                 },\r
 310                 TypeMeta: metav1.TypeMeta{\r
 311                         APIVersion: "rbac.authorization.k8s.io/v1",\r
 312                         Kind:       "Role",\r
 313                 },\r
 314         }\r
 315 \r
 316         role7 := &rbacv1.Role{\r
 317                 Rules: []rbacv1.PolicyRule{\r
 318 \r
 319                         rbacv1.PolicyRule{\r
 320                                 APIGroups: []string{\r
 321 \r
 322                                         "",\r
 323                                 },\r
 324                                 Resources: []string{\r
 325 \r
 326                                         "configmaps",\r
 327                                         "pods",\r
 328                                         "secrets",\r
 329                                         "namespaces",\r
 330                                 },\r
 331                                 Verbs: []string{\r
 332 \r
 333                                         "get",\r
 334                                 },\r
 335                         },\r
 336                         rbacv1.PolicyRule{\r
 337                                 APIGroups: []string{\r
 338 \r
 339                                         "",\r
 340                                 },\r
 341                                 ResourceNames: []string{\r
 342 \r
 343                                         "kong-ingress-controller-leader-kong-kong",\r
 344                                 },\r
 345                                 Resources: []string{\r
 346 \r
 347                                         "configmaps",\r
 348                                 },\r
 349                                 Verbs: []string{\r
 350 \r
 351                                         "get",\r
 352                                         "update",\r
 353                                 },\r
 354                         },\r
 355                         rbacv1.PolicyRule{\r
 356                                 APIGroups: []string{\r
 357 \r
 358                                         "",\r
 359                                 },\r
 360                                 Resources: []string{\r
 361 \r
 362                                         "configmaps",\r
 363                                 },\r
 364                                 Verbs: []string{\r
 365 \r
 366                                         "create",\r
 367                                 },\r
 368                         },\r
 369                         rbacv1.PolicyRule{\r
 370                                 Resources: []string{\r
 371 \r
 372                                         "endpoints",\r
 373                                 },\r
 374                                 Verbs: []string{\r
 375 \r
 376                                         "get",\r
 377                                 },\r
 378                                 APIGroups: []string{\r
 379 \r
 380                                         "",\r
 381                                 },\r
 382                         },\r
 383                 },\r
 384                 TypeMeta: metav1.TypeMeta{\r
 385                         APIVersion: "rbac.authorization.k8s.io/v1",\r
 386                         Kind:       "Role",\r
 387                 },\r
 388                 ObjectMeta: metav1.ObjectMeta{\r
 389                         Name: "release-name-kong",\r
 390                         Labels: map[string]string{\r
 391                                 "helm.sh/chart":                "kong-0.36.6",\r
 392                                 "app.kubernetes.io/instance":   "release-name",\r
 393                                 "app.kubernetes.io/managed-by": "Helm",\r
 394                                 "app.kubernetes.io/name":       "kong",\r
 395                                 "app.kubernetes.io/version":    "1.4",\r
 396                         },\r
 397                 },\r
 398         }\r
 399 \r
 400         role8 := &rbacv1.Role{\r
 401                 ObjectMeta: metav1.ObjectMeta{\r
 402                         Name:      "svcacct-ricplt-o1mediator-ricxapp-podreader",\r
 403                         Namespace: "ricxapp",\r
 404                 },\r
 405                 Rules: []rbacv1.PolicyRule{\r
 406 \r
 407                         rbacv1.PolicyRule{\r
 408                                 APIGroups: []string{\r
 409 \r
 410                                         "",\r
 411                                 },\r
 412                                 Resources: []string{\r
 413 \r
 414                                         "pods",\r
 415                                 },\r
 416                                 Verbs: []string{\r
 417 \r
 418                                         "get",\r
 419                                         "list",\r
 420                                         "watch",\r
 421                                 },\r
 422                         },\r
 423                 },\r
 424                 TypeMeta: metav1.TypeMeta{\r
 425                         APIVersion: "rbac.authorization.k8s.io/v1",\r
 426                         Kind:       "Role",\r
 427                 },\r
 428         }\r
 429 \r
 430         role9 := &rbacv1.Role{\r
 431                 Rules: []rbacv1.PolicyRule{\r
 432 \r
 433                         rbacv1.PolicyRule{\r
 434                                 APIGroups: []string{\r
 435 \r
 436                                         "",\r
 437                                 },\r
 438                                 Resources: []string{\r
 439 \r
 440                                         "pods",\r
 441                                 },\r
 442                                 Verbs: []string{\r
 443 \r
 444                                         "get",\r
 445                                         "list",\r
 446                                 },\r
 447                         },\r
 448                         rbacv1.PolicyRule{\r
 449                                 APIGroups: []string{\r
 450 \r
 451                                         "",\r
 452                                 },\r
 453                                 Resources: []string{\r
 454 \r
 455                                         "pods/exec",\r
 456                                 },\r
 457                                 Verbs: []string{\r
 458 \r
 459                                         "create",\r
 460                                 },\r
 461                         },\r
 462                 },\r
 463                 TypeMeta: metav1.TypeMeta{\r
 464                         Kind:       "Role",\r
 465                         APIVersion: "rbac.authorization.k8s.io/v1",\r
 466                 },\r
 467                 ObjectMeta: metav1.ObjectMeta{\r
 468                         Name: "assigner-role",\r
 469                 },\r
 470         }\r
 471 \r
 472         return []*rbacv1.Role{role1, role2, role3, role4, role5, role6, role7, role8, role9}\r
 473 }