From 6d0129c772e357ab5357502c800ab5e2f9fa5959 Mon Sep 17 00:00:00 2001 From: "naman.gupta" Date: Fri, 1 Dec 2023 19:45:42 +0530 Subject: [PATCH] Adding clusterRole for App manager. Adding clusterRole for App manager. Change-Id: Idb7f7f792a8540dfd4ce745a59eec3ef915b22f2 Signed-off-by: naman.gupta --- .../internal/controller/getClusterRole.go | 107 +++++++++++++++++++++ .../internal/controller/getClusterRoleBinding.go | 58 +++++++++++ 2 files changed, 165 insertions(+) create mode 100644 depRicKubernetesOperator/internal/controller/getClusterRole.go create mode 100644 depRicKubernetesOperator/internal/controller/getClusterRoleBinding.go diff --git a/depRicKubernetesOperator/internal/controller/getClusterRole.go b/depRicKubernetesOperator/internal/controller/getClusterRole.go new file mode 100644 index 0000000..31e1bb4 --- /dev/null +++ b/depRicKubernetesOperator/internal/controller/getClusterRole.go @@ -0,0 +1,107 @@ +package controller + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +func GetClusterRole() []*rbacv1.ClusterRole { + + clusterRole1 := &rbacv1.ClusterRole{ + ObjectMeta: metav1.ObjectMeta{ + Name: "svcacct-ricplt-appmgr-ricxapp-access", + }, + Rules: []rbacv1.PolicyRule{ + + rbacv1.PolicyRule{ + APIGroups: []string{ + + "", + }, + Resources: []string{ + + "pods/portforward", + }, + Verbs: []string{ + + "create", + }, + }, + rbacv1.PolicyRule{ + APIGroups: []string{ + + "", + }, + Resources: []string{ + + "pods", + "configmaps", + "deployments", + "services", + }, + Verbs: []string{ + + "get", + "list", + "create", + "delete", + }, + }, + rbacv1.PolicyRule{ + APIGroups: []string{ + + "", + }, + Resources: []string{ + + "secrets", + }, + Verbs: []string{ + + "get", + "list", + }, + }, + }, + TypeMeta: metav1.TypeMeta{ + Kind: "ClusterRole", + APIVersion: "rbac.authorization.k8s.io/v1", + }, + } + + clusterRole2 := &rbacv1.ClusterRole{ + Rules: []rbacv1.PolicyRule{ + + rbacv1.PolicyRule{ + APIGroups: []string{ + + "", + }, + Resources: []string{ + + "configmaps", + "endpoints", + "services", + }, + Verbs: []string{ + + "get", + "list", + "create", + "update", + "delete", + }, + }, + }, + TypeMeta: metav1.TypeMeta{ + APIVersion: "rbac.authorization.k8s.io/v1", + Kind: "ClusterRole", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "svcacct-ricplt-appmgr-ricxapp-getappconfig", + }, + } + + return []*rbacv1.ClusterRole{clusterRole1, clusterRole2} + +} \ No newline at end of file diff --git a/depRicKubernetesOperator/internal/controller/getClusterRoleBinding.go b/depRicKubernetesOperator/internal/controller/getClusterRoleBinding.go new file mode 100644 index 0000000..5412f74 --- /dev/null +++ b/depRicKubernetesOperator/internal/controller/getClusterRoleBinding.go @@ -0,0 +1,58 @@ +package controller + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +func GetClusterRoleBinding() []*rbacv1.ClusterRoleBinding { + clusterRoleBinding1 := &rbacv1.ClusterRoleBinding{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "rbac.authorization.k8s.io/v1", + Kind: "ClusterRoleBinding", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "svcacct-ricplt-appmgr-ricxapp-access", + Namespace: "ricplt", + }, + RoleRef: rbacv1.RoleRef{ + Kind: "ClusterRole", + Name: "svcacct-ricplt-appmgr-ricxapp-access", + APIGroup: "rbac.authorization.k8s.io", + }, + Subjects: []rbacv1.Subject{ + + rbacv1.Subject{ + Namespace: "ricplt", + Kind: "ServiceAccount", + Name: "svcacct-ricplt-appmgr", + }, + }, + } + + clusterRoleBinding2 := &rbacv1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "svcacct-ricplt-appmgr-ricxapp-getappconfig", + Namespace: "ricxapp", + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: "rbac.authorization.k8s.io", + Kind: "ClusterRole", + Name: "svcacct-ricplt-appmgr-ricxapp-getappconfig", + }, + Subjects: []rbacv1.Subject{ + + rbacv1.Subject{ + Namespace: "ricplt", + Kind: "ServiceAccount", + Name: "svcacct-ricplt-appmgr", + }, + }, + TypeMeta: metav1.TypeMeta{ + APIVersion: "rbac.authorization.k8s.io/v1", + Kind: "ClusterRoleBinding", + }, + } + return []*rbacv1.ClusterRoleBinding{clusterRoleBinding1, clusterRoleBinding2} +} -- 2.16.6