Skip to content

Commit

Permalink
Merge pull request #43386 from metacosm/add-ns-to-krbbi
Browse files Browse the repository at this point in the history 
Let extensions provide namespace for RoleBinding
  • Loading branch information
@gsmet
gsmet committed Sep 25, 2024
2 parents ff7a0f7 + df95d76 commit 095e949
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 9 deletions.
16 changes: 13 additions & 3 deletions ...ubernetes/spi/src/main/java/io/quarkus/kubernetes/spi/KubernetesRoleBindingBuildItem.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,7 @@

/**
* Produce this build item to request the Kubernetes extension to generate
* a Kubernetes {@code RoleBinding} resource. The configuration here is limited;
* in particular, you can't specify subjects of the role binding. The role will always
* be bound to the application's service account.
* a Kubernetes {@code RoleBinding} resource.
* <p>
* Note that this can't be used to generate a {@code ClusterRoleBinding}.
*/
Expand All @@ -17,6 +15,7 @@ public final class KubernetesRoleBindingBuildItem extends BaseTargetable {
* Can be {@code null}, in which case the resource name is autogenerated.
*/
private final String name;
private final String namespace;
/**
* RoleRef configuration.
*/
Expand Down Expand Up @@ -47,8 +46,15 @@ public KubernetesRoleBindingBuildItem(String name, String role, boolean clusterW

public KubernetesRoleBindingBuildItem(String name, String target, Map<String, String> labels, RoleRef roleRef,
Subject... subjects) {
this(name, null, target, labels, roleRef, subjects);
}

public KubernetesRoleBindingBuildItem(String name, String namespace, String target, Map<String, String> labels,
RoleRef roleRef,
Subject... subjects) {
super(target);
this.name = name;
this.namespace = namespace;
this.labels = labels;
this.roleRef = roleRef;
this.subjects = subjects;
Expand All @@ -58,6 +64,10 @@ public String getName() {
return this.name;
}

public String getNamespace() {
return namespace;
}

public Map<String, String> getLabels() {
return labels;
}
Expand Down
17 changes: 11 additions & 6 deletions ...yment/src/main/java/io/quarkus/kubernetes/deployment/AddRoleBindingResourceDecorator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,35 +21,40 @@ public class AddRoleBindingResourceDecorator extends ResourceProvidingDecorator<

private final String deploymentName;
private final String name;
private final String namespace;
private final Map<String, String> labels;
private final RoleRef roleRef;
private final Subject[] subjects;

public AddRoleBindingResourceDecorator(String deploymentName, String name, Map<String, String> labels,
public AddRoleBindingResourceDecorator(String deploymentName, String name, String namespace, Map<String, String> labels,
RoleRef roleRef,
Subject... subjects) {
this.deploymentName = deploymentName;
this.name = name;
this.labels = labels;
this.roleRef = roleRef;
this.subjects = subjects;
this.namespace = namespace;
}

public void visit(KubernetesListBuilder list) {
if (contains(list, RBAC_API_VERSION, ROLE_BINDING, name)) {
return;
}

Map<String, String> roleBindingLabels = new HashMap<>();
roleBindingLabels.putAll(labels);
Map<String, String> roleBindingLabels = new HashMap<>(labels);
getDeploymentMetadata(list, deploymentName)
.map(ObjectMeta::getLabels)
.ifPresent(roleBindingLabels::putAll);

RoleBindingBuilder builder = new RoleBindingBuilder()
.withNewMetadata()
final var metadataBuilder = new RoleBindingBuilder().withNewMetadata()
.withName(name)
.withLabels(roleBindingLabels)
.withLabels(roleBindingLabels);
// add namespace if it was specified
if (namespace != null) {
metadataBuilder.withNamespace(namespace);
}
RoleBindingBuilder builder = metadataBuilder
.endMetadata()
.withNewRoleRef()
.withKind(roleRef.isClusterWide() ? CLUSTER_ROLE : ROLE)
Expand Down
4 changes: 4 additions & 0 deletions ...lla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KubernetesCommonHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,6 +370,7 @@ private static Collection<DecoratorBuildItem> createRbacDecorators(String name,
Targetable.filteredByTarget(roleBindingsFromExtensions, target)
.map(rb -> new DecoratorBuildItem(target, new AddRoleBindingResourceDecorator(name,
Strings.isNotNullOrEmpty(rb.getName()) ? rb.getName() : name + "-" + rb.getRoleRef().getName(),
rb.getNamespace(),
rb.getLabels(),
rb.getRoleRef(),
rb.getSubjects())))
Expand Down Expand Up @@ -405,6 +406,7 @@ private static Collection<DecoratorBuildItem> createRbacDecorators(String name,
boolean clusterWide = roleBinding.clusterWide.orElse(defaultClusterWide);
result.add(new DecoratorBuildItem(target, new AddRoleBindingResourceDecorator(name,
rbName,
null, // todo: should namespace be providable via config?
roleBinding.labels,
new RoleRef(roleName, clusterWide),
subjects.toArray(new Subject[0]))));
Expand Down Expand Up @@ -443,6 +445,7 @@ private static Collection<DecoratorBuildItem> createRbacDecorators(String name,
requiresServiceAccount = true;
result.add(new DecoratorBuildItem(target, new AddRoleBindingResourceDecorator(name,
name,
null, // todo: should namespace be providable via config?
Collections.emptyMap(),
new RoleRef(defaultRoleName, defaultClusterWide),
new Subject(null, SERVICE_ACCOUNT,
Expand All @@ -454,6 +457,7 @@ private static Collection<DecoratorBuildItem> createRbacDecorators(String name,
requiresServiceAccount = true;
result.add(new DecoratorBuildItem(target, new AddRoleBindingResourceDecorator(name,
name + "-" + DEFAULT_ROLE_NAME_VIEW,
null, // todo: should namespace be providable via config?
Collections.emptyMap(),
new RoleRef(DEFAULT_ROLE_NAME_VIEW, true),
new Subject(null, SERVICE_ACCOUNT,
Expand Down

0 comments on commit 095e949

Please sign in to comment.