def patch_rbac(rbac_v1_beta1: RbacAuthorizationV1beta1Api,
               yaml_manifest) -> RBACAuthorization:
    """
    Patch a clusterrole and a binding.

    :param rbac_v1_beta1: RbacAuthorizationV1beta1Api
    :param yaml_manifest: an absolute path to yaml manifest
    :return: RBACAuthorization
    """
    with open(yaml_manifest) as f:
        docs = yaml.safe_load_all(f)
        role_name = ""
        binding_name = ""
        for dep in docs:
            if dep["kind"] == "ClusterRole":
                print("Patch the cluster role")
                role_name = dep['metadata']['name']
                rbac_v1_beta1.patch_cluster_role(role_name, dep)
                print(f"Patched the role '{role_name}'")
            elif dep["kind"] == "ClusterRoleBinding":
                print("Patch the binding")
                binding_name = dep['metadata']['name']
                rbac_v1_beta1.patch_cluster_role_binding(binding_name, dep)
                print(f"Patched the binding '{binding_name}'")
        return RBACAuthorization(role_name, binding_name)
Beispiel #2
0
def ensure_role(api: client.RbacAuthorizationV1beta1Api, role, name):
    if len(
            api.list_cluster_role(
                field_selector=f'metadata.name={name}').items) == 0:
        logger.info(f'creating ClusterRole: {name}')
        api.create_cluster_role(role)
    else:
        logger.info(f'ClusterRole exists: {name}')
def cleanup_rbac(rbac_v1_beta1: RbacAuthorizationV1beta1Api, rbac: RBACAuthorization) -> None:
    """
    Delete binding and cluster role.

    :param rbac_v1_beta1: RbacAuthorizationV1beta1Api
    :param rbac: RBACAuthorization
    :return:
    """
    delete_options = client.V1DeleteOptions()
    print("Delete binding and cluster role")
    rbac_v1_beta1.delete_cluster_role_binding(rbac.binding, delete_options)
    rbac_v1_beta1.delete_cluster_role(rbac.role, delete_options)
def cleanup_rbac(rbac_v1_beta1: RbacAuthorizationV1beta1Api, rbac: RBACAuthorization) -> None:
    """
    Delete binding and cluster role.

    :param rbac_v1_beta1: RbacAuthorizationV1beta1Api
    :param rbac: RBACAuthorization
    :return:
    """
    delete_options = client.V1DeleteOptions()
    print("Delete binding and cluster role")
    rbac_v1_beta1.delete_cluster_role_binding(rbac.binding, delete_options)
    rbac_v1_beta1.delete_cluster_role(rbac.role, delete_options)
def configure_rbac(rbac_v1_beta1: RbacAuthorizationV1beta1Api) -> RBACAuthorization:
    """
    Create cluster and binding.

    :param rbac_v1_beta1: RbacAuthorizationV1beta1Api
    :return: RBACAuthorization
    """
    with open(f'{DEPLOYMENTS}/rbac/rbac.yaml') as f:
        docs = yaml.safe_load_all(f)
        role_name = ""
        binding_name = ""
        for dep in docs:
            if dep["kind"] == "ClusterRole":
                print("Create cluster role")
                role_name = dep['metadata']['name']
                rbac_v1_beta1.create_cluster_role(dep)
                print(f"Created role '{role_name}'")
            elif dep["kind"] == "ClusterRoleBinding":
                print("Create binding")
                binding_name = dep['metadata']['name']
                rbac_v1_beta1.create_cluster_role_binding(dep)
                print(f"Created binding '{binding_name}'")
        return RBACAuthorization(role_name, binding_name)
def configure_rbac(rbac_v1_beta1: RbacAuthorizationV1beta1Api) -> RBACAuthorization:
    """
    Create cluster and binding.

    :param rbac_v1_beta1: RbacAuthorizationV1beta1Api
    :return: RBACAuthorization
    """
    with open(f'{DEPLOYMENTS}/rbac/rbac.yaml') as f:
        docs = yaml.load_all(f)
        role_name = ""
        binding_name = ""
        for dep in docs:
            if dep["kind"] == "ClusterRole":
                print("Create cluster role")
                role_name = dep['metadata']['name']
                rbac_v1_beta1.create_cluster_role(dep)
                print(f"Created role '{role_name}'")
            elif dep["kind"] == "ClusterRoleBinding":
                print("Create binding")
                binding_name = dep['metadata']['name']
                rbac_v1_beta1.create_cluster_role_binding(dep)
                print(f"Created binding '{binding_name}'")
        return RBACAuthorization(role_name, binding_name)
Beispiel #7
0
def configure_rbac_with_ap(
        rbac_v1_beta1: RbacAuthorizationV1beta1Api) -> RBACAuthorization:
    """
    Create cluster and binding for AppProtect module.
    :param rbac_v1_beta1: RbacAuthorizationV1beta1Api
    :return: RBACAuthorization
    """
    with open(f"{DEPLOYMENTS}/rbac/ap-rbac.yaml") as f:
        docs = yaml.safe_load_all(f)
        role_name = ""
        binding_name = ""
        for dep in docs:
            if dep["kind"] == "ClusterRole":
                print("Create cluster role for AppProtect")
                role_name = dep["metadata"]["name"]
                rbac_v1_beta1.create_cluster_role(dep)
                print(f"Created role '{role_name}'")
            elif dep["kind"] == "ClusterRoleBinding":
                print("Create binding for AppProtect")
                binding_name = dep["metadata"]["name"]
                rbac_v1_beta1.create_cluster_role_binding(dep)
                print(f"Created binding '{binding_name}'")
        return RBACAuthorization(role_name, binding_name)