def configure_rbac_with_ap(rbac_v1: RbacAuthorizationV1Api) -> RBACAuthorization:
"""
Create cluster and binding for AppProtect module.
:param rbac_v1: RbacAuthorizationV1Api
:return: RBACAuthorization
"""
with open(f"{DEPLOYMENTS}/rbac/ap-rbac.yaml") as f:
docs = yaml.safe_load_all(f)
role_name = ""
binding_name = ""
for dep in docs:
if dep["kind"] == "ClusterRole":
print("Create cluster role for AppProtect")
role_name = dep["metadata"]["name"]
rbac_v1.create_cluster_role(dep)
print(f"Created role '{role_name}'")
elif dep["kind"] == "ClusterRoleBinding":
print("Create binding for AppProtect")
binding_name = dep["metadata"]["name"]
rbac_v1.create_cluster_role_binding(dep)
print(f"Created binding '{binding_name}'")
return RBACAuthorization(role_name, binding_name)
def configure_rbac(rbac_v1: RbacAuthorizationV1Api) -> RBACAuthorization:
"""
Create cluster and binding.
:param rbac_v1: RbacAuthorizationV1Api
:return: RBACAuthorization
"""
with open(f'{DEPLOYMENTS}/rbac/rbac.yaml') as f:
docs = yaml.safe_load_all(f)
role_name = ""
binding_name = ""
for dep in docs:
if dep["kind"] == "ClusterRole":
print("Create cluster role")
role_name = dep['metadata']['name']
rbac_v1.create_cluster_role(dep)
print(f"Created role '{role_name}'")
elif dep["kind"] == "ClusterRoleBinding":
print("Create binding")
binding_name = dep['metadata']['name']
rbac_v1.create_cluster_role_binding(dep)
print(f"Created binding '{binding_name}'")
return RBACAuthorization(role_name, binding_name)