def revoke_access(self, bind: SecretBinding):
try:
self.__rbac_api.delete_namespaced_role(bind.resource_name(),
bind.get_namespace())
except kubernetes.client.ApiException as e:
if e.status != 404:
raise KSCPException(e.status, e.reason)
else:
logger.debug(
f"Role { bind.resource_name() } did not exist, skip.")
try:
self.__rbac_api.delete_namespaced_role_binding(
bind.resource_name(), bind.get_namespace())
except kubernetes.client.ApiException as e:
if e.status != 404:
raise KSCPException(e.status, e.reason)
else:
logger.debug(
f"Role binding { bind.resource_name() } did not exist, skip."
)
def revoke_access(self, bind: SecretBinding):
self.__client.auth.kubernetes.delete_role(bind.resource_name())
def grant_access(self, bind: SecretBinding, policies: list):
self.__client.auth.kubernetes.create_role(bind.resource_name(),
[bind.get_service_account()],
[bind.get_namespace()],
policies=policies)