def revoke_access(self, bind: SecretBinding): try: self.__rbac_api.delete_namespaced_role(bind.get_name(), bind.get_namespace()) except kubernetes.client.ApiException as e: if e.status != 404: raise ESKException(e.status, e.reason) else: logger.debug(f"Role { bind.get_name() } did not exist, skip.") try: self.__rbac_api.delete_namespaced_role_binding( bind.get_name(), bind.get_namespace()) except kubernetes.client.ApiException as e: if e.status != 404: raise ESKException(e.status, e.reason) else: logger.debug( f"Role binding { bind.get_name() } did not exist, skip.")
def revoke_access(self, bind: SecretBinding): self.__client.auth.kubernetes.delete_role(bind.get_name())
def grant_access(self, bind: SecretBinding, policies: list): self.__client.auth.kubernetes.create_role(bind.get_name(), [bind.get_service_account()], [bind.get_namespace()], policies=policies)