forked from hashicorp/terraform-provider-kubernetes
-
Notifications
You must be signed in to change notification settings - Fork 46
/
Copy pathresource_kubernetes_role_binding.go
155 lines (133 loc) · 4.44 KB
/
resource_kubernetes_role_binding.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
package kubernetes
import (
"fmt"
"log"
"github.com/hashicorp/terraform/helper/schema"
api "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func resourceKubernetesRoleBinding() *schema.Resource {
return &schema.Resource{
Create: resourceKubernetesRoleBindingCreate,
Read: resourceKubernetesRoleBindingRead,
Exists: resourceKubernetesRoleBindingExists,
Update: resourceKubernetesRoleBindingUpdate,
Delete: resourceKubernetesRoleBindingDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},
Schema: map[string]*schema.Schema{
"metadata": namespacedMetadataSchema("role binding", false),
"role_ref": {
Type: schema.TypeList,
Description: "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.",
Required: true,
MinItems: 1,
MaxItems: 1,
Elem: &schema.Resource{
Schema: roleRefFields(),
},
},
"subject": {
Type: schema.TypeList,
Description: "Subjects holds references to the objects the role applies to.",
Required: true,
MinItems: 1,
Elem: &schema.Resource{
Schema: rbacSubjectFields(),
},
},
},
}
}
func resourceKubernetesRoleBindingCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*kubernetesProvider).conn
metadata := expandMetadata(d.Get("metadata").([]interface{}))
rb := api.RoleBinding{
ObjectMeta: metadata,
RoleRef: expandRoleRef(d.Get("role_ref").([]interface{})[0]),
Subjects: expandSubjects(d.Get("subject").([]interface{})),
}
log.Printf("[INFO] Creating new role binding: %#v", rb)
out, err := conn.RbacV1().RoleBindings(metadata.Namespace).Create(&rb)
if err != nil {
return err
}
log.Printf("[INFO] Submitted new role binding: %#v", out)
d.SetId(buildId(out.ObjectMeta))
return resourceKubernetesRoleBindingRead(d, meta)
}
func resourceKubernetesRoleBindingRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*kubernetesProvider).conn
namespace, name, err := idParts(d.Id())
if err != nil {
return err
}
log.Printf("[INFO] Reading role binding %s", name)
crb, err := conn.RbacV1().RoleBindings(namespace).Get(name, metav1.GetOptions{})
if err != nil {
log.Printf("[DEBUG] Received error: %#v", err)
return err
}
log.Printf("[INFO] Received role binding: %#v", crb)
err = d.Set("metadata", flattenMetadata(crb.ObjectMeta, d))
if err != nil {
return err
}
d.Set("role_ref", flattenRoleRef(crb.RoleRef))
d.Set("subject", flattenSubjects(crb.Subjects))
return nil
}
func resourceKubernetesRoleBindingUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*kubernetesProvider).conn
namespace, name, err := idParts(d.Id())
if err != nil {
return err
}
metadata := expandMetadata(d.Get("metadata").([]interface{}))
crb := api.RoleBinding{
ObjectMeta: metadata,
RoleRef: expandRoleRef(d.Get("role_ref").([]interface{})[0]),
Subjects: expandSubjects(d.Get("subject").([]interface{})),
}
log.Printf("[INFO] Updating role binding %q: %v", name, crb)
out, err := conn.RbacV1().RoleBindings(namespace).Update(&crb)
if err != nil {
return fmt.Errorf("Failed to update role binding: %s", err)
}
log.Printf("[INFO] Submitted updated role binding: %#v", out)
d.SetId(buildId(out.ObjectMeta))
return resourceKubernetesRoleBindingRead(d, meta)
}
func resourceKubernetesRoleBindingDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*kubernetesProvider).conn
namespace, name, err := idParts(d.Id())
if err != nil {
return err
}
log.Printf("[INFO] Deleting role binding: %#v", name)
err = conn.RbacV1().RoleBindings(namespace).Delete(name, &metav1.DeleteOptions{})
if err != nil {
return err
}
log.Printf("[INFO] role binding %s deleted", name)
d.SetId("")
return nil
}
func resourceKubernetesRoleBindingExists(d *schema.ResourceData, meta interface{}) (bool, error) {
conn := meta.(*kubernetesProvider).conn
namespace, name, err := idParts(d.Id())
if err != nil {
return false, err
}
log.Printf("[INFO] Checking role binding %s", name)
_, err = conn.RbacV1().RoleBindings(namespace).Get(name, metav1.GetOptions{})
if err != nil {
if statusErr, ok := err.(*errors.StatusError); ok && statusErr.ErrStatus.Code == 404 {
return false, nil
}
log.Printf("[DEBUG] Received error: %#v", err)
}
return true, err
}