mirror of https://github.com/knative/func.git
47 lines
1.2 KiB
Go
47 lines
1.2 KiB
Go
package k8s
|
|
|
|
import (
|
|
"context"
|
|
|
|
rbacv1 "k8s.io/api/rbac/v1"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
)
|
|
|
|
func CreateRoleBindingForServiceAccount(ctx context.Context, name, namespaceOverride string, labels map[string]string, serviceAccountName, roleKind, roleName string) (err error) {
|
|
client, namespace, err := NewClientAndResolvedNamespace(namespaceOverride)
|
|
if err != nil {
|
|
return
|
|
}
|
|
|
|
rb := &rbacv1.RoleBinding{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: name,
|
|
Labels: labels,
|
|
},
|
|
Subjects: []rbacv1.Subject{
|
|
{
|
|
Kind: "ServiceAccount",
|
|
Name: serviceAccountName,
|
|
Namespace: namespace,
|
|
},
|
|
},
|
|
RoleRef: rbacv1.RoleRef{
|
|
APIGroup: "rbac.authorization.k8s.io",
|
|
Kind: roleKind,
|
|
Name: roleName,
|
|
},
|
|
}
|
|
|
|
_, err = client.RbacV1().RoleBindings(namespace).Create(ctx, rb, metav1.CreateOptions{})
|
|
return
|
|
}
|
|
|
|
func DeleteRoleBindings(ctx context.Context, namespaceOverride string, listOptions metav1.ListOptions) (err error) {
|
|
client, namespace, err := NewClientAndResolvedNamespace(namespaceOverride)
|
|
if err != nil {
|
|
return
|
|
}
|
|
|
|
return client.RbacV1().RoleBindings(namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, listOptions)
|
|
}
|