update dependencies (#6267)
Signed-off-by: hongming <coder.scala@gmail.com>
This commit is contained in:
hongming
128
vendor/sigs.k8s.io/controller-tools/pkg/rbac/parser.go
generated
vendored
128
vendor/sigs.k8s.io/controller-tools/pkg/rbac/parser.go
generated
vendored
@@ -93,6 +93,24 @@ func (r *Rule) key() ruleKey {
|
||||
}
|
||||
}
|
||||
|
||||
func (r *Rule) keyWithGroupResourceNamesURLsVerbs() string {
|
||||
key := r.key()
|
||||
verbs := strings.Join(r.Verbs, "&")
|
||||
return fmt.Sprintf("%s + %s + %s + %s", key.Groups, key.ResourceNames, key.URLs, verbs)
|
||||
}
|
||||
|
||||
func (r *Rule) keyWithResourcesResourceNamesURLsVerbs() string {
|
||||
key := r.key()
|
||||
verbs := strings.Join(r.Verbs, "&")
|
||||
return fmt.Sprintf("%s + %s + %s + %s", key.Resources, key.ResourceNames, key.URLs, verbs)
|
||||
}
|
||||
|
||||
func (r *Rule) keyWitGroupResourcesResourceNamesVerbs() string {
|
||||
key := r.key()
|
||||
verbs := strings.Join(r.Verbs, "&")
|
||||
return fmt.Sprintf("%s + %s + %s + %s", key.Groups, key.Resources, key.ResourceNames, verbs)
|
||||
}
|
||||
|
||||
// addVerbs adds new verbs into a Rule.
|
||||
// The duplicates in `r.Verbs` will be removed, and then `r.Verbs` will be sorted.
|
||||
func (r *Rule) addVerbs(verbs []string) {
|
||||
@@ -128,12 +146,6 @@ func removeDupAndSort(strs []string) []string {
|
||||
|
||||
// ToRule converts this rule to its Kubernetes API form.
|
||||
func (r *Rule) ToRule() rbacv1.PolicyRule {
|
||||
// fix the group names first, since letting people type "core" is nice
|
||||
for i, group := range r.Groups {
|
||||
if group == "core" {
|
||||
r.Groups[i] = ""
|
||||
}
|
||||
}
|
||||
return rbacv1.PolicyRule{
|
||||
APIGroups: r.Groups,
|
||||
Verbs: r.Verbs,
|
||||
@@ -168,22 +180,42 @@ func (Generator) RegisterMarkers(into *markers.Registry) error {
|
||||
// GenerateRoles generate a slice of objs representing either a ClusterRole or a Role object
|
||||
// The order of the objs in the returned slice is stable and determined by their namespaces.
|
||||
func GenerateRoles(ctx *genall.GenerationContext, roleName string) ([]interface{}, error) {
|
||||
rulesByNS := make(map[string][]*Rule)
|
||||
rulesByNSResource := make(map[string][]*Rule)
|
||||
for _, root := range ctx.Roots {
|
||||
markerSet, err := markers.PackageMarkers(ctx.Collector, root)
|
||||
if err != nil {
|
||||
root.AddError(err)
|
||||
}
|
||||
|
||||
// group RBAC markers by namespace
|
||||
// group RBAC markers by namespace and separate by resource
|
||||
for _, markerValue := range markerSet[RuleDefinition.Name] {
|
||||
rule := markerValue.(Rule)
|
||||
namespace := rule.Namespace
|
||||
if _, ok := rulesByNS[namespace]; !ok {
|
||||
rules := make([]*Rule, 0)
|
||||
rulesByNS[namespace] = rules
|
||||
if len(rule.Resources) == 0 {
|
||||
// Add a rule without any resource if Resources is empty.
|
||||
r := Rule{
|
||||
Groups: rule.Groups,
|
||||
Resources: []string{},
|
||||
ResourceNames: rule.ResourceNames,
|
||||
URLs: rule.URLs,
|
||||
Namespace: rule.Namespace,
|
||||
Verbs: rule.Verbs,
|
||||
}
|
||||
namespace := r.Namespace
|
||||
rulesByNSResource[namespace] = append(rulesByNSResource[namespace], &r)
|
||||
continue
|
||||
}
|
||||
for _, resource := range rule.Resources {
|
||||
r := Rule{
|
||||
Groups: rule.Groups,
|
||||
Resources: []string{resource},
|
||||
ResourceNames: rule.ResourceNames,
|
||||
URLs: rule.URLs,
|
||||
Namespace: rule.Namespace,
|
||||
Verbs: rule.Verbs,
|
||||
}
|
||||
namespace := r.Namespace
|
||||
rulesByNSResource[namespace] = append(rulesByNSResource[namespace], &r)
|
||||
}
|
||||
rulesByNS[namespace] = append(rulesByNS[namespace], &rule)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -192,6 +224,13 @@ func GenerateRoles(ctx *genall.GenerationContext, roleName string) ([]interface{
|
||||
ruleMap := make(map[ruleKey]*Rule)
|
||||
// all the Rules having the same ruleKey will be merged into the first Rule
|
||||
for _, rule := range rules {
|
||||
// fix the group name first, since letting people type "core" is nice
|
||||
for i, name := range rule.Groups {
|
||||
if name == "core" {
|
||||
rule.Groups[i] = ""
|
||||
}
|
||||
}
|
||||
|
||||
key := rule.key()
|
||||
if _, ok := ruleMap[key]; !ok {
|
||||
ruleMap[key] = rule
|
||||
@@ -200,6 +239,64 @@ func GenerateRoles(ctx *genall.GenerationContext, roleName string) ([]interface{
|
||||
ruleMap[key].addVerbs(rule.Verbs)
|
||||
}
|
||||
|
||||
// deduplicate resources
|
||||
// 1. create map based on key without resources
|
||||
ruleMapWithoutResources := make(map[string][]*Rule)
|
||||
for _, rule := range ruleMap {
|
||||
// get key without Resources
|
||||
key := rule.keyWithGroupResourceNamesURLsVerbs()
|
||||
ruleMapWithoutResources[key] = append(ruleMapWithoutResources[key], rule)
|
||||
}
|
||||
// 2. merge to ruleMap
|
||||
ruleMap = make(map[ruleKey]*Rule)
|
||||
for _, rules := range ruleMapWithoutResources {
|
||||
rule := rules[0]
|
||||
for _, mergeRule := range rules[1:] {
|
||||
rule.Resources = append(rule.Resources, mergeRule.Resources...)
|
||||
}
|
||||
|
||||
key := rule.key()
|
||||
ruleMap[key] = rule
|
||||
}
|
||||
|
||||
// deduplicate groups
|
||||
// 1. create map based on key without group
|
||||
ruleMapWithoutGroup := make(map[string][]*Rule)
|
||||
for _, rule := range ruleMap {
|
||||
// get key without Group
|
||||
key := rule.keyWithResourcesResourceNamesURLsVerbs()
|
||||
ruleMapWithoutGroup[key] = append(ruleMapWithoutGroup[key], rule)
|
||||
}
|
||||
// 2. merge to ruleMap
|
||||
ruleMap = make(map[ruleKey]*Rule)
|
||||
for _, rules := range ruleMapWithoutGroup {
|
||||
rule := rules[0]
|
||||
for _, mergeRule := range rules[1:] {
|
||||
rule.Groups = append(rule.Groups, mergeRule.Groups...)
|
||||
}
|
||||
key := rule.key()
|
||||
ruleMap[key] = rule
|
||||
}
|
||||
|
||||
// deduplicate URLs
|
||||
// 1. create map based on key without URLs
|
||||
ruleMapWithoutURLs := make(map[string][]*Rule)
|
||||
for _, rule := range ruleMap {
|
||||
// get key without Group
|
||||
key := rule.keyWitGroupResourcesResourceNamesVerbs()
|
||||
ruleMapWithoutURLs[key] = append(ruleMapWithoutURLs[key], rule)
|
||||
}
|
||||
// 2. merge to ruleMap
|
||||
ruleMap = make(map[ruleKey]*Rule)
|
||||
for _, rules := range ruleMapWithoutURLs {
|
||||
rule := rules[0]
|
||||
for _, mergeRule := range rules[1:] {
|
||||
rule.URLs = append(rule.URLs, mergeRule.URLs...)
|
||||
}
|
||||
key := rule.key()
|
||||
ruleMap[key] = rule
|
||||
}
|
||||
|
||||
// sort the Rules in rules according to their ruleKeys
|
||||
keys := make([]ruleKey, 0, len(ruleMap))
|
||||
for key := range ruleMap {
|
||||
@@ -210,14 +307,13 @@ func GenerateRoles(ctx *genall.GenerationContext, roleName string) ([]interface{
|
||||
var policyRules []rbacv1.PolicyRule
|
||||
for _, key := range keys {
|
||||
policyRules = append(policyRules, ruleMap[key].ToRule())
|
||||
|
||||
}
|
||||
return policyRules
|
||||
}
|
||||
|
||||
// collect all the namespaces and sort them
|
||||
var namespaces []string
|
||||
for ns := range rulesByNS {
|
||||
for ns := range rulesByNSResource {
|
||||
namespaces = append(namespaces, ns)
|
||||
}
|
||||
sort.Strings(namespaces)
|
||||
@@ -225,7 +321,7 @@ func GenerateRoles(ctx *genall.GenerationContext, roleName string) ([]interface{
|
||||
// process the items in rulesByNS by the order specified in `namespaces` to make sure that the Role order is stable
|
||||
var objs []interface{}
|
||||
for _, ns := range namespaces {
|
||||
rules := rulesByNS[ns]
|
||||
rules := rulesByNSResource[ns]
|
||||
policyRules := NormalizeRules(rules)
|
||||
if len(policyRules) == 0 {
|
||||
continue
|
||||
|
||||
Reference in New Issue
Block a user