mirror of
https://github.com/cloudnative-pg/plugin-barman-cloud.git
synced 2026-01-11 21:23:12 +01:00
1be34fe13e
Adopt the new attribution information for contributions to CloudNativePG: ``` Copyright © contributors to CloudNativePG, established as CloudNativePG a Series of LF Projects, LLC. ``` Adopt the SPDX format for Apache License 2.0 Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com> Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com> Co-authored-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
134 lines
3.0 KiB
Go
134 lines
3.0 KiB
Go
/*
|
|
Copyright © contributors to CloudNativePG, established as
|
|
CloudNativePG a Series of LF Projects, LLC.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
|
|
SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
package specs
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
cnpgv1 "github.com/cloudnative-pg/cloudnative-pg/api/v1"
|
|
"github.com/cloudnative-pg/machinery/pkg/stringset"
|
|
rbacv1 "k8s.io/api/rbac/v1"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
|
|
barmancloudv1 "github.com/cloudnative-pg/plugin-barman-cloud/api/v1"
|
|
)
|
|
|
|
// BuildRole builds the Role object for this cluster
|
|
func BuildRole(
|
|
cluster *cnpgv1.Cluster,
|
|
barmanObjects []barmancloudv1.ObjectStore,
|
|
) *rbacv1.Role {
|
|
role := &rbacv1.Role{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Namespace: cluster.Namespace,
|
|
Name: GetRBACName(cluster.Name),
|
|
},
|
|
|
|
Rules: []rbacv1.PolicyRule{},
|
|
}
|
|
|
|
secretsSet := stringset.New()
|
|
barmanObjectsSet := stringset.New()
|
|
|
|
for _, barmanObject := range barmanObjects {
|
|
barmanObjectsSet.Put(barmanObject.Name)
|
|
for _, secret := range CollectSecretNamesFromCredentials(&barmanObject.Spec.Configuration.BarmanCredentials) {
|
|
secretsSet.Put(secret)
|
|
}
|
|
}
|
|
|
|
role.Rules = append(
|
|
role.Rules,
|
|
rbacv1.PolicyRule{
|
|
APIGroups: []string{
|
|
"barmancloud.cnpg.io",
|
|
},
|
|
Verbs: []string{
|
|
"get",
|
|
"watch",
|
|
"list",
|
|
},
|
|
Resources: []string{
|
|
"objectstores",
|
|
},
|
|
ResourceNames: barmanObjectsSet.ToSortedList(),
|
|
},
|
|
rbacv1.PolicyRule{
|
|
APIGroups: []string{
|
|
"barmancloud.cnpg.io",
|
|
},
|
|
Verbs: []string{
|
|
"update",
|
|
},
|
|
Resources: []string{
|
|
"objectstores/status",
|
|
},
|
|
ResourceNames: barmanObjectsSet.ToSortedList(),
|
|
},
|
|
rbacv1.PolicyRule{
|
|
APIGroups: []string{
|
|
"",
|
|
},
|
|
Resources: []string{
|
|
"secrets",
|
|
},
|
|
Verbs: []string{
|
|
"get",
|
|
"watch",
|
|
"list",
|
|
},
|
|
ResourceNames: secretsSet.ToSortedList(),
|
|
},
|
|
)
|
|
|
|
return role
|
|
}
|
|
|
|
// BuildRoleBinding builds the role binding object for this cluster
|
|
func BuildRoleBinding(
|
|
cluster *cnpgv1.Cluster,
|
|
) *rbacv1.RoleBinding {
|
|
return &rbacv1.RoleBinding{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Namespace: cluster.Namespace,
|
|
Name: GetRBACName(cluster.Name),
|
|
},
|
|
Subjects: []rbacv1.Subject{
|
|
{
|
|
Kind: "ServiceAccount",
|
|
APIGroup: "",
|
|
Name: cluster.Name,
|
|
Namespace: cluster.Namespace,
|
|
},
|
|
},
|
|
RoleRef: rbacv1.RoleRef{
|
|
APIGroup: "rbac.authorization.k8s.io",
|
|
Kind: "Role",
|
|
Name: GetRBACName(cluster.Name),
|
|
},
|
|
}
|
|
}
|
|
|
|
// GetRBACName returns the name of the RBAC entities for the
|
|
// barman cloud plugin
|
|
func GetRBACName(clusterName string) string {
|
|
return fmt.Sprintf("%s-barman-cloud", clusterName)
|
|
}
|