"Rules to PolicyRules"의 두 판 사이의 차이

2024년 2월 2일 (금) 11:25 기준 최신판

1 개요[ | ]

Role to PolicyRole

2 목표[ | ]

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: hello
rules:
- apiGroups: [""]
  resources: ["pods", "pods/log"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
  resourceNames: ["kube-scheduler"]
  resources: ["leases"]
  verbs: ["get", "update"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]

$ kubectl describe clusterrole hello
Name:         hello
Labels:       <none>
Annotations:  <none>
PolicyRule:
  Resources                   Non-Resource URLs  Resource Names    Verbs
  ---------                   -----------------  --------------    -----
  pods/log                    []                 []                [get list watch]
  pods                        []                 []                [get list watch]
  leases.coordination.k8s.io  []                 [kube-scheduler]  [get update]
                              [/metrics]         []                [get]

3 Go 코드[ | ]

package main

import (
	"fmt"

	"gopkg.in/yaml.v3"
)

var data string = `apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: hello
rules:
- apiGroups: [""]
  resources: ["pods", "pods/log"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
  resourceNames: ["kube-scheduler"]
  resources: ["leases"]
  verbs: ["get", "update"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]`

type Role struct {
	ApiVersion string   `yaml:"apiVersion"`
	Kind       string   `yaml:"kind"`
	Metadata   Metadata `yaml:"metadata"`
	Rules      []Rule   `yaml:"rules"`
}

type Metadata struct {
	Name string `yaml:"name"`
}

type Rule struct {
	APIGroups       []string `yaml:"apiGroups"`
	NonResourceURLs []string `yaml:"nonResourceURLs"`
	Resources       []string `yaml:"resources"`
	ResourceNames   []string `yaml:"resourceNames"`
	Verbs           []string `yaml:"verbs"`
}

type PolicyRule struct {
	Resources       string
	NonResourceURLs []string
	ResourceNames   []string
	Verbs           []string
}

func main() {
	var role Role
	yaml.Unmarshal([]byte(data), &role)

	policyRules := []PolicyRule{}
	for _, r := range role.Rules {
		if len(r.APIGroups) == 0 {
			policyRules = append(policyRules, PolicyRule{
				Resources:       "",
				NonResourceURLs: r.NonResourceURLs,
				ResourceNames:   r.ResourceNames,
				Verbs:           r.Verbs,
			})
			continue
		}
		for _, apiGroup := range r.APIGroups {
			var suffix = ""
			if len(apiGroup) > 0 {
				suffix = "." + apiGroup
			}
			for _, resource := range r.Resources {
				policyRules = append(policyRules, PolicyRule{
					Resources:       resource + suffix,
					NonResourceURLs: r.NonResourceURLs,
					ResourceNames:   r.ResourceNames,
					Verbs:           r.Verbs,
				})
			}
		}
	}

	for _, pr := range policyRules {
		fmt.Printf("%v\n", pr)
	}
}