위키
포럼
도구
바뀐글
랜덤

Rules to PolicyRules

Jmnote (토론 | 기여)님의 2024년 2월 2일 (금) 11:09 판 (새 문서: ==개요== ;Role to PolicyRole ==목표== <syntaxhighlight lang='yaml'> apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: hello rules: - apiGroups: [""]...)
(차이) ← 이전 판 | 최신판 (차이) | 다음 판 → (차이)

1 개요

Role to PolicyRole

2 목표

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: hello
rules:
- apiGroups: [""]
  resources: ["pods", "pods/log"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
  resourceNames: ["kube-scheduler"]
  resources: ["leases"]
  verbs: ["get", "update"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]

$ kubectl describe clusterrole hello
Name:         hello
Labels:       <none>
Annotations:  <none>
PolicyRule:
  Resources                   Non-Resource URLs  Resource Names    Verbs
  ---------                   -----------------  --------------    -----
  pods/log                    []                 []                [get list watch]
  pods                        []                 []                [get list watch]
  leases.coordination.k8s.io  []                 [kube-scheduler]  [get update]
                              [/metrics]         []                [get]

3 Go 코드

package main

import (
	"fmt"

	"gopkg.in/yaml.v3"
)

var data string = `apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: hello
rules:
- apiGroups: [""]
  resources: ["pods", "pods/log"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
  resourceNames: ["kube-scheduler"]
  resources: ["leases"]
  verbs: ["get", "update"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]`

type Role struct {
	ApiVersion string   `yaml:"apiVersion"`
	Kind       string   `yaml:"kind"`
	Metadata   Metadata `yaml:"metadata"`
	Rules      []Rule   `yaml:"rules"`
}

type Metadata struct {
	Name string `yaml:"name"`
}

type Rule struct {
	APIGroups       []string `yaml:"apiGroups"`
	NonResourceURLs []string `yaml:"nonResourceURLs "`
	Resources       []string `yaml:"resources"`
	ResourceNames   []string `yaml:"resourceNames"`
	Verbs           []string `yaml:"verbs"`
}

type PolicyRule struct {
	Resources       string
	NonResourceURLs []string
	ResourceNames   []string
	Verbs           []string
}

func main() {
	var role Role
	yaml.Unmarshal([]byte(data), &role)

	policyRules := []PolicyRule{}
	for _, r := range role.Rules {
		if len(r.APIGroups) == 0 {
			policyRules = append(policyRules, PolicyRule{
				Resources:       "",
				NonResourceURLs: r.NonResourceURLs,
				ResourceNames:   r.ResourceNames,
				Verbs:           r.Verbs,
			})
			continue
		}
		for _, apiGroup := range r.APIGroups {
			var postfix = ""
			if len(apiGroup) > 0 {
				postfix += "." + apiGroup
			}
			for _, resource := range r.Resources {
				policyRules = append(policyRules, PolicyRule{
					Resources:       resource + postfix,
					NonResourceURLs: r.NonResourceURLs,
					ResourceNames:   r.ResourceNames,
					Verbs:           r.Verbs,
				})
			}
		}
	}

	for _, pr := range policyRules {
		fmt.Printf("%v\n", pr)
	}
}
원본 주소 "https://zetawiki.com/w/index.php?title=Rules_to_PolicyRules&oldid=893084"
문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}