-
Notifications
You must be signed in to change notification settings - Fork 39.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added kubectl create clusterrole
command.
#41538
Conversation
Hi @xingzhou. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
||
// Remove duplicate verbs. | ||
verbs := []string{} | ||
for _, v := range c.Verbs { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you factor out some of this duplicate logic from the two commands?
|
||
clusterRole := &rbac.ClusterRole{} | ||
|
||
// Create separate rule for each of the api group. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Creating the resource policy rules should be common code between create role and create cluster role.
} | ||
|
||
// Split verbs to resource verbs and non-resource verbs | ||
resourceVerbs, nonResourceVerbs := []string{}, []string{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you aren't going to be able to distinguish
cmd.Flags().StringSliceVar(&c.Verbs, "verb", []string{}, "verb that applies to the resources contained in the rule") | ||
cmd.Flags().StringSlice("resource", []string{}, "resource that the rule applies to") | ||
cmd.Flags().StringSliceVar(&c.ResourceNames, "resource-name", []string{}, "resource in the white list that the rule applies to") | ||
cmd.Flags().StringSliceVar(&c.NonResourceURLs, "non-resource-url", []string{}, "non-resource URL is a partial URL that a user should have access to") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thinking about this, I suspect we actually want to defer this option until later. We may even say its only on the set
command. The vast majority of usage is interested in resource access.
I think narrowing the scope and DRYing it out a little bit will make this work out nicely. |
cc @kubernetes/sig-cli-pr-reviews |
David, I understand that we want to keep |
Yes, I think we will want to add it, but we need to consider how it interacts with things like verbs. I think from a structure perspective, you could build the resource rules in a common fashion and then later add the non-resource rules, so we aren't boxed into a corner either way. |
} | ||
|
||
func (c *CreateClusterRoleOptions) RunCreateClusterRole(f cmdutil.Factory, cmdOut io.Writer, cmd *cobra.Command, args []string) error { | ||
mapper, _ := f.Object() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually I would not expect to depends on cobra on the run logical.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@adohe, any code patterns need to follow here? extract the arguments from cmd object and pass them in as parameters? wonder any examples in current commands
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@adohe, any code patterns need to follow here? extract the arguments from cmd object and pass them in as parameters? wonder any examples in current commands
I missed this. Yeah, Complete
should gather this and set it in the options.
50122a5
to
adb298b
Compare
Have removed |
/approve |
return cmd | ||
} | ||
|
||
func (c *CreateClusterRoleOptions) RunCreateRole(f cmdutil.Factory, cmdOut io.Writer, cmd *cobra.Command, args []string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As @adohe pointed out. Don't pass arguments here. Instead, use Complete
to gather the bits you need and store the on your options.
Added `kubectl create clusterrole` command.
adb298b
to
433941f
Compare
Have tried to move all the parameters from |
@@ -50,20 +53,30 @@ type CreateRoleOptions struct { | |||
Verbs []string | |||
Resources []schema.GroupVersionResource | |||
ResourceNames []string | |||
|
|||
DryRun bool | |||
OutputFormat string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At some point, I think we'll need to start wrapping this logic inside of the PrintObject
function. You don't need to mess with it here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, those are just common command options, not specific to this one. Do we have plan now, please let me know if I can help, thanks!
/lgtm |
[APPROVALNOTIFIER] This PR is NOT APPROVED The following people have approved this PR: deads2k, xingzhou Needs approval from an approver in each of these OWNERS Files:
We suggest the following people: |
@k8s-bot gci gce e2e test this |
Automatic merge from submit-queue (batch tested with PRs 41146, 41486, 41482, 41538, 41784) |
Added
kubectl create clusterrole
command.Fixed part of #39596
Special notes for your reviewer:
@deads2k, please help to review this patch, thanks
Release note: