Merge pull request #514 from AdiZav/clusterrolebinding

Allow creating ClusterRoleBinding with parameters, and adding rules to ClusterRoles

Author: rnetser

ocp_resources/cluster_role.py

@@ -33,19 +33,44 @@ def __init__(
         self.api_groups = api_groups
         self.permissions_to_resources = permissions_to_resources
         self.verbs = verbs
+        self.desired_state = {"rules": []}
 
     def to_dict(self):
-        res = super().to_dict()
+        self.res = super().to_dict()
         if self.yaml_file:
-            return res
+            return self.res
 
-        rules = {}
-        if self.api_groups:
-            rules["apiGroups"] = self.api_groups
         if self.permissions_to_resources:
-            rules["resources"] = self.permissions_to_resources
-        if self.verbs:
-            rules["verbs"] = self.verbs
-        if rules:
-            res["rules"] = [rules]
-        return res
+            self.add_rule(
+                api_groups=self.api_groups,
+                permissions_to_resources=self.permissions_to_resources,
+                verbs=self.verbs,
+            )
+
+        return self.res
+
+    def add_rule(
+        self,
+        api_groups=None,
+        permissions_to_resources=None,
+        verbs=None,
+    ):
+        if not self.res:
+            self.res = super().to_dict()
+
+        rule = {}
+        if api_groups:
+            rule["apiGroups"] = api_groups
+        if permissions_to_resources:
+            rule["resources"] = permissions_to_resources
+        if verbs:
+            rule["verbs"] = verbs
+        if rule:
+            self._set_rule(rule=rule)
+
+        return self.res
+
+    def _set_rule(self, rule):
+
+        self.desired_state["rules"].append(rule)
+        self.res["rules"] = self.desired_state["rules"]

ocp_resources/cluster_role_binding.py

@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 
+from ocp_resources.cluster_role import ClusterRole
 from ocp_resources.resource import Resource
 
 
@@ -9,3 +10,28 @@ class ClusterRoleBinding(Resource):
     """
 
     api_group = Resource.ApiGroup.RBAC_AUTHORIZATION_K8S_IO
+
+    def __init__(
+        self,
+        name=None,
+        cluster_role=None,
+        subjects=None,
+    ):
+        super().__init__(name=name)
+        self.cluster_role = cluster_role
+        self.subjects = subjects
+
+    def to_dict(self):
+        self.res = super().to_dict()
+
+        self.res.setdefault("roleRef", {})
+        self.res["roleRef"] = {
+            "apiGroup": self.api_group,
+            "kind": ClusterRole.kind,
+            "name": self.cluster_role,
+        }
+
+        if self.subjects:
+            self.res.setdefault("subjects", self.subjects)
+
+        return self.res

ocp_resources/node_network_configuration_policy.py

@@ -106,7 +106,6 @@ def __init__(
         self.set_ipv6 = set_ipv6
         self.success_timeout = success_timeout
         self.max_unavailable = max_unavailable
-        self.res = None
         self.ipv4_ports_backup_dict = {}
         self.ipv6_ports_backup_dict = {}
         self.nodes = self._nodes()

ocp_resources/resource.py

@@ -330,6 +330,7 @@ class ApiGroup:
         SSP_KUBEVIRT_IO = "ssp.kubevirt.io"
         STORAGE_K8S_IO = "storage.k8s.io"
         STORAGECLASS_KUBERNETES_IO = "storageclass.kubernetes.io"
+        SUBRESOURCES_KUBEVIRT_IO = "subresources.kubevirt.io"
         TEKTON_TASKS_KUBEVIRT_IO = "tektontasks.kubevirt.io"
         TEMPLATE_KUBEVIRT_IO = "template.kubevirt.io"
         TEMPLATE_OPENSHIFT_IO = "template.openshift.io"
@@ -400,6 +401,7 @@ def __init__(
         self.node_selector = node_selector
         self.node_selector_labels = node_selector_labels
         self.node_selector_spec = self._prepare_node_selector_spec()
+        self.res = None
 
     def _prepare_node_selector_spec(self):
         if self.node_selector: