Merge pull request #64541 from mrogers950/additive-flag
Automatic merge from submit-queue (batch tested with PRs 63580, 63744, 64541, 64502, 64100). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add more kubectl auth reconcile flags ```release-note The --remove-extra-subjects and --remove-extra-permissions flags have been enabled for kubectl auth reconcile ``` /assign @deads2k cc @enj @juanvallejo
This commit is contained in:
Kubernetes Submit Queue
@@ -37,9 +37,11 @@ import (
|
|||||||
// ReconcileOptions is the start of the data required to perform the operation. As new fields are added, add them here instead of
|
// ReconcileOptions is the start of the data required to perform the operation. As new fields are added, add them here instead of
|
||||||
// referencing the cmd.Flags()
|
// referencing the cmd.Flags()
|
||||||
type ReconcileOptions struct {
|
type ReconcileOptions struct {
|
||||||
PrintFlags *genericclioptions.PrintFlags
|
PrintFlags *genericclioptions.PrintFlags
|
||||||
FilenameOptions *resource.FilenameOptions
|
FilenameOptions *resource.FilenameOptions
|
||||||
DryRun bool
|
DryRun bool
|
||||||
|
RemoveExtraPermissions bool
|
||||||
|
RemoveExtraSubjects bool
|
||||||
|
|
||||||
Visitor resource.Visitor
|
Visitor resource.Visitor
|
||||||
RBACClient rbacv1client.RbacV1Interface
|
RBACClient rbacv1client.RbacV1Interface
|
||||||
@@ -89,6 +91,8 @@ func NewCmdReconcile(f cmdutil.Factory, streams genericclioptions.IOStreams) *co
|
|||||||
|
|
||||||
cmdutil.AddFilenameOptionFlags(cmd, o.FilenameOptions, "identifying the resource to reconcile.")
|
cmdutil.AddFilenameOptionFlags(cmd, o.FilenameOptions, "identifying the resource to reconcile.")
|
||||||
cmd.Flags().BoolVar(&o.DryRun, "dry-run", o.DryRun, "If true, display results but do not submit changes")
|
cmd.Flags().BoolVar(&o.DryRun, "dry-run", o.DryRun, "If true, display results but do not submit changes")
|
||||||
|
cmd.Flags().BoolVar(&o.RemoveExtraPermissions, "remove-extra-permissions", o.RemoveExtraPermissions, "If true, removes extra permissions added to roles")
|
||||||
|
cmd.Flags().BoolVar(&o.RemoveExtraSubjects, "remove-extra-subjects", o.RemoveExtraSubjects, "If true, removes extra subjects added to rolebindings")
|
||||||
cmd.MarkFlagRequired("filename")
|
cmd.MarkFlagRequired("filename")
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
@@ -174,7 +178,7 @@ func (o *ReconcileOptions) RunReconcile() error {
|
|||||||
case *rbacv1.Role:
|
case *rbacv1.Role:
|
||||||
reconcileOptions := reconciliation.ReconcileRoleOptions{
|
reconcileOptions := reconciliation.ReconcileRoleOptions{
|
||||||
Confirm: !o.DryRun,
|
Confirm: !o.DryRun,
|
||||||
RemoveExtraPermissions: false,
|
RemoveExtraPermissions: o.RemoveExtraPermissions,
|
||||||
Role: reconciliation.RoleRuleOwner{Role: t},
|
Role: reconciliation.RoleRuleOwner{Role: t},
|
||||||
Client: reconciliation.RoleModifier{
|
Client: reconciliation.RoleModifier{
|
||||||
NamespaceClient: o.NamespaceClient.Namespaces(),
|
NamespaceClient: o.NamespaceClient.Namespaces(),
|
||||||
@@ -190,7 +194,7 @@ func (o *ReconcileOptions) RunReconcile() error {
|
|||||||
case *rbacv1.ClusterRole:
|
case *rbacv1.ClusterRole:
|
||||||
reconcileOptions := reconciliation.ReconcileRoleOptions{
|
reconcileOptions := reconciliation.ReconcileRoleOptions{
|
||||||
Confirm: !o.DryRun,
|
Confirm: !o.DryRun,
|
||||||
RemoveExtraPermissions: false,
|
RemoveExtraPermissions: o.RemoveExtraPermissions,
|
||||||
Role: reconciliation.ClusterRoleRuleOwner{ClusterRole: t},
|
Role: reconciliation.ClusterRoleRuleOwner{ClusterRole: t},
|
||||||
Client: reconciliation.ClusterRoleModifier{
|
Client: reconciliation.ClusterRoleModifier{
|
||||||
Client: o.RBACClient.ClusterRoles(),
|
Client: o.RBACClient.ClusterRoles(),
|
||||||
@@ -205,7 +209,7 @@ func (o *ReconcileOptions) RunReconcile() error {
|
|||||||
case *rbacv1.RoleBinding:
|
case *rbacv1.RoleBinding:
|
||||||
reconcileOptions := reconciliation.ReconcileRoleBindingOptions{
|
reconcileOptions := reconciliation.ReconcileRoleBindingOptions{
|
||||||
Confirm: !o.DryRun,
|
Confirm: !o.DryRun,
|
||||||
RemoveExtraSubjects: false,
|
RemoveExtraSubjects: o.RemoveExtraSubjects,
|
||||||
RoleBinding: reconciliation.RoleBindingAdapter{RoleBinding: t},
|
RoleBinding: reconciliation.RoleBindingAdapter{RoleBinding: t},
|
||||||
Client: reconciliation.RoleBindingClientAdapter{
|
Client: reconciliation.RoleBindingClientAdapter{
|
||||||
Client: o.RBACClient,
|
Client: o.RBACClient,
|
||||||
@@ -221,7 +225,7 @@ func (o *ReconcileOptions) RunReconcile() error {
|
|||||||
case *rbacv1.ClusterRoleBinding:
|
case *rbacv1.ClusterRoleBinding:
|
||||||
reconcileOptions := reconciliation.ReconcileRoleBindingOptions{
|
reconcileOptions := reconciliation.ReconcileRoleBindingOptions{
|
||||||
Confirm: !o.DryRun,
|
Confirm: !o.DryRun,
|
||||||
RemoveExtraSubjects: false,
|
RemoveExtraSubjects: o.RemoveExtraSubjects,
|
||||||
RoleBinding: reconciliation.ClusterRoleBindingAdapter{ClusterRoleBinding: t},
|
RoleBinding: reconciliation.ClusterRoleBindingAdapter{ClusterRoleBinding: t},
|
||||||
Client: reconciliation.ClusterRoleBindingClientAdapter{
|
Client: reconciliation.ClusterRoleBindingClientAdapter{
|
||||||
Client: o.RBACClient.ClusterRoleBindings(),
|
Client: o.RBACClient.ClusterRoleBindings(),
|
||||||
|
|||||||
Reference in New Issue
Block a user