Add more kubectl auth reconcile flags
Adds --remove-extra-permissions and --remove-extra-subjects Signed-off-by: Matt Rogers <mrogers@redhat.com>
This commit is contained in:
Matt Rogers
@@ -40,6 +40,8 @@ type ReconcileOptions struct {
|
|||||||
PrintFlags *genericclioptions.PrintFlags
|
PrintFlags *genericclioptions.PrintFlags
|
||||||
FilenameOptions *resource.FilenameOptions
|
FilenameOptions *resource.FilenameOptions
|
||||||
DryRun bool
|
DryRun bool
|
||||||
|
RemoveExtraPermissions bool
|
||||||
|
RemoveExtraSubjects bool
|
||||||
|
|
||||||
Visitor resource.Visitor
|
Visitor resource.Visitor
|
||||||
RBACClient rbacv1client.RbacV1Interface
|
RBACClient rbacv1client.RbacV1Interface
|
||||||
@@ -89,6 +91,8 @@ func NewCmdReconcile(f cmdutil.Factory, streams genericclioptions.IOStreams) *co
|
|||||||
|
|
||||||
cmdutil.AddFilenameOptionFlags(cmd, o.FilenameOptions, "identifying the resource to reconcile.")
|
cmdutil.AddFilenameOptionFlags(cmd, o.FilenameOptions, "identifying the resource to reconcile.")
|
||||||
cmd.Flags().BoolVar(&o.DryRun, "dry-run", o.DryRun, "If true, display results but do not submit changes")
|
cmd.Flags().BoolVar(&o.DryRun, "dry-run", o.DryRun, "If true, display results but do not submit changes")
|
||||||
|
cmd.Flags().BoolVar(&o.RemoveExtraPermissions, "remove-extra-permissions", o.RemoveExtraPermissions, "If true, removes extra permissions added to roles")
|
||||||
|
cmd.Flags().BoolVar(&o.RemoveExtraSubjects, "remove-extra-subjects", o.RemoveExtraSubjects, "If true, removes extra subjects added to rolebindings")
|
||||||
cmd.MarkFlagRequired("filename")
|
cmd.MarkFlagRequired("filename")
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
@@ -174,7 +178,7 @@ func (o *ReconcileOptions) RunReconcile() error {
|
|||||||
case *rbacv1.Role:
|
case *rbacv1.Role:
|
||||||
reconcileOptions := reconciliation.ReconcileRoleOptions{
|
reconcileOptions := reconciliation.ReconcileRoleOptions{
|
||||||
Confirm: !o.DryRun,
|
Confirm: !o.DryRun,
|
||||||
RemoveExtraPermissions: false,
|
RemoveExtraPermissions: o.RemoveExtraPermissions,
|
||||||
Role: reconciliation.RoleRuleOwner{Role: t},
|
Role: reconciliation.RoleRuleOwner{Role: t},
|
||||||
Client: reconciliation.RoleModifier{
|
Client: reconciliation.RoleModifier{
|
||||||
NamespaceClient: o.NamespaceClient.Namespaces(),
|
NamespaceClient: o.NamespaceClient.Namespaces(),
|
||||||
@@ -190,7 +194,7 @@ func (o *ReconcileOptions) RunReconcile() error {
|
|||||||
case *rbacv1.ClusterRole:
|
case *rbacv1.ClusterRole:
|
||||||
reconcileOptions := reconciliation.ReconcileRoleOptions{
|
reconcileOptions := reconciliation.ReconcileRoleOptions{
|
||||||
Confirm: !o.DryRun,
|
Confirm: !o.DryRun,
|
||||||
RemoveExtraPermissions: false,
|
RemoveExtraPermissions: o.RemoveExtraPermissions,
|
||||||
Role: reconciliation.ClusterRoleRuleOwner{ClusterRole: t},
|
Role: reconciliation.ClusterRoleRuleOwner{ClusterRole: t},
|
||||||
Client: reconciliation.ClusterRoleModifier{
|
Client: reconciliation.ClusterRoleModifier{
|
||||||
Client: o.RBACClient.ClusterRoles(),
|
Client: o.RBACClient.ClusterRoles(),
|
||||||
@@ -205,7 +209,7 @@ func (o *ReconcileOptions) RunReconcile() error {
|
|||||||
case *rbacv1.RoleBinding:
|
case *rbacv1.RoleBinding:
|
||||||
reconcileOptions := reconciliation.ReconcileRoleBindingOptions{
|
reconcileOptions := reconciliation.ReconcileRoleBindingOptions{
|
||||||
Confirm: !o.DryRun,
|
Confirm: !o.DryRun,
|
||||||
RemoveExtraSubjects: false,
|
RemoveExtraSubjects: o.RemoveExtraSubjects,
|
||||||
RoleBinding: reconciliation.RoleBindingAdapter{RoleBinding: t},
|
RoleBinding: reconciliation.RoleBindingAdapter{RoleBinding: t},
|
||||||
Client: reconciliation.RoleBindingClientAdapter{
|
Client: reconciliation.RoleBindingClientAdapter{
|
||||||
Client: o.RBACClient,
|
Client: o.RBACClient,
|
||||||
@@ -221,7 +225,7 @@ func (o *ReconcileOptions) RunReconcile() error {
|
|||||||
case *rbacv1.ClusterRoleBinding:
|
case *rbacv1.ClusterRoleBinding:
|
||||||
reconcileOptions := reconciliation.ReconcileRoleBindingOptions{
|
reconcileOptions := reconciliation.ReconcileRoleBindingOptions{
|
||||||
Confirm: !o.DryRun,
|
Confirm: !o.DryRun,
|
||||||
RemoveExtraSubjects: false,
|
RemoveExtraSubjects: o.RemoveExtraSubjects,
|
||||||
RoleBinding: reconciliation.ClusterRoleBindingAdapter{ClusterRoleBinding: t},
|
RoleBinding: reconciliation.ClusterRoleBindingAdapter{ClusterRoleBinding: t},
|
||||||
Client: reconciliation.ClusterRoleBindingClientAdapter{
|
Client: reconciliation.ClusterRoleBindingClientAdapter{
|
||||||
Client: o.RBACClient.ClusterRoleBindings(),
|
Client: o.RBACClient.ClusterRoleBindings(),
|
||||||
|
|||||||
Reference in New Issue
Block a user