Added kubectl create clusterrole command.
#41538
Conversation
|
Hi @xingzhou. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
the
cncf-cla: yes
|
This change is |
k8s-github-robot
added
kind/old-docs
size/XL
|
|
||
| // Remove duplicate verbs. | ||
| verbs := []string{} | ||
| for _, v := range c.Verbs { |
There was a problem hiding this comment.
Can you factor out some of this duplicate logic from the two commands?
|
|
||
| clusterRole := &rbac.ClusterRole{} | ||
|
|
||
| // Create separate rule for each of the api group. |
There was a problem hiding this comment.
Creating the resource policy rules should be common code between create role and create cluster role.
| } | ||
|
|
||
| // Split verbs to resource verbs and non-resource verbs | ||
| resourceVerbs, nonResourceVerbs := []string{}, []string{} |
There was a problem hiding this comment.
you aren't going to be able to distinguish
| cmd.Flags().StringSliceVar(&c.Verbs, "verb", []string{}, "verb that applies to the resources contained in the rule") | ||
| cmd.Flags().StringSlice("resource", []string{}, "resource that the rule applies to") | ||
| cmd.Flags().StringSliceVar(&c.ResourceNames, "resource-name", []string{}, "resource in the white list that the rule applies to") | ||
| cmd.Flags().StringSliceVar(&c.NonResourceURLs, "non-resource-url", []string{}, "non-resource URL is a partial URL that a user should have access to") |
There was a problem hiding this comment.
Thinking about this, I suspect we actually want to defer this option until later. We may even say its only on the set command. The vast majority of usage is interested in resource access.
|
I think narrowing the scope and DRYing it out a little bit will make this work out nicely. |
|
cc @kubernetes/sig-cli-pr-reviews |
|
David, I understand that we want to keep |
Yes, I think we will want to add it, but we need to consider how it interacts with things like verbs. I think from a structure perspective, you could build the resource rules in a common fashion and then later add the non-resource rules, so we aren't boxed into a corner either way. |
| } | ||
|
|
||
| func (c *CreateClusterRoleOptions) RunCreateClusterRole(f cmdutil.Factory, cmdOut io.Writer, cmd *cobra.Command, args []string) error { | ||
| mapper, _ := f.Object() |
There was a problem hiding this comment.
actually I would not expect to depends on cobra on the run logical.
There was a problem hiding this comment.
@adohe, any code patterns need to follow here? extract the arguments from cmd object and pass them in as parameters? wonder any examples in current commands
There was a problem hiding this comment.
@adohe, any code patterns need to follow here? extract the arguments from cmd object and pass them in as parameters? wonder any examples in current commands
I missed this. Yeah, Complete should gather this and set it in the options.
k8s-github-robot
added
the
needs-rebase
xingzhou
force-pushed
the
clusterrole
branch
from
50122a5
to
adb298b
Compare
k8s-github-robot
added
size/L
|
Have removed |
|
/approve |
k8s-ci-robot
added
the
lgtm
deads2k
removed
the
lgtm
| return cmd | ||
| } | ||
|
|
||
| func (c *CreateClusterRoleOptions) RunCreateRole(f cmdutil.Factory, cmdOut io.Writer, cmd *cobra.Command, args []string) error { |
There was a problem hiding this comment.
As @adohe pointed out. Don't pass arguments here. Instead, use Complete to gather the bits you need and store the on your options.
Added `kubectl create clusterrole` command.
xingzhou
force-pushed
the
clusterrole
branch
from
adb298b
to
433941f
Compare
|
Have tried to move all the parameters from |
| @@ -50,20 +53,30 @@ type CreateRoleOptions struct { | |||
| Verbs []string | |||
| Resources []schema.GroupVersionResource | |||
| ResourceNames []string | |||
|
|
|||
| DryRun bool | |||
| OutputFormat string | |||
There was a problem hiding this comment.
At some point, I think we'll need to start wrapping this logic inside of the PrintObject function. You don't need to mess with it here.
There was a problem hiding this comment.
I agree, those are just common command options, not specific to this one. Do we have plan now, please let me know if I can help, thanks!
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is NOT APPROVED The following people have approved this PR: deads2k, xingzhou Needs approval from an approver in each of these OWNERS Files:
We suggest the following people: |
deads2k
added
the
approved
|
@k8s-bot gci gce e2e test this |
|
Automatic merge from submit-queue (batch tested with PRs 41146, 41486, 41482, 41538, 41784) |
Added
kubectl create clusterrolecommand.Fixed part of #39596
Special notes for your reviewer:
@deads2k, please help to review this patch, thanks
Release note: