feat: add dynamic capsule user evaluation (#1811)

* chore: improve dev targets Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(controller): implement deterministic rolebinding reflection Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(controller): capsule users are determined from configuration status Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(tenantowners): added agreggate option - tenantowners are always considered capsule users Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(tenantowner): add implicit aggregation for tenants Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: remove helm flags Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * fix(config): remove usergroups default Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> --------- Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
2026-02-14 18:09:58 +00:00 · 2025-12-31 11:37:30 +01:00
parent bbbb9a2aa1
commit 730151cb44
44 changed files with 1441 additions and 290 deletions
--- a/pkg/utils/hashes.go
+++ b/pkg/utils/hashes.go
@@ -0,0 +1,23 @@
+// Copyright 2020-2025 Project Capsule Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package utils
+
+import (
+	"fmt"
+	"hash/fnv"
+
+	"github.com/projectcapsule/capsule/pkg/api"
+)
+
+func RoleBindingHashFunc(binding api.AdditionalRoleBindingsSpec) string {
+	h := fnv.New64a()
+
+	_, _ = h.Write([]byte(binding.ClusterRoleName))
+
+	for _, sub := range binding.Subjects {
+		_, _ = h.Write([]byte(sub.Kind + sub.Name))
+	}
+
+	return fmt.Sprintf("%x", h.Sum64())
+}