mirror of
https://github.com/projectcapsule/capsule.git
synced 2026-05-16 22:36:36 +00:00
730151cb44
* chore: improve dev targets Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(controller): implement deterministic rolebinding reflection Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(controller): capsule users are determined from configuration status Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(tenantowners): added agreggate option - tenantowners are always considered capsule users Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(tenantowner): add implicit aggregation for tenants Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore: remove helm flags Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * fix(config): remove usergroups default Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> --------- Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
46 lines
941 B
Go
46 lines
941 B
Go
// Copyright 2020-2025 Project Capsule Authors
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package api
|
|
|
|
import (
|
|
"strings"
|
|
|
|
rbacv1 "k8s.io/api/rbac/v1"
|
|
)
|
|
|
|
// +kubebuilder:validation:Enum=User;Group;ServiceAccount
|
|
type UserKind string
|
|
|
|
func (k UserKind) String() string {
|
|
return string(k)
|
|
}
|
|
|
|
// +kubebuilder:object:generate=true
|
|
type UserSpec struct {
|
|
// Kind of entity. Possible values are "User", "Group", and "ServiceAccount"
|
|
Kind OwnerKind `json:"kind"`
|
|
// Name of the entity.
|
|
Name string `json:"name"`
|
|
}
|
|
|
|
func (u UserSpec) Subject() (subject rbacv1.Subject) {
|
|
if u.Kind == ServiceAccountOwner {
|
|
splitName := strings.Split(u.Name, ":")
|
|
|
|
subject = rbacv1.Subject{
|
|
Kind: u.Kind.String(),
|
|
Name: splitName[len(splitName)-1],
|
|
Namespace: splitName[len(splitName)-2],
|
|
}
|
|
} else {
|
|
subject = rbacv1.Subject{
|
|
APIGroup: rbacv1.GroupName,
|
|
Kind: u.Kind.String(),
|
|
Name: u.Name,
|
|
}
|
|
}
|
|
|
|
return subject
|
|
}
|