From fee0d43d23f594647045a8a2dc2d3bd944f42bae Mon Sep 17 00:00:00 2001 From: Kobayashi Daisuke Date: Fri, 10 Jan 2020 11:22:05 +0900 Subject: [PATCH] fix golint error in pkg/apis/rbac --- hack/.golint_failures | 1 - pkg/apis/rbac/helpers.go | 31 +++++++++++++++++++++++++++---- pkg/apis/rbac/register.go | 2 ++ pkg/apis/rbac/types.go | 1 + 4 files changed, 30 insertions(+), 5 deletions(-) diff --git a/hack/.golint_failures b/hack/.golint_failures index 2a0c3beea1c..7ca3f17f9a0 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -37,7 +37,6 @@ pkg/apis/flowcontrol/v1alpha1 pkg/apis/networking/v1 pkg/apis/node/v1alpha1 pkg/apis/policy/v1beta1 -pkg/apis/rbac pkg/apis/rbac/v1 pkg/apis/rbac/v1alpha1 pkg/apis/rbac/v1beta1 diff --git a/pkg/apis/rbac/helpers.go b/pkg/apis/rbac/helpers.go index b7b4b78c819..90c7e02e63c 100644 --- a/pkg/apis/rbac/helpers.go +++ b/pkg/apis/rbac/helpers.go @@ -24,6 +24,7 @@ import ( "k8s.io/apimachinery/pkg/util/sets" ) +// ResourceMatches returns the result of the rule.Resaurces matching. func ResourceMatches(rule *PolicyRule, combinedRequestedResource, requestedSubresource string) bool { for _, ruleResource := range rule.Resources { // if everything is allowed, we match @@ -52,7 +53,7 @@ func ResourceMatches(rule *PolicyRule, combinedRequestedResource, requestedSubre return false } -// subjectsStrings returns users, groups, serviceaccounts, unknown for display purposes. +// SubjectsStrings returns users, groups, serviceaccounts, unknown for display purposes. func SubjectsStrings(subjects []Subject) ([]string, []string, []string, []string) { users := []string{} groups := []string{} @@ -110,40 +111,46 @@ func (r PolicyRule) CompactString() string { return fmt.Sprintf(formatString, formatArgs...) } -// +k8s:deepcopy-gen=false // PolicyRuleBuilder let's us attach methods. A no-no for API types. // We use it to construct rules in code. It's more compact than trying to write them // out in a literal and allows us to perform some basic checking during construction +// +k8s:deepcopy-gen=false type PolicyRuleBuilder struct { PolicyRule PolicyRule } +// NewRule returns new PolicyRule made by input verbs. func NewRule(verbs ...string) *PolicyRuleBuilder { return &PolicyRuleBuilder{ PolicyRule: PolicyRule{Verbs: sets.NewString(verbs...).List()}, } } +// Groups combines the PolicyRule.APIGroups and input groups. func (r *PolicyRuleBuilder) Groups(groups ...string) *PolicyRuleBuilder { r.PolicyRule.APIGroups = combine(r.PolicyRule.APIGroups, groups) return r } +// Resources combines the PolicyRule.Rule and input resources. func (r *PolicyRuleBuilder) Resources(resources ...string) *PolicyRuleBuilder { r.PolicyRule.Resources = combine(r.PolicyRule.Resources, resources) return r } +// Names combines the PolicyRule.ResourceNames and input names. func (r *PolicyRuleBuilder) Names(names ...string) *PolicyRuleBuilder { r.PolicyRule.ResourceNames = combine(r.PolicyRule.ResourceNames, names) return r } +// URLs combines the PolicyRule.NonResourceURLs and input urls. func (r *PolicyRuleBuilder) URLs(urls ...string) *PolicyRuleBuilder { r.PolicyRule.NonResourceURLs = combine(r.PolicyRule.NonResourceURLs, urls) return r } +// RuleOrDie calls the binding method and panics if there is an error. func (r *PolicyRuleBuilder) RuleOrDie() PolicyRule { ret, err := r.Rule() if err != nil { @@ -158,6 +165,7 @@ func combine(s1, s2 []string) []string { return s.List() } +// Rule returns PolicyRule and error. func (r *PolicyRuleBuilder) Rule() (PolicyRule, error) { if len(r.PolicyRule.Verbs) == 0 { return PolicyRule{}, fmt.Errorf("verbs are required: %#v", r.PolicyRule) @@ -198,14 +206,18 @@ func (r *PolicyRuleBuilder) Rule() (PolicyRule, error) { return r.PolicyRule, nil } -// +k8s:deepcopy-gen=false // ClusterRoleBindingBuilder let's us attach methods. A no-no for API types. // We use it to construct bindings in code. It's more compact than trying to write them // out in a literal. +// +k8s:deepcopy-gen=false type ClusterRoleBindingBuilder struct { ClusterRoleBinding ClusterRoleBinding } +// NewClusterBinding creates a ClusterRoleBinding builder that can be used +// to define the subjects of a cluster role binding. At least one of +// the `Groups`, `Users` or `SAs` method must be called before +// calling the `Binding*` methods. func NewClusterBinding(clusterRoleName string) *ClusterRoleBindingBuilder { return &ClusterRoleBindingBuilder{ ClusterRoleBinding: ClusterRoleBinding{ @@ -219,6 +231,7 @@ func NewClusterBinding(clusterRoleName string) *ClusterRoleBindingBuilder { } } +// Groups adds the specified groups as the subjects of the ClusterRoleBinding. func (r *ClusterRoleBindingBuilder) Groups(groups ...string) *ClusterRoleBindingBuilder { for _, group := range groups { r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, Subject{Kind: GroupKind, APIGroup: GroupName, Name: group}) @@ -226,6 +239,7 @@ func (r *ClusterRoleBindingBuilder) Groups(groups ...string) *ClusterRoleBinding return r } +// Users adds the specified users as the subjects of the ClusterRoleBinding. func (r *ClusterRoleBindingBuilder) Users(users ...string) *ClusterRoleBindingBuilder { for _, user := range users { r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, Subject{Kind: UserKind, APIGroup: GroupName, Name: user}) @@ -233,6 +247,7 @@ func (r *ClusterRoleBindingBuilder) Users(users ...string) *ClusterRoleBindingBu return r } +// SAs adds the specified sas as the subjects of the ClusterRoleBinding. func (r *ClusterRoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *ClusterRoleBindingBuilder { for _, saName := range serviceAccountNames { r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, Subject{Kind: ServiceAccountKind, Namespace: namespace, Name: saName}) @@ -240,6 +255,7 @@ func (r *ClusterRoleBindingBuilder) SAs(namespace string, serviceAccountNames .. return r } +// BindingOrDie calls the binding method and panics if there is an error. func (r *ClusterRoleBindingBuilder) BindingOrDie() ClusterRoleBinding { ret, err := r.Binding() if err != nil { @@ -248,6 +264,8 @@ func (r *ClusterRoleBindingBuilder) BindingOrDie() ClusterRoleBinding { return ret } +// Binding builds and returns the ClusterRoleBinding API object from the builder +// object. func (r *ClusterRoleBindingBuilder) Binding() (ClusterRoleBinding, error) { if len(r.ClusterRoleBinding.Subjects) == 0 { return ClusterRoleBinding{}, fmt.Errorf("subjects are required: %#v", r.ClusterRoleBinding) @@ -256,9 +274,9 @@ func (r *ClusterRoleBindingBuilder) Binding() (ClusterRoleBinding, error) { return r.ClusterRoleBinding, nil } -// +k8s:deepcopy-gen=false // RoleBindingBuilder let's us attach methods. It is similar to // ClusterRoleBindingBuilder above. +// +k8s:deepcopy-gen=false type RoleBindingBuilder struct { RoleBinding RoleBinding } @@ -283,6 +301,10 @@ func NewRoleBinding(roleName, namespace string) *RoleBindingBuilder { } } +// NewRoleBindingForClusterRole creates a RoleBinding builder that can be used +// to define the subjects of a cluster role binding. At least one of +// the `Groups`, `Users` or `SAs` method must be called before +// calling the `Binding*` methods. func NewRoleBindingForClusterRole(roleName, namespace string) *RoleBindingBuilder { return &RoleBindingBuilder{ RoleBinding: RoleBinding{ @@ -343,6 +365,7 @@ func (r *RoleBindingBuilder) Binding() (RoleBinding, error) { return r.RoleBinding, nil } +// SortableRuleSlice is the slice of PolicyRule. type SortableRuleSlice []PolicyRule func (s SortableRuleSlice) Len() int { return len(s) } diff --git a/pkg/apis/rbac/register.go b/pkg/apis/rbac/register.go index 4f232951512..48f5f6e7424 100644 --- a/pkg/apis/rbac/register.go +++ b/pkg/apis/rbac/register.go @@ -21,6 +21,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" ) +// GroupName is the name of this API group. const GroupName = "rbac.authorization.k8s.io" // SchemeGroupVersion is group version used to register these objects @@ -36,6 +37,7 @@ func Resource(resource string) schema.GroupResource { return SchemeGroupVersion.WithResource(resource).GroupResource() } +// SchemeBuilder is a function that calls Register for you. var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme diff --git a/pkg/apis/rbac/types.go b/pkg/apis/rbac/types.go index 6333aa4f323..b4cd4cc74ca 100644 --- a/pkg/apis/rbac/types.go +++ b/pkg/apis/rbac/types.go @@ -25,6 +25,7 @@ import ( // 2. evaluation of RoleBindings in the namespace requested - short circuit on match // 3. deny by default +// APIGroupAll and these consts are default values for rbac authorization. const ( APIGroupAll = "*" ResourceAll = "*"