rancher/steve
1
0
Fork 0
mirror of https://github.com/rancher/steve.git synced 2025-04-27 19:05:09 +00:00
Code Issues Projects Releases Wiki Activity

Revert "Fix not finding ClusterRoleBinding or RoleBinding for service account…" (#540)

Browse Source 
This reverts commit 0f4fd1fde6.
This commit is contained in:
Tom Lebreux 2025-03-11 11:14:21 -04:00 committed by GitHub
parent 0f4fd1fde6
commit 53f2165aee
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/accesscontrol/policy_rule_index.go
View File

@ -1,12 +1,12 @@
package accesscontrol
import (
"fmt"
"sort"
rbacv1controllers "github.com/rancher/wrangler/v3/pkg/generated/controllers/rbac/v1"
rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apiserver/pkg/authentication/serviceaccount"
)
const (
@ -72,7 +72,7 @@ func indexSubjects(kind string, subjects []rbacv1.Subject) []string {
result = append(result, subject.Name)
} else if kind == userKind && subjectIsServiceAccount(subject) {
// Index is for Users and this references a service account
result = append(result, serviceaccount.MakeUsername(subject.Namespace, subject.Name))
result = append(result, fmt.Sprintf("serviceaccount:%s:%s", subject.Namespace, subject.Name))
}
}
return result

4
pkg/accesscontrol/policy_rule_index_test.go
View File

@ -56,7 +56,7 @@ func Test_policyRuleIndex_roleBindingBySubject(t *testing.T) {
Namespace: "testns",
},
}),
want: []string{"system:serviceaccount:testns:mysvcaccount"},
want: []string{"serviceaccount:testns:mysvcaccount"},
},
{
name: "ignores svcaccounts in group mode",
@ -166,7 +166,7 @@ func Test_policyRuleIndex_clusterRoleBindingBySubject(t *testing.T) {
Namespace: "testns",
},
}),
want: []string{"system:serviceaccount:testns:mysvcaccount"},
want: []string{"serviceaccount:testns:mysvcaccount"},
},
{
name: "ignores svcaccounts in group mode",