fix: rbac versioning

conplementAG · Jul 6, 2022 · c399fc5 · c399fc5
1 parent 950cb98
commit c399fc5
Show file tree

Hide file tree

Showing 8 changed files with 63 additions and 98 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.15.7
+FROM golang:1.18.0-bullseye
 
 RUN apt-get update && \
  apt-get install lsb-release -y
@@ -15,12 +15,8 @@ RUN go version
 
 ADD . /go/src/github.com/conplementAG/copsctl
 
-# Trigger resource embedding
-WORKDIR /go/src/github.com/conplementAG/copsctl/cmd/copsctl
-RUN go get -u github.com/mjibson/esc
-RUN go generate
-
 # simple build
+WORKDIR /go/src/github.com/conplementAG/copsctl/cmd/copsctl
 RUN go build -o copsctl .
 
 # run the tests

diff --git a/cmd/copsctl/main.go b/cmd/copsctl/main.go
@@ -1,7 +1,5 @@
 package main
 
-//go:generate esc -o ../../internal/resources/static.go -pkg resources -include=\\*.yaml -ignore=vendor/|.git|.generated|.idea ../..
-
 import (
  "os"
 

diff --git a/go.mod b/go.mod
@@ -1,36 +1,43 @@
 module github.com/conplementAG/copsctl
 
-go 1.15
+go 1.18
 
 require (
  github.com/ahmetb/go-linq v3.0.0+incompatible
  github.com/briandowns/spinner v1.12.0
- github.com/fatih/color v1.10.0 // indirect
  github.com/imroc/req v0.3.0
- github.com/magiconair/properties v1.8.4 // indirect
  github.com/mattn/go-colorable v0.1.8
- github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
  github.com/mitchellh/go-homedir v1.1.0
- github.com/mitchellh/mapstructure v1.4.1 // indirect
- github.com/mjibson/esc v0.2.0 // indirect
- github.com/onsi/ginkgo v1.12.2 // indirect
- github.com/pelletier/go-toml v1.8.1 // indirect
- github.com/pkg/errors v0.9.1 // indirect
  github.com/rs/xid v1.2.1
  github.com/sirupsen/logrus v1.7.0
- github.com/spf13/afero v1.5.1 // indirect
- github.com/spf13/cast v1.3.1 // indirect
  github.com/spf13/cobra v1.1.1
- github.com/spf13/jwalterweatherman v1.1.0 // indirect
  github.com/spf13/viper v1.7.1
  github.com/x-cray/logrus-prefixed-formatter v0.5.2
- golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad // indirect
- golang.org/x/mod v0.4.1 // indirect
- golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c // indirect
- golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf // indirect
- golang.org/x/text v0.3.5 // indirect
- golang.org/x/tools v0.1.0 // indirect
- gopkg.in/ini.v1 v1.62.0 // indirect
  gopkg.in/natefinch/lumberjack.v2 v2.0.0
  gopkg.in/yaml.v2 v2.4.0
 )
+
+require (
+ github.com/fatih/color v1.10.0 // indirect
+ github.com/fsnotify/fsnotify v1.4.9 // indirect
+ github.com/hashicorp/hcl v1.0.0 // indirect
+ github.com/inconshreveable/mousetrap v1.0.0 // indirect
+ github.com/magiconair/properties v1.8.4 // indirect
+ github.com/mattn/go-isatty v0.0.12 // indirect
+ github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
+ github.com/mitchellh/mapstructure v1.4.1 // indirect
+ github.com/onsi/ginkgo v1.12.2 // indirect
+ github.com/onsi/gomega v1.10.1 // indirect
+ github.com/pelletier/go-toml v1.8.1 // indirect
+ github.com/spf13/afero v1.5.1 // indirect
+ github.com/spf13/cast v1.3.1 // indirect
+ github.com/spf13/jwalterweatherman v1.1.0 // indirect
+ github.com/spf13/pflag v1.0.5 // indirect
+ github.com/subosito/gotenv v1.2.0 // indirect
+ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586 // indirect
+ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f // indirect
+ golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e // indirect
+ golang.org/x/text v0.3.7 // indirect
+ golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
+ gopkg.in/ini.v1 v1.62.0 // indirect
+)
diff --git a/go.sum b/go.sum
diff --git a/internal/azure_devops/global/global-role-binding.template.yaml b/internal/azure_devops/global/global-role-binding.template.yaml
@@ -1,4 +1,4 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: {{BINDING_NAME}}

diff --git a/internal/azure_devops/orchestrator.go b/internal/azure_devops/orchestrator.go
@@ -1,6 +1,7 @@
 package azure_devops
 
 import (
+ "embed"
  "github.com/conplementAG/copsctl/internal/cmd/flags"
  "strings"
  "time"
@@ -15,6 +16,12 @@ import (
  "github.com/spf13/viper"
 )
 
+//go:embed global/*
+var globalYamls embed.FS
+
+//go:embed scoped/*
+var scopedYamls embed.FS
+
 type AzureDevopsOrchestrator struct {
  Organization string
  Project string
@@ -127,7 +134,8 @@ func (orchestrator *AzureDevopsOrchestrator) prepareRbacFiles() string {
 
 func (orchestrator *AzureDevopsOrchestrator) prepareGlobalRbacFiles() string {
  return file_processing.InterpolateStaticFiles(
- "internal/azure_devops/global",
+ globalYamls,
+ "global",
  map[string]string{
  "{{NAMESPACE}}": "kube-system",
  "{{BINDING_NAME}}": orchestrator.roleName + "-binding",
@@ -137,7 +145,8 @@ func (orchestrator *AzureDevopsOrchestrator) prepareGlobalRbacFiles() string {
 
 func (orchestrator *AzureDevopsOrchestrator) prepareScopedRbacFiles() string {
  return file_processing.InterpolateStaticFiles(
- "internal/azure_devops/scoped",
+ scopedYamls,
+ "scoped",
  map[string]string{
  "{{NAMESPACE}}": orchestrator.Namespace,
  "{{BINDING_NAME}}": orchestrator.roleName + "-binding",

diff --git a/internal/azure_devops/scoped/namespace-cicd-binding.template.yaml b/internal/azure_devops/scoped/namespace-cicd-binding.template.yaml
@@ -1,4 +1,4 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{BINDING_NAME}}

diff --git a/internal/common/file_processing/file_processing.go b/internal/common/file_processing/file_processing.go
@@ -1,12 +1,12 @@
 package file_processing
 
 import (
+ "embed"
  "io/ioutil"
  "os"
  "path/filepath"
  "strings"
 
- "github.com/conplementAG/copsctl/internal/resources"
  "github.com/rs/xid"
 )
 
@@ -32,25 +32,24 @@ func DeletePath(filePath string) {
 // It depends on resource embedding, that can be triggered by go generate.
 // Replaces the variables based on the given dictionary,
 // and returns the path to the generated directory where the results are stored
-func InterpolateStaticFiles(inputPath string, variables map[string]string) string {
- filesystem := resources.Dir(false, "/")
- directory, openDirError := filesystem.Open(inputPath)
- panicOnError(openDirError)
-
- files, listDirectoryError := directory.Readdir(9999)
- panicOnError(listDirectoryError)
+func InterpolateStaticFiles(inputPathFs embed.FS, inputPath string, variables map[string]string) string {
+ directory, readDirError := inputPathFs.ReadDir(inputPath)
+ panicOnError(readDirError)
 
  uniqueOutputFolder := createUniqueDirectory()
 
- for _, f := range files {
-
- fileContents, _ := resources.FSString(false, "/"+inputPath+"/"+f.Name())
-
+ for _, file := range directory {
+ f, erri := inputPathFs.Open(inputPath + "/" + file.Name())
+ if erri != nil {
+ panicOnError(erri)
+ }
+ filesContent, _ := ioutil.ReadAll(f)
+ fileContentString := string(filesContent)
  for key, value := range variables {
- fileContents = strings.Replace(fileContents, key, value, -1)
+ fileContentString = strings.Replace(fileContentString, key, value, -1)
  }
 
- err := ioutil.WriteFile(filepath.Join(uniqueOutputFolder, f.Name()), []byte(fileContents), 0644)
+ err := ioutil.WriteFile(filepath.Join(uniqueOutputFolder, file.Name()), []byte(fileContentString), 0644)
  panicOnError(err)
  }