fix: clusterrolebinding is updated with new subjects if already exist…

…ing (#80)
krateoplatformops · Sep 24, 2024 · 46f7467 · 46f7467
1 parent 3907db4
commit 46f7467
Show file tree

Hide file tree

Showing 2 changed files with 79 additions and 2 deletions.
diff --git a/internal/tools/rbactools/clusterrolebinding.go b/internal/tools/rbactools/clusterrolebinding.go
@@ -12,6 +12,22 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
+func populateClusterRoleBinding(tmp *rbacv1.ClusterRoleBinding, obj *rbacv1.ClusterRoleBinding) {
+	for _, sub := range obj.Subjects {
+		found := false
+		for _, tmpSub := range tmp.Subjects {
+			if sub.Name == tmpSub.Name && sub.Namespace == tmpSub.Namespace && sub.Kind == tmpSub.Kind {
+				found = true
+				break
+			}
+		}
+
+		if !found {
+			tmp.Subjects = append(tmp.Subjects, sub)
+		}
+	}
+}
+
 func InstallClusterRoleBinding(ctx context.Context, kube client.Client, obj *rbacv1.ClusterRoleBinding) error {
 	return retry.Do(
 		func() error {
@@ -24,8 +40,8 @@ func InstallClusterRoleBinding(ctx context.Context, kube client.Client, obj *rba
 
 				return err
 			}
-
-			return nil
+			populateClusterRoleBinding(&tmp, obj)
+			return kube.Update(ctx, &tmp, &client.UpdateOptions{})
 		},
 	)
 }

diff --git a/internal/tools/rbactools/clusterrolebinding_test.go b/internal/tools/rbactools/clusterrolebinding_test.go
@@ -43,3 +43,64 @@ func TestUninstallClusterRoleBinding(t *testing.T) {
 	err = fakeClient.Get(ctx, client.ObjectKeyFromObject(&clusterRoleBinding), crb)
 	assert.True(t, apierrors.IsNotFound(err))
 }
+func TestPopulateClusterRoleBinding(t *testing.T) {
+	tests := []struct {
+		name     string
+		tmp      *rbacv1.ClusterRoleBinding
+		obj      *rbacv1.ClusterRoleBinding
+		expected []rbacv1.Subject
+	}{
+		{
+			name: "No subjects in tmp",
+			tmp:  &rbacv1.ClusterRoleBinding{},
+			obj: &rbacv1.ClusterRoleBinding{
+				Subjects: []rbacv1.Subject{
+					{Kind: "User", Name: "user1", Namespace: "default"},
+				},
+			},
+			expected: []rbacv1.Subject{
+				{Kind: "User", Name: "user1", Namespace: "default"},
+			},
+		},
+		{
+			name: "No new subjects in obj",
+			tmp: &rbacv1.ClusterRoleBinding{
+				Subjects: []rbacv1.Subject{
+					{Kind: "User", Name: "user1", Namespace: "default"},
+				},
+			},
+			obj: &rbacv1.ClusterRoleBinding{
+				Subjects: []rbacv1.Subject{
+					{Kind: "User", Name: "user1", Namespace: "default"},
+				},
+			},
+			expected: []rbacv1.Subject{
+				{Kind: "User", Name: "user1", Namespace: "default"},
+			},
+		},
+		{
+			name: "New subjects in obj",
+			tmp: &rbacv1.ClusterRoleBinding{
+				Subjects: []rbacv1.Subject{
+					{Kind: "User", Name: "user1", Namespace: "default"},
+				},
+			},
+			obj: &rbacv1.ClusterRoleBinding{
+				Subjects: []rbacv1.Subject{
+					{Kind: "User", Name: "user2", Namespace: "default"},
+				},
+			},
+			expected: []rbacv1.Subject{
+				{Kind: "User", Name: "user1", Namespace: "default"},
+				{Kind: "User", Name: "user2", Namespace: "default"},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			populateClusterRoleBinding(tt.tmp, tt.obj)
+			assert.Equal(t, tt.expected, tt.tmp.Subjects)
+		})
+	}
+}