hogweed1/k8s
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new way of doin
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
root
2023-11-16 19:42:02 +10:00
parent 77ec717184
commit 1eaf295724
341 changed files with 19416 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
helm-charts/dashy/charts/common/templates/lib/rbac/_getServiceAccounts.tpl Normal file
View File

@@ -0,0 +1,52 @@
{{/* Returns Service Account List for rbac */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.rbac.serviceAccount" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the RBAC.
*/}}
{{/* Parses service accounts, and checks if RBAC have selected any of them */}}
{{- define "tc.v1.common.lib.rbac.serviceAccount" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- $serviceAccounts := list -}}
{{- range $name, $serviceAccount := $rootCtx.Values.serviceAccount -}}
{{- $saName := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}}
{{- if $serviceAccount.enabled -}}
{{- if not $serviceAccount.primary -}}
{{- $saName = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $name) -}}
{{- end -}}
{{/* If allServiceAccounts is true */}}
{{- if $objectData.allServiceAccounts -}}
{{- $serviceAccounts = mustAppend $serviceAccounts $saName -}}
{{/* Else if serviceAccounts is a list */}}
{{- else if (kindIs "slice" $objectData.serviceAccounts) -}}
{{- if (mustHas $name $objectData.serviceAccounts) -}}
{{- $serviceAccounts = mustAppend $serviceAccounts $saName -}}
{{- end -}}
{{/* If not "allServiceAccounts" or "serviceAccounts", assign the primary service account to rbac */}}
{{- else if $serviceAccount.primary -}}
{{- if $objectData.primary -}}
{{- $serviceAccounts = mustAppend $serviceAccounts $saName -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if not $serviceAccounts -}}
{{- fail "RBAC - Expected at least one serviceAccount to be assigned. Assign one using [allServiceAccounts (boolean), serviceAccounts (list)]" -}}
{{- end -}}
{{- range $serviceAccounts }}
- kind: ServiceAccount
name: {{ . }}
namespace: {{ $rootCtx.Release.Namespace }}
{{- end -}}
{{- end -}}

50
helm-charts/dashy/charts/common/templates/lib/rbac/_rules.tpl Normal file
View File

@@ -0,0 +1,50 @@
{{/* Returns Rules for rbac */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.rbac.rules" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the RBAC.
*/}}
{{/* Parses service accounts, and checks if RBAC have selected any of them */}}
{{- define "tc.v1.common.lib.rbac.rules" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.rules -}}
{{- fail "RBAC - Expected non-empty <rbac.rules>" -}}
{{- end -}}
{{- range $objectData.rules -}}
{{- if not .apiGroups -}}
{{- fail "RBAC - Expected non-empty <rbac.rules.apiGroups>" -}}
{{- end -}}
{{- if not .resources -}}
{{- fail "RBAC - Expected non-empty <rbac.rules.resources>" -}}
{{- end -}}
{{- if not .verbs -}}
{{- fail "RBAC - Expected non-empty <rbac.rules.verbs>" -}}
{{- end -}}
{{- /* apiGroups */}}
- apiGroups:
{{- range .apiGroups }}
- {{ tpl . $rootCtx | quote }}
{{- end -}}
{{- /* resources */}}
resources:
{{- range .resources -}}
{{- if not . -}}
{{- fail "RBAC - Expected non-empty entry in <rbac.rules.resources>" -}}
{{- end }}
- {{ tpl . $rootCtx | quote }}
{{- end -}}
{{- /* verbs */}}
verbs:
{{- range .verbs -}}
{{- if not . -}}
{{- fail "RBAC - Expected non-empty entry in <rbac.rules.verbs>" -}}
{{- end }}
- {{ tpl . $rootCtx | quote }}
{{- end -}}
{{- end -}}
{{- end -}}

17
helm-charts/dashy/charts/common/templates/lib/rbac/_subjects.tpl Normal file
View File

@@ -0,0 +1,17 @@
{{/* Returns Subjects for rbac */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.rbac.subjects" (dict "rootCtx" $ "objectData" $objectData) }}
rootCtx: The root context of the chart.
objectData: The object data to be used to render the RBAC.
*/}}
{{/* Parses service accounts, and checks if RBAC have selected any of them */}}
{{- define "tc.v1.common.lib.rbac.subjects" -}}
{{- $rootCtx := .rootCtx -}}
{{- $objectData := .objectData -}}
{{- range $objectData.subjects }}
- kind: {{ tpl (required "RBAC - Expected non-empty <rbac.subjects.kind>" .kind) $rootCtx | quote }}
name: {{ tpl (required "RBAC - Expected non-empty <rbac.subjects.name>" .name) $rootCtx | quote }}
apiGroup: {{ tpl (required "RBAC - Expected non-empty <rbac.subjects.apiGroup>" .apiGroup) $rootCtx | quote }}
{{- end -}}
{{- end -}}

38
helm-charts/dashy/charts/common/templates/lib/rbac/_validation.tpl Normal file
View File

@@ -0,0 +1,38 @@
{{/* RBAC Primary Validation */}}
{{/* Call this template:
{{ include "tc.v1.common.lib.rbac.primaryValidation" $ -}}
*/}}
{{- define "tc.v1.common.lib.rbac.primaryValidation" -}}
{{/* Initialize values */}}
{{- $hasPrimary := false -}}
{{- $hasEnabled := false -}}
{{- range $name, $rbac := .Values.rbac -}}
{{/* If rbac is enabled */}}
{{- if $rbac.enabled -}}
{{- $hasEnabled = true -}}
{{/* And rbac is primary */}}
{{- if and (hasKey $rbac "primary") ($rbac.primary) -}}
{{/* Fail if there is already a primary rbac */}}
{{- if $hasPrimary -}}
{{- fail "RBAC - Only one rbac can be primary" -}}
{{- end -}}
{{- $hasPrimary = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Require at least one primary rbac, if any enabled */}}
{{- if and $hasEnabled (not $hasPrimary) -}}
{{- fail "RBAC - At least one enabled rbac must be primary" -}}
{{- end -}}
{{- end -}}