Skip to content

Commit 42e97d0

Browse files
pbalogh-sapbalogh-sa
committed
feat: add serviceaccount name to the response when POST the JWT token
Signed-off-by: Peter Balogh <[email protected]>
1 parent 7273df3 commit 42e97d0

File tree

3 files changed

+38
-22
lines changed

3 files changed

+38
-22
lines changed

internal/rbacapi/http_handler.go

+18-2
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,14 @@ type jwtToken struct {
3131
Token string `json:"token"`
3232
}
3333

34+
// createRBACResponse
35+
type createRBACResponse struct {
36+
Email string
37+
Groups []string
38+
FederatedClaims tokenhandler.FederatedClaims
39+
ServiceAccount string
40+
}
41+
3442
// HTTPController collects the greeting use cases and exposes them as HTTP handlers.
3543
type HTTPController struct {
3644
TConf *tokenhandler.Config
@@ -90,12 +98,20 @@ func (a *HTTPController) handleRBACResources(w http.ResponseWriter, r *http.Requ
9098
http.Error(w, err.Error(), http.StatusInternalServerError)
9199
return
92100
}
93-
err = rbachandler.CreateRBAC(user, a.RConf, a.Logger)
101+
serviceAccount, err := rbachandler.CreateRBAC(user, a.RConf, a.Logger)
94102
if err != nil {
95103
http.Error(w, err.Error(), http.StatusInternalServerError)
96104
return
97105
}
98-
b, _ := json.Marshal(user)
106+
a.Logger.Info("test", map[string]interface{}{
107+
"test": serviceAccount.Name,
108+
})
109+
createRBACResponse := createRBACResponse{}
110+
createRBACResponse.Email = user.Email
111+
createRBACResponse.Groups = user.Groups
112+
createRBACResponse.FederatedClaims = user.FederatedClaims
113+
createRBACResponse.ServiceAccount = serviceAccount.Name
114+
b, _ := json.Marshal(createRBACResponse)
99115
w.WriteHeader(http.StatusCreated)
100116
_, _ = w.Write(b)
101117

pkg/rbachandler/rbac_handler.go

+16-16
Original file line numberDiff line numberDiff line change
@@ -75,8 +75,8 @@ type roleBinding struct {
7575
}
7676

7777
// serviceAccount implements create ServiceAccount
78-
type serviceAccount struct {
79-
name string
78+
type ServiceAccount struct {
79+
Name string
8080
labels labels
8181
namespace string
8282
}
@@ -85,7 +85,7 @@ type rbacResources struct {
8585
clusterRoles []clusterRole
8686
clusterRoleBindings []clusterRoleBinding
8787
roleBindings []roleBinding
88-
serviceAccount serviceAccount
88+
serviceAccount ServiceAccount
8989
}
9090

9191
// RBACHandler implements getting, creating and deleting resources
@@ -221,8 +221,8 @@ func (rh *RBACHandler) listServiceAccount() ([]string, error) {
221221
return serviceAccList, nil
222222
}
223223

224-
func (rh *RBACHandler) createServiceAccount(sa *serviceAccount) error {
225-
if _, err := rh.getAndCheckSA(sa.name); err == nil {
224+
func (rh *RBACHandler) createServiceAccount(sa *ServiceAccount) error {
225+
if _, err := rh.getAndCheckSA(sa.Name); err == nil {
226226
return nil
227227
}
228228
saObj := &apicorev1.ServiceAccount{
@@ -231,7 +231,7 @@ func (rh *RBACHandler) createServiceAccount(sa *serviceAccount) error {
231231
APIVersion: "v1",
232232
},
233233
ObjectMeta: metav1.ObjectMeta{
234-
Name: sa.name,
234+
Name: sa.Name,
235235
Namespace: sa.namespace,
236236
Labels: sa.labels,
237237
},
@@ -482,8 +482,8 @@ func generateRbacResources(user *tokenhandler.User, config *Config, nameSpaces [
482482
rbacResources := &rbacResources{
483483
clusterRoles: clusterRoles,
484484
clusterRoleBindings: clusterRoleBindings,
485-
serviceAccount: serviceAccount{
486-
name: saName,
485+
serviceAccount: ServiceAccount{
486+
Name: saName,
487487
labels: defaultLabel,
488488
},
489489
roleBindings: roleBindings,
@@ -510,43 +510,43 @@ func generateClusterRoleRBACResources(config *Config, logger logur.Logger) (*rba
510510
}
511511

512512
// CreateRBAC create RBAC resources
513-
func CreateRBAC(user *tokenhandler.User, config *Config, logger logur.Logger) error {
513+
func CreateRBAC(user *tokenhandler.User, config *Config, logger logur.Logger) (*ServiceAccount, error) {
514514
logger = log.WithFields(logger, map[string]interface{}{"package": "rbachandler"})
515515

516516
rbacHandler, err := NewRBACHandler(config.KubeConfig, logger)
517517
if err != nil {
518-
return err
518+
return &ServiceAccount{}, err
519519
}
520520
rbacResources, err := generateRbacResources(user, config, []string{"default"}, logger)
521521
if err != nil {
522522
logger.Error(err.Error(), nil)
523-
return err
523+
return &ServiceAccount{}, err
524524
}
525525
if err := rbacHandler.createServiceAccount(&rbacResources.serviceAccount); err != nil {
526526
logger.Error(err.Error(), nil)
527-
return err
527+
return &rbacResources.serviceAccount, err
528528
}
529529
if len(rbacResources.clusterRoles) > 0 {
530530
for _, clusterRole := range rbacResources.clusterRoles {
531531
if err := rbacHandler.createClusterRole(&clusterRole); err != nil {
532532
logger.Error(err.Error(), nil)
533-
return err
533+
return &rbacResources.serviceAccount, err
534534
}
535535
}
536536
}
537537
for _, clusterRoleBinding := range rbacResources.clusterRoleBindings {
538538
if err := rbacHandler.createClusterRoleBinding(&clusterRoleBinding); err != nil {
539539
logger.Error(err.Error(), nil)
540-
return err
540+
return &rbacResources.serviceAccount, err
541541
}
542542
}
543543
for _, roleBinding := range rbacResources.roleBindings {
544544
if err := rbacHandler.createRoleBinding(&roleBinding); err != nil {
545545
logger.Error(err.Error(), nil)
546-
return err
546+
return &rbacResources.serviceAccount, err
547547
}
548548
}
549-
return nil
549+
return &rbacResources.serviceAccount, nil
550550
}
551551

552552
func (rh *RBACHandler) getAndCheckSA(saName string) (*apicorev1.ServiceAccount, error) {

pkg/rbachandler/rbac_handler_test.go

+4-4
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ func TestGenerateRbacResources(t *testing.T) {
9696
assert.NoError(err)
9797
roleSuccess := assert.Equal(len(testRbacResources.clusterRoles), 1)
9898
assert.Equal(len(testRbacResources.clusterRoleBindings), 2)
99-
assert.Equal(testRbacResources.serviceAccount.name, "janedoe-example-com")
99+
assert.Equal(testRbacResources.serviceAccount.Name, "janedoe-example-com")
100100
if roleSuccess {
101101
assert.Equal(testRbacResources.clusterRoles[0].name, "developers-from-jwt")
102102
}
@@ -112,7 +112,7 @@ func TestGenerateRbacResources(t *testing.T) {
112112
assert.NoError(err)
113113
assert.Equal(len(testRbacResources.clusterRoles), 0)
114114
assert.Equal(len(testRbacResources.clusterRoleBindings), 1)
115-
assert.Equal(testRbacResources.serviceAccount.name, "janedoe-example-com")
115+
assert.Equal(testRbacResources.serviceAccount.Name, "janedoe-example-com")
116116
bindNames = nil
117117
roleNames = nil
118118
for _, crBind := range testRbacResources.clusterRoleBindings {
@@ -141,7 +141,7 @@ func TestGenerateRbacResourcesWithNameSpaces(t *testing.T) {
141141
roleSuccess := assert.Equal(len(testRbacResources.clusterRoles), 1)
142142
assert.Equal(len(testRbacResources.roleBindings), 1)
143143
assert.Equal(len(testRbacResources.clusterRoleBindings), 1)
144-
assert.Equal(testRbacResources.serviceAccount.name, "janedoe-example-com")
144+
assert.Equal(testRbacResources.serviceAccount.Name, "janedoe-example-com")
145145
if roleSuccess {
146146
assert.Equal(testRbacResources.clusterRoles[0].name, "developers-from-jwt")
147147
}
@@ -167,7 +167,7 @@ func TestGenerateRbacResourcesWithNameSpaces(t *testing.T) {
167167
assert.NoError(err)
168168
assert.Equal(len(testRbacResources.clusterRoles), 0)
169169
assert.Equal(len(testRbacResources.clusterRoleBindings), 1)
170-
assert.Equal(testRbacResources.serviceAccount.name, "janedoe-example-com")
170+
assert.Equal(testRbacResources.serviceAccount.Name, "janedoe-example-com")
171171
bindNames = nil
172172
roleNames = nil
173173
for _, crBind := range testRbacResources.clusterRoleBindings {

0 commit comments

Comments
 (0)