Skip to content

Commit

Permalink
Delete cluster role bindings (closes #4)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Lujeni
Lujeni committed Sep 11, 2019
1 parent d1e1d47 commit bf0b532
Showing 1 changed file with 36 additions and 0 deletions.
36 changes: 36 additions & 0 deletions gitlab2rbac.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -375,6 +375,39 @@ def delete_deprecated_user_role_bindings(self, users):
)
)

def delete_deprecated_cluster_role_bindings(self, users):
try:
cluster_users_ids = [user["id"] for user in users]
for role_binding in self.client_rbac.list_cluster_role_binding().items:
try:
user_id = role_binding.metadata.labels[
"gitlab2rbac.kubernetes.io/user_id"
]
except (TypeError, ValueError, KeyError):
continue

if user_id not in cluster_users_ids:
self.client_rbac.delete_cluster_role_binding(
name=role_binding.metadata.name,
body=role_binding,
)
logging.info(
u"|_ cluster-role-binding deprecated name={}".format(
role_binding.metadata.name,
)
)
except ApiException as e:
error = "unable to delete deprecated cluster role bindings :: {}".format(
eval(e.body)["message"]
)
logging.error(error)
except Exception as e:
logging.error(
"unable to delete deprecated cluster role bindings :: {}".format(
e
)
)


class Gitlab2RBAC(object):
def __init__(self, gitlab, kubernetes, kubernetes_auto_create):
Expand All @@ -394,6 +427,9 @@ def __call__(self):
self.kubernetes.delete_deprecated_user_role_bindings(
users=gitlab_users
)
self.kubernetes.delete_deprecated_cluster_role_bindings(
users=gitlab_admins
)

def create_admin_role_bindings(self, admins):
try:
Expand Down

0 comments on commit bf0b532

Please sign in to comment.