Skip to content

Avoid hotloop over empty clusterrole rules #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
akalenyu wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Avoid hotloop over empty clusterrole rules #28

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 12 additions & 4 deletions pkg/sdk/resources/rbac.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ func (b *ResourceBuilder) CreateRoleBinding(name, roleRef, serviceAccount, servi

// CreateRole creates role
func (b *ResourceBuilder) CreateRole(name string, rules []rbacv1.PolicyRule) *rbacv1.Role {
return &rbacv1.Role{
role := &rbacv1.Role{
TypeMeta: metav1.TypeMeta{
APIVersion: "rbac.authorization.k8s.io/v1",
Kind: "Role",
Expand All @@ -61,8 +61,12 @@ func (b *ResourceBuilder) CreateRole(name string, rules []rbacv1.PolicyRule) *rb
Name: name,
Labels: b.WithCommonLabels(nil),
},
Rules: rules,
}
if len(rules) > 0 {
// avoid hotloop over empty rules/nil
role.Rules = rules
}
return role
}

// CreateClusterRoleBinding creates cluster role binding
Expand Down Expand Up @@ -132,7 +136,7 @@ func CreateClusterRoleBinding(name, roleRef, serviceAccount, serviceAccountNames

// CreateClusterRole creates a cluster role
func CreateClusterRole(name string, rules []rbacv1.PolicyRule, labels map[string]string) *rbacv1.ClusterRole {
return &rbacv1.ClusterRole{
clusterRole := &rbacv1.ClusterRole{
TypeMeta: metav1.TypeMeta{
APIVersion: "rbac.authorization.k8s.io/v1",
Kind: "ClusterRole",
Expand All @@ -141,6 +145,10 @@ func CreateClusterRole(name string, rules []rbacv1.PolicyRule, labels map[string
Name: name,
Labels: labels,
},
Rules: rules,
}
if len(rules) > 0 {
// avoid hotloop over empty rules/nil
clusterRole.Rules = rules
}
return clusterRole
}
30 changes: 30 additions & 0 deletions pkg/sdk/resources/rbac_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
package resources

import (
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"

rbacv1 "k8s.io/api/rbac/v1"
)

var _ = Describe("RBAC Resources", func() {
var builder ResourceBuilder

BeforeEach(func() {
builder = NewResourceBuilder(
map[string]string{"common": "label"},
map[string]string{"operator": "label"},
)
})

It("should treat empty rules as nil for Role", func() {
role := builder.CreateRole("test-role", []rbacv1.PolicyRule{})
Expect(role.Rules).To(BeNil())
})

It("should treat empty rules as nil for ClusterRole", func() {
labels := map[string]string{"test": "label"}
clusterRole := CreateClusterRole("test-clusterrole", []rbacv1.PolicyRule{}, labels)
Expect(clusterRole.Rules).To(BeNil())
})
})
13 changes: 13 additions & 0 deletions pkg/sdk/resources/resources_suite_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
package resources

import (
"testing"

. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)

func TestResources(t *testing.T) {
RegisterFailHandler(Fail)
RunSpecs(t, "Resources Suite")
}