/
group_reconcile.go
60 lines (55 loc) · 1.9 KB
/
group_reconcile.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package customeradmin
import (
"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
userv1client "github.com/openshift/client-go/user/clientset/versioned/typed/user/v1"
"github.com/sirupsen/logrus"
kerrors "k8s.io/apimachinery/pkg/api/errors"
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
azgraphrbac "github.com/openshift/openshift-azure/pkg/util/azureclient/graphrbac"
)
func updateKubeGroup(log *logrus.Entry, userV1 userv1client.UserV1Interface, kubeGroupName string, msGroupMembers []graphrbac.User) error {
kubeGroup, err := userV1.Groups().Get(kubeGroupName, meta_v1.GetOptions{})
if err != nil && !kerrors.IsNotFound(err) {
return err
}
if err != nil && kerrors.IsNotFound(err) {
// for some reason when IsNotFound kubeGroup is not nil and we go through
// update path which won't work when the group does not exist.
kubeGroup = nil
}
kubeGroupDef, changed := fromMSGraphGroup(log, userV1, kubeGroup, kubeGroupName, msGroupMembers)
if kubeGroup == nil {
log.Debugf("Creating new kube group %s", kubeGroupName)
_, err = userV1.Groups().Create(kubeGroupDef)
if err != nil {
return err
}
} else if changed {
log.Debugf("Updating existing kube group %s", kubeGroupName)
_, err = userV1.Groups().Update(kubeGroupDef)
if err != nil {
return err
}
}
return nil
}
func reconcileGroups(log *logrus.Entry, gc azgraphrbac.GroupsClient, userV1 userv1client.UserV1Interface, groupMap map[string]string) error {
aadGroupID, have := groupMap[osaCustomerAdmins]
if !have {
// CustomerAdminGroupID not configured: ensure the group is empty
err := updateKubeGroup(log, userV1, osaCustomerAdmins, []graphrbac.User{})
if err != nil {
return err
}
} else {
msGroupMembers, err := getAADGroupMembers(gc, aadGroupID)
if err != nil {
return err
}
err = updateKubeGroup(log, userV1, osaCustomerAdmins, msGroupMembers)
if err != nil {
return err
}
}
return nil
}