actions/fluxcd-flux2
3
0
Fork 0
mirror of https://github.com/fluxcd/flux2.git synced 2026-02-14 03:37:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge pull request #787 from fluxcd/fix-rbac-namespace

Browse source 
RBAC Fix: Replace SA namespace in ClusterRoleBindings
This commit is contained in:
Stefan Prodan 2021-01-26 19:21:19 +02:00 committed by GitHub
commit 9f39fadb9e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
pkg/manifestgen/install/manifests.go
View file

@ -17,8 +17,10 @@ limitations under the License.
package install
import (
"bytes"
"context"
"fmt"
"io/ioutil"
"net/http"
"os"
"path"
@ -91,9 +93,23 @@ func generate(base string, options Options) error {
return fmt.Errorf("generate roles kustomization failed: %w", err)
}
if err := copyFile(filepath.Join(base, "rbac.yaml"), filepath.Join(base, "roles/rbac.yaml")); err != nil {
rbacFile := filepath.Join(base, "roles/rbac.yaml")
if err := copyFile(filepath.Join(base, "rbac.yaml"), rbacFile); err != nil {
return fmt.Errorf("generate rbac failed: %w", err)
}
// workaround for kustomize not being able to patch the SA in ClusterRoleBindings
defaultNS := MakeDefaultOptions().Namespace
if defaultNS != options.Namespace {
rbac, err := ioutil.ReadFile(rbacFile)
if err != nil {
return fmt.Errorf("reading rbac file failed: %w", err)
}
rbac = bytes.ReplaceAll(rbac, []byte(defaultNS), []byte(options.Namespace))
if err := ioutil.WriteFile(rbacFile, rbac, os.ModePerm); err != nil {
return fmt.Errorf("replacing service account namespace in rbac failed: %w", err)
}
}
return nil
}