fix(rbac): generate role binding (cluster wide) for operator

Christoph Bühler · Christoph Bühler · commit b63af1fad242 · 2020-05-09T20:41:06.000+02:00
This fixes #15
diff --git a/src/KubeOps/Operator/Commands/Generators/RbacGenerator.cs b/src/KubeOps/Operator/Commands/Generators/RbacGenerator.cs
@@ -25,18 +25,36 @@ public RbacGenerator(EntitySerializer serializer)
 
         public async Task<int> OnExecuteAsync(CommandLineApplication app)
         {
-            var output = _serializer.Serialize(GenerateManagerRbac(), Format);
+            var role = _serializer.Serialize(GenerateManagerRbac(), Format);
+            var roleBinding = _serializer.Serialize(new V1ClusterRoleBinding
+            {
+                ApiVersion = $"{V1ClusterRoleBinding.KubeGroup}/{V1ClusterRoleBinding.KubeApiVersion}",
+                Kind = V1ClusterRoleBinding.KubeKind,
+                Metadata = new V1ObjectMeta {Name = "operator-role-binding"},
+                RoleRef = new V1RoleRef(V1ClusterRole.KubeGroup, V1ClusterRole.KubeKind, "operator-role"),
+                Subjects = new List<V1Subject>
+                {
+                    new V1Subject(V1ServiceAccount.KubeKind, "default", namespaceProperty: "system")
+                }
+            }, Format);
 
             if (!string.IsNullOrWhiteSpace(OutputPath))
             {
                 Directory.CreateDirectory(OutputPath);
-                await using var file = File.Open(Path.Join(OutputPath,
-                    $"operator.{Format.ToString().ToLower()}"), FileMode.Create);
-                await file.WriteAsync(Encoding.UTF8.GetBytes(output));
+                await using var roleFile = File.Open(Path.Join(OutputPath,
+                    $"operator-role.{Format.ToString().ToLower()}"), FileMode.Create);
+                await roleFile.WriteAsync(Encoding.UTF8.GetBytes(role));
+                await using var bindingFile = File.Open(Path.Join(OutputPath,
+                    $"operator-role-binding.{Format.ToString().ToLower()}"), FileMode.Create);
+                await bindingFile.WriteAsync(Encoding.UTF8.GetBytes(roleBinding));
 
                 var kustomize = new KustomizationConfig
                 {
-                    Resources = new List<string> {$"operator.{Format.ToString().ToLower()}"},
+                    Resources = new List<string>
+                    {
+                        $"operator-role.{Format.ToString().ToLower()}",
+                        $"operator-role-binding.{Format.ToString().ToLower()}",
+                    },
                     CommonLabels = new Dictionary<string, string>
                     {
                         {"operator-element", "rbac"},
@@ -49,7 +67,8 @@ public async Task<int> OnExecuteAsync(CommandLineApplication app)
             }
             else
             {
-                await app.Out.WriteLineAsync(output);
+                await app.Out.WriteLineAsync(role);
+                await app.Out.WriteLineAsync(roleBinding);
             }
 
             return ExitCodes.Success;
