@@ -218,107 +218,6 @@ func GenerateRoles(ctx *genall.GenerationContext, roleName string) ([]interface{
218218 }
219219 }
220220
221- // NormalizeRules merge Rule with the same ruleKey and sort the Rules
222- NormalizeRules := func (rules []* Rule ) []rbacv1.PolicyRule {
223- ruleMap := make (map [ruleKey ]* Rule )
224- // all the Rules having the same ruleKey will be merged into the first Rule
225- for _ , rule := range rules {
226- // fix the group name first, since letting people type "core" is nice
227- for i , name := range rule .Groups {
228- if name == "core" {
229- rule .Groups [i ] = ""
230- }
231- }
232-
233- key := rule .key ()
234- if _ , ok := ruleMap [key ]; ! ok {
235- ruleMap [key ] = rule
236- continue
237- }
238- ruleMap [key ].addVerbs (rule .Verbs )
239- }
240-
241- // deduplicate resources
242- // 1. create map based on key without resources
243- ruleMapWithoutResources := make (map [string ][]* Rule )
244- for _ , rule := range ruleMap {
245- // get key without Resources
246- key := rule .keyWithGroupResourceNamesURLsVerbs ()
247- ruleMapWithoutResources [key ] = append (ruleMapWithoutResources [key ], rule )
248- }
249- // 2. merge to ruleMap
250- ruleMap = make (map [ruleKey ]* Rule )
251- for _ , rules := range ruleMapWithoutResources {
252- rule := rules [0 ]
253- for _ , mergeRule := range rules [1 :] {
254- rule .Resources = append (rule .Resources , mergeRule .Resources ... )
255- }
256-
257- key := rule .key ()
258- ruleMap [key ] = rule
259- }
260-
261- // deduplicate groups
262- // 1. create map based on key without group
263- ruleMapWithoutGroup := make (map [string ][]* Rule )
264- for _ , rule := range ruleMap {
265- // get key without Group
266- key := rule .keyWithResourcesResourceNamesURLsVerbs ()
267- ruleMapWithoutGroup [key ] = append (ruleMapWithoutGroup [key ], rule )
268- }
269- // 2. merge to ruleMap
270- ruleMap = make (map [ruleKey ]* Rule )
271- for _ , rules := range ruleMapWithoutGroup {
272- rule := rules [0 ]
273- for _ , mergeRule := range rules [1 :] {
274- rule .Groups = append (rule .Groups , mergeRule .Groups ... )
275- }
276- key := rule .key ()
277- ruleMap [key ] = rule
278- }
279-
280- // deduplicate URLs
281- // 1. create map based on key without URLs
282- ruleMapWithoutURLs := make (map [string ][]* Rule )
283- for _ , rule := range ruleMap {
284- // get key without Group
285- key := rule .keyWitGroupResourcesResourceNamesVerbs ()
286- ruleMapWithoutURLs [key ] = append (ruleMapWithoutURLs [key ], rule )
287- }
288- // 2. merge to ruleMap
289- ruleMap = make (map [ruleKey ]* Rule )
290- for _ , rules := range ruleMapWithoutURLs {
291- rule := rules [0 ]
292- for _ , mergeRule := range rules [1 :] {
293- rule .URLs = append (rule .URLs , mergeRule .URLs ... )
294- }
295- key := rule .key ()
296- ruleMap [key ] = rule
297- }
298-
299- // sort the Rules in rules according to their ruleKeys
300- keys := make ([]ruleKey , 0 , len (ruleMap ))
301- for key := range ruleMap {
302- keys = append (keys , key )
303- }
304- sort .Sort (ruleKeys (keys ))
305-
306- // Normalize rule verbs to "*" if any verb in the rule is an asterisk
307- for _ , rule := range ruleMap {
308- for _ , verb := range rule .Verbs {
309- if verb == "*" {
310- rule .Verbs = []string {"*" }
311- break
312- }
313- }
314- }
315- var policyRules []rbacv1.PolicyRule
316- for _ , key := range keys {
317- policyRules = append (policyRules , ruleMap [key ].ToRule ())
318- }
319- return policyRules
320- }
321-
322221 // collect all the namespaces and sort them
323222 var namespaces []string
324223 for ns := range rulesByNSResource {
@@ -385,3 +284,104 @@ func (g Generator) Generate(ctx *genall.GenerationContext) error {
385284
386285 return ctx .WriteYAML ("role.yaml" , headerText , objs , genall .WithTransform (genall .TransformRemoveCreationTimestamp ))
387286}
287+
288+ // NormalizeRules merge Rule with the same ruleKey and sort the Rules
289+ func NormalizeRules (rules []* Rule ) []rbacv1.PolicyRule {
290+ ruleMap := make (map [ruleKey ]* Rule )
291+ // all the Rules having the same ruleKey will be merged into the first Rule
292+ for _ , rule := range rules {
293+ // fix the group name first, since letting people type "core" is nice
294+ for i , name := range rule .Groups {
295+ if name == "core" {
296+ rule .Groups [i ] = ""
297+ }
298+ }
299+
300+ key := rule .key ()
301+ if _ , ok := ruleMap [key ]; ! ok {
302+ ruleMap [key ] = rule
303+ continue
304+ }
305+ ruleMap [key ].addVerbs (rule .Verbs )
306+ }
307+
308+ // deduplicate resources
309+ // 1. create map based on key without resources
310+ ruleMapWithoutResources := make (map [string ][]* Rule )
311+ for _ , rule := range ruleMap {
312+ // get key without Resources
313+ key := rule .keyWithGroupResourceNamesURLsVerbs ()
314+ ruleMapWithoutResources [key ] = append (ruleMapWithoutResources [key ], rule )
315+ }
316+ // 2. merge to ruleMap
317+ ruleMap = make (map [ruleKey ]* Rule )
318+ for _ , rules := range ruleMapWithoutResources {
319+ rule := rules [0 ]
320+ for _ , mergeRule := range rules [1 :] {
321+ rule .Resources = append (rule .Resources , mergeRule .Resources ... )
322+ }
323+
324+ key := rule .key ()
325+ ruleMap [key ] = rule
326+ }
327+
328+ // deduplicate groups
329+ // 1. create map based on key without group
330+ ruleMapWithoutGroup := make (map [string ][]* Rule )
331+ for _ , rule := range ruleMap {
332+ // get key without Group
333+ key := rule .keyWithResourcesResourceNamesURLsVerbs ()
334+ ruleMapWithoutGroup [key ] = append (ruleMapWithoutGroup [key ], rule )
335+ }
336+ // 2. merge to ruleMap
337+ ruleMap = make (map [ruleKey ]* Rule )
338+ for _ , rules := range ruleMapWithoutGroup {
339+ rule := rules [0 ]
340+ for _ , mergeRule := range rules [1 :] {
341+ rule .Groups = append (rule .Groups , mergeRule .Groups ... )
342+ }
343+ key := rule .key ()
344+ ruleMap [key ] = rule
345+ }
346+
347+ // deduplicate URLs
348+ // 1. create map based on key without URLs
349+ ruleMapWithoutURLs := make (map [string ][]* Rule )
350+ for _ , rule := range ruleMap {
351+ // get key without Group
352+ key := rule .keyWitGroupResourcesResourceNamesVerbs ()
353+ ruleMapWithoutURLs [key ] = append (ruleMapWithoutURLs [key ], rule )
354+ }
355+ // 2. merge to ruleMap
356+ ruleMap = make (map [ruleKey ]* Rule )
357+ for _ , rules := range ruleMapWithoutURLs {
358+ rule := rules [0 ]
359+ for _ , mergeRule := range rules [1 :] {
360+ rule .URLs = append (rule .URLs , mergeRule .URLs ... )
361+ }
362+ key := rule .key ()
363+ ruleMap [key ] = rule
364+ }
365+
366+ // sort the Rules in rules according to their ruleKeys
367+ keys := make ([]ruleKey , 0 , len (ruleMap ))
368+ for key := range ruleMap {
369+ keys = append (keys , key )
370+ }
371+ sort .Sort (ruleKeys (keys ))
372+
373+ // Normalize rule verbs to "*" if any verb in the rule is an asterisk
374+ for _ , rule := range ruleMap {
375+ for _ , verb := range rule .Verbs {
376+ if verb == "*" {
377+ rule .Verbs = []string {"*" }
378+ break
379+ }
380+ }
381+ }
382+ var policyRules []rbacv1.PolicyRule
383+ for _ , key := range keys {
384+ policyRules = append (policyRules , ruleMap [key ].ToRule ())
385+ }
386+ return policyRules
387+ }
0 commit comments