feat(rbac): CEL(common expression language) support (#90)

mattisonchao · web-flow · commit 61603fe08182 · 2024-12-16T17:12:37.000+08:00
diff --git a/cloud/data_source_rolebinding.go b/cloud/data_source_rolebinding.go
@@ -57,6 +57,14 @@ func dataSourceRoleBinding() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+			"cel": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: descriptions["rolebinding_cel"],
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
 		},
 	}
 }
@@ -101,6 +109,12 @@ func DataSourceRoleBindingRead(ctx context.Context, d *schema.ResourceData, meta
 		}
 	}
 
+	if roleBinding.Spec.CEL != nil {
+		if err = d.Set("cel", roleBinding.Spec.CEL); err != nil {
+			return diag.FromErr(fmt.Errorf("ERROR_SET_CEL: %w", err))
+		}
+	}
+
 	if len(roleBinding.Status.Conditions) >= 1 {
 		for _, condition := range roleBinding.Status.Conditions {
 			if condition.Type == "Ready" && condition.Status == "True" {
diff --git a/cloud/provider.go b/cloud/provider.go
@@ -172,6 +172,7 @@ func init() {
 		"rolebinding_cluster_role_name":     "The predefined role name",
 		"rolebinding_service_account_names": "The list of service accounts that are role binding names ",
 		"dns":                               "The DNS ID and name. Must specify together",
+		"rolebinding_cel":                   "The CEL(Common Expression Langauge) for conditional role binding",
 	}
 }
 
diff --git a/cloud/resource_rolebinding.go b/cloud/resource_rolebinding.go
@@ -9,6 +9,7 @@ import (
 	"github.com/streamnative/cloud-api-server/pkg/apis/cloud/v1alpha1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/pointer"
 	"strings"
 	"time"
 )
@@ -82,6 +83,14 @@ func resourceRoleBinding() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+			"cel": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: descriptions["rolebinding_cel"],
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
 		},
 	}
 }
@@ -92,6 +101,7 @@ func resourceRoleBindingCreate(ctx context.Context, d *schema.ResourceData, m in
 
 	predefinedRoleName := d.Get("cluster_role_name").(string)
 	serviceAccountNames := d.Get("service_account_names").([]interface{})
+	cel := d.Get("cel").(string)
 
 	clientSet, err := getClientSet(getFactoryFromMeta(m))
 	if err != nil {
@@ -127,6 +137,9 @@ func resourceRoleBindingCreate(ctx context.Context, d *schema.ResourceData, m in
 			})
 		}
 	}
+	if cel != "" {
+		rb.Spec.CEL = pointer.String(cel)
+	}
 
 	if _, err := clientSet.CloudV1alpha1().RoleBindings(namespace).Create(ctx, rb, metav1.CreateOptions{
 		FieldManager: "terraform-create",

Original file line number	Diff line number	Diff line change
`@@ -172,6 +172,7 @@ func init() {`
`172`	`172`	`"rolebinding_cluster_role_name": "The predefined role name",`
`173`	`173`	`"rolebinding_service_account_names": "The list of service accounts that are role binding names ",`
`174`	`174`	`"dns": "The DNS ID and name. Must specify together",`
	`175`	`+ "rolebinding_cel": "The CEL(Common Expression Langauge) for conditional role binding",`
`175`	`176`	`}`
`176`	`177`	`}`
`177`	`178`