package create
import (
"fmt"
"io"
"github.com/spf13/cobra"
"k8s.io/kubernetes/pkg/api/meta"
cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
"k8s.io/kubernetes/pkg/runtime"
authorizationapi "github.com/openshift/origin/pkg/authorization/api"
"github.com/openshift/origin/pkg/client"
"github.com/openshift/origin/pkg/cmd/templates"
"github.com/openshift/origin/pkg/cmd/util/clientcmd"
)
const PolicyBindingRecommendedName = "policybinding"
var (
policyBindingLong = templates.LongDesc(`Create a policy binding that references the policy in the targetted namespace.`)
policyBindingExample = templates.Examples(`
# Create a policy binding in namespace "foo" that references the policy in namespace "bar"
%[1]s bar -n foo`)
)
type CreatePolicyBindingOptions struct {
BindingNamespace string
PolicyNamespace string
BindingClient client.PolicyBindingsNamespacer
Mapper meta.RESTMapper
OutputFormat string
Out io.Writer
Printer ObjectPrinter
}
type ObjectPrinter func(runtime.Object, io.Writer) error
// NewCmdCreateServiceAccount is a macro command to create a new service account
func NewCmdCreatePolicyBinding(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command {
o := &CreatePolicyBindingOptions{Out: out}
cmd := &cobra.Command{
Use: name + " TARGET_POLICY_NAMESPACE",
Short: "Create a policy binding that references the policy in the targetted namespace.",
Long: policyBindingLong,
Example: fmt.Sprintf(policyBindingExample, fullName),
Run: func(cmd *cobra.Command, args []string) {
cmdutil.CheckErr(o.Complete(cmd, f, args))
cmdutil.CheckErr(o.Validate())
cmdutil.CheckErr(o.Run())
},
}
cmdutil.AddOutputFlagsForMutation(cmd)
return cmd
}
func (o *CreatePolicyBindingOptions) Complete(cmd *cobra.Command, f *clientcmd.Factory, args []string) error {
if len(args) != 1 {
return fmt.Errorf("exactly one argument (policy namespace) is supported, not: %v", args)
}
o.PolicyNamespace = args[0]
namespace, _, err := f.DefaultNamespace()
if err != nil {
return err
}
o.BindingNamespace = namespace
client, _, err := f.Clients()
if err != nil {
return err
}
o.BindingClient = client
o.Mapper, _ = f.Object(false)
o.OutputFormat = cmdutil.GetFlagString(cmd, "output")
o.Printer = func(obj runtime.Object, out io.Writer) error {
return f.PrintObject(cmd, o.Mapper, obj, out)
}
return nil
}
func (o *CreatePolicyBindingOptions) Validate() error {
if len(o.BindingNamespace) == 0 {
return fmt.Errorf("destination namespace is required")
}
if len(o.PolicyNamespace) == 0 {
return fmt.Errorf("referenced policy namespace is required")
}
if o.BindingClient == nil {
return fmt.Errorf("BindingClient is required")
}
if o.Mapper == nil {
return fmt.Errorf("Mapper is required")
}
if o.Out == nil {
return fmt.Errorf("Out is required")
}
if o.Printer == nil {
return fmt.Errorf("Printer is required")
}
return nil
}
func (o *CreatePolicyBindingOptions) Run() error {
binding := &authorizationapi.PolicyBinding{}
binding.PolicyRef.Namespace = o.PolicyNamespace
binding.PolicyRef.Name = authorizationapi.PolicyName
binding.Name = authorizationapi.GetPolicyBindingName(binding.PolicyRef.Namespace)
actualBinding, err := o.BindingClient.PolicyBindings(o.BindingNamespace).Create(binding)
if err != nil {
return err
}
if useShortOutput := o.OutputFormat == "name"; useShortOutput || len(o.OutputFormat) == 0 {
cmdutil.PrintSuccess(o.Mapper, useShortOutput, o.Out, "policybinding", actualBinding.Name, "created")
return nil
}
return o.Printer(actualBinding, o.Out)
}