feat: add serviceaccount name to the response when POST the JWT token

Signed-off-by: Peter Balogh <[email protected]>
banzaicloud · Dec 4, 2020 · 42e97d0 · 42e97d0
1 parent 7273df3
commit 42e97d0
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 22 deletions.
diff --git a/internal/rbacapi/http_handler.go b/internal/rbacapi/http_handler.go
@@ -31,6 +31,14 @@ type jwtToken struct {
 	Token string `json:"token"`
 }
 
+// createRBACResponse
+type createRBACResponse struct {
+	Email           string
+	Groups          []string
+	FederatedClaims tokenhandler.FederatedClaims
+	ServiceAccount  string
+}
+
 // HTTPController collects the greeting use cases and exposes them as HTTP handlers.
 type HTTPController struct {
 	TConf  *tokenhandler.Config
@@ -90,12 +98,20 @@ func (a *HTTPController) handleRBACResources(w http.ResponseWriter, r *http.Requ
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
-		err = rbachandler.CreateRBAC(user, a.RConf, a.Logger)
+		serviceAccount, err := rbachandler.CreateRBAC(user, a.RConf, a.Logger)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
-		b, _ := json.Marshal(user)
+		a.Logger.Info("test", map[string]interface{}{
+			"test": serviceAccount.Name,
+		})
+		createRBACResponse := createRBACResponse{}
+		createRBACResponse.Email = user.Email
+		createRBACResponse.Groups = user.Groups
+		createRBACResponse.FederatedClaims = user.FederatedClaims
+		createRBACResponse.ServiceAccount = serviceAccount.Name
+		b, _ := json.Marshal(createRBACResponse)
 		w.WriteHeader(http.StatusCreated)
 		_, _ = w.Write(b)
 

diff --git a/pkg/rbachandler/rbac_handler.go b/pkg/rbachandler/rbac_handler.go
@@ -75,8 +75,8 @@ type roleBinding struct {
 }
 
 // serviceAccount implements create ServiceAccount
-type serviceAccount struct {
-	name      string
+type ServiceAccount struct {
+	Name      string
 	labels    labels
 	namespace string
 }
@@ -85,7 +85,7 @@ type rbacResources struct {
 	clusterRoles        []clusterRole
 	clusterRoleBindings []clusterRoleBinding
 	roleBindings        []roleBinding
-	serviceAccount      serviceAccount
+	serviceAccount      ServiceAccount
 }
 
 // RBACHandler implements getting, creating and deleting resources
@@ -221,8 +221,8 @@ func (rh *RBACHandler) listServiceAccount() ([]string, error) {
 	return serviceAccList, nil
 }
 
-func (rh *RBACHandler) createServiceAccount(sa *serviceAccount) error {
-	if _, err := rh.getAndCheckSA(sa.name); err == nil {
+func (rh *RBACHandler) createServiceAccount(sa *ServiceAccount) error {
+	if _, err := rh.getAndCheckSA(sa.Name); err == nil {
 		return nil
 	}
 	saObj := &apicorev1.ServiceAccount{
@@ -231,7 +231,7 @@ func (rh *RBACHandler) createServiceAccount(sa *serviceAccount) error {
 			APIVersion: "v1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      sa.name,
+			Name:      sa.Name,
 			Namespace: sa.namespace,
 			Labels:    sa.labels,
 		},
@@ -482,8 +482,8 @@ func generateRbacResources(user *tokenhandler.User, config *Config, nameSpaces [
 	rbacResources := &rbacResources{
 		clusterRoles:        clusterRoles,
 		clusterRoleBindings: clusterRoleBindings,
-		serviceAccount: serviceAccount{
-			name:   saName,
+		serviceAccount: ServiceAccount{
+			Name:   saName,
 			labels: defaultLabel,
 		},
 		roleBindings: roleBindings,
@@ -510,43 +510,43 @@ func generateClusterRoleRBACResources(config *Config, logger logur.Logger) (*rba
 }
 
 // CreateRBAC create RBAC resources
-func CreateRBAC(user *tokenhandler.User, config *Config, logger logur.Logger) error {
+func CreateRBAC(user *tokenhandler.User, config *Config, logger logur.Logger) (*ServiceAccount, error) {
 	logger = log.WithFields(logger, map[string]interface{}{"package": "rbachandler"})
 
 	rbacHandler, err := NewRBACHandler(config.KubeConfig, logger)
 	if err != nil {
-		return err
+		return &ServiceAccount{}, err
 	}
 	rbacResources, err := generateRbacResources(user, config, []string{"default"}, logger)
 	if err != nil {
 		logger.Error(err.Error(), nil)
-		return err
+		return &ServiceAccount{}, err
 	}
 	if err := rbacHandler.createServiceAccount(&rbacResources.serviceAccount); err != nil {
 		logger.Error(err.Error(), nil)
-		return err
+		return &rbacResources.serviceAccount, err
 	}
 	if len(rbacResources.clusterRoles) > 0 {
 		for _, clusterRole := range rbacResources.clusterRoles {
 			if err := rbacHandler.createClusterRole(&clusterRole); err != nil {
 				logger.Error(err.Error(), nil)
-				return err
+				return &rbacResources.serviceAccount, err
 			}
 		}
 	}
 	for _, clusterRoleBinding := range rbacResources.clusterRoleBindings {
 		if err := rbacHandler.createClusterRoleBinding(&clusterRoleBinding); err != nil {
 			logger.Error(err.Error(), nil)
-			return err
+			return &rbacResources.serviceAccount, err
 		}
 	}
 	for _, roleBinding := range rbacResources.roleBindings {
 		if err := rbacHandler.createRoleBinding(&roleBinding); err != nil {
 			logger.Error(err.Error(), nil)
-			return err
+			return &rbacResources.serviceAccount, err
 		}
 	}
-	return nil
+	return &rbacResources.serviceAccount, nil
 }
 
 func (rh *RBACHandler) getAndCheckSA(saName string) (*apicorev1.ServiceAccount, error) {

diff --git a/pkg/rbachandler/rbac_handler_test.go b/pkg/rbachandler/rbac_handler_test.go
@@ -96,7 +96,7 @@ func TestGenerateRbacResources(t *testing.T) {
 	assert.NoError(err)
 	roleSuccess := assert.Equal(len(testRbacResources.clusterRoles), 1)
 	assert.Equal(len(testRbacResources.clusterRoleBindings), 2)
-	assert.Equal(testRbacResources.serviceAccount.name, "janedoe-example-com")
+	assert.Equal(testRbacResources.serviceAccount.Name, "janedoe-example-com")
 	if roleSuccess {
 		assert.Equal(testRbacResources.clusterRoles[0].name, "developers-from-jwt")
 	}
@@ -112,7 +112,7 @@ func TestGenerateRbacResources(t *testing.T) {
 	assert.NoError(err)
 	assert.Equal(len(testRbacResources.clusterRoles), 0)
 	assert.Equal(len(testRbacResources.clusterRoleBindings), 1)
-	assert.Equal(testRbacResources.serviceAccount.name, "janedoe-example-com")
+	assert.Equal(testRbacResources.serviceAccount.Name, "janedoe-example-com")
 	bindNames = nil
 	roleNames = nil
 	for _, crBind := range testRbacResources.clusterRoleBindings {
@@ -141,7 +141,7 @@ func TestGenerateRbacResourcesWithNameSpaces(t *testing.T) {
 	roleSuccess := assert.Equal(len(testRbacResources.clusterRoles), 1)
 	assert.Equal(len(testRbacResources.roleBindings), 1)
 	assert.Equal(len(testRbacResources.clusterRoleBindings), 1)
-	assert.Equal(testRbacResources.serviceAccount.name, "janedoe-example-com")
+	assert.Equal(testRbacResources.serviceAccount.Name, "janedoe-example-com")
 	if roleSuccess {
 		assert.Equal(testRbacResources.clusterRoles[0].name, "developers-from-jwt")
 	}
@@ -167,7 +167,7 @@ func TestGenerateRbacResourcesWithNameSpaces(t *testing.T) {
 	assert.NoError(err)
 	assert.Equal(len(testRbacResources.clusterRoles), 0)
 	assert.Equal(len(testRbacResources.clusterRoleBindings), 1)
-	assert.Equal(testRbacResources.serviceAccount.name, "janedoe-example-com")
+	assert.Equal(testRbacResources.serviceAccount.Name, "janedoe-example-com")
 	bindNames = nil
 	roleNames = nil
 	for _, crBind := range testRbacResources.clusterRoleBindings {