From c4bdc2b13a6fe40d99aa50ddd37b231506acf60a Mon Sep 17 00:00:00 2001 From: Rob Scott Date: Tue, 25 Sep 2018 18:09:22 -0400 Subject: [PATCH] initial very rough gke support + moving to dep and go 1.11 --- .circleci/config.yml | 6 +- Gopkg.lock | 501 +++++++++++++++++++++++++++++++++++++++++++ Gopkg.toml | 50 +++++ glide.lock | 299 -------------------------- glide.yaml | 12 -- lookup/gke_roles.go | 82 +++++++ lookup/list.go | 48 ++++- lookup/lister.go | 62 +++++- 8 files changed, 736 insertions(+), 324 deletions(-) create mode 100644 Gopkg.lock create mode 100644 Gopkg.toml delete mode 100644 glide.lock delete mode 100644 glide.yaml create mode 100644 lookup/gke_roles.go diff --git a/.circleci/config.yml b/.circleci/config.yml index ca71779..636fa75 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -4,12 +4,12 @@ jobs: working_directory: /go/src/github.com/reactiveops/rbac-lookup docker: - - image: circleci/golang:1.10 + - image: circleci/golang:1.11 steps: - checkout - - run: curl https://glide.sh/get | sh - - run: glide install + - run: curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh + - run: dep ensure - run: go test -v ./lookup/... release: diff --git a/Gopkg.lock b/Gopkg.lock new file mode 100644 index 0000000..8700027 --- /dev/null +++ b/Gopkg.lock @@ -0,0 +1,501 @@ +# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. + + +[[projects]] + digest = "1:aa65b4877ac225076b4362885e9122fdf6a8728f735749c24f1aeabcad9bdaba" + name = "cloud.google.com/go" + packages = [ + "compute/metadata", + "internal", + ] + pruneopts = "UT" + revision = "3b1ae45394a234c385be014e9a488f2bb6eef821" + +[[projects]] + digest = "1:ffe9824d294da03b391f44e1ae8281281b4afc1bdaa9588c9097785e3af10cec" + name = "github.com/davecgh/go-spew" + packages = ["spew"] + pruneopts = "UT" + revision = "8991bc29aa16c548c550c7ff78260e27b9ab7c73" + version = "v1.1.1" + +[[projects]] + digest = "1:c45cef8e0074ea2f8176a051df38553ba997a3616f1ec2d35222b1cf9864881e" + name = "github.com/ghodss/yaml" + packages = ["."] + pruneopts = "UT" + revision = "73d445a93680fa1a78ae23a5839bad48f32ba1ee" + +[[projects]] + digest = "1:f83d740263b44fdeef3e1bce6147b5d7283fcad1a693d39639be33993ecf3db1" + name = "github.com/gogo/protobuf" + packages = [ + "proto", + "sortkeys", + ] + pruneopts = "UT" + revision = "c0656edd0d9eab7c66d1eb0c568f9039345796f7" + +[[projects]] + digest = "1:2edd2416f89b4e841df0e4a78802ce14d2bc7ad79eba1a45986e39f0f8cb7d87" + name = "github.com/golang/glog" + packages = ["."] + pruneopts = "UT" + revision = "44145f04b68cf362d9c4df2182967c2275eaefed" + +[[projects]] + digest = "1:17fe264ee908afc795734e8c4e63db2accabaf57326dbf21763a7d6b86096260" + name = "github.com/golang/protobuf" + packages = [ + "proto", + "ptypes", + "ptypes/any", + "ptypes/duration", + "ptypes/timestamp", + ] + pruneopts = "UT" + revision = "b4deda0973fb4c70b50d226b1af49f3da59f5265" + version = "v1.1.0" + +[[projects]] + digest = "1:62dfb39fe3bddeabb02cc001075ed9f951b044da2cd5b0f970ca798b1553bac3" + name = "github.com/google/btree" + packages = ["."] + pruneopts = "UT" + revision = "7d79101e329e5a3adf994758c578dab82b90c017" + +[[projects]] + digest = "1:41bfd4219241b7f7d6e6fdb13fc712576f1337e68e6b895136283b76928fdd66" + name = "github.com/google/gofuzz" + packages = ["."] + pruneopts = "UT" + revision = "44d81051d367757e1c7c6a5a86423ece9afcf63c" + +[[projects]] + digest = "1:75eb87381d25cc75212f52358df9c3a2719584eaa9685cd510ce28699122f39d" + name = "github.com/googleapis/gnostic" + packages = [ + "OpenAPIv2", + "compiler", + "extensions", + ] + pruneopts = "UT" + revision = "0c5108395e2debce0d731cf0287ddf7242066aba" + +[[projects]] + digest = "1:878f0defa9b853f9acfaf4a162ba450a89d0050eff084f9fe7f5bd15948f172a" + name = "github.com/gregjones/httpcache" + packages = [ + ".", + "diskcache", + ] + pruneopts = "UT" + revision = "787624de3eb7bd915c329cba748687a3b22666a6" + +[[projects]] + digest = "1:06ec9147400aabb0d6960dd8557638603b5f320cd4cb8a3eceaae407e782849a" + name = "github.com/imdario/mergo" + packages = ["."] + pruneopts = "UT" + revision = "6633656539c1639d9d78127b7d47c622b5d7b6dc" + +[[projects]] + digest = "1:870d441fe217b8e689d7949fef6e43efbc787e50f200cb1e70dbca9204a1d6be" + name = "github.com/inconshreveable/mousetrap" + packages = ["."] + pruneopts = "UT" + revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75" + version = "v1.0" + +[[projects]] + digest = "1:eaefc85d32c03e5f0c2b88ea2f79fce3d993e2c78316d21319575dd4ea9153ca" + name = "github.com/json-iterator/go" + packages = ["."] + pruneopts = "UT" + revision = "ab8a2e0c74be9d3be70b3184d9acc634935ded82" + version = "1.1.4" + +[[projects]] + digest = "1:33422d238f147d247752996a26574ac48dcf472976eda7f5134015f06bf16563" + name = "github.com/modern-go/concurrent" + packages = ["."] + pruneopts = "UT" + revision = "bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94" + version = "1.0.3" + +[[projects]] + digest = "1:e32bdbdb7c377a07a9a46378290059822efdce5c8d96fe71940d87cb4f918855" + name = "github.com/modern-go/reflect2" + packages = ["."] + pruneopts = "UT" + revision = "4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd" + version = "1.0.1" + +[[projects]] + branch = "master" + digest = "1:3bf17a6e6eaa6ad24152148a631d18662f7212e21637c2699bff3369b7f00fa2" + name = "github.com/petar/GoLLRB" + packages = ["llrb"] + pruneopts = "UT" + revision = "53be0d36a84c2a886ca057d34b6aa4468df9ccb4" + +[[projects]] + digest = "1:0e7775ebbcf00d8dd28ac663614af924411c868dca3d5aa762af0fae3808d852" + name = "github.com/peterbourgon/diskv" + packages = ["."] + pruneopts = "UT" + revision = "5f041e8faa004a95c88a202771f4cc3e991971e6" + version = "v2.0.1" + +[[projects]] + digest = "1:0028cb19b2e4c3112225cd871870f2d9cf49b9b4276531f03438a88e94be86fe" + name = "github.com/pmezard/go-difflib" + packages = ["difflib"] + pruneopts = "UT" + revision = "792786c7400a136282c1664665ae0a8db921c6c2" + version = "v1.0.0" + +[[projects]] + digest = "1:645cabccbb4fa8aab25a956cbcbdf6a6845ca736b2c64e197ca7cbb9d210b939" + name = "github.com/spf13/cobra" + packages = ["."] + pruneopts = "UT" + revision = "ef82de70bb3f60c65fb8eebacbb2d122ef517385" + version = "v0.0.3" + +[[projects]] + digest = "1:9424f440bba8f7508b69414634aef3b2b3a877e522d8a4624692412805407bb7" + name = "github.com/spf13/pflag" + packages = ["."] + pruneopts = "UT" + revision = "583c0c0531f06d5278b7d917446061adc344b5cd" + version = "v1.0.1" + +[[projects]] + digest = "1:18752d0b95816a1b777505a97f71c7467a8445b8ffb55631a7bf779f6ba4fa83" + name = "github.com/stretchr/testify" + packages = ["assert"] + pruneopts = "UT" + revision = "f35b8ab0b5a2cef36673838d662e249dd9c94686" + version = "v1.2.2" + +[[projects]] + digest = "1:38cb27d3525635c34e84e2dbc2207c37d10832776997665bf0ddaeae2c861f1f" + name = "golang.org/x/crypto" + packages = ["ssh/terminal"] + pruneopts = "UT" + revision = "49796115aa4b964c318aad4f3084fdb41e9aa067" + +[[projects]] + digest = "1:1e853578c8a3c5d54c1b54a4821075393b032110170107295f75442f8b41720c" + name = "golang.org/x/net" + packages = [ + "context", + "context/ctxhttp", + "http2", + "http2/hpack", + "idna", + "lex/httplex", + ] + pruneopts = "UT" + revision = "1c05540f6879653db88113bc4a2b70aec4bd491f" + +[[projects]] + digest = "1:ad764db92ed977f803ff0f59a7a957bf65cc4e8ae9dfd08228e1f54ea40392e0" + name = "golang.org/x/oauth2" + packages = [ + ".", + "google", + "internal", + "jws", + "jwt", + ] + pruneopts = "UT" + revision = "a6bd8cefa1811bd24b86f8902872e4e8225f74c4" + +[[projects]] + digest = "1:e1a85d3648114c446b2874647bf30f646a8594e7e4e45db87fe962aba60e51f5" + name = "golang.org/x/sys" + packages = [ + "unix", + "windows", + ] + pruneopts = "UT" + revision = "95c6576299259db960f6c5b9b69ea52422860fce" + +[[projects]] + digest = "1:97337ef8cb438f9e3a99ea91a300e916ed9a96fbf3ad50f9a020d30ea9f8692f" + name = "golang.org/x/text" + packages = [ + "internal/gen", + "internal/triegen", + "internal/ucd", + "secure/bidirule", + "transform", + "unicode/bidi", + "unicode/cldr", + "unicode/norm", + "unicode/rangetable", + ] + pruneopts = "UT" + revision = "b19bf474d317b857955b12035d2c5acb57ce8b01" + +[[projects]] + digest = "1:d37b0ef2944431fe9e8ef35c6fffc8990d9e2ca300588df94a6890f3649ae365" + name = "golang.org/x/time" + packages = ["rate"] + pruneopts = "UT" + revision = "f51c12702a4d776e4c1fa9b0fabab841babae631" + +[[projects]] + branch = "master" + digest = "1:b385b7132ce582afc42bb5320ff879bd6c31eaff57eefb66c900dae0972a56ff" + name = "google.golang.org/api" + packages = [ + "cloudresourcemanager/v1", + "gensupport", + "googleapi", + "googleapi/internal/uritemplates", + ] + pruneopts = "UT" + revision = "e5ba110cb6cd042d05ea6ea2ce9dd13198c6387a" + +[[projects]] + digest = "1:54627cf9aed79e937dc42fb52028930491c7a52517ee22e2158664a5eff870e3" + name = "google.golang.org/appengine" + packages = [ + ".", + "internal", + "internal/app_identity", + "internal/base", + "internal/datastore", + "internal/log", + "internal/modules", + "internal/remote_api", + "internal/urlfetch", + "urlfetch", + ] + pruneopts = "UT" + revision = "4216e58b9158e5f1c906f1aca75162a46a2ec88a" + +[[projects]] + digest = "1:ef72505cf098abdd34efeea032103377bec06abb61d8a06f002d5d296a4b1185" + name = "gopkg.in/inf.v0" + packages = ["."] + pruneopts = "UT" + revision = "3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4" + version = "v0.9.0" + +[[projects]] + digest = "1:fa62cd569ff15e4dba6dfc6d826e97a7913ef299eccd5804c9d614a84863e485" + name = "gopkg.in/yaml.v2" + packages = ["."] + pruneopts = "UT" + revision = "670d4cfef0544295bc27a114dbac37980d83185a" + +[[projects]] + digest = "1:74142cd2275f77547c35ac51514108d9798a09aa0cf377a5c1084718ef7aa225" + name = "k8s.io/api" + packages = [ + "admissionregistration/v1alpha1", + "admissionregistration/v1beta1", + "apps/v1", + "apps/v1beta1", + "apps/v1beta2", + "authentication/v1", + "authentication/v1beta1", + "authorization/v1", + "authorization/v1beta1", + "autoscaling/v1", + "autoscaling/v2beta1", + "batch/v1", + "batch/v1beta1", + "batch/v2alpha1", + "certificates/v1beta1", + "core/v1", + "events/v1beta1", + "extensions/v1beta1", + "networking/v1", + "policy/v1beta1", + "rbac/v1", + "rbac/v1alpha1", + "rbac/v1beta1", + "scheduling/v1alpha1", + "scheduling/v1beta1", + "settings/v1alpha1", + "storage/v1", + "storage/v1alpha1", + "storage/v1beta1", + ] + pruneopts = "UT" + revision = "072894a440bdee3a891dea811fe42902311cd2a3" + version = "kubernetes-1.11.0" + +[[projects]] + digest = "1:2d7b65f81f722047bfef9d644e1fefed2e358268e044cb0912c0c6b69db61a55" + name = "k8s.io/apimachinery" + packages = [ + "pkg/api/errors", + "pkg/api/meta", + "pkg/api/resource", + "pkg/apis/meta/v1", + "pkg/apis/meta/v1/unstructured", + "pkg/apis/meta/v1beta1", + "pkg/conversion", + "pkg/conversion/queryparams", + "pkg/fields", + "pkg/labels", + "pkg/runtime", + "pkg/runtime/schema", + "pkg/runtime/serializer", + "pkg/runtime/serializer/json", + "pkg/runtime/serializer/protobuf", + "pkg/runtime/serializer/recognizer", + "pkg/runtime/serializer/streaming", + "pkg/runtime/serializer/versioning", + "pkg/selection", + "pkg/types", + "pkg/util/clock", + "pkg/util/errors", + "pkg/util/framer", + "pkg/util/intstr", + "pkg/util/json", + "pkg/util/mergepatch", + "pkg/util/net", + "pkg/util/runtime", + "pkg/util/sets", + "pkg/util/strategicpatch", + "pkg/util/validation", + "pkg/util/validation/field", + "pkg/util/wait", + "pkg/util/yaml", + "pkg/version", + "pkg/watch", + "third_party/forked/golang/json", + "third_party/forked/golang/reflect", + ] + pruneopts = "UT" + revision = "103fd098999dc9c0c88536f5c9ad2e5da39373ae" + version = "kubernetes-1.11.0" + +[[projects]] + digest = "1:31f24b04d77a88790523d63a624874772b3b3088398326776adb1365b00053b0" + name = "k8s.io/client-go" + packages = [ + "discovery", + "discovery/fake", + "kubernetes", + "kubernetes/fake", + "kubernetes/scheme", + "kubernetes/typed/admissionregistration/v1alpha1", + "kubernetes/typed/admissionregistration/v1alpha1/fake", + "kubernetes/typed/admissionregistration/v1beta1", + "kubernetes/typed/admissionregistration/v1beta1/fake", + "kubernetes/typed/apps/v1", + "kubernetes/typed/apps/v1/fake", + "kubernetes/typed/apps/v1beta1", + "kubernetes/typed/apps/v1beta1/fake", + "kubernetes/typed/apps/v1beta2", + "kubernetes/typed/apps/v1beta2/fake", + "kubernetes/typed/authentication/v1", + "kubernetes/typed/authentication/v1/fake", + "kubernetes/typed/authentication/v1beta1", + "kubernetes/typed/authentication/v1beta1/fake", + "kubernetes/typed/authorization/v1", + "kubernetes/typed/authorization/v1/fake", + "kubernetes/typed/authorization/v1beta1", + "kubernetes/typed/authorization/v1beta1/fake", + "kubernetes/typed/autoscaling/v1", + "kubernetes/typed/autoscaling/v1/fake", + "kubernetes/typed/autoscaling/v2beta1", + "kubernetes/typed/autoscaling/v2beta1/fake", + "kubernetes/typed/batch/v1", + "kubernetes/typed/batch/v1/fake", + "kubernetes/typed/batch/v1beta1", + "kubernetes/typed/batch/v1beta1/fake", + "kubernetes/typed/batch/v2alpha1", + "kubernetes/typed/batch/v2alpha1/fake", + "kubernetes/typed/certificates/v1beta1", + "kubernetes/typed/certificates/v1beta1/fake", + "kubernetes/typed/core/v1", + "kubernetes/typed/core/v1/fake", + "kubernetes/typed/events/v1beta1", + "kubernetes/typed/events/v1beta1/fake", + "kubernetes/typed/extensions/v1beta1", + "kubernetes/typed/extensions/v1beta1/fake", + "kubernetes/typed/networking/v1", + "kubernetes/typed/networking/v1/fake", + "kubernetes/typed/policy/v1beta1", + "kubernetes/typed/policy/v1beta1/fake", + "kubernetes/typed/rbac/v1", + "kubernetes/typed/rbac/v1/fake", + "kubernetes/typed/rbac/v1alpha1", + "kubernetes/typed/rbac/v1alpha1/fake", + "kubernetes/typed/rbac/v1beta1", + "kubernetes/typed/rbac/v1beta1/fake", + "kubernetes/typed/scheduling/v1alpha1", + "kubernetes/typed/scheduling/v1alpha1/fake", + "kubernetes/typed/scheduling/v1beta1", + "kubernetes/typed/scheduling/v1beta1/fake", + "kubernetes/typed/settings/v1alpha1", + "kubernetes/typed/settings/v1alpha1/fake", + "kubernetes/typed/storage/v1", + "kubernetes/typed/storage/v1/fake", + "kubernetes/typed/storage/v1alpha1", + "kubernetes/typed/storage/v1alpha1/fake", + "kubernetes/typed/storage/v1beta1", + "kubernetes/typed/storage/v1beta1/fake", + "pkg/apis/clientauthentication", + "pkg/apis/clientauthentication/v1alpha1", + "pkg/apis/clientauthentication/v1beta1", + "pkg/version", + "plugin/pkg/client/auth/exec", + "plugin/pkg/client/auth/gcp", + "rest", + "rest/watch", + "testing", + "third_party/forked/golang/template", + "tools/auth", + "tools/clientcmd", + "tools/clientcmd/api", + "tools/clientcmd/api/latest", + "tools/clientcmd/api/v1", + "tools/metrics", + "tools/reference", + "transport", + "util/cert", + "util/connrotation", + "util/flowcontrol", + "util/homedir", + "util/integer", + "util/jsonpath", + ] + pruneopts = "UT" + revision = "7d04d0e2a0a1a4d4a1cd6baa432a2301492e4e65" + version = "v8.0.0" + +[[projects]] + digest = "1:a2c842a1e0aed96fd732b535514556323a6f5edfded3b63e5e0ab1bce188aa54" + name = "k8s.io/kube-openapi" + packages = ["pkg/util/proto"] + pruneopts = "UT" + revision = "91cfa479c814065e420cee7ed227db0f63a5854e" + +[solve-meta] + analyzer-name = "dep" + analyzer-version = 1 + input-imports = [ + "github.com/spf13/cobra", + "github.com/stretchr/testify/assert", + "golang.org/x/net/context", + "golang.org/x/oauth2/google", + "google.golang.org/api/cloudresourcemanager/v1", + "k8s.io/api/rbac/v1", + "k8s.io/apimachinery/pkg/apis/meta/v1", + "k8s.io/client-go/kubernetes", + "k8s.io/client-go/kubernetes/fake", + "k8s.io/client-go/plugin/pkg/client/auth/gcp", + "k8s.io/client-go/tools/clientcmd", + ] + solver-name = "gps-cdcl" + solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml new file mode 100644 index 0000000..0f2ba2c --- /dev/null +++ b/Gopkg.toml @@ -0,0 +1,50 @@ +# Gopkg.toml example +# +# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html +# for detailed Gopkg.toml documentation. +# +# required = ["github.com/user/thing/cmd/thing"] +# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] +# +# [[constraint]] +# name = "github.com/user/project" +# version = "1.0.0" +# +# [[constraint]] +# name = "github.com/user/project2" +# branch = "dev" +# source = "github.com/myfork/project2" +# +# [[override]] +# name = "github.com/x/y" +# version = "2.4.0" +# +# [prune] +# non-go = false +# go-tests = true +# unused-packages = true + + +[[constraint]] + name = "github.com/spf13/cobra" + version = "0.0.3" + +[[constraint]] + name = "github.com/stretchr/testify" + version = "~1.2.2" + +[[constraint]] + name = "k8s.io/api" + version = "kubernetes-1.11.0" + +[[constraint]] + name = "k8s.io/apimachinery" + version = "kubernetes-1.11.0" + +[[constraint]] + name = "k8s.io/client-go" + version = "8.0.0" + +[prune] + go-tests = true + unused-packages = true diff --git a/glide.lock b/glide.lock deleted file mode 100644 index 1a9d7eb..0000000 --- a/glide.lock +++ /dev/null @@ -1,299 +0,0 @@ -hash: ef09e6a925c1d15d1955c937d43512d375c2a0180547e0d9c4e84ded9dfd99ef -updated: 2018-09-02T18:36:52.618074-04:00 -imports: -- name: cloud.google.com/go - version: 3b1ae45394a234c385be014e9a488f2bb6eef821 - subpackages: - - compute/metadata - - internal -- name: github.com/davecgh/go-spew - version: 782f4967f2dc4564575ca782fe2d04090b5faca8 - subpackages: - - spew -- name: github.com/fatih/color - version: 5b77d2a35fb0ede96d138fc9a99f5c9b6aef11b4 -- name: github.com/ghodss/yaml - version: 73d445a93680fa1a78ae23a5839bad48f32ba1ee -- name: github.com/gogo/protobuf - version: c0656edd0d9eab7c66d1eb0c568f9039345796f7 - subpackages: - - proto - - sortkeys -- name: github.com/golang/glog - version: 44145f04b68cf362d9c4df2182967c2275eaefed -- name: github.com/golang/protobuf - version: b4deda0973fb4c70b50d226b1af49f3da59f5265 - subpackages: - - proto - - ptypes - - ptypes/any - - ptypes/duration - - ptypes/timestamp -- name: github.com/google/btree - version: 7d79101e329e5a3adf994758c578dab82b90c017 -- name: github.com/google/gofuzz - version: 44d81051d367757e1c7c6a5a86423ece9afcf63c -- name: github.com/googleapis/gnostic - version: 0c5108395e2debce0d731cf0287ddf7242066aba - subpackages: - - OpenAPIv2 - - compiler - - extensions -- name: github.com/gregjones/httpcache - version: 787624de3eb7bd915c329cba748687a3b22666a6 - subpackages: - - diskcache -- name: github.com/imdario/mergo - version: 6633656539c1639d9d78127b7d47c622b5d7b6dc -- name: github.com/inconshreveable/mousetrap - version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 -- name: github.com/json-iterator/go - version: ab8a2e0c74be9d3be70b3184d9acc634935ded82 -- name: github.com/modern-go/concurrent - version: bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 -- name: github.com/modern-go/reflect2 - version: 05fbef0ca5da472bbf96c9322b84a53edc03c9fd -- name: github.com/peterbourgon/diskv - version: 5f041e8faa004a95c88a202771f4cc3e991971e6 -- name: github.com/spf13/cobra - version: ef82de70bb3f60c65fb8eebacbb2d122ef517385 -- name: github.com/spf13/pflag - version: 583c0c0531f06d5278b7d917446061adc344b5cd -- name: github.com/stretchr/testify - version: f35b8ab0b5a2cef36673838d662e249dd9c94686 -- name: golang.org/x/crypto - version: 49796115aa4b964c318aad4f3084fdb41e9aa067 - subpackages: - - ssh/terminal -- name: golang.org/x/net - version: 1c05540f6879653db88113bc4a2b70aec4bd491f - subpackages: - - context - - context/ctxhttp - - http2 - - http2/hpack - - idna - - lex/httplex -- name: golang.org/x/oauth2 - version: a6bd8cefa1811bd24b86f8902872e4e8225f74c4 - subpackages: - - google - - internal - - jws - - jwt -- name: golang.org/x/sys - version: 95c6576299259db960f6c5b9b69ea52422860fce - subpackages: - - unix - - windows -- name: golang.org/x/text - version: b19bf474d317b857955b12035d2c5acb57ce8b01 - subpackages: - - secure/bidirule - - transform - - unicode/bidi - - unicode/norm -- name: golang.org/x/time - version: f51c12702a4d776e4c1fa9b0fabab841babae631 - subpackages: - - rate -- name: google.golang.org/appengine - version: 4216e58b9158e5f1c906f1aca75162a46a2ec88a - subpackages: - - internal - - internal/app_identity - - internal/base - - internal/datastore - - internal/log - - internal/modules - - internal/remote_api - - internal/urlfetch - - urlfetch -- name: gopkg.in/inf.v0 - version: 3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4 -- name: gopkg.in/yaml.v2 - version: 670d4cfef0544295bc27a114dbac37980d83185a -- name: k8s.io/api - version: 072894a440bdee3a891dea811fe42902311cd2a3 - subpackages: - - admissionregistration/v1alpha1 - - admissionregistration/v1beta1 - - apps/v1 - - apps/v1beta1 - - apps/v1beta2 - - authentication/v1 - - authentication/v1beta1 - - authorization/v1 - - authorization/v1beta1 - - autoscaling/v1 - - autoscaling/v2beta1 - - batch/v1 - - batch/v1beta1 - - batch/v2alpha1 - - certificates/v1beta1 - - core/v1 - - events/v1beta1 - - extensions/v1beta1 - - imagepolicy/v1alpha1 - - networking/v1 - - policy/v1beta1 - - rbac/v1 - - rbac/v1alpha1 - - rbac/v1beta1 - - scheduling/v1alpha1 - - scheduling/v1beta1 - - settings/v1alpha1 - - storage/v1 - - storage/v1alpha1 - - storage/v1beta1 -- name: k8s.io/apimachinery - version: 103fd098999dc9c0c88536f5c9ad2e5da39373ae - subpackages: - - pkg/api/equality - - pkg/api/errors - - pkg/api/meta - - pkg/api/resource - - pkg/api/resource - - pkg/api/testing - - pkg/api/testing/fuzzer - - pkg/api/testing/fuzzer - - pkg/api/testing/roundtrip - - pkg/apis/meta/fuzzer - - pkg/apis/meta/fuzzer - - pkg/apis/meta/v1 - - pkg/apis/meta/v1 - - pkg/apis/meta/v1/unstructured - - pkg/apis/meta/v1beta1 - - pkg/conversion - - pkg/conversion/queryparams - - pkg/fields - - pkg/labels - - pkg/runtime - - pkg/runtime - - pkg/runtime/schema - - pkg/runtime/schema - - pkg/runtime/serializer - - pkg/runtime/serializer - - pkg/runtime/serializer/json - - pkg/runtime/serializer/protobuf - - pkg/runtime/serializer/recognizer - - pkg/runtime/serializer/streaming - - pkg/runtime/serializer/versioning - - pkg/selection - - pkg/types - - pkg/types - - pkg/util/clock - - pkg/util/diff - - pkg/util/errors - - pkg/util/framer - - pkg/util/intstr - - pkg/util/intstr - - pkg/util/json - - pkg/util/mergepatch - - pkg/util/net - - pkg/util/runtime - - pkg/util/sets - - pkg/util/strategicpatch - - pkg/util/validation - - pkg/util/validation/field - - pkg/util/wait - - pkg/util/yaml - - pkg/version - - pkg/watch - - third_party/forked/golang/json - - third_party/forked/golang/reflect -- name: k8s.io/client-go - version: 7d04d0e2a0a1a4d4a1cd6baa432a2301492e4e65 - subpackages: - - discovery - - discovery/fake - - kubernetes - - kubernetes/fake - - kubernetes/scheme - - kubernetes/typed/admissionregistration/v1alpha1 - - kubernetes/typed/admissionregistration/v1alpha1/fake - - kubernetes/typed/admissionregistration/v1beta1 - - kubernetes/typed/admissionregistration/v1beta1/fake - - kubernetes/typed/apps/v1 - - kubernetes/typed/apps/v1/fake - - kubernetes/typed/apps/v1beta1 - - kubernetes/typed/apps/v1beta1/fake - - kubernetes/typed/apps/v1beta2 - - kubernetes/typed/apps/v1beta2/fake - - kubernetes/typed/authentication/v1 - - kubernetes/typed/authentication/v1/fake - - kubernetes/typed/authentication/v1beta1 - - kubernetes/typed/authentication/v1beta1/fake - - kubernetes/typed/authorization/v1 - - kubernetes/typed/authorization/v1/fake - - kubernetes/typed/authorization/v1beta1 - - kubernetes/typed/authorization/v1beta1/fake - - kubernetes/typed/autoscaling/v1 - - kubernetes/typed/autoscaling/v1/fake - - kubernetes/typed/autoscaling/v2beta1 - - kubernetes/typed/autoscaling/v2beta1/fake - - kubernetes/typed/batch/v1 - - kubernetes/typed/batch/v1/fake - - kubernetes/typed/batch/v1beta1 - - kubernetes/typed/batch/v1beta1/fake - - kubernetes/typed/batch/v2alpha1 - - kubernetes/typed/batch/v2alpha1/fake - - kubernetes/typed/certificates/v1beta1 - - kubernetes/typed/certificates/v1beta1/fake - - kubernetes/typed/core/v1 - - kubernetes/typed/core/v1/fake - - kubernetes/typed/events/v1beta1 - - kubernetes/typed/events/v1beta1/fake - - kubernetes/typed/extensions/v1beta1 - - kubernetes/typed/extensions/v1beta1/fake - - kubernetes/typed/networking/v1 - - kubernetes/typed/networking/v1/fake - - kubernetes/typed/policy/v1beta1 - - kubernetes/typed/policy/v1beta1/fake - - kubernetes/typed/rbac/v1 - - kubernetes/typed/rbac/v1/fake - - kubernetes/typed/rbac/v1alpha1 - - kubernetes/typed/rbac/v1alpha1/fake - - kubernetes/typed/rbac/v1beta1 - - kubernetes/typed/rbac/v1beta1/fake - - kubernetes/typed/scheduling/v1alpha1 - - kubernetes/typed/scheduling/v1alpha1/fake - - kubernetes/typed/scheduling/v1beta1 - - kubernetes/typed/scheduling/v1beta1/fake - - kubernetes/typed/settings/v1alpha1 - - kubernetes/typed/settings/v1alpha1/fake - - kubernetes/typed/storage/v1 - - kubernetes/typed/storage/v1/fake - - kubernetes/typed/storage/v1alpha1 - - kubernetes/typed/storage/v1alpha1/fake - - kubernetes/typed/storage/v1beta1 - - kubernetes/typed/storage/v1beta1/fake - - pkg/apis/clientauthentication - - pkg/apis/clientauthentication/v1alpha1 - - pkg/apis/clientauthentication/v1beta1 - - pkg/version - - plugin/pkg/client/auth/exec - - plugin/pkg/client/auth/gcp - - rest - - rest/watch - - testing - - third_party/forked/golang/template - - tools/auth - - tools/clientcmd - - tools/clientcmd/api - - tools/clientcmd/api/latest - - tools/clientcmd/api/v1 - - tools/metrics - - tools/reference - - transport - - util/cert - - util/connrotation - - util/flowcontrol - - util/homedir - - util/integer - - util/jsonpath -- name: k8s.io/kube-openapi - version: 91cfa479c814065e420cee7ed227db0f63a5854e - subpackages: - - pkg/util/proto -testImports: [] diff --git a/glide.yaml b/glide.yaml deleted file mode 100644 index 628a321..0000000 --- a/glide.yaml +++ /dev/null @@ -1,12 +0,0 @@ -package: github.com/reactiveops/rbac-lookup -import: -- package: k8s.io/client-go - version: v8.0.0 -- package: github.com/fatih/color - version: v1.7.0 -- package: github.com/json-iterator/go - version: 1.1.4 -- package: github.com/spf13/cobra - version: 0.0.3 -- package: github.com/stretchr/testify - version: ~1.2.2 diff --git a/lookup/gke_roles.go b/lookup/gke_roles.go new file mode 100644 index 0000000..e486689 --- /dev/null +++ b/lookup/gke_roles.go @@ -0,0 +1,82 @@ +// Copyright 2018 ReactiveOps +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package lookup + +var gkeIamRoles = map[string]simpleRole{ + "roles/container.clusterAdmin": { + Kind: "IAM", + Name: "cluster-admin", + Source: simpleRoleSource{ + Kind: "IAMRole", + Name: "container.clusterAdmin", + }, + }, + "roles/container.admin": { + Kind: "IAM", + Name: "admin", + Source: simpleRoleSource{ + Kind: "IAMRole", + Name: "container.admin", + }, + }, + "roles/container.developer": { + Kind: "IAM", + Name: "edit", + Source: simpleRoleSource{ + Kind: "IAMRole", + Name: "container.developer", + }, + }, + "roles/container.viewer": { + Kind: "IAM", + Name: "view", + Source: simpleRoleSource{ + Kind: "IAMRole", + Name: "container.viewer", + }, + }, + "roles/owner": { + Kind: "IAM", + Name: "cluster-admin", + Source: simpleRoleSource{ + Kind: "IAMRole", + Name: "owner", + }, + }, + "roles/admin": { + Kind: "IAM", + Name: "admin", + Source: simpleRoleSource{ + Kind: "IAMRole", + Name: "admin", + }, + }, + "roles/editor": { + Kind: "IAM", + Name: "edit", + Source: simpleRoleSource{ + Kind: "IAMRole", + Name: "editor", + }, + }, + "roles/viewer": { + Kind: "IAM", + Name: "view", + Source: simpleRoleSource{ + Kind: "IAMRole", + Name: "viewer", + }, + }, +} diff --git a/lookup/list.go b/lookup/list.go index d7f8665..49cf751 100644 --- a/lookup/list.go +++ b/lookup/list.go @@ -19,6 +19,7 @@ import ( "fmt" "os" "path/filepath" + "strings" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" @@ -27,13 +28,22 @@ import ( _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" ) +type clusterInfo struct { + ClusterName string + GkeZone string + GkeProjectName string +} + // List outputs rbac bindings where subject names match given string func List(args []string, outputFormat string) { - clientset, err := getClientSet() + kubeconfig := getKubeConfig() + clientset, err := getClientSet(kubeconfig) if err != nil { panic(err.Error()) } + ci := getClusterInfo(kubeconfig) + filter := "" if len(args) > 0 { filter = args[0] @@ -42,6 +52,7 @@ func List(args []string, outputFormat string) { l := lister{ filter: filter, clientset: clientset, + gkeProjectName: ci.GkeProjectName, rbacSubjectsByScope: make(map[string]rbacSubject), } @@ -54,7 +65,7 @@ func List(args []string, outputFormat string) { l.printRbacBindings(outputFormat) } -func getClientSet() (*kubernetes.Clientset, error) { +func getKubeConfig() string { var kubeconfig string if os.Getenv("KUBECONFIG") != "" { kubeconfig = os.Getenv("KUBECONFIG") @@ -64,19 +75,38 @@ func getClientSet() (*kubernetes.Clientset, error) { fmt.Println("Parsing kubeconfig failed, please set KUBECONFIG env var") os.Exit(1) } - flag.Parse() + if _, err := os.Stat(kubeconfig); err != nil { + // kubeconfig doesn't exist + fmt.Printf("%s does not exist - please make sure you have a kubeconfig configured.\n", kubeconfig) + panic(err.Error()) + } - if _, err := os.Stat(kubeconfig); err != nil { - // kubeconfig doesn't exist - fmt.Printf("%s does not exist - please make sure you have a kubeconfig configured.\n", kubeconfig) - os.Exit(1) - } + return kubeconfig +} +func getClusterInfo(kubeconfig string) *clusterInfo { + c, err := clientcmd.LoadFromFile(kubeconfig) + if err != nil { + panic(err.Error()) + } + s := strings.Split(c.CurrentContext, "_") + if s[0] == "gke" { + return &clusterInfo{ + ClusterName: s[3], + GkeZone: s[2], + GkeProjectName: s[1], + } + } + return &clusterInfo{} +} + +func getClientSet(kubeconfig string) (*kubernetes.Clientset, error) { + flag.Parse() // use the current context in kubeconfig config, err := clientcmd.BuildConfigFromFlags("", kubeconfig) if err != nil { - panic(err.Error()) + return nil, err } // create the clientset diff --git a/lookup/lister.go b/lookup/lister.go index 5c276c7..ea079ee 100644 --- a/lookup/lister.go +++ b/lookup/lister.go @@ -21,6 +21,10 @@ import ( "strings" "text/tabwriter" + "golang.org/x/net/context" + "golang.org/x/oauth2/google" + "google.golang.org/api/cloudresourcemanager/v1" + rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -47,9 +51,10 @@ type simpleRoleSource struct { } type lister struct { - rbacSubjectsByScope map[string]rbacSubject clientset kubernetes.Interface filter string + gkeProjectName string + rbacSubjectsByScope map[string]rbacSubject } func (l *lister) loadAll() error { @@ -65,6 +70,12 @@ func (l *lister) loadAll() error { return crbErr } + gkeErr := l.loadGkeRoleBindings() + + if gkeErr != nil { + return gkeErr + } + return nil } @@ -178,3 +189,52 @@ func (rbacSubj *rbacSubject) addRoleBinding(roleBinding *rbacv1.RoleBinding) { simpleRole.Kind = roleBinding.RoleRef.Kind rbacSubj.RolesByScope[roleBinding.Namespace] = append(rbacSubj.RolesByScope[roleBinding.Namespace], simpleRole) } + +func (l *lister) loadGkeRoleBindings() error { + ctx := context.Background() + + c, err := google.DefaultClient(ctx, cloudresourcemanager.CloudPlatformScope) + if err != nil { + return err + } + + crmService, err := cloudresourcemanager.New(c) + if err != nil { + return err + } + + resource := l.gkeProjectName + + ipr := &cloudresourcemanager.GetIamPolicyRequest{} + + resp, err := crmService.Projects.GetIamPolicy(resource, ipr).Context(ctx).Do() + if err != nil { + return err + } + + scope := "project-wide" + + for _, binding := range resp.Bindings { + if sr, ok := gkeIamRoles[binding.Role]; ok { + for _, member := range binding.Members { + s := strings.Split(member, ":") + memberKind := strings.Title(s[0]) + memberName := s[1] + if l.filter == "" || strings.Contains(memberName, l.filter) { + rbacSubj, exist := l.rbacSubjectsByScope[memberName] + if !exist { + rbacSubj = rbacSubject{ + Kind: memberKind, + RolesByScope: make(map[string][]simpleRole), + } + } + + rbacSubj.RolesByScope[scope] = append(rbacSubj.RolesByScope[scope], sr) + l.rbacSubjectsByScope[memberName] = rbacSubj + } + } + } + } + + return nil +}