org.openrewrite.kubernetes.rbac.AddRuleToRole
Add RBAC rules to ClusterRoles or namespaced Roles.
GitHub, Issue Tracker, Maven Central
- groupId: org.openrewrite.recipe
- artifactId: rewrite-kubernetes
- version: 2.0.1
Type | Name | Description |
---|---|---|
String |
rbacResourceType | Type of RBAC resource to which this recipe adds a rule. |
String |
rbacResourceName | Glob pattern of the name of the RBAC resource to which this recipe adds a rule. |
Set |
apiGroups | Comma-separated list of API groups to which this rule refers. |
Set |
resources | Comma-separated list of Kubernetes resource types to which this rule refers. |
Set |
resourceNames | Optional. Comma-separated list of names of Kubernetes resources to which this rule applies. |
Set |
verbs | The API verbs to enable with this rule. |
String |
fileMatcher | Optional. Matching files will be modified. This is a glob expression. |
Parameter | Value |
---|---|
rbacResourceType | ClusterRole |
rbacResourceName | cluster-role |
apiGroups | Set.of("") |
resources | Set.of("pods") |
resourceNames | null |
verbs | Set.of("update") |
fileMatcher | null |
{% tabs %} {% tab title="yaml" %}
{% code %}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: namespaced-role
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-role
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"]
{% endcode %}
{% code %}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: namespaced-role
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-role
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["update"]
{% endcode %}
{% endtab %} {% tab title="Diff" %} {% code %}
@@ -19,0 +19,3 @@
resources: ["pods"]
verbs: ["list"]
+- apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["update"]
{% endcode %} {% endtab %} {% endtabs %}
This recipe has required configuration parameters. Recipes with required configuration parameters cannot be activated directly. To activate this recipe you must create a new recipe which fills in the required parameters. In your rewrite.yml
create a new recipe with a unique name. For example: com.yourorg.AddRuleToRoleExample
.
Here's how you can define and customize such a recipe within your rewrite.yml:
{% code title="rewrite.yml" %}
---
type: specs.openrewrite.org/v1beta/recipe
name: com.yourorg.AddRuleToRoleExample
displayName: Add RBAC rules example
recipeList:
- org.openrewrite.kubernetes.rbac.AddRuleToRole:
rbacResourceType: ClusterRole
rbacResourceName: my-cluster-role
apiGroups: ,v1
resources: pods
resourceNames: my-pod
verbs: get,list
fileMatcher: '**/pod-*.yml'
{% endcode %}
Now that com.yourorg.AddRuleToRoleExample
has been defined activate it and take a dependency on org.openrewrite.recipe:rewrite-kubernetes:2.0.1 in your build file:
{% tabs %}
{% tab title="Gradle" %}
{% code title="build.gradle" %}
plugins {
id("org.openrewrite.rewrite") version("6.1.4")
}
rewrite {
activeRecipe("com.yourorg.AddRuleToRoleExample")
}
repositories {
mavenCentral()
}
dependencies {
rewrite("org.openrewrite.recipe:rewrite-kubernetes:2.0.1")
}
{% endcode %} {% endtab %} {% tab title="Maven" %} {% code title="pom.xml" %}
<project>
<build>
<plugins>
<plugin>
<groupId>org.openrewrite.maven</groupId>
<artifactId>rewrite-maven-plugin</artifactId>
<version>5.2.4</version>
<configuration>
<activeRecipes>
<recipe>com.yourorg.AddRuleToRoleExample</recipe>
</activeRecipes>
</configuration>
<dependencies>
<dependency>
<groupId>org.openrewrite.recipe</groupId>
<artifactId>rewrite-kubernetes</artifactId>
<version>2.0.1</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
</project>
{% endcode %} {% endtab %} {% endtabs %}
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.