From f904a8ded840bd8cb944c6b67461fa176b581715 Mon Sep 17 00:00:00 2001 From: Matt Rogers Date: Tue, 10 Jul 2018 20:37:56 -0400 Subject: [PATCH] UPSTREAM : Add more kubectl auth reconcile flags --- .../pkg/kubectl/cmd/auth/reconcile.go | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/reconcile.go b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/reconcile.go index f4e84e31e84b..7656d2d5ccd7 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/reconcile.go +++ b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/reconcile.go @@ -38,9 +38,11 @@ import ( // ReconcileOptions is the start of the data required to perform the operation. As new fields are added, add them here instead of // referencing the cmd.Flags() type ReconcileOptions struct { - PrintFlags *genericclioptions.PrintFlags - FilenameOptions *resource.FilenameOptions - DryRun bool + PrintFlags *genericclioptions.PrintFlags + FilenameOptions *resource.FilenameOptions + DryRun bool + RemoveExtraPermissions bool + RemoveExtraSubjects bool Visitor resource.Visitor RBACClient rbacv1client.RbacV1Interface @@ -90,6 +92,8 @@ func NewCmdReconcile(f cmdutil.Factory, streams genericclioptions.IOStreams) *co cmdutil.AddFilenameOptionFlags(cmd, o.FilenameOptions, "identifying the resource to reconcile.") cmd.Flags().BoolVar(&o.DryRun, "dry-run", o.DryRun, "If true, display results but do not submit changes") + cmd.Flags().BoolVar(&o.RemoveExtraPermissions, "remove-extra-permissions", o.RemoveExtraPermissions, "If true, removes extra permissions added to roles") + cmd.Flags().BoolVar(&o.RemoveExtraSubjects, "remove-extra-subjects", o.RemoveExtraSubjects, "If true, removes extra subjects added to rolebindings") cmd.MarkFlagRequired("filename") return cmd @@ -182,7 +186,7 @@ func (o *ReconcileOptions) RunReconcile() error { case *rbacv1.Role: reconcileOptions := reconciliation.ReconcileRoleOptions{ Confirm: !o.DryRun, - RemoveExtraPermissions: false, + RemoveExtraPermissions: o.RemoveExtraPermissions, Role: reconciliation.RoleRuleOwner{Role: t}, Client: reconciliation.RoleModifier{ NamespaceClient: o.NamespaceClient.Namespaces(), @@ -198,7 +202,7 @@ func (o *ReconcileOptions) RunReconcile() error { case *rbacv1.ClusterRole: reconcileOptions := reconciliation.ReconcileRoleOptions{ Confirm: !o.DryRun, - RemoveExtraPermissions: false, + RemoveExtraPermissions: o.RemoveExtraPermissions, Role: reconciliation.ClusterRoleRuleOwner{ClusterRole: t}, Client: reconciliation.ClusterRoleModifier{ Client: o.RBACClient.ClusterRoles(), @@ -213,7 +217,7 @@ func (o *ReconcileOptions) RunReconcile() error { case *rbacv1.RoleBinding: reconcileOptions := reconciliation.ReconcileRoleBindingOptions{ Confirm: !o.DryRun, - RemoveExtraSubjects: false, + RemoveExtraSubjects: o.RemoveExtraSubjects, RoleBinding: reconciliation.RoleBindingAdapter{RoleBinding: t}, Client: reconciliation.RoleBindingClientAdapter{ Client: o.RBACClient, @@ -229,7 +233,7 @@ func (o *ReconcileOptions) RunReconcile() error { case *rbacv1.ClusterRoleBinding: reconcileOptions := reconciliation.ReconcileRoleBindingOptions{ Confirm: !o.DryRun, - RemoveExtraSubjects: false, + RemoveExtraSubjects: o.RemoveExtraSubjects, RoleBinding: reconciliation.ClusterRoleBindingAdapter{ClusterRoleBinding: t}, Client: reconciliation.ClusterRoleBindingClientAdapter{ Client: o.RBACClient.ClusterRoleBindings(),