From 47711c5ed62ce8d2744b1bb8db626c1313e9cb2a Mon Sep 17 00:00:00 2001
From: Carlos de Paula <me@carlosedp.com>
Date: Wed, 9 Oct 2019 11:52:00 -0300
Subject: [PATCH] Add clusterRole generator function

---
 arm_exporter.jsonnet | 32 ++++++++++----------------------
 utils.libsonnet      | 24 ++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 22 deletions(-)

diff --git a/arm_exporter.jsonnet b/arm_exporter.jsonnet
index 4ad5a53..95599db 100644
--- a/arm_exporter.jsonnet
+++ b/arm_exporter.jsonnet
@@ -26,28 +26,16 @@ local utils = import 'utils.libsonnet';
       clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'arm-exporter', namespace: $._config.namespace }]),
 
     clusterRole:
-      local clusterRole = k.rbac.v1.clusterRole;
-      local policyRule = clusterRole.rulesType;
-
-      local authenticationRole = policyRule.new() +
-                                 policyRule.withApiGroups(['authentication.k8s.io']) +
-                                 policyRule.withResources([
-                                   'tokenreviews',
-                                 ]) +
-                                 policyRule.withVerbs(['create']);
-
-      local authorizationRole = policyRule.new() +
-                                policyRule.withApiGroups(['authorization.k8s.io']) +
-                                policyRule.withResources([
-                                  'subjectaccessreviews',
-                                ]) +
-                                policyRule.withVerbs(['create']);
-
-      local rules = [authenticationRole, authorizationRole];
-
-      clusterRole.new() +
-      clusterRole.mixin.metadata.withName('arm-exporter') +
-      clusterRole.withRules(rules),
+      utils.newClusterRole('arm-exporter', [
+        {apis: ['authentication.k8s.io'],
+         res: ['tokenreviews'],
+         verbs: ['create']
+        },
+        {apis: ['authorization.k8s.io'],
+         res: ['subjectaccessreviews'],
+         verbs: ['create']
+        }
+      ]),
 
     serviceAccount:
       local serviceAccount = k.core.v1.serviceAccount;
diff --git a/utils.libsonnet b/utils.libsonnet
index d9adc49..88210b7 100644
--- a/utils.libsonnet
+++ b/utils.libsonnet
@@ -11,6 +11,30 @@ local vars = import 'vars.jsonnet';
         aux(arr, i + 1, running + arr[i]) tailstrict;
     aux(objs, 0, {}),
 
+  // Creates ClusterRoles
+  // roles format example: {apis: ['authentication.k8s.io'],
+  //                        res: ['tokenreviews'],
+  //                        verbs: ['create']
+  //                       }
+    newClusterRole(name, roles):: (
+      local clusterRole = k.rbac.v1.clusterRole;
+      local policyRule = clusterRole.rulesType;
+
+      local p(apigroups, resources, verbs) = policyRule.new() +
+                  policyRule.withApiGroups([a for a in apigroups]) +
+                  policyRule.withResources([r for r in resources]) +
+                  policyRule.withVerbs([v for v in verbs]);
+
+      local r = [ p(pol.apis, pol.res, pol.verbs) for pol in roles ];
+
+      local rules = r;
+
+      local c = clusterRole.new() +
+        clusterRole.mixin.metadata.withName(name) +
+        clusterRole.withRules(rules);
+      c
+    ),
+
   // Creates endpoint objects
   newEndpoint(name, namespace, ips, portName, portNumber):: (
     local endpoints = k.core.v1.endpoints;