clusterrole

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package clusterrole provides a builder and resource for managing Kubernetes ClusterRoles.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Builder 

type Builder struct {
	// contains filtered or unexported fields
}

Builder is a configuration helper for creating and customizing a ClusterRole Resource.

It provides a fluent API for registering mutations and data extractors. Build() validates the configuration and returns an initialized Resource ready for use in a reconciliation loop.

func NewBuilder 

func NewBuilder(cr *rbacv1.ClusterRole) *Builder

NewBuilder initializes a new Builder with the provided ClusterRole object.

The ClusterRole object serves as the desired base state. During reconciliation the Resource will make the cluster's state match this base, modified by any registered mutations.

The provided ClusterRole must have Name set (ClusterRole is cluster-scoped and does not use a namespace), which is validated during the Build() call.

func (*Builder) Build 

func (b *Builder) Build() (*Resource, error)

Build validates the configuration and returns the initialized Resource.

It returns an error if:

  • No ClusterRole object was provided.
  • The ClusterRole is missing a Name.

func (*Builder) WithDataExtractor 

func (b *Builder) WithDataExtractor(extractor func(rbacv1.ClusterRole) error) *Builder

WithDataExtractor registers a function to read values from the ClusterRole after it has been successfully reconciled.

The extractor receives a value copy of the reconciled ClusterRole. This is useful for surfacing generated or updated fields to other components or resources.

A nil extractor is ignored.

func (*Builder) WithGuard added in v0.4.0 

func (b *Builder) WithGuard(guard func(rbacv1.ClusterRole) (concepts.GuardStatusWithReason, error)) *Builder

WithGuard registers a guard precondition that is evaluated before the ClusterRole is applied during reconciliation. If the guard returns Blocked, the ClusterRole and all resources registered after it are skipped until the guard clears. Passing nil clears any previously registered guard.

func (*Builder) WithMutation 

func (b *Builder) WithMutation(m Mutation) *Builder

WithMutation registers a mutation for the ClusterRole.

Mutations are applied sequentially during the Mutate() phase of reconciliation. A mutation with a nil Feature is applied unconditionally; one with a non-nil Feature is applied only when that feature is enabled.

type Mutation 

type Mutation feature.Mutation[*Mutator]

Mutation defines a mutation that is applied to a ClusterRole Mutator only if its associated feature gate is enabled.

type Mutator 

type Mutator struct {
	// contains filtered or unexported fields
}

Mutator is a high-level helper for modifying a Kubernetes ClusterRole.

It uses a "plan-and-apply" pattern: mutations are recorded first, then applied to the ClusterRole in a single controlled pass when Apply() is called.

The Mutator maintains feature boundaries: each feature's mutations are planned together and applied in the order the features were registered. Within each feature, edits are applied in category order: metadata, then rules, then aggregation rule.

Mutator implements editors.ObjectMutator.

func NewMutator 

func NewMutator(cr *rbacv1.ClusterRole) *Mutator

NewMutator creates a new Mutator for the given ClusterRole. The constructor creates the initial feature scope, so mutations can be registered immediately without an explicit call to NextFeature.

func (*Mutator) AddRule 

func (m *Mutator) AddRule(rule rbacv1.PolicyRule)

AddRule records that a PolicyRule should be appended to .rules.

Convenience wrapper over EditRules.

func (*Mutator) Apply 

func (m *Mutator) Apply() error

Apply executes all recorded mutation intents on the underlying ClusterRole.

Execution order across all registered features:

  1. Metadata edits (in registration order within each feature)
  2. Rules edits — EditRules, AddRule (in registration order within each feature)
  3. Aggregation rule — SetAggregationRule (last call wins within each feature)

Features are applied in the order they were registered. Later features observe the ClusterRole as modified by all previous features.

func (*Mutator) EditObjectMetadata 

func (m *Mutator) EditObjectMetadata(edit func(*editors.ObjectMetaEditor) error)

EditObjectMetadata records a mutation for the ClusterRole's own metadata.

Metadata edits are applied before rules edits within the same feature. A nil edit function is ignored.

func (*Mutator) EditRules 

func (m *Mutator) EditRules(edit func(*editors.PolicyRulesEditor) error)

EditRules records a mutation for the ClusterRole's .rules field via a PolicyRulesEditor.

The editor provides structured operations (AddRule, RemoveRuleByIndex, Clear) as well as Raw() for free-form access. Rules edits are applied after metadata edits within the same feature, in registration order.

A nil edit function is ignored.

func (*Mutator) NextFeature 

func (m *Mutator) NextFeature()

NextFeature advances to a new feature planning scope. All subsequent mutation registrations will be grouped into this scope until NextFeature is called again.

The first scope is created automatically by NewMutator. This method is called by the framework between mutations to maintain per-feature ordering semantics.

func (*Mutator) SetAggregationRule 

func (m *Mutator) SetAggregationRule(rule *rbacv1.AggregationRule)

SetAggregationRule records that the ClusterRole's .aggregationRule should be set to the given value.

An aggregation rule causes the API server to combine rules from ClusterRoles whose labels match the provided selectors, instead of using .rules directly. If called multiple times within the same feature, the last call wins.

A nil value clears the aggregation rule.

type Resource 

type Resource struct {
	// contains filtered or unexported fields
}

Resource is a high-level abstraction for managing a Kubernetes ClusterRole within a controller's reconciliation loop.

It implements the following component interfaces:

  • component.Resource: for basic identity and mutation behaviour.
  • concepts.Guardable: for conditional reconciliation based on a guard precondition.
  • concepts.DataExtractable: for exporting values after successful reconciliation.

ClusterRole resources are static: they do not model convergence health, grace periods, or suspension. Use a workload or task primitive for resources that require those concepts.

ClusterRole is cluster-scoped: it has no namespace.

func (*Resource) ExtractData 

func (r *Resource) ExtractData() error

ExtractData executes all registered data extractor functions against a deep copy of the reconciled ClusterRole.

This is called by the framework after successful reconciliation, allowing the component to read generated or updated values from the ClusterRole.

func (*Resource) GuardStatus added in v0.4.0 

func (r *Resource) GuardStatus() (concepts.GuardStatusWithReason, error)

GuardStatus evaluates the resource's guard precondition. If no guard was registered, the resource is unconditionally unblocked.

func (*Resource) Identity 

func (r *Resource) Identity() string

Identity returns a unique identifier for the ClusterRole in the format "rbac.authorization.k8s.io/v1/ClusterRole/<name>".

func (*Resource) Mutate 

func (r *Resource) Mutate(current client.Object) error

Mutate transforms the current state of a Kubernetes ClusterRole into the desired state.

The mutation process follows this order:

  1. The desired base state is applied to the current object.
  2. Feature mutations: all registered feature-gated mutations are applied in order.

This method is invoked by the framework during the Update phase of reconciliation.

func (*Resource) Object 

func (r *Resource) Object() (client.Object, error)

Object returns a deep copy of the underlying Kubernetes ClusterRole object.

The returned object implements client.Object, making it compatible with controller-runtime's Client for Create, Update, and Patch operations.

func (*Resource) PreviewObject added in v0.6.0 

func (r *Resource) PreviewObject() (*rbacv1.ClusterRole, error)

PreviewObject returns the ClusterRole as it would appear after feature mutations have been applied, without modifying the resource's internal state.

Suspension mutations are not applied; the preview reflects content state only.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.