60 lines
1.5 KiB
Go
60 lines
1.5 KiB
Go
package create
|
|
|
|
import (
|
|
"fmt"
|
|
"github.com/cirruslabs/orchard/pkg/client"
|
|
v1 "github.com/cirruslabs/orchard/pkg/resource/v1"
|
|
"github.com/spf13/cobra"
|
|
"strings"
|
|
)
|
|
|
|
var token string
|
|
var roles []string
|
|
|
|
func newCreateServiceAccount() *cobra.Command {
|
|
command := &cobra.Command{
|
|
Use: "service-account NAME",
|
|
Short: "Create a service account",
|
|
RunE: runCreateServiceAccount,
|
|
Args: cobra.ExactArgs(1),
|
|
}
|
|
|
|
command.Flags().StringVar(&token, "token", "",
|
|
"token to use for this service account (autogenerated by the API server if left empty)")
|
|
|
|
var serviceAccountRoleList []string
|
|
for _, role := range v1.AllServiceAccountRoles() {
|
|
serviceAccountRoleList = append(serviceAccountRoleList, string(role))
|
|
}
|
|
command.Flags().StringArrayVar(&roles, "roles", []string{},
|
|
fmt.Sprintf("roles to grant to this service account (supported roles: %s)",
|
|
strings.Join(serviceAccountRoleList, ", ")))
|
|
|
|
return command
|
|
}
|
|
|
|
func runCreateServiceAccount(cmd *cobra.Command, args []string) error {
|
|
name := args[0]
|
|
|
|
client, err := client.New()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
var serviceAccountRoles []v1.ServiceAccountRole
|
|
|
|
for _, role := range roles {
|
|
// Don't bother checking if the role name is valid
|
|
// since this will be checked by the API server anyway
|
|
serviceAccountRoles = append(serviceAccountRoles, v1.ServiceAccountRole(role))
|
|
}
|
|
|
|
return client.ServiceAccounts().Create(cmd.Context(), &v1.ServiceAccount{
|
|
Meta: v1.Meta{
|
|
Name: name,
|
|
},
|
|
Token: token,
|
|
Roles: serviceAccountRoles,
|
|
})
|
|
}
|