Push namespace transformer code to plugin.

2026-06-13 01:50:55 +00:00 · 2019-06-19 12:57:02 -07:00
parent 658ebeaa21
commit 2eccf67b1c
4 changed files with 101 additions and 331 deletions
--- a/plugin/builtin/namespacetransformer/NamespaceTransformer.go
+++ b/plugin/builtin/namespacetransformer/NamespaceTransformer.go
@@ -5,8 +5,11 @@
 package main

 import (
+	"sigs.k8s.io/kustomize/pkg/gvk"
 	"sigs.k8s.io/kustomize/pkg/ifc"
+	"sigs.k8s.io/kustomize/pkg/resid"
 	"sigs.k8s.io/kustomize/pkg/resmap"
+	"sigs.k8s.io/kustomize/pkg/resource"
 	"sigs.k8s.io/kustomize/pkg/transformers"
 	"sigs.k8s.io/kustomize/pkg/transformers/config"
 	"sigs.k8s.io/yaml"
@@ -29,6 +32,96 @@ func (p *plugin) Config(
 }

 func (p *plugin) Transform(m resmap.ResMap) error {
-	return transformers.NewNamespaceTransformer(
-		p.Namespace, p.FieldSpecs).Transform(m)
+	if len(p.Namespace) == 0 {
+		return nil
+	}
+	for _, r := range m.Resources() {
+		id := r.OrgId()
+		fs, ok := p.isSelected(id)
+		if !ok {
+			continue
+		}
+		if len(r.Map()) == 0 {
+			// Don't mutate empty objects?
+			continue
+		}
+		if doIt(id, fs) {
+			if err := p.changeNamespace(r, fs); err != nil {
+				return err
+			}
+		}
+	}
+	p.updateClusterRoleBinding(m)
+	return nil
+}
+
+const metaNamespace = "metadata/namespace"
+
+// Special casing metadata.namespace since
+// all objects have it, even "ClusterKind" objects
+// that don't exist in a namespace (the Namespace
+// object itself doesn't live in a namespace).
+func doIt(id resid.ResId, fs *config.FieldSpec) bool {
+	return fs.Path != metaNamespace ||
+		(fs.Path == metaNamespace && !id.IsClusterKind())
+}
+
+func (p *plugin) changeNamespace(
+	r *resource.Resource, fs *config.FieldSpec) error {
+	return transformers.MutateField(
+		r.Map(), fs.PathSlice(), fs.CreateIfNotPresent,
+		func(_ interface{}) (interface{}, error) {
+			return p.Namespace, nil
+		})
+}
+
+func (p *plugin) isSelected(
+	id resid.ResId) (*config.FieldSpec, bool) {
+	for _, fs := range p.FieldSpecs {
+		if id.IsSelected(&fs.Gvk) {
+			return &fs, true
+		}
+	}
+	return nil, false
+}
+
+func (p *plugin) updateClusterRoleBinding(m resmap.ResMap) {
+	srvAccount := gvk.Gvk{Version: "v1", Kind: "ServiceAccount"}
+	saMap := map[string]bool{}
+	for _, id := range m.AllIds() {
+		if id.Gvk.Equals(srvAccount) {
+			saMap[id.Name] = true
+		}
+	}
+
+	for _, res := range m.Resources() {
+		if res.OrgId().Kind != "ClusterRoleBinding" &&
+			res.OrgId().Kind != "RoleBinding" {
+			continue
+		}
+		objMap := res.Map()
+		subjects, ok := objMap["subjects"].([]interface{})
+		if subjects == nil || !ok {
+			continue
+		}
+		for i := range subjects {
+			subject := subjects[i].(map[string]interface{})
+			kind, foundK := subject["kind"]
+			name, foundN := subject["name"]
+			if !foundK || !foundN || kind.(string) != srvAccount.Kind {
+				continue
+			}
+			// a ServiceAccount named “default” exists in every active namespace
+			if name.(string) == "default" || saMap[name.(string)] {
+				subject := subjects[i].(map[string]interface{})
+				transformers.MutateField(
+					subject, []string{"namespace"},
+					true, func(_ interface{}) (interface{}, error) {
+						return p.Namespace, nil
+					})
+				subjects[i] = subject
+			}
+		}
+		objMap["subjects"] = subjects
+	}
 }