in cmd/gke-identity-service-migrator/main.go [318:386]
func (c *FindRBCommand) Execute(ctx context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
if c.userIncludeSuffix == "" {
log.Printf("Error: --user-email-suffix must be specified.")
return subcommands.ExitFailure
}
rec := &subjectRecognizer{
userIncludePrefix: c.userIncludePrefix,
userIncludeSuffix: c.userIncludeSuffix,
groupsIncludePrefix: c.groupsIncludePrefix,
groupsExcludeSuffix: c.groupsExcludeSuffix,
}
// use the current context in kubeconfig
config, err := clientcmd.BuildConfigFromFlags("", c.kubeConfig)
if err != nil {
log.Printf("Error while initializing Kubernetes REST config: %v", err)
return subcommands.ExitFailure
}
kc, err := kubernetes.NewForConfig(config)
if err != nil {
log.Printf("Error while initializing Kubernetes client: %v", err)
return subcommands.ExitFailure
}
federatedRBs := &rbacv1.RoleBindingList{}
continueToken := ""
for {
crbs, err := kc.RbacV1().RoleBindings(metav1.NamespaceAll).List(ctx, metav1.ListOptions{Continue: continueToken, Limit: 500})
if err != nil {
log.Printf("Error while listing RoleBindings: %v", err)
return subcommands.ExitFailure
}
for _, crb := range crbs.Items {
federated := false
for _, sub := range crb.Subjects {
if _, ok := rec.GetFederatedUser(sub); ok {
federated = true
continue
}
if _, ok := rec.GetFederatedGroup(sub); ok {
federated = true
continue
}
}
if federated {
federatedRBs.Items = append(federatedRBs.Items, crb)
}
}
if crbs.Continue == "" {
break
}
continueToken = crbs.Continue
}
printr := printers.NewTypeSetter(scheme.Scheme).ToPrinter(&printers.YAMLPrinter{})
if err := printr.PrintObj(federatedRBs, os.Stdout); err != nil {
log.Printf("Error while printing identified federated ClusterRoleBindings: %v", err)
return subcommands.ExitFailure
}
return subcommands.ExitSuccess
}