func putAwsAuthAdminRole()

in cmd/resource/k8sauth.go [242:295]

• 54 lines of code
• 5 McCabe index (conditional complexity)

func putAwsAuthAdminRole(clientset *kubernetes.Clientset) error {
	role := &rbac.Role{
		TypeMeta: metav1.TypeMeta{},
		ObjectMeta: metav1.ObjectMeta{
			Name:      "aws-auth-admin",
			Namespace: "kube-system",
		},
		Rules: []rbac.PolicyRule{
			{
				Verbs:         []string{"*"},
				APIGroups:     []string{""},
				Resources:     []string{"configmaps"},
				ResourceNames: []string{"aws-auth"},
			},
		},
	}
	_, err := clientset.RbacV1().Roles("kube-system").Get("aws-auth-admin", metav1.GetOptions{})
	if !errors.IsNotFound(err) {
		_, err = clientset.RbacV1().Roles("kube-system").Create(role)
	} else {
		_, err = clientset.RbacV1().Roles("kube-system").Update(role)
	}
	if err != nil {
		return err
	}
	roleBinding := &rbac.RoleBinding{
		ObjectMeta: metav1.ObjectMeta{
			Name:      "aws-auth-admin",
			Namespace: "kube-system",
		},
		Subjects: []rbac.Subject{
			{
				Kind:     "Group",
				APIGroup: "rbac.authorization.k8s.io",
				Name:     "aws-auth-admin",
			},
		},
		RoleRef: rbac.RoleRef{
			APIGroup: "rbac.authorization.k8s.io",
			Kind:     "Role",
			Name:     "aws-auth-admin",
		},
	}
	_, err = clientset.RbacV1().RoleBindings("kube-system").Get("aws-auth-admin", metav1.GetOptions{})
	if !errors.IsNotFound(err) {
		_, err = clientset.RbacV1().RoleBindings("kube-system").Create(roleBinding)
	} else {
		_, err = clientset.RbacV1().RoleBindings("kube-system").Update(roleBinding)
	}
	if err != nil {
		return err
	}
	return nil
}