func EnsureClusterAdmin()

in tooling/templatize/pkg/aks/admin.go [46:93]

• 39 lines of code
• 10 McCabe index (conditional complexity)

func EnsureClusterAdmin(ctx context.Context, kubeconfigPath, subscriptionID, resourceGroupName, aksClusterName string, options *ClusterAdminAssignmentOptions) error {
	if options == nil {
		options = &ClusterAdminAssignmentOptions{
			Timeout:        time.Duration(2 * time.Minute),
			CheckFrequency: time.Duration(5 * time.Second),
		}
	}

	// Get the current user's object ID
	userObjectID, err := getCurrentUserObjectID(ctx)
	if err != nil {
		return fmt.Errorf("failed to get current user object ID: %w", err)
	}

	// Assign the Azure Kubernetes Service RBAC Cluster Admin role to the current user
	err = assignClusterAdminRBACRole(ctx, subscriptionID, resourceGroupName, aksClusterName, userObjectID, clusterAdminRoleID)
	if err != nil {
		return fmt.Errorf("failed to assign cluster admin role: %w", err)
	}

	// Validate assignment
	err = CheckClusterAdminPermissions(ctx, kubeconfigPath)
	if err == nil {
		return nil
	}

	// Wait for role assignment to be effective
	fmt.Println("Wait for role assignment to be effective")
	timeout := time.After(options.Timeout)
	ticker := time.NewTicker(options.CheckFrequency)
	defer ticker.Stop()

	for {
		select {
		case <-ctx.Done():
			return ctx.Err()
		case <-timeout:
			return fmt.Errorf("timed out waiting for role assignment to be effective")
		case <-ticker.C:
			err = CheckClusterAdminPermissions(ctx, kubeconfigPath)
			if err == nil {
				fmt.Println("Cluster admin permissions are now effective")
				return nil
			}
			fmt.Println("Waiting for role assignment to be effective...")
		}
	}
}