public V1ClusterRole GenerateManagerRbac(ResourceLocator resourceTypeService)
{
var entityRbacPolicyRules = resourceTypeService.GetAttributes <EntityRbacAttribute>()
.SelectMany(attribute => attribute.CreateRbacPolicies());
var genericRbacPolicyRules = resourceTypeService.GetAttributes <GenericRbacAttribute>()
.Select(attribute => attribute.CreateRbacPolicy());
var rules = entityRbacPolicyRules.Concat(genericRbacPolicyRules).ToList();
if (_hasWebhooks)
{
var servicePolicies = new EntityRbacAttribute(
typeof(V1Service),
typeof(V1ValidatingWebhookConfiguration))
{
Verbs = RbacVerb.Get | RbacVerb.Create | RbacVerb.Update | RbacVerb.Patch,
}.CreateRbacPolicies();
rules = rules.Concat(servicePolicies).ToList();
}
return(new V1ClusterRole(
null,
$"{V1ClusterRole.KubeGroup}/{V1ClusterRole.KubeApiVersion}",
V1ClusterRole.KubeKind,
new V1ObjectMeta {
Name = "operator-role"
},
new List <V1PolicyRule>(rules)));
}