File: //snap/google-cloud-cli/current/lib/surface/container/fleet/scopes/rbacrolebindings/create.py
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command to create a fleet scope RBAC RoleBinding."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.container.fleet import client
from googlecloudsdk.api_lib.container.fleet import util
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.container.fleet import resources
from googlecloudsdk.command_lib.util.args import labels_util
@base.DefaultUniverseOnly
class Create(base.CreateCommand):
"""Create an RBAC RoleBinding.
This command can fail for the following reasons:
* The RBAC RoleBinding already exists.
* The caller does not have permission to access the given scope.
## EXAMPLES
To create an admin RBAC RoleBinding `RBRB` in scope `SCOPE` for user
`person@google.com`, run:
$ {command} RBRB --scope=SCOPE --role=admin
--user=person@google.com
To create a viewer RBAC RoleBinding `RBRB` in scope `SCOPE` for group
`people@google.com`, run:
$ {command} RBRB --scope=SCOPE --role=viewer
--group=people@google.com
To create an RBAC RoleBinding with a custom role `custom-role` in scope
`SCOPE` for user `person@google.com`, run:
$ {command} RBRB --scope=SCOPE --role=admin
--user=person@google.com
--custom-role=custom-role
"""
@classmethod
def Args(cls, parser):
resources.AddScopeRBACResourceArg(
parser,
api_version=util.VERSION_MAP[cls.ReleaseTrack()],
rbacrb_help=(
'Name of the RBAC RoleBinding to be created. '
'Must comply with RFC 1123 (up to 63 characters, '
"alphanumeric and '-')"
),
)
group = parser.add_mutually_exclusive_group(required=True)
group.add_argument(
'--user',
type=str,
help='User for the RoleBinding.',
)
group.add_argument(
'--group',
type=str,
help='Group for the RoleBinding.',
)
roledef = parser.add_mutually_exclusive_group(required=True)
roledef.add_argument(
'--role',
choices=['admin', 'edit', 'view'],
help='Predefined role to assign to principal (admin, edit, view).',
)
roledef.add_argument(
'--custom-role',
type=str,
help='Custom role to assign to principal.',
)
labels_util.AddCreateLabelsFlags(parser)
def Run(self, args):
fleetclient = client.FleetClient(release_track=self.ReleaseTrack())
labels_diff = labels_util.Diff(additions=args.labels)
labels = labels_diff.Apply(
fleetclient.messages.RBACRoleBinding.LabelsValue, None
).GetOrNone()
# Only set the custom role field if the release track is alpha.
custom_role = args.custom_role
return fleetclient.CreateScopeRBACRoleBinding(
resources.RBACResourceName(args),
role=args.role,
custom_role=custom_role,
user=args.user,
group=args.group,
labels=labels,
)