Home Explore Help
Sign In
cecf
/
deploy
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: afab9cf38c
Branches Tags
deploy
/
rook
/
build
/
rbac
/
keep-rbac-yaml.sh

keep-rbac-yaml.sh 2.4 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. #!/usr/bin/env bash
    2. 

  2. set -eEuo pipefail
    3. 

  3. 

  4. # READS FROM STDIN
    5. 

  5. # WRITES TO STDOUT
    6. 

  6. # DEBUGS TO STDERR
    7. 

  7. 

  8. : ${YQ:=yq}
    9. 

  9. 

  10. if [[ "$($YQ --version)" != "yq (https://github.com/mikefarah/yq/) version 4."* ]]; then
    11. 

  11.   echo "yq must be version 4.x"
    12. 

  12.   exit 1
    13. 

  13. fi
    14. 

  14. 

  15. temp_dir="$(mktemp -d)"
    16. 

  16. pushd "${temp_dir}" &>/dev/stderr
    17. 

  17. 

  18. # Output the RBAC into separate temporary files named with Kind and Name so that the filesystem can
    19. 

  19. # sort the files, and we can keep the same resource ordering as before for easy diffing. Then we
    20. 

  20. # just read in the files, sorted by the fs for final output.
    21. 

  21. 

  22. $YQ eval '
    23. 

  23.     select(.kind == "PodSecurityPolicy"),
    24. 

  24.     select(.kind == "ServiceAccount"),
    25. 

  25.     select(.kind == "ClusterRole"),
    26. 

  26.     select(.kind == "ClusterRoleBinding"),
    27. 

  27.     select(.kind == "Role"),
    28. 

  28.     select(.kind == "RoleBinding")
    29. 

  29.   ' - | # select all RBAC resource Kinds
    30. 

  30. $YQ eval 'del(.metadata.labels."helm.sh/chart")' - | # remove the 'helm.sh/chart' label that only applies to Helm-managed resources
    31. 

  31. $YQ eval 'del(.metadata.labels."app.kubernetes.io/managed-by")' - | # remove the 'labels.app.kubernetes.io/managed-by' label that only applies to Helm-managed resources
    32. 

  32. $YQ eval 'del(.metadata.labels."app.kubernetes.io/created-by")' - | # remove the 'app.kubernetes.io/created-by' label that only applies to Helm-managed resources
    33. 

  33. sed '/^$/d' | # remove empty lines caused by yq's display of header/footer comments
    34. 

  34. sed '/^# Source: /d' | # helm adds '# Source: <file>' comments atop of each yaml doc. Strip these
    35. 

  35. $YQ eval --split-exp '.kind + " " + .metadata.name + " "' - # split into files by <kind> <name> .yaml
    36. 

  36. # outputting the filenames with spaces after kind and name keeps the same sorting from before
    37. 

  37. 

  38. RBAC_FILES=()
    39. 

  39. while read -r line; do
    40. 

  40.   RBAC_FILES+=("$line")
    41. 

  41. done < <(find . -type f -name '*.yml' | sort)
    42. 

  42. 

  43. # For debugging, output the resource kinds and names we processed and the number we are keeping
    44. 

  44. #for file in "${RBAC_FILES[@]}"; do
    45. 

  45.   # basename to get rid of the leading './' which find adds; %.yml to remove the .yml suffix
    46. 

  46. #  basename "${file%.yml}" >/dev/stderr
    47. 

  47. #done
    48. 

  48. # shellcheck disable=SC2012 # we know filenames are alphanumeric from being k8s resources
    49. 

  49. echo "Number of RBAC resources: ${#RBAC_FILES[@]}" >/dev/stderr
    50. 

  50. 

  51. $YQ eval-all '.' "${RBAC_FILES[@]}" | # output all files, now sorted by Kind and Name by the fs
    52. 

  52. sed '/^$/d' # remove empty lines caused by yq's display of header/footer comments
    53. 

  53. 

  54. rm -rf "${temp_dir}"
    55. 

  55. popd &>/dev/stderr
    56.