Skip to content

Commit

Permalink
add missing label check when looking for missing admin CRBs
Browse files Browse the repository at this point in the history
  • Loading branch information
@m00g3n
m00g3n committed Aug 14, 2024
1 parent e0c541d commit 09f3bac
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions internal/controller/runtime/fsm/runtime_fsm_apply_clusterrolebindings.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,9 +115,12 @@ func getRemoved(crbs []rbacv1.ClusterRoleBinding, admins []string) (removed []rb

//nolint:gochecknoglobals
var newContainsAdmin = func(admin string) func(rbacv1.ClusterRoleBinding) bool {
return func(r rbacv1.ClusterRoleBinding) bool {
return func(crb rbacv1.ClusterRoleBinding) bool {
if !labels.Set(crb.Labels).AsSelector().Matches(labels.Set(labelsClusterRoleBindings)) {
return false
}
isAdmin := isRBACUserKindOneOf([]string{admin})
return slices.ContainsFunc(r.Subjects, isAdmin)
return slices.ContainsFunc(crb.Subjects, isAdmin)
}
}

Expand Down

0 comments on commit 09f3bac

Please sign in to comment.