feat: implement rolebinding primitive#35
Merged
sourcehawk merged 26 commits intomainfrom Mar 25, 2026
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a new Kubernetes RoleBinding primitive to the Operator Component Framework, following the existing static primitive patterns (e.g., ConfigMap) and providing an example + documentation for consumers.
Changes:
- Introduces
pkg/primitives/rolebinding/with builder/resource/mutator, field-application flavors, and tests. - Adds a new shared mutation editor (
BindingSubjectsEditor) for RoleBinding/ClusterRoleBinding subjects management, with tests. - Adds a runnable example and a dedicated primitive doc page (
docs/primitives/rolebinding.md).
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/primitives/rolebinding/resource.go | Static RoleBinding resource wrapper + default field applicator (roleRef preservation intent) |
| pkg/primitives/rolebinding/mutator.go | RoleBinding mutator with planned edits (metadata + subjects) |
| pkg/primitives/rolebinding/mutator_test.go | Unit tests for RoleBinding mutator behavior and ordering |
| pkg/primitives/rolebinding/flavors.go | RoleBinding field-application flavors (preserve labels/annotations) |
| pkg/primitives/rolebinding/flavors_test.go | Unit/integration-style tests for flavors and builder wiring |
| pkg/primitives/rolebinding/builder.go | Fluent builder API for RoleBinding primitive configuration |
| pkg/primitives/rolebinding/builder_test.go | Builder validation and configuration tests |
| pkg/mutation/editors/bindingsubjects.go | Shared editor for mutating binding subjects lists |
| pkg/mutation/editors/bindingsubjects_test.go | Unit tests for BindingSubjectsEditor |
| examples/rolebinding-primitive/resources/rolebinding.go | Example resource factory assembling a RoleBinding with mutations/flavors/extractors |
| examples/rolebinding-primitive/README.md | Example documentation and run instructions |
| examples/rolebinding-primitive/main.go | Runnable example using a fake client to demonstrate reconciliation cycles |
| examples/rolebinding-primitive/features/mutations.go | Example feature mutations using RoleBinding mutator APIs |
| examples/rolebinding-primitive/app/controller.go | Example controller wiring the component + RoleBinding resource factory |
| docs/primitives/rolebinding.md | Primitive documentation (capabilities, usage, ordering, editors, flavors) |
Owner
Author
Claude Review Cycle 1 CompleteAddressed:
Intentionally ignored: <!-- claude-review-cycle --> |
Owner
Author
|
approved |
sourcehawk
force-pushed
the
feature/rolebinding-primitive
branch
from
9dc626b to
89bce3f
Compare
Owner
Author
Claude Review Cycle 1 CompleteAddressed:
Intentionally ignored:
<!-- claude-review-cycle --> |
Owner
Author
Claude Review Cycle 1 CompleteAddressed: Intentionally ignored:
<!-- claude-review-cycle --> |
Implements a typed editor for mutating the subjects list of RBAC bindings, with EnsureSubject (upsert by Kind+Name+Namespace), RemoveSubject, and Raw access. Shared by both RoleBinding and ClusterRoleBinding primitives. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implements builder, resource, mutator, and flavors for the RoleBinding primitive. DefaultFieldApplicator preserves the immutable roleRef from the live object. Mutator supports EditObjectMetadata and EditSubjects with plan-and-apply pattern. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Covers building, default field application (immutable roleRef), mutations, editors (BindingSubjectsEditor, ObjectMetaEditor), flavors, and guidance. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Demonstrates building a RoleBinding with immutable roleRef, feature-gated subject mutations, version labels, field flavors, and data extraction across multiple reconciliation cycles. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Owner
Author
Claude Review Cycle 1 CompleteAddressed:
Intentionally ignored: <!-- claude-review-cycle --> |
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Owner
Author
Claude Review Cycle 2 CompleteAddressed:
Intentionally ignored:
<!-- claude-review-cycle --> |
Owner
Author
Claude Review Cycle 1 CompleteAddressed: Intentionally ignored:
|
The framework now uses SSA instead of ctrl.CreateOrUpdate, eliminating the need to merge desired state onto current state. This removes DefaultFieldApplicator, WithCustomFieldApplicator, WithFieldApplicationFlavor, FieldApplicationFlavor, the pkg/flavors package, and all flavors.go files across the generic internals and all primitives (deployment, configmap, rolebinding). Tests are updated to pass Object() output to Mutate() instead of empty structs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Resolved all conflicts using main's version. Removed field_applicator files deleted in main. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…semantics Correct the deployment suspend example comment to clarify that the desired object is rebuilt from scratch each reconcile, so annotations are not automatically preserved from the live cluster. Update rolebinding docs to state that roleRef must be set on the base object and cannot be changed (requires delete/recreate), removing the incorrect "preserved from live cluster" implication. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Owner
Author
Claude Review Cycle 1 CompleteAddressed:
Intentionally ignored:
<!-- claude-review-cycle --> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements the
rolebindingKubernetes resource primitive following the pattern established by the existingConfigMapandDeploymentprimitives.Summary
rolebindingprimitive package underpkg/primitives/rolebinding/Checklist