feat: implement clusterrolebinding primitive#36
Merged
sourcehawk merged 27 commits intomainfrom Mar 25, 2026
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a new clusterrolebinding primitive to the operator-component-framework, extending the existing primitives system to support Kubernetes ClusterRoleBinding resources with the same builder/mutation/flavor/data-extraction patterns used elsewhere in the framework.
Changes:
- Introduces
pkg/primitives/clusterrolebindingwith builder, resource wrapper, mutator, and field-application flavors (plus tests). - Adds a new shared mutation editor
BindingSubjectsEditorfor typed.subjectsmutations (plus tests). - Adds an end-to-end example and new primitive documentation page for
clusterrolebinding.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/primitives/clusterrolebinding/resource.go | Implements the primitive Resource wrapper and DefaultFieldApplicator (roleRef immutability handling). |
| pkg/primitives/clusterrolebinding/builder.go | Provides a fluent builder API for configuring mutations/flavors/extractors for ClusterRoleBinding. |
| pkg/primitives/clusterrolebinding/mutator.go | Adds a plan-and-apply mutator supporting metadata + subjects edits with feature boundaries. |
| pkg/primitives/clusterrolebinding/flavors.go | Exposes label/annotation preservation flavors for post-baseline field application. |
| pkg/primitives/clusterrolebinding/*_test.go | Adds unit tests for builder, mutator ordering, and flavor behavior. |
| pkg/mutation/editors/bindingsubjects.go | Adds a shared editor for typed RoleBinding/ClusterRoleBinding subjects mutations. |
| pkg/mutation/editors/bindingsubjects_test.go | Adds unit tests for BindingSubjectsEditor behavior. |
| examples/clusterrolebinding-primitive/** | Adds a runnable example showing builder usage, feature mutations, and extractors. |
| docs/primitives/clusterrolebinding.md | Adds user-facing documentation for the new primitive. |
Owner
Author
Claude Review Cycle 1 CompleteAddressed:
Intentionally ignored:
|
Owner
Author
|
Approved |
sourcehawk
force-pushed
the
feature/clusterrolebinding-primitive
branch
from
8ae0393 to
65a6d28
Compare
Owner
Author
Claude Review Cycle 1 CompleteAddressed:
Intentionally ignored:
<!-- claude-review-cycle --> |
Owner
Author
Claude Review Cycle 1 CompleteAddressed:
Intentionally ignored: <!-- claude-review-cycle --> |
Provides typed mutations for the .subjects field of binding resources: Add, Remove, EnsureServiceAccount, RemoveServiceAccount, and Raw. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Static, cluster-scoped primitive with custom validation (name only, no namespace). DefaultFieldApplicator preserves immutable roleRef on updates. Mutator supports metadata and subjects edits via plan-and-apply. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Demonstrates building and mutating a ClusterRoleBinding through multiple spec variations with feature-gated subject mutations, version labels, and field application flavors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…rovements - Lazily initialize feature plan in EditObjectMetadata/EditSubjects to prevent nil dereference when BeginFeature() has not been called - Remove side-effect from BindingSubjectsEditor.Raw() (no longer converts nil slice to empty slice on read) - Use safe type assertions (comma-ok + require.True) in resource tests - Add test exercising EditSubjects without prior BeginFeature call - Use EnsureServiceAccount instead of Add in example for idempotency Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Owner
Author
Claude Review Cycle 1 CompleteAddressed:
Intentionally ignored: <!-- claude-review-cycle --> |
Resolve conflicts in BindingSubjectsEditor by adopting main's improved base (nil-pointer safety, upsert semantics, zeroing on remove) and retaining this branch's convenience methods (EnsureServiceAccount, RemoveServiceAccount). Update docs/primitives.md to include both PolicyRulesEditor and BindingSubjectsEditor, and both clusterrole and clusterrolebinding primitives.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements the
clusterrolebindingKubernetes resource primitive following the pattern established by the existingConfigMapandDeploymentprimitives.Summary
clusterrolebindingprimitive package underpkg/primitives/clusterrolebinding/Checklist