func()

in controllers/stage/chain/configure_secret_manager.go [163:200]

• 34 lines of code
• 3 McCabe index (conditional complexity)

func (h ConfigureSecretManager) createRoleBinding(
	ctx context.Context,
	stageNamespace,
	stageTargetNamespace,
	serviceAccountName,
	roleName string,
) (*rbacApi.RoleBinding, error) {
	l := ctrl.LoggerFrom(ctx)

	secretManagerRoleBinding := &rbacApi.RoleBinding{
		ObjectMeta: metaV1.ObjectMeta{
			Name:      fmt.Sprintf("eso-%s", stageTargetNamespace),
			Namespace: stageNamespace,
		},
		Subjects: []rbacApi.Subject{
			{
				Kind:      rbacApi.ServiceAccountKind,
				Name:      serviceAccountName,
				Namespace: stageTargetNamespace,
			},
		},
		RoleRef: rbacApi.RoleRef{
			APIGroup: rbacApi.GroupName,
			Kind:     rbac.RoleKind,
			Name:     roleName,
		},
	}

	if err := h.multiClusterClient.Create(ctx, secretManagerRoleBinding); err != nil {
		if !k8sErrors.IsAlreadyExists(err) {
			return nil, fmt.Errorf("failed to create %s rolebinding: %w", secretManagerRoleBinding.Name, err)
		}

		l.Info("RoleBinding for external secret integration already exists")
	}

	return secretManagerRoleBinding, nil
}