operator/controllers/execution/scans/serviceaccount.go from secureCodeBox/secureCodeBox-v2-alpha

operator/controllers/execution/scans/serviceaccount.go
Summary

Maintainability

2 hrs
Test Coverage

Issues
package scancontrollers
 
import (
    "context"
 
    corev1 "k8s.io/api/core/v1"
    rbacv1 "k8s.io/api/rbac/v1"
    apierrors "k8s.io/apimachinery/pkg/api/errors"
    metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    "k8s.io/apimachinery/pkg/types"
)
 
Method `ScanReconciler.ensureServiceAccountExists` has 80 lines of code (exceeds 50 allowed). Consider refactoring.
Method `ScanReconciler.ensureServiceAccountExists` has 7 return statements (exceeds 4 allowed).
func (r *ScanReconciler) ensureServiceAccountExists(namespace, serviceAccountName, description string, policyRules []rbacv1.PolicyRule) error {
    ctx := context.Background()
 
    var serviceAccount corev1.ServiceAccount
    err := r.Get(ctx, types.NamespacedName{Name: serviceAccountName, Namespace: namespace}, &serviceAccount)
    if apierrors.IsNotFound(err) {
        r.Log.Info("Service Account doesn't exist creating now")
        serviceAccount = corev1.ServiceAccount{
            ObjectMeta: metav1.ObjectMeta{
                Name:      serviceAccountName,
                Namespace: namespace,
                Annotations: map[string]string{
                    "description": description,
                },
            },
        }
        err := r.Create(ctx, &serviceAccount)
        if err != nil {
            r.Log.Error(err, "Failed to create ServiceAccount")
            return err
        }
    } else if err != nil {
        r.Log.Error(err, "Unexpected error while checking if a ServiceAccount exists")
        return err
    }
 
    var role rbacv1.Role
    err = r.Get(ctx, types.NamespacedName{Name: serviceAccountName, Namespace: namespace}, &role)
    if apierrors.IsNotFound(err) {
        r.Log.Info("Role doesn't exist creating now")
        role = rbacv1.Role{
            ObjectMeta: metav1.ObjectMeta{
                Name:      serviceAccountName,
                Namespace: namespace,
                Annotations: map[string]string{
                    "description": description,
                },
            },
            Rules: policyRules,
        }
        err := r.Create(ctx, &role)
        if err != nil {
            r.Log.Error(err, "Failed to create Role")
            return err
        }
    } else if err != nil {
        r.Log.Error(err, "Unexpected error while checking if a Role exists")
        return err
    }
 
    var roleBinding rbacv1.RoleBinding
    err = r.Get(ctx, types.NamespacedName{Name: serviceAccountName, Namespace: namespace}, &roleBinding)
    if apierrors.IsNotFound(err) {
        r.Log.Info("RoleBinding doesn't exist creating now")
        roleBinding = rbacv1.RoleBinding{
            ObjectMeta: metav1.ObjectMeta{
                Name:      serviceAccountName,
                Namespace: namespace,
                Annotations: map[string]string{
                    "description": description,
                },
            },
            Subjects: []rbacv1.Subject{
                {
                    Kind: "ServiceAccount",
                    Name: serviceAccountName,
                },
            },
            RoleRef: rbacv1.RoleRef{
                Kind:     "Role",
                Name:     serviceAccountName,
                APIGroup: "rbac.authorization.k8s.io",
            },
        }
        err := r.Create(ctx, &roleBinding)
        if err != nil {
            r.Log.Error(err, "Failed to create RoleBinding")
            return err
        }
    } else if err != nil {
        r.Log.Error(err, "Unexpected error while checking if a RoleBinding exists")
        return err
    }
 
    return nil
}