From 6b19a711ec2a70a98d4b9e1f10dd59dc2aa94caf Mon Sep 17 00:00:00 2001
From: xilabao <chenr.fnst@cn.fujitsu.com>
Date: Tue, 20 Dec 2016 11:12:22 +0800
Subject: [PATCH] fix group in create clusterrolebinding

---
 hack/make-rules/test-cmd.sh       | 5 +++++
 pkg/kubectl/clusterrolebinding.go | 7 +++++++
 2 files changed, 12 insertions(+)

diff --git a/hack/make-rules/test-cmd.sh b/hack/make-rules/test-cmd.sh
index bf29c76693..63bcbd1586 100755
--- a/hack/make-rules/test-cmd.sh
+++ b/hack/make-rules/test-cmd.sh
@@ -426,6 +426,11 @@ runTests() {
   kube::test::get_object_assert clusterrolebindings/cluster-admin "{{.metadata.name}}" 'cluster-admin'
   kubectl create "${kube_flags[@]}" clusterrolebinding super-admin --clusterrole=admin --user=super-admin
   kube::test::get_object_assert clusterrolebinding/super-admin "{{range.subjects}}{{.name}}:{{end}}" 'super-admin:'
+  kubectl create "${kube_flags[@]}" clusterrolebinding super-group --clusterrole=admin --group=the-group
+  kube::test::get_object_assert clusterrolebinding/super-group "{{range.subjects}}{{.name}}:{{end}}" 'the-group:'
+  kubectl create "${kube_flags[@]}" clusterrolebinding super-sa --clusterrole=admin --serviceaccount=otherns:sa-name
+  kube::test::get_object_assert clusterrolebinding/super-sa "{{range.subjects}}{{.namespace}}:{{end}}" 'otherns:'
+  kube::test::get_object_assert clusterrolebinding/super-sa "{{range.subjects}}{{.name}}:{{end}}" 'sa-name:'
   kubectl create "${kube_flags[@]}" rolebinding admin --clusterrole=admin --user=default-admin -n default
   kube::test::get_object_assert rolebinding/admin "{{range.subjects}}{{.name}}:{{end}}" 'default-admin:'
   kubectl create "${kube_flags[@]}" rolebinding localrole --role=localrole --group=the-group -n default
diff --git a/pkg/kubectl/clusterrolebinding.go b/pkg/kubectl/clusterrolebinding.go
index 04d58ab070..42242cae0d 100644
--- a/pkg/kubectl/clusterrolebinding.go
+++ b/pkg/kubectl/clusterrolebinding.go
@@ -123,6 +123,13 @@ func (s ClusterRoleBindingGeneratorV1) StructuredGenerate() (runtime.Object, err
 			Name:       user,
 		})
 	}
+	for _, group := range s.Groups {
+		clusterRoleBinding.Subjects = append(clusterRoleBinding.Subjects, rbac.Subject{
+			Kind:       rbac.GroupKind,
+			APIVersion: "rbac/v1alpha1",
+			Name:       group,
+		})
+	}
 	for _, sa := range s.ServiceAccounts {
 		tokens := strings.Split(sa, ":")
 		if len(tokens) != 2 {