Allow empty subjects list (#323)

pkg/reconciler/parser.go

@@ -64,10 +64,6 @@ func (p *Parser) Parse(rbacDef rbacmanagerv1beta1.RBACDefinition) error {
 }
 
 func (p *Parser) parseRBACBinding(rbacBinding rbacmanagerv1beta1.RBACBinding, namePrefix string, namespaces *v1.NamespaceList) error {
-	if len(rbacBinding.Subjects) < 1 {
-		return errors.New("No subjects specified for RBAC Binding: " + namePrefix)
-	}
-
 	for _, requestedSubject := range rbacBinding.Subjects {
 		if requestedSubject.Kind == "ServiceAccount" {
 			pullsecrets := []v1.LocalObjectReference{}

pkg/reconciler/parser_test.go

@@ -267,29 +267,6 @@ func TestParseMissingNamespace(t *testing.T) {
 	newParseTest(t, client, rbacDef, []rbacv1.RoleBinding{}, []rbacv1.ClusterRoleBinding{}, []corev1.ServiceAccount{})
 }
 
-func TestParseMissingSubjects(t *testing.T) {
-	client := fake.NewSimpleClientset()
-	rbacDef := rbacmanagerv1beta1.RBACDefinition{}
-	rbacDef.Name = "rbac-config"
-
-	createNamespace(t, client, "web", map[string]string{"app": "web", "team": "devs"})
-	createNamespace(t, client, "api", map[string]string{"app": "api", "team": "devs"})
-	createNamespace(t, client, "db", map[string]string{"app": "db", "team": "db"})
-
-	rbacDef.RBACBindings = []rbacmanagerv1beta1.RBACBinding{{
-		Name:     "devs",
-		Subjects: []rbacmanagerv1beta1.Subject{},
-		RoleBindings: []rbacmanagerv1beta1.RoleBinding{{
-			NamespaceSelector: metav1.LabelSelector{
-				MatchLabels: map[string]string{"team": "devs"},
-			},
-			ClusterRole: "edit",
-		}},
-	}}
-
-	newParseTest(t, client, rbacDef, []rbacv1.RoleBinding{}, []rbacv1.ClusterRoleBinding{}, []corev1.ServiceAccount{})
-}
-
 func TestManagerToRbacSubjects(t *testing.T) {
 	expected := []rbacv1.Subject{
 		{