[camel-k] 02/08: chore(rbac): Install operator ClusterRole from CLI

Fri, 12 Feb 2021 08:38:23 -0800 

This is an automated email from the ASF dual-hosted git repository.

astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git

commit 3f45a3091288fb419ccc02664d877b90015a0071
Author: Antonin Stefanutti <anto...@stefanutti.fr>
AuthorDate: Thu Feb 11 18:13:56 2021 +0100

    chore(rbac): Install operator ClusterRole from CLI
---
 pkg/cmd/install.go      |  2 +-
 pkg/install/cluster.go  | 67 ++++++++++++++++++++++++++++++++++++++++---------
 pkg/install/optional.go |  8 +++---
 3 files changed, 60 insertions(+), 17 deletions(-)

diff --git a/pkg/cmd/install.go b/pkg/cmd/install.go
index 426eba6..8f39642 100644
--- a/pkg/cmd/install.go
+++ b/pkg/cmd/install.go
@@ -228,7 +228,7 @@ func (o *installCmdOptions) install(cobraCmd 
*cobra.Command, _ []string) error {
        }
 
        if !o.SkipClusterSetup && !installViaOLM {
-               err := install.SetupClusterWideResourcesOrCollect(o.Context, 
clientProvider, collection)
+               err := install.SetupClusterWideResourcesOrCollect(o.Context, 
clientProvider, collection, o.ClusterType)
                if err != nil && k8serrors.IsForbidden(err) {
                        fmt.Fprintln(cobraCmd.OutOrStdout(), "Current user is 
not authorized to create cluster-wide objects like custom resource definitions 
or cluster roles: ", err)
 
diff --git a/pkg/install/cluster.go b/pkg/install/cluster.go
index 04fe75c..1aea956 100644
--- a/pkg/install/cluster.go
+++ b/pkg/install/cluster.go
@@ -40,7 +40,7 @@ import (
 )
 
 // SetupClusterWideResourcesOrCollect --
-func SetupClusterWideResourcesOrCollect(ctx context.Context, clientProvider 
client.Provider, collection *kubernetes.Collection) error {
+func SetupClusterWideResourcesOrCollect(ctx context.Context, clientProvider 
client.Provider, collection *kubernetes.Collection, clusterType string) error {
        // Get a client to install the CRD
        c, err := clientProvider.Get()
        if err != nil {
@@ -132,18 +132,45 @@ func SetupClusterWideResourcesOrCollect(ctx 
context.Context, clientProvider clie
                }
        }
 
-       // Installing ClusterRole
-       clusterRoleInstalled, err := IsClusterRoleInstalled(ctx, c)
+       // Installing ClusterRoles
+       ok, err := isClusterRoleInstalled(ctx, c, "camel-k:edit")
        if err != nil {
                return err
        }
-       if !clusterRoleInstalled || collection != nil {
-               err := installClusterRole(ctx, c, collection)
+       if !ok || collection != nil {
+               err := installResource(ctx, c, collection, 
"/rbac/user-cluster-role.yaml")
                if err != nil {
                        return err
                }
        }
 
+       isOpenShift, err := isOpenShift(c, clusterType)
+       if err != nil {
+               return err
+       }
+       if isOpenShift {
+               ok, err := isClusterRoleInstalled(ctx, c, 
"camel-k-operator-openshift")
+               if err != nil {
+                       return err
+               }
+               if !ok || collection != nil {
+                       err := installResource(ctx, c, collection, 
"/rbac/operator-cluster-role-openshift.yaml")
+                       if err != nil {
+                               return err
+                       }
+               }
+               ok, err = isClusterRoleBindingInstalled(ctx, c, 
"camel-k-operator-openshift")
+               if err != nil {
+                       return err
+               }
+               if !ok || collection != nil {
+                       err := installResource(ctx, c, collection, 
"/rbac/operator-cluster-role-binding-openshift.yaml")
+                       if err != nil {
+                               return err
+                       }
+               }
+       }
+
        // Install OpenShift Console download links if possible
        err = OpenShiftConsoleDownloadLink(ctx, c)
        if err != nil {
@@ -260,22 +287,38 @@ func installCRD(ctx context.Context, c client.Client, 
kind string, version strin
        return nil
 }
 
-// IsClusterRoleInstalled check if cluster role camel-k:edit is installed
-func IsClusterRoleInstalled(ctx context.Context, c client.Client) (bool, 
error) {
+func isClusterRoleInstalled(ctx context.Context, c client.Client, name string) 
(bool, error) {
        clusterRole := rbacv1.ClusterRole{
                TypeMeta: metav1.TypeMeta{
                        Kind:       "ClusterRole",
                        APIVersion: "rbac.authorization.k8s.io/v1",
                },
                ObjectMeta: metav1.ObjectMeta{
-                       Name: "camel-k:edit",
+                       Name: name,
                },
        }
-       key, err := k8sclient.ObjectKeyFromObject(&clusterRole)
+       return isResourceInstalled(ctx, c, &clusterRole)
+}
+
+func isClusterRoleBindingInstalled(ctx context.Context, c client.Client, name 
string) (bool, error) {
+       clusterRoleBinding := rbacv1.ClusterRoleBinding{
+               TypeMeta: metav1.TypeMeta{
+                       Kind:       "ClusterRoleBinding",
+                       APIVersion: "rbac.authorization.k8s.io/v1",
+               },
+               ObjectMeta: metav1.ObjectMeta{
+                       Name: name,
+               },
+       }
+       return isResourceInstalled(ctx, c, &clusterRoleBinding)
+}
+
+func isResourceInstalled(ctx context.Context, c client.Client, object 
runtime.Object) (bool, error) {
+       key, err := k8sclient.ObjectKeyFromObject(object)
        if err != nil {
                return false, err
        }
-       err = c.Get(ctx, key, &clusterRole)
+       err = c.Get(ctx, key, object)
        if err != nil && k8serrors.IsNotFound(err) {
                return false, nil
        } else if err != nil {
@@ -284,8 +327,8 @@ func IsClusterRoleInstalled(ctx context.Context, c 
client.Client) (bool, error)
        return true, nil
 }
 
-func installClusterRole(ctx context.Context, c client.Client, collection 
*kubernetes.Collection) error {
-       obj, err := kubernetes.LoadResourceFromYaml(c.GetScheme(), 
resources.ResourceAsString("/rbac/user-cluster-role.yaml"))
+func installResource(ctx context.Context, c client.Client, collection 
*kubernetes.Collection, resource string) error {
+       obj, err := kubernetes.LoadResourceFromYaml(c.GetScheme(), 
resources.ResourceAsString(resource))
        if err != nil {
                return err
        }
diff --git a/pkg/install/optional.go b/pkg/install/optional.go
index e7019f4..aec9d04 100644
--- a/pkg/install/optional.go
+++ b/pkg/install/optional.go
@@ -21,8 +21,9 @@ import (
        "context"
        "strings"
 
-       "github.com/apache/camel-k/pkg/client"
        "github.com/go-logr/logr"
+
+       "github.com/apache/camel-k/pkg/client"
 )
 
 // OperatorStartupOptionalTools tries to install optional tools at operator 
startup and warns if something goes wrong
@@ -35,11 +36,11 @@ func OperatorStartupOptionalTools(ctx context.Context, c 
client.Client, namespac
        }
 
        // Try to register the cluster role for standard admin and edit users
-       if clusterRoleInstalled, err := IsClusterRoleInstalled(ctx, c); err != 
nil {
+       if clusterRoleInstalled, err := isClusterRoleInstalled(ctx, c, 
"camel-k:edit"); err != nil {
                log.Info("Cannot detect user cluster role: skipping.")
                log.V(8).Info("Error while getting user cluster role", "error", 
err)
        } else if !clusterRoleInstalled {
-               if err := installClusterRole(ctx, c, nil); err != nil {
+               if err := installClusterRole(ctx, c, nil, 
"/rbac/user-cluster-role.yaml"); err != nil {
                        log.Info("Cannot install user cluster role: skipping.")
                        log.V(8).Info("Error while installing user cluster 
role", "error", err)
                }
@@ -69,5 +70,4 @@ func OperatorStartupOptionalTools(ctx context.Context, c 
client.Client, namespac
                        }
                }
        }
-
 }

Reply via email to