[camel-k] 05/08: chore(rbac): Factorize SelfSubjectAccessReview request

Fri, 12 Feb 2021 08:38:23 -0800 

This is an automated email from the ASF dual-hosted git repository.

astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git

commit 16bcb8c42a83793a8db7f546597da514e343be82
Author: Antonin Stefanutti <anto...@stefanutti.fr>
AuthorDate: Thu Feb 11 18:19:33 2021 +0100

    chore(rbac): Factorize SelfSubjectAccessReview request
---
 pkg/install/openshift.go          | 22 ++++------------------
 pkg/util/kubernetes/permission.go |  9 +++++----
 2 files changed, 9 insertions(+), 22 deletions(-)

diff --git a/pkg/install/openshift.go b/pkg/install/openshift.go
index 285dc10..2f5ade5 100644
--- a/pkg/install/openshift.go
+++ b/pkg/install/openshift.go
@@ -24,7 +24,6 @@ import (
 
        "github.com/Masterminds/semver"
 
-       authorization "k8s.io/api/authorization/v1"
        "k8s.io/apimachinery/pkg/api/errors"
        metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
        "k8s.io/apimachinery/pkg/types"
@@ -68,25 +67,12 @@ func OpenShiftConsoleDownloadLink(ctx context.Context, c 
client.Client) error {
        }
 
        // Check for permission to create the ConsoleCLIDownload resource
-       sar := &authorization.SelfSubjectAccessReview{
-               Spec: authorization.SelfSubjectAccessReviewSpec{
-                       ResourceAttributes: &authorization.ResourceAttributes{
-                               Group:    "console.openshift.io",
-                               Resource: "consoleclidownloads",
-                               Name:     KamelCLIDownloadName,
-                               Verb:     "create",
-                       },
-               },
-       }
-
-       sar, err = c.AuthorizationV1().SelfSubjectAccessReviews().Create(ctx, 
sar, metav1.CreateOptions{})
+       ok, err = kubernetes.CheckPermission(ctx, c, console.GroupName, 
"consoleclidownloads", "", KamelCLIDownloadName, "create")
        if err != nil {
-               if errors.IsForbidden(err) {
-                       // Let's just skip the ConsoleCLIDownload resource 
creation
-                       return nil
-               }
                return err
-       } else if !sar.Status.Allowed {
+       }
+       if !ok {
+               // Let's just skip the ConsoleCLIDownload resource creation
                return nil
        }
 
diff --git a/pkg/util/kubernetes/permission.go 
b/pkg/util/kubernetes/permission.go
index fe04923..3208ead 100644
--- a/pkg/util/kubernetes/permission.go
+++ b/pkg/util/kubernetes/permission.go
@@ -19,10 +19,12 @@ package kubernetes
 
 import (
        "context"
-       "github.com/apache/camel-k/pkg/client"
+
        authorizationv1 "k8s.io/api/authorization/v1"
        k8serrors "k8s.io/apimachinery/pkg/api/errors"
        metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+       "github.com/apache/camel-k/pkg/client"
 )
 
 // CheckPermission can be used to check if the current user/service-account is 
allowed to execute a given operation
@@ -49,8 +51,7 @@ func CheckPermission(ctx context.Context, client 
client.Client, group, resource,
                        return false, nil
                }
                return false, err
-       } else if !sar.Status.Allowed {
-               return false, nil
+       } else {
+               return sar.Status.Allowed, nil
        }
-       return true, nil
 }

Reply via email to