[camel-k] 08/08: chore(rbac): Manage ClusterRoleBinding resources during operator uninstall

Fri, 12 Feb 2021 08:38:23 -0800 

This is an automated email from the ASF dual-hosted git repository.

astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git

commit 206ef20cfd6753b752415da542db4fca41fa9b2d
Author: Antonin Stefanutti <anto...@stefanutti.fr>
AuthorDate: Fri Feb 12 15:33:19 2021 +0100

    chore(rbac): Manage ClusterRoleBinding resources during operator uninstall
---
 pkg/cmd/uninstall.go | 50 +++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 43 insertions(+), 7 deletions(-)

diff --git a/pkg/cmd/uninstall.go b/pkg/cmd/uninstall.go
index 21eb32a..45d9dad 100644
--- a/pkg/cmd/uninstall.go
+++ b/pkg/cmd/uninstall.go
@@ -21,17 +21,18 @@ import (
        "context"
        "fmt"
 
+       "github.com/pkg/errors"
+       "github.com/spf13/cobra"
        "github.com/spf13/viper"
 
-       "github.com/apache/camel-k/pkg/util/olm"
-       "github.com/pkg/errors"
        "k8s.io/client-go/kubernetes"
 
-       "github.com/apache/camel-k/pkg/client"
-       "github.com/apache/camel-k/pkg/util/kubernetes/customclient"
-       "github.com/spf13/cobra"
        k8serrors "k8s.io/apimachinery/pkg/api/errors"
        metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+       "github.com/apache/camel-k/pkg/client"
+       "github.com/apache/camel-k/pkg/util/kubernetes/customclient"
+       "github.com/apache/camel-k/pkg/util/olm"
 )
 
 func newCmdUninstall(rootCmdOptions *RootCmdOptions) (*cobra.Command, 
*uninstallCmdOptions) {
@@ -154,7 +155,7 @@ func (o *uninstallCmdOptions) uninstall(cmd *cobra.Command, 
_ []string) error {
                        return err
                }
 
-               if err = o.uninstallClusterWideResources(o.Context, c); err != 
nil {
+               if err = o.uninstallClusterWideResources(o.Context, c, 
o.Namespace); err != nil {
                        return err
                }
 
@@ -181,7 +182,7 @@ func (o *uninstallCmdOptions) uninstallOperator(ctx 
context.Context, c client.Cl
        return nil
 }
 
-func (o *uninstallCmdOptions) uninstallClusterWideResources(ctx 
context.Context, c client.Client) error {
+func (o *uninstallCmdOptions) uninstallClusterWideResources(ctx 
context.Context, c client.Client, namespace string) error {
        if !o.SkipCrd || o.UninstallAll {
                if err := o.uninstallCrd(ctx, c); err != nil {
                        if k8serrors.IsForbidden(err) {
@@ -192,6 +193,15 @@ func (o *uninstallCmdOptions) 
uninstallClusterWideResources(ctx context.Context,
                fmt.Printf("Camel K Custom Resource Definitions removed from 
cluster\n")
        }
 
+       if err := o.removeSubjectFromClusterRoleBindings(ctx, c, namespace); 
err != nil {
+               if k8serrors.IsForbidden(err) {
+                       // Let's print a warning message and continue
+                       fmt.Println("Current user is not authorized to remove 
the operator ServiceAccount from the cluster role bindings")
+               } else if err != nil {
+                       return err
+               }
+       }
+
        if !o.SkipClusterRoleBindings || o.UninstallAll {
                if err := o.uninstallClusterRoleBindings(ctx, c); err != nil {
                        if k8serrors.IsForbidden(err) {
@@ -331,6 +341,32 @@ func (o *uninstallCmdOptions) uninstallClusterRoles(ctx 
context.Context, c clien
        return nil
 }
 
+func (o *uninstallCmdOptions) removeSubjectFromClusterRoleBindings(ctx 
context.Context, c client.Client, namespace string) error {
+       api := c.RbacV1()
+
+       clusterRoleBindings, err := api.ClusterRoleBindings().List(ctx, 
defaultListOptions)
+       if err != nil {
+               return err
+       }
+
+       // Remove the subject corresponding to this operator install
+       for _, clusterRoleBinding := range clusterRoleBindings.Items {
+               for i, subject := range clusterRoleBinding.Subjects {
+                       if subject.Name == "camel-k-operator" && 
subject.Namespace == namespace {
+                               clusterRoleBinding.Subjects = 
append(clusterRoleBinding.Subjects[:i], clusterRoleBinding.Subjects[i+1:]...)
+                               crb := &clusterRoleBinding
+                               crb, err = 
api.ClusterRoleBindings().Update(ctx, crb, metav1.UpdateOptions{})
+                               if err != nil {
+                                       return err
+                               }
+                               break
+                       }
+               }
+       }
+
+       return nil
+}
+
 func (o *uninstallCmdOptions) uninstallClusterRoleBindings(ctx 
context.Context, c client.Client) error {
        api := c.RbacV1()

Reply via email to