[camel-k] branch master updated: fix(install): Check permission to create OpenShift ConsoleCLIDownload resource

[astefanutti]

This is an automated email from the ASF dual-hosted git repository.

astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git


The following commit(s) were added to refs/heads/master by this push:
     new 91fb165  fix(install): Check permission to create OpenShift 
ConsoleCLIDownload resource
91fb165 is described below

commit 91fb16540cc3c623b7f15d10cb3f35a742c0d243
Author: Antonin Stefanutti <anto...@stefanutti.fr>
AuthorDate: Tue Feb 4 13:59:39 2020 +0100

    fix(install): Check permission to create OpenShift ConsoleCLIDownload 
resource
---
 pkg/install/openshift.go | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/pkg/install/openshift.go b/pkg/install/openshift.go
index ab88c82..66c85fd 100644
--- a/pkg/install/openshift.go
+++ b/pkg/install/openshift.go
@@ -22,6 +22,9 @@ import (
        "fmt"
        "reflect"
 
+       "github.com/Masterminds/semver"
+
+       authorization "k8s.io/api/authorization/v1"
        "k8s.io/apimachinery/pkg/api/errors"
        metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
        "k8s.io/apimachinery/pkg/types"
@@ -30,8 +33,6 @@ import (
 
        "github.com/apache/camel-k/pkg/client"
        "github.com/apache/camel-k/pkg/util/defaults"
-
-       "github.com/Masterminds/semver"
 )
 
 const (
@@ -49,6 +50,29 @@ func installOpenShiftConsoleDownloadLink(ctx 
context.Context, c client.Client) e
                return nil
        }
 
+       // Check for permission to create the ConsoleCLIDownload resource
+       sar := &authorization.SelfSubjectAccessReview{
+               Spec: authorization.SelfSubjectAccessReviewSpec{
+                       ResourceAttributes: &authorization.ResourceAttributes{
+                               Group:    "console.openshift.io",
+                               Resource: "consoleclidownloads",
+                               Name:     kamelCliDownloadName,
+                               Verb:     "create",
+                       },
+               },
+       }
+
+       sar, err = c.AuthorizationV1().SelfSubjectAccessReviews().Create(sar)
+       if err != nil {
+               if errors.IsForbidden(err) {
+                       // Let's just skip the ConsoleCLIDownload resource 
creation
+                       return nil
+               }
+               return err
+       } else if !sar.Status.Allowed {
+               return nil
+       }
+
        // Check for an existing ConsoleCLIDownload resource
        existing := &console.ConsoleCLIDownload{}
        err = c.Get(ctx, types.NamespacedName{Name: kamelCliDownloadName}, 
existing)
@@ -77,6 +101,10 @@ func installOpenShiftConsoleDownloadLink(ctx 
context.Context, c client.Client) e
                        // Else delete the older version
                        err = c.Delete(ctx, existing)
                        if err != nil {
+                               if errors.IsForbidden(err) {
+                                       // Let's just skip the 
ConsoleCLIDownload resource creation
+                                       return nil
+                               }
                                return err
                        }
                }