This is an automated email from the ASF dual-hosted git repository.
lburgazzoli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit ba2603da84ce40b61cdf7e1d05ca04ad19ec60c2
Author: Nicola Ferraro <ni.ferr...@gmail.com>
AuthorDate: Fri Feb 21 11:41:35 2020 +0100
Fix #1199: add optional permission for creating events
---
deploy/operator-role-binding-events.yaml | 30 +++++++
...e-kubernetes.yaml => operator-role-events.yaml} | 91 +---------------------
deploy/operator-role-kubernetes.yaml | 1 -
deploy/operator-role-openshift.yaml | 1 -
deploy/resources.go | 68 +++++++++-------
helm/camel-k/templates/operator-role.yaml | 1 +
pkg/cmd/operator/operator.go | 17 +++-
pkg/install/operator.go | 13 ++++
pkg/util/kubernetes/permission.go | 54 +++++++++++++
pkg/util/olm/operator.go | 36 +--------
10 files changed, 159 insertions(+), 153 deletions(-)
diff --git a/deploy/operator-role-binding-events.yaml
b/deploy/operator-role-binding-events.yaml
new file mode 100644
index 0000000..dbbb3a7
--- /dev/null
+++ b/deploy/operator-role-binding-events.yaml
@@ -0,0 +1,30 @@
+# ---------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ---------------------------------------------------------------------------
+
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: camel-k-operator-events
+ labels:
+ app: "camel-k"
+subjects:
+- kind: ServiceAccount
+ name: camel-k-operator
+roleRef:
+ kind: Role
+ name: camel-k-operator-events
+ apiGroup: rbac.authorization.k8s.io
diff --git a/deploy/operator-role-kubernetes.yaml
b/deploy/operator-role-events.yaml
similarity index 50%
copy from deploy/operator-role-kubernetes.yaml
copy to deploy/operator-role-events.yaml
index bca4878..5fc8fab 100644
--- a/deploy/operator-role-kubernetes.yaml
+++ b/deploy/operator-role-events.yaml
@@ -18,50 +18,11 @@
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
- name: camel-k-operator
+ name: camel-k-operator-events
labels:
app: "camel-k"
rules:
- apiGroups:
- - camel.apache.org
- resources:
- - "*"
- verbs:
- - "*"
-- apiGroups:
- - ""
- resources:
- - pods
- - services
- - endpoints
- - persistentvolumeclaims
- - configmaps
- - secrets
- - serviceaccounts
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - roles
- - rolebindings
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- ""
resources:
- events
@@ -70,53 +31,3 @@ rules:
- get
- list
- watch
-- apiGroups:
- - apps
- resources:
- - deployments
- - replicasets
- - statefulsets
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - batch
- resources:
- - cronjobs
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - apps
- attributeRestrictions: null
- resources:
- - daemonsets
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - extensions
- resources:
- - ingresses
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
diff --git a/deploy/operator-role-kubernetes.yaml
b/deploy/operator-role-kubernetes.yaml
index bca4878..4e9db4c 100644
--- a/deploy/operator-role-kubernetes.yaml
+++ b/deploy/operator-role-kubernetes.yaml
@@ -66,7 +66,6 @@ rules:
resources:
- events
verbs:
- - create
- get
- list
- watch
diff --git a/deploy/operator-role-openshift.yaml
b/deploy/operator-role-openshift.yaml
index 46ea8c5..9da5132 100644
--- a/deploy/operator-role-openshift.yaml
+++ b/deploy/operator-role-openshift.yaml
@@ -66,7 +66,6 @@ rules:
resources:
- events
verbs:
- - create
- get
- list
- watch
diff --git a/deploy/resources.go b/deploy/resources.go
index 8719462..518327e 100644
--- a/deploy/resources.go
+++ b/deploy/resources.go
@@ -70,16 +70,16 @@ var assets = func() http.FileSystem {
"/builder-role-kubernetes.yaml": &vfsgen۰CompressedFileInfo{
name: "builder-role-kubernetes.yaml",
modTime: time.Time{},
- uncompressedSize: 1387,
+ uncompressedSize: 1467,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x54\x4d\x73\xdb\x36\x10\xbd\xe3\x57\xbc\x21\x2f\x49\xc7\x92\x9a\x9e\x3a\xea\x49\x75\xec\x96\xd3\x8c\x34\x63\x2a\xcd\xe4\x08\x82\x2b\x72\xc7\x20\x80\x2e\x40\x33\xee\xaf\xef\x80\x94\x1a\xb9\xbe\xf4\x60\x5c\xb4\x80\x16\xef\x03\x6f\xa5\x12\xab\xb7\x5b\xaa\xc4\x27\x36\xe4\x22\xb5\x48\x1e\xa9\x27\xec\x82\x36\x3d\xa1\xf6\xa7\x34\x69\x21\xdc\xfb\xd1\xb5\x3a\xb1\x77\x78\xb7\xab\xef\xdf\x63\x74\x2d\x09\xbc\x23\x78\xc1\xe0\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x54\x41\x8f\xdb\x36\x17\xbc\xf3\x57\x0c\xa4\x4b\xf2\x61\x2d\x7f\xe9\xa9\x70\x4f\xee\x66\xb7\x15\x1a\xd8\xc0\xca\x69\x90\x23\x45\x3e\x4b\x0f\x4b\x91\x2c\x49\xad\xb2\xfd\xf5\x05\x69\xbb\xf1\x76\x11\xa0\x05\xc2\x8b\x1f\xe9\xe1\xbc\x19\xce\xb3\x6b\xac\xbe\xdf\x12\x35\x3e\xb0\x22\x1b\x49\x23\x39\xa4\x91\xb0\xf5\x52\x8d\x84\xce\x1d\xd3\x22\x03\xe1\xde\xcd\x56\xcb\xc4\xce\xe2\xcd\xb6\xbb\x7f\x8b\xd9\x6a\x0a\x70\x96\xe0\x
[...]
},
"/builder-role-openshift.yaml": &vfsgen۰CompressedFileInfo{
name: "builder-role-openshift.yaml",
modTime: time.Time{},
- uncompressedSize: 2052,
+ uncompressedSize: 2132,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x54\x41\x8f\xdb\x36\x13\xbd\xf3\x57\x3c\x48\x97\xe4\xc3\x5a\xfe\xd2\x53\xe1\x9e\xdc\xcd\x6e\x6b\x34\xb0\x81\x95\xd3\x20\xc7\x91\x34\x96\x06\x4b\x91\x2c\x49\xad\xb2\xfd\xf5\x85\x28\xbb\x6b\xc7\x69\xda\x43\x80\xe8\xe2\xd1\x70\x38\xef\xbd\x79\x63\xe5\x58\x7c\xbb\x47\xe5\x78\x27\x35\x9b\xc0\x0d\xa2\x45\xec\x18\x6b\x47\x75\xc7\x28\xed\x21\x8e\xe4\x19\xf7\x76\x30\x0d\x45\xb1\x06\xaf\xd6\xe5\xfd\x6b\x0c\xa6\x61\x0f\x6b\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x54\xc1\x8e\xdb\x36\x10\xbd\xf3\x2b\x1e\xa4\x4b\x52\xac\xe5\xa6\xa7\xc2\x3d\xb9\x9b\xdd\xd6\x68\x60\x03\x2b\xa7\x41\x8e\x23\x69\x2c\x0d\x96\x22\x59\x92\x5a\xc5\xfd\xfa\x42\xb4\xdd\xb5\xe3\xa4\x4d\x80\x00\xd1\xc5\xa3\xe1\xf0\xcd\x7b\xf3\xc6\xca\x31\xfb\x76\x8f\xca\xf1\x46\x6a\x36\x81\x1b\x44\x8b\xd8\x31\x96\x8e\xea\x8e\x51\xda\x5d\x1c\xc9\x33\xee\xed\x60\x1a\x8a\x62\x0d\x5e\x2c\xcb\xfb\x97\x18\x4c\xc3\x1e\xd6\x30\x
[...]
},
"/builder-service-account.yaml": &vfsgen۰CompressedFileInfo{
name: "builder-service-account.yaml",
@@ -151,6 +151,13 @@ var assets = func() http.FileSystem {
compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xbc\x54\xc1\x6e\xe3\x36\x10\xbd\xeb\x2b\x1e\xac\xcb\x2e\x10\xdb\xc9\x1e\xd5\x93\xea\x38\x88\xd1\x54\x36\x2c\x6f\x83\x3d\x15\x13\x6a\x24\x11\xa1\x48\x95\xa4\xa2\xd5\xdf\x17\x94\xed\xc4\xce\x66\xd3\x1e\x82\xe5\xc9\xe6\xcc\xbc\x79\x6f\xde\x88\x31\xa6\x1f\x77\xa2\x18\x77\x52\xb0\x76\x5c\xc0\x1b\xf8\x9a\x91\xb6\x24\x6a\x46\x6e\x4a\xdf\x93\x65\xdc\x98\x4e\x17\xe4\xa5\xd1\xf8\x94\xe6\x37\x9f\xd1\xe9\x82\x2d\x8c\x66\x18\x8b\x
[...]
},
+ "/operator-role-binding-events.yaml":
&vfsgen۰CompressedFileInfo{
+ name: "operator-role-binding-events.yaml",
+ modTime: time.Time{},
+ uncompressedSize: 1224,
+
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x93\x41\x6f\xdb\x46\x10\x85\xef\xfb\x2b\x1e\xc4\x4b\x02\x58\x54\xd3\x53\xa1\x9e\x18\xc7\x6e\x89\x06\x12\x20\x2a\x0d\x72\x1c\x2e\x47\xe4\xd4\xe4\x0e\xbb\xbb\x34\xe3\xfe\xfa\x62\x29\xa9\x76\x50\xb4\xc8\xc1\x7b\x13\x34\x7c\xf3\xbd\x7d\x6f\x33\xac\x5f\xef\x98\x0c\x1f\xc5\xb2\x0b\xdc\x20\x2a\x62\xc7\x28\x46\xb2\x1d\xa3\xd2\x53\x9c\xc9\x33\xee\x75\x72\x0d\x45\x51\x87\x37\x45\x75\xff\x16\x93\x6b\xd8\x43\x1d\x43\x3d\x06\x
[...]
+ },
"/operator-role-binding-knative.yaml":
&vfsgen۰CompressedFileInfo{
name: "operator-role-binding-knative.yaml",
modTime: time.Time{},
@@ -165,6 +172,13 @@ var assets = func() http.FileSystem {
compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x93\x41\x6f\xdb\x46\x10\x85\xef\xfb\x2b\x1e\xc4\x4b\x02\x58\x54\xd3\x53\xa1\x9e\x18\xc7\x6e\x89\x06\x12\x20\x2a\x0d\x72\x1c\x2e\x47\xe4\xd4\xe4\x0e\xbb\xbb\x34\xe3\xfe\xfa\x62\x29\xa9\x76\x50\x24\x27\xef\x8d\xe0\xf0\xcd\xf7\xf6\x3d\x66\x58\xbf\xde\x31\x19\x3e\x8a\x65\x17\xb8\x41\x54\xc4\x8e\x51\x8c\x64\x3b\x46\xa5\xa7\x38\x93\x67\xdc\xeb\xe4\x1a\x8a\xa2\x0e\x6f\x8a\xea\xfe\x2d\x26\xd7\xb0\x87\x3a\x86\x7a\x0c\xea\x
[...]
},
+ "/operator-role-events.yaml": &vfsgen۰CompressedFileInfo{
+ name: "operator-role-events.yaml",
+ modTime: time.Time{},
+ uncompressedSize: 1165,
+
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\xc1\x8e\xdb\x36\x10\xbd\xf3\x2b\x1e\xac\x4b\x02\xac\xe5\xa6\xa7\xc2\x3d\xb9\x9b\xdd\x56\x68\x60\x03\x2b\xa7\x41\x8e\x63\x69\x2c\x0d\x56\xe2\xa8\x43\x6a\x15\xf7\xeb\x0b\xca\x72\xb2\x41\xae\xe1\x45\x14\xf5\xf4\xe6\xbd\x79\xc3\x0c\xeb\x9f\xb7\x5c\x86\x0f\x52\xb1\x0f\x5c\x23\x2a\x62\xcb\xd8\x0d\x54\xb5\x8c\x52\xcf\x71\x22\x63\x3c\xea\xe8\x6b\x8a\xa2\x1e\x6f\x76\xe5\xe3\x5b\x8c\xbe\x66\x83\x7a\x86\x1a\x7a\x35\x76\x
[...]
+ },
"/operator-role-knative.yaml": &vfsgen۰CompressedFileInfo{
name: "operator-role-knative.yaml",
modTime: time.Time{},
@@ -175,23 +189,23 @@ var assets = func() http.FileSystem {
"/operator-role-kubernetes.yaml": &vfsgen۰CompressedFileInfo{
name: "operator-role-kubernetes.yaml",
modTime: time.Time{},
- uncompressedSize: 2249,
+ uncompressedSize: 2260,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x54\xc1\x6e\x1b\x37\x10\xbd\xf3\x2b\x1e\xb4\x97\xa4\xb0\xe4\xa6\xa7\x42\x3d\xa9\x8e\xdd\x0a\x0d\x24\xc0\xab\x34\xc8\x71\x96\x3b\x5a\xb1\xe6\x72\x58\x92\x2b\xd9\xfd\xfa\x82\xd4\x2a\x91\xa3\x04\xe8\x21\xa8\xf7\xa2\x21\x77\xf6\xcd\x9b\xf7\x46\x53\x61\xfa\xfd\x1e\x55\xe1\x9d\xd1\xec\x22\xb7\x48\x82\xb4\x63\x2c\x3c\xe9\x1d\xa3\x96\x6d\x3a\x50\x60\xdc\xc9\xe0\x5a\x4a\x46\x1c\x5e\x2d\xea\xbb\xd7\x18\x5c\xcb\x01\xe2\x18\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x54\x41\x73\xdb\x36\x13\xbd\xe3\x57\xbc\x11\x2f\xc9\x37\x96\xfc\xa5\xa7\x8e\x7a\x52\x1d\xbb\xd5\x34\x23\xcd\x98\x4a\x33\x39\x2e\xc1\x15\x85\x1a\xc4\xa2\x00\x28\xd9\xfd\xf5\x1d\x40\x54\x22\x47\x49\xa7\x87\x4c\xcd\x8b\x16\xe0\xf2\xed\xdb\xf7\x56\x5b\x61\xfa\xfd\x1e\x55\xe1\x9d\xd1\xec\x22\xb7\x48\x82\xb4\x63\x2c\x3c\xe9\x1d\xa3\x96\x6d\x3a\x50\x60\xdc\xc9\xe0\x5a\x4a\x46\x1c\x5e\x2d\xea\xbb\xd7\x18\x5c\xcb\x01\xe2\x
[...]
},
"/operator-role-olm.yaml": &vfsgen۰CompressedFileInfo{
name: "operator-role-olm.yaml",
modTime: time.Time{},
- uncompressedSize: 3530,
+ uncompressedSize: 3541,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x56\x51\x8f\xda\x46\x10\x7e\xf7\xaf\x18\xe1\x97\xa4\x3a\x4c\xd3\xa7\x8a\x3e\xd1\xcb\x5d\x8b\x1a\x81\x74\x90\x46\x79\x1c\xaf\x07\x7b\xca\x7a\x67\xbb\xbb\x86\xa3\xbf\xbe\xf2\xda\x24\xe6\x7c\xa7\x4b\xa5\x54\xf0\xc2\x7a\x76\xf8\xe6\x9b\xef\x1b\x06\x52\x98\x7e\xbf\x57\x92\xc2\x07\x56\x64\x3c\x15\x10\x04\x42\x45\xb0\xb0\xa8\x2a\x82\x8d\xec\xc2\x11\x1d\xc1\xbd\x34\xa6\xc0\xc0\x62\xe0\xcd\x62\x73\xff\x16\x1a\x53\x90\x03\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x56\x41\x93\xda\x46\x13\xbd\xeb\x57\x74\xa1\x8b\xfd\xd5\x22\x3e\xe7\x94\x22\x27\xb2\xde\x4d\xa8\xb8\xa0\x6a\xc1\x71\xf9\xd8\x1a\x35\x52\x87\xd1\xf4\x64\x66\x04\x4b\x7e\x7d\x4a\x23\x61\x8b\xd5\x6e\xd6\xa9\x72\x0a\x2e\x8c\x7a\x9a\xd7\xaf\xdf\x6b\x1a\x52\x98\x7e\xbf\x57\x92\xc2\x07\x56\x64\x3c\x15\x10\x04\x42\x45\xb0\xb0\xa8\x2a\x82\x8d\xec\xc2\x11\x1d\xc1\xbd\x34\xa6\xc0\xc0\x62\xe0\xcd\x62\x73\xff\x16\x1a\x53\x90\x
[...]
},
"/operator-role-openshift.yaml": &vfsgen۰CompressedFileInfo{
name: "operator-role-openshift.yaml",
modTime: time.Time{},
- uncompressedSize: 3028,
+ uncompressedSize: 3039,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x54\xc1\x8e\xdb\x46\x0c\xbd\xeb\x2b\x08\xe9\x92\x14\x6b\xb9\xe9\xa9\x70\x4f\x6e\xb2\xdb\x1a\x0d\xbc\xc0\xca\x69\x90\x23\x35\xa2\x25\x76\x47\xc3\xe9\xcc\xc8\x8a\xfb\xf5\x85\x46\x72\x62\xaf\x76\x91\x16\x08\x60\x5f\x4c\x71\xa8\xc7\xc7\xf7\xa8\xc9\x60\xf1\xfd\x7e\x49\x06\xef\x59\x91\xf1\x54\x41\x10\x08\x0d\xc1\xda\xa2\x6a\x08\x0a\xd9\x87\x1e\x1d\xc1\x9d\x74\xa6\xc2\xc0\x62\xe0\xd5\xba\xb8\x7b\x0d\x9d\xa9\xc8\x81\x18\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xc4\x54\xc1\x8e\xdb\x46\x0c\xbd\xeb\x2b\x08\xe9\x92\x14\x6b\xbb\xe9\xa9\x70\x4f\xee\x66\xb7\x35\x1a\xd8\xc0\xca\x69\x90\x23\x35\xa2\x25\x76\x47\xc3\xe9\xcc\xc8\x8a\xfb\xf5\x85\x46\x72\x62\xaf\x76\x9b\x06\x08\x60\x5f\x4c\x71\xa8\xc7\xc7\xf7\xa8\xc9\x60\xf6\xfd\x7e\x49\x06\xef\x58\x91\xf1\x54\x42\x10\x08\x35\xc1\xca\xa2\xaa\x09\x72\xd9\x87\x0e\x1d\xc1\xbd\xb4\xa6\xc4\xc0\x62\xe0\xd5\x2a\xbf\x7f\x0d\xad\x29\xc9\x81\x18\x
[...]
},
"/operator-service-account.yaml": &vfsgen۰CompressedFileInfo{
name: "operator-service-account.yaml",
@@ -217,58 +231,58 @@ var assets = func() http.FileSystem {
"/platform-integration-kit-groovy.yaml":
&vfsgen۰CompressedFileInfo{
name:
"platform-integration-kit-groovy.yaml",
modTime: time.Time{},
- uncompressedSize: 1318,
+ uncompressedSize: 1310,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x8f\xdb\x36\x10\xbd\xf3\x57\x3c\x58\x97\x04\x58\xcb\x6d\x8f\xee\xc9\xdd\xec\xa2\x42\x02\x1b\x58\x39\x0d\x72\x1c\x8b\x63\x79\x60\x89\x64\x87\xd4\x2a\xfe\xf7\x05\x25\xbb\x71\x90\x43\x72\x08\x6f\x12\x67\xde\xc7\xbc\x61\x81\xe5\xaf\x3b\xa6\xc0\x07\x69\xd8\x45\xb6\x48\x1e\xe9\xc4\xd8\x04\x6a\x4e\x8c\xda\x1f\xd3\x48\xca\x78\xf6\x83\xb3\x94\xc4\x3b\xbc\xd9\xd4\xcf\x6f\x31\x38\xcb\x0a\xef\x18\x5e\xd1\x7b\x65\x53\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x8f\xdb\x36\x10\xbd\xf3\x57\x3c\x58\x97\x04\x58\xcb\x6d\x8f\xee\xc9\xdd\xec\xa2\x42\x02\x1b\x58\x39\x0d\x72\x1c\x8b\x63\x79\x60\x89\x64\x87\xd4\x2a\xfe\xf7\x05\x25\xbb\x71\x10\xa0\xcd\x21\xbc\x49\x9c\x79\x1f\xf3\x86\x05\x96\x3f\xef\x98\x02\x1f\xa4\x61\x17\xd9\x22\x79\xa4\x13\x63\x13\xa8\x39\x31\x6a\x7f\x4c\x23\x29\xe3\xd9\x0f\xce\x52\x12\xef\xf0\x66\x53\x3f\xbf\xc5\xe0\x2c\x2b\xbc\x63\x78\x45\xef\x95\x4d\x
[...]
},
"/platform-integration-kit-java.yaml":
&vfsgen۰CompressedFileInfo{
name: "platform-integration-kit-java.yaml",
modTime: time.Time{},
- uncompressedSize: 1314,
+ uncompressedSize: 1306,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x8f\xdb\x36\x10\xbd\xf3\x57\x3c\x58\x97\x04\xb0\xe5\xb6\x47\xf5\xe4\x6e\x6c\x54\x48\x60\x03\x2b\xa7\x41\x8e\x63\x71\x2c\x4d\x2d\x91\x2c\x49\x59\xf1\xbf\x2f\x28\xdb\x8d\x17\x7b\xe8\x1e\x96\x37\x51\x33\xef\x63\xde\x30\xc3\xe2\xfd\x8e\xca\xf0\x45\x6a\x36\x81\x35\xa2\x45\x6c\x19\x2b\x47\x75\xcb\xa8\xec\x31\x8e\xe4\x19\x1b\x3b\x18\x4d\x51\xac\xc1\x87\x55\xb5\xf9\x88\xc1\x68\xf6\xb0\x86\x61\x3d\x7a\xeb\x59\x65\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x8f\xdb\x36\x10\xbd\xf3\x57\x3c\x58\x97\x04\xb0\xe5\xb6\x47\xf5\xe4\x6e\x6c\x54\x48\x60\x03\x2b\xa7\x41\x8e\x63\x71\x2c\x4d\x2d\x91\x2c\x49\x59\xf1\xbf\x2f\x28\xdb\x5d\x2f\x16\x68\x7b\x58\xde\x44\xcd\xbc\x8f\x79\xc3\x0c\x8b\xf7\x3b\x2a\xc3\x17\xa9\xd9\x04\xd6\x88\x16\xb1\x65\xac\x1c\xd5\x2d\xa3\xb2\xc7\x38\x92\x67\x6c\xec\x60\x34\x45\xb1\x06\x1f\x56\xd5\xe6\x23\x06\xa3\xd9\xc3\x1a\x86\xf5\xe8\xad\x67\x95\x
[...]
},
"/platform-integration-kit-js.yaml": &vfsgen۰CompressedFileInfo{
name: "platform-integration-kit-js.yaml",
modTime: time.Time{},
- uncompressedSize: 1310,
+ uncompressedSize: 1302,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x8f\xdb\x36\x10\xbd\xf3\x57\x3c\x58\x97\x04\xb0\xe5\xb6\x47\xf5\xe4\x6e\x6c\x54\x48\x60\x03\x2b\xa7\x41\x8e\x63\x71\x2c\x4d\x2c\x91\x2c\x49\xad\xe2\x7f\x5f\x50\xb6\xbb\x5e\xec\x21\x7b\x58\xde\x44\xcd\xbc\x8f\x79\xc3\x0c\x8b\xf7\x3b\x2a\xc3\x17\xa9\xd9\x04\xd6\x88\x16\xb1\x65\xac\x1c\xd5\x2d\xa3\xb2\xc7\x38\x92\x67\x6c\xec\x60\x34\x45\xb1\x06\x1f\x56\xd5\xe6\x23\x06\xa3\xd9\xc3\x1a\x86\xf5\xe8\xad\x67\x95\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x8f\xdb\x36\x10\xbd\xf3\x57\x3c\x58\x97\x04\xb0\xe5\xb6\x47\xf5\xe4\x6e\x6c\x54\x48\x60\x03\x2b\xa7\x41\x8e\x63\x71\x2c\x4d\x2c\x91\x2c\x49\xad\xd6\xff\xbe\xa0\x6c\x77\xbd\x58\xa0\xcd\x61\x79\x13\x35\xf3\x3e\xe6\x0d\x33\x2c\xde\xef\xa8\x0c\x5f\xa4\x66\x13\x58\x23\x5a\xc4\x96\xb1\x72\x54\xb7\x8c\xca\x1e\xe3\x48\x9e\xb1\xb1\x83\xd1\x14\xc5\x1a\x7c\x58\x55\x9b\x8f\x18\x8c\x66\x0f\x6b\x18\xd6\xa3\xb7\x9e\x55\x
[...]
},
"/platform-integration-kit-knative.yaml":
&vfsgen۰CompressedFileInfo{
name:
"platform-integration-kit-knative.yaml",
modTime: time.Time{},
- uncompressedSize: 1321,
+ uncompressedSize: 1313,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\xcd\xce\xdb\x36\x10\xbc\xf3\x29\x06\xd6\x25\x01\x6c\xb9\xed\x51\x3d\xb9\x5f\x6c\x54\x48\x60\x03\x9f\x9c\x06\x39\xae\xc5\xb5\xb4\xb0\x44\xb2\x24\x65\xc5\x6f\x5f\x50\x96\x1b\x07\x39\xb4\x01\xc2\x9b\xc4\xdd\xf9\xd9\x59\x66\x58\xfd\xbc\xa3\x32\x7c\x90\x9a\x4d\x60\x8d\x68\x11\x5b\xc6\xc6\x51\xdd\x32\x2a\x7b\x8e\x23\x79\xc6\xce\x0e\x46\x53\x14\x6b\xf0\x66\x53\xed\xde\x62\x30\x9a\x3d\xac\x61\x58\x8f\xde\x7a\x56\x19\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\xcd\xce\xdb\x36\x10\xbc\xf3\x29\x06\xd6\x25\x01\x6c\xb9\xed\x51\x3d\xb9\x5f\x6c\x54\x48\x60\x03\x9f\x9c\x06\x39\xae\xc5\xb5\xb4\xb0\x44\xb2\x24\x65\xc5\x6f\x5f\x50\x96\x1b\x07\x01\x5a\x04\x08\x6f\x12\x77\xe7\x67\x67\x99\x61\xf5\xf3\x8e\xca\xf0\x41\x6a\x36\x81\x35\xa2\x45\x6c\x19\x1b\x47\x75\xcb\xa8\xec\x39\x8e\xe4\x19\x3b\x3b\x18\x4d\x51\xac\xc1\x9b\x4d\xb5\x7b\x8b\xc1\x68\xf6\xb0\x86\x61\x3d\x7a\xeb\x59\x65\x
[...]
},
"/platform-integration-kit-kotlin.yaml":
&vfsgen۰CompressedFileInfo{
name:
"platform-integration-kit-kotlin.yaml",
modTime: time.Time{},
- uncompressedSize: 1318,
+ uncompressedSize: 1310,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x8f\xdb\x36\x10\xbd\xf3\x57\x3c\x58\x97\x04\x58\xcb\x6d\x8f\xea\xc9\xdd\xec\xa2\x42\x02\x1b\x58\x39\x0d\x72\x1c\x8b\x63\x69\x60\x8a\x64\x49\x6a\x15\xff\xfb\x82\x92\xdd\x38\xc8\x21\x39\x84\x37\x89\x33\xef\x63\xde\xb0\xc0\xfa\xd7\x1d\x55\xe0\x83\xb4\x6c\x23\x6b\x24\x87\xd4\x33\xb6\x9e\xda\x9e\xd1\xb8\x53\x9a\x28\x30\x9e\xdd\x68\x35\x25\x71\x16\x6f\xb6\xcd\xf3\x5b\x8c\x56\x73\x80\xb3\x0c\x17\x30\xb8\xc0\xaa\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x8f\xdb\x36\x10\xbd\xf3\x57\x3c\x58\x97\x04\x58\xcb\x6d\x8f\xea\xc9\xdd\xec\xa2\x42\x02\x1b\x58\x39\x0d\x72\x1c\x8b\x63\x69\x60\x8a\x64\x49\x6a\x15\xff\xfb\x82\x92\xdd\x38\x08\xd0\xe6\x10\xde\x24\xce\xbc\x8f\x79\xc3\x02\xeb\x9f\x77\x54\x81\x0f\xd2\xb2\x8d\xac\x91\x1c\x52\xcf\xd8\x7a\x6a\x7b\x46\xe3\x4e\x69\xa2\xc0\x78\x76\xa3\xd5\x94\xc4\x59\xbc\xd9\x36\xcf\x6f\x31\x5a\xcd\x01\xce\x32\x5c\xc0\xe0\x02\xab\x
[...]
},
"/platform-integration-kit-main.yaml":
&vfsgen۰CompressedFileInfo{
name: "platform-integration-kit-main.yaml",
modTime: time.Time{},
- uncompressedSize: 1265,
+ uncompressedSize: 1257,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x6f\xe3\x36\x10\xbd\xf3\x57\x3c\x58\x97\x5d\xc0\x96\xdb\x1e\xd5\x93\x9b\xb5\x51\x61\x17\x36\x10\x79\x1b\xe4\x38\x16\xc7\xd2\xc0\x12\xc9\x92\x54\x14\xff\xfb\x82\xb2\xdd\x38\xc8\xa1\x3d\x84\x37\x51\x33\xef\x63\xde\x30\xc3\xe2\xf3\x8e\xca\xf0\x43\x6a\x36\x81\x35\xa2\x45\x6c\x19\x2b\x47\x75\xcb\xa8\xec\x31\x8e\xe4\x19\x1b\x3b\x18\x4d\x51\xac\xc1\x97\x55\xb5\xf9\x8a\xc1\x68\xf6\xb0\x86\x61\x3d\x7a\xeb\x59\x65\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x6f\xe3\x36\x10\xbd\xf3\x57\x3c\x58\x97\x5d\xc0\x96\xdb\x1e\xd5\x93\x9b\xb5\x51\x61\x17\x36\x10\x79\x1b\xe4\x38\x16\xc7\xd2\xc0\x12\xc9\x92\x54\x14\xff\xfb\x82\xb2\xdd\x38\x08\xd0\x5e\xc2\x9b\xa8\xe1\xfb\xe0\x7b\xcc\xb0\xf8\xbc\xa5\x32\xfc\x90\x9a\x4d\x60\x8d\x68\x11\x5b\xc6\xca\x51\xdd\x32\x2a\x7b\x8c\x23\x79\xc6\xc6\x0e\x46\x53\x14\x6b\xf0\x65\x55\x6d\xbe\x62\x30\x9a\x3d\xac\x61\x58\x8f\xde\x7a\x56\x19\x
[...]
},
"/platform-integration-kit-xml.yaml":
&vfsgen۰CompressedFileInfo{
name: "platform-integration-kit-xml.yaml",
modTime: time.Time{},
- uncompressedSize: 1311,
+ uncompressedSize: 1303,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x8f\xdb\x36\x10\xbd\xf3\x57\x3c\x58\x97\x04\x58\xcb\x6d\x8f\xea\xc9\xdd\xac\x51\x21\x81\x0d\xac\x9c\x06\x39\x8e\xc5\xb1\x34\x35\x45\xb2\x24\xb5\x5a\xff\xfb\x82\xb2\xdd\x38\xc8\xa1\x39\x2c\x6f\xa2\x66\xde\xc7\xbc\x61\x81\xe5\xdb\x1d\x55\xe0\x93\xb4\x6c\x23\x6b\x24\x87\xd4\x33\xd6\x9e\xda\x9e\xd1\xb8\x63\x9a\x28\x30\x36\x6e\xb4\x9a\x92\x38\x8b\x77\xeb\x66\xf3\x1e\xa3\xd5\x1c\xe0\x2c\xc3\x05\x0c\x2e\xb0\x2a\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x8f\xdb\x36\x10\xbd\xf3\x57\x3c\x58\x97\x04\x58\xcb\x6d\x8f\xea\xc9\xdd\xac\x51\x21\x81\x0d\xac\x9c\x06\x39\x8e\xc5\xb1\x34\x35\x45\xb2\x24\xb5\x5a\xff\xfb\x82\xb2\xdd\x38\x08\xd0\xf6\xb0\xbc\x89\x9a\x79\x1f\xf3\x86\x05\x96\x6f\x77\x54\x81\x4f\xd2\xb2\x8d\xac\x91\x1c\x52\xcf\x58\x7b\x6a\x7b\x46\xe3\x8e\x69\xa2\xc0\xd8\xb8\xd1\x6a\x4a\xe2\x2c\xde\xad\x9b\xcd\x7b\x8c\x56\x73\x80\xb3\x0c\x17\x30\xb8\xc0\xaa\x
[...]
},
"/platform-integration-kit-yaml.yaml":
&vfsgen۰CompressedFileInfo{
name: "platform-integration-kit-yaml.yaml",
modTime: time.Time{},
- uncompressedSize: 1314,
+ uncompressedSize: 1306,
- compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x8f\xdb\x36\x10\xbd\xf3\x57\x3c\x58\x97\x04\x58\xcb\x6d\x8f\xea\xc9\xdd\xd8\xa8\x90\xc0\x06\x56\x4e\x83\x1c\xc7\xe2\x58\x1a\x98\x22\x59\x92\x5a\xc5\xff\xbe\xa0\x6c\x37\x0e\x72\x48\x0e\xe1\x4d\xd4\xcc\xfb\x98\x37\x2c\xb0\xfc\x75\x47\x15\xf8\x20\x2d\xdb\xc8\x1a\xc9\x21\xf5\x8c\xb5\xa7\xb6\x67\x34\xee\x94\x26\x0a\x8c\xad\x1b\xad\xa6\x24\xce\xe2\xcd\xba\xd9\xbe\xc5\x68\x35\x07\x38\xcb\x70\x01\x83\x0b\xac\x0a\x
[...]
+ compressedContent:
[]byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x53\x4d\x8f\xdb\x36\x10\xbd\xf3\x57\x3c\x58\x97\x04\x58\xcb\x6d\x8f\xea\xc9\xdd\xd8\xa8\x90\xc0\x06\x56\x4e\x83\x1c\xc7\xe2\x58\x1a\x98\x22\x59\x92\x5a\xc5\xff\xbe\xa0\x6c\x37\x0e\x02\xb4\x39\x84\x37\x51\x33\xef\x63\xde\xb0\xc0\xf2\xe7\x1d\x55\xe0\x83\xb4\x6c\x23\x6b\x24\x87\xd4\x33\xd6\x9e\xda\x9e\xd1\xb8\x53\x9a\x28\x30\xb6\x6e\xb4\x9a\x92\x38\x8b\x37\xeb\x66\xfb\x16\xa3\xd5\x1c\xe0\x2c\xc3\x05\x0c\x2e\xb0\x2a\x
[...]
},
"/prometheus-jmx-exporter.yaml": &vfsgen۰CompressedFileInfo{
name: "prometheus-jmx-exporter.yaml",
@@ -346,8 +360,10 @@ var assets = func() http.FileSystem {
fs["/crd-integration-platform.yaml"].(os.FileInfo),
fs["/crd-integration.yaml"].(os.FileInfo),
fs["/operator-deployment.yaml"].(os.FileInfo),
+ fs["/operator-role-binding-events.yaml"].(os.FileInfo),
fs["/operator-role-binding-knative.yaml"].(os.FileInfo),
fs["/operator-role-binding.yaml"].(os.FileInfo),
+ fs["/operator-role-events.yaml"].(os.FileInfo),
fs["/operator-role-knative.yaml"].(os.FileInfo),
fs["/operator-role-kubernetes.yaml"].(os.FileInfo),
fs["/operator-role-olm.yaml"].(os.FileInfo),
diff --git a/helm/camel-k/templates/operator-role.yaml
b/helm/camel-k/templates/operator-role.yaml
index a9d6c6a..5a9218a 100644
--- a/helm/camel-k/templates/operator-role.yaml
+++ b/helm/camel-k/templates/operator-role.yaml
@@ -67,6 +67,7 @@ rules:
resources:
- events
verbs:
+ - create
- get
- list
- watch
diff --git a/pkg/cmd/operator/operator.go b/pkg/cmd/operator/operator.go
index 012179f..1347e1d 100644
--- a/pkg/cmd/operator/operator.go
+++ b/pkg/cmd/operator/operator.go
@@ -27,10 +27,12 @@ import (
"time"
"github.com/apache/camel-k/pkg/client"
+ "github.com/apache/camel-k/pkg/util/kubernetes"
"github.com/operator-framework/operator-sdk/pkg/k8sutil"
"github.com/operator-framework/operator-sdk/pkg/leader"
"github.com/operator-framework/operator-sdk/pkg/ready"
sdkVersion "github.com/operator-framework/operator-sdk/version"
+ corev1 "k8s.io/api/core/v1"
typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/tools/record"
@@ -109,9 +111,18 @@ func Run() {
log.Error(err, "cannot initialize client")
os.Exit(1)
}
- eventBroadcaster := record.NewBroadcaster()
- //eventBroadcaster.StartLogging(camellog.WithName("events").Infof)
-
eventBroadcaster.StartRecordingToSink(&typedcorev1.EventSinkImpl{Interface:
c.CoreV1().Events(namespace)})
+
+ // Configure event broadcaster
+ var eventBroadcaster record.EventBroadcaster
+ if ok, err := kubernetes.CheckPermission(c, corev1.GroupName, "events",
namespace, "", "create"); err != nil {
+ log.Error(err, "cannot check permissions for configuring event
broadcaster")
+ } else if !ok {
+ log.Info("Event broadcasting to Kubernetes is disabled because
of missing permissions to create events")
+ } else {
+ eventBroadcaster = record.NewBroadcaster()
+
//eventBroadcaster.StartLogging(camellog.WithName("events").Infof)
+
eventBroadcaster.StartRecordingToSink(&typedcorev1.EventSinkImpl{Interface:
c.CoreV1().Events(namespace)})
+ }
// Create a new Cmd to provide shared dependencies and start components
mgr, err := manager.New(cfg, manager.Options{
diff --git a/pkg/install/operator.go b/pkg/install/operator.go
index e61f13f..28a2a58 100644
--- a/pkg/install/operator.go
+++ b/pkg/install/operator.go
@@ -20,6 +20,7 @@ package install
import (
"context"
"errors"
+ "fmt"
"strings"
appsv1 "k8s.io/api/apps/v1"
@@ -124,6 +125,11 @@ func OperatorOrCollect(ctx context.Context, c
client.Client, cfg OperatorConfigu
if isKnative {
return installKnative(ctx, c, cfg.Namespace, customizer,
collection, force)
}
+
+ if errevt := installEvents(ctx, c, cfg.Namespace, customizer,
collection); errevt != nil {
+ fmt.Println("Warning: the operator will not be able to publish
Kubernetes events. Try installing as cluster-admin to allow it to generate
events.")
+ }
+
return nil
}
@@ -152,6 +158,13 @@ func installKnative(ctx context.Context, c client.Client,
namespace string, cust
)
}
+func installEvents(ctx context.Context, c client.Client, namespace string,
customizer ResourceCustomizer, collection *kubernetes.Collection) error {
+ return ResourcesOrCollect(ctx, c, namespace, collection, customizer,
+ "operator-role-events.yaml",
+ "operator-role-binding-events.yaml",
+ )
+}
+
// Platform installs the platform custom resource
// nolint: lll
func Platform(ctx context.Context, c client.Client, clusterType string,
namespace string, registry v1.IntegrationPlatformRegistrySpec)
(*v1.IntegrationPlatform, error) {
diff --git a/pkg/util/kubernetes/permission.go
b/pkg/util/kubernetes/permission.go
new file mode 100644
index 0000000..e72be7d
--- /dev/null
+++ b/pkg/util/kubernetes/permission.go
@@ -0,0 +1,54 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package kubernetes
+
+import (
+ "github.com/apache/camel-k/pkg/client"
+ authorizationv1 "k8s.io/api/authorization/v1"
+ k8serrors "k8s.io/apimachinery/pkg/api/errors"
+)
+
+// CheckPermission can be used to check if the current user/service-account is
allowed to execute a given operation
+// in the cluster.
+// E.g. checkPermission(client, olmv1alpha1.GroupName,
"clusterserviceversions", namespace, "camel-k", "get")
+//
+// nolint:unparam
+func CheckPermission(client client.Client, group, resource, namespace, name,
verb string) (bool, error) {
+ sarReview := &authorizationv1.SelfSubjectAccessReview{
+ Spec: authorizationv1.SelfSubjectAccessReviewSpec{
+ ResourceAttributes: &authorizationv1.ResourceAttributes{
+ Group: group,
+ Resource: resource,
+ Namespace: namespace,
+ Name: name,
+ Verb: verb,
+ },
+ },
+ }
+
+ sar, err :=
client.AuthorizationV1().SelfSubjectAccessReviews().Create(sarReview)
+ if err != nil {
+ if k8serrors.IsForbidden(err) {
+ return false, nil
+ }
+ return false, err
+ } else if !sar.Status.Allowed {
+ return false, nil
+ }
+ return true, nil
+}
diff --git a/pkg/util/olm/operator.go b/pkg/util/olm/operator.go
index a85c414..e6ce7e7 100644
--- a/pkg/util/olm/operator.go
+++ b/pkg/util/olm/operator.go
@@ -27,8 +27,6 @@ import (
olmv1
"github.com/operator-framework/operator-lifecycle-manager/pkg/api/apis/operators/v1"
olmv1alpha1
"github.com/operator-framework/operator-lifecycle-manager/pkg/api/apis/operators/v1alpha1"
"github.com/pkg/errors"
- authorizationv1 "k8s.io/api/authorization/v1"
- k8serrors "k8s.io/apimachinery/pkg/api/errors"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "sigs.k8s.io/controller-runtime/pkg/client"
)
@@ -89,7 +87,7 @@ func IsOperatorInstalled(ctx context.Context, client
client.Client, namespace st
// HasPermissionToInstall checks if the current user/serviceaccount has the
right permissions to install camel k via OLM
func HasPermissionToInstall(ctx context.Context, client client.Client,
namespace string, global bool, options Options) (bool, error) {
- if ok, err := checkPermission(client, olmv1alpha1.GroupName,
"clusterserviceversions", namespace, options.Package, "list"); err != nil {
+ if ok, err := kubernetes.CheckPermission(client, olmv1alpha1.GroupName,
"clusterserviceversions", namespace, options.Package, "list"); err != nil {
return false, err
} else if !ok {
return false, nil
@@ -100,7 +98,7 @@ func HasPermissionToInstall(ctx context.Context, client
client.Client, namespace
targetNamespace = options.GlobalNamespace
}
- if ok, err := checkPermission(client, olmv1alpha1.GroupName,
"subscriptions", targetNamespace, options.Package, "create"); err != nil {
+ if ok, err := kubernetes.CheckPermission(client, olmv1alpha1.GroupName,
"subscriptions", targetNamespace, options.Package, "create"); err != nil {
return false, err
} else if !ok {
return false, nil
@@ -113,7 +111,7 @@ func HasPermissionToInstall(ctx context.Context, client
client.Client, namespace
}
if !global {
- if ok, err := checkPermission(client, olmv1.GroupName,
"operatorgroups", namespace, options.Package, "list"); err != nil {
+ if ok, err := kubernetes.CheckPermission(client,
olmv1.GroupName, "operatorgroups", namespace, options.Package, "list"); err !=
nil {
return false, err
} else if !ok {
return false, nil
@@ -124,7 +122,7 @@ func HasPermissionToInstall(ctx context.Context, client
client.Client, namespace
return false, err
}
if group == nil {
- if ok, err := checkPermission(client, olmv1.GroupName,
"operatorgroups", namespace, options.Package, "create"); err != nil {
+ if ok, err := kubernetes.CheckPermission(client,
olmv1.GroupName, "operatorgroups", namespace, options.Package, "create"); err
!= nil {
return false, err
} else if !ok {
return false, nil
@@ -135,32 +133,6 @@ func HasPermissionToInstall(ctx context.Context, client
client.Client, namespace
return true, nil
}
-// nolint:unparam
-func checkPermission(client client.Client, group, resource, namespace, name,
verb string) (bool, error) {
- sarReview := &authorizationv1.SelfSubjectAccessReview{
- Spec: authorizationv1.SelfSubjectAccessReviewSpec{
- ResourceAttributes: &authorizationv1.ResourceAttributes{
- Group: group,
- Resource: resource,
- Namespace: namespace,
- Name: name,
- Verb: verb,
- },
- },
- }
-
- sar, err :=
client.AuthorizationV1().SelfSubjectAccessReviews().Create(sarReview)
- if err != nil {
- if k8serrors.IsForbidden(err) {
- return false, nil
- }
- return false, err
- } else if !sar.Status.Allowed {
- return false, nil
- }
- return true, nil
-}
-
// Install creates a subscription for the OLM package
func Install(ctx context.Context, client client.Client, namespace string,
global bool, options Options, collection *kubernetes.Collection) (bool, error) {
options = fillDefaults(options)
