You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by GitBox <gi...@apache.org> on 2018/09/10 13:54:17 UTC

[GitHub] lburgazzoli closed pull request #7: Fix operator role to have lower privileges than the standard user and standardize command options

lburgazzoli closed pull request #7: Fix operator role to have lower privileges than the standard user and standardize command options
URL: https://github.com/apache/camel-k/pull/7
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/Gopkg.lock b/Gopkg.lock
index cf518d5..a5a82a6 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -585,6 +585,6 @@
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "d79b669e9448950b8210a635a4857097167f8cdbec4ece89a268a3c881fbd61a"
+  inputs-digest = "405777dfb5657ae94b83be9b95d4b4121f15b8ef87415d8f1b525cdffbb388cb"
   solver-name = "gps-cdcl"
   solver-version = 1
diff --git a/deploy/operator-role.yaml b/deploy/operator-role.yaml
index 7dea8d3..ac0ab7a 100644
--- a/deploy/operator-role.yaml
+++ b/deploy/operator-role.yaml
@@ -16,17 +16,46 @@ rules:
   - services
   - endpoints
   - persistentvolumeclaims
-  - events
   - configmaps
   - secrets
   verbs:
-  - "*"
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - apps
   resources:
   - deployments
-  - daemonsets
   - replicasets
   - statefulsets
   verbs:
-  - "*"
\ No newline at end of file
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps
+  attributeRestrictions: null
+  resources:
+  - daemonsets
+  verbs:
+  - get
+  - list
+  - watch
\ No newline at end of file
diff --git a/deploy/resources.go b/deploy/resources.go
index 1048333..4dd9f89 100644
--- a/deploy/resources.go
+++ b/deploy/resources.go
@@ -101,20 +101,49 @@ rules:
   - services
   - endpoints
   - persistentvolumeclaims
-  - events
   - configmaps
   - secrets
   verbs:
-  - "*"
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - apps
   resources:
   - deployments
-  - daemonsets
   - replicasets
   - statefulsets
   verbs:
-  - "*"
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps
+  attributeRestrictions: null
+  resources:
+  - daemonsets
+  verbs:
+  - get
+  - list
+  - watch
 `
 Resources["operator-service-account.yaml"] =
 `
diff --git a/pkg/client/cmd/get.go b/pkg/client/cmd/get.go
index 39a45d9..05be2e3 100644
--- a/pkg/client/cmd/get.go
+++ b/pkg/client/cmd/get.go
@@ -27,18 +27,25 @@ import (
 	"github.com/operator-framework/operator-sdk/pkg/sdk"
 )
 
-func NewCmdGet() *cobra.Command {
+type GetCmdOptions struct {
+	*RootCmdOptions
+}
+
+func NewCmdGet(rootCmdOptions *RootCmdOptions) *cobra.Command {
+	options := GetCmdOptions{
+		RootCmdOptions: rootCmdOptions,
+	}
 	cmd := cobra.Command{
 		Use:   "get",
 		Short: "Get all integrations deployed on Kubernetes",
 		Long:  `Get the status of all integrations deployed on on Kubernetes.`,
-		RunE:  run,
+		RunE:  options.run,
 	}
 
 	return &cmd
 }
 
-func run(cmd *cobra.Command, args []string) error {
+func (o *GetCmdOptions) run(cmd *cobra.Command, args []string) error {
 	integrationList := v1alpha1.IntegrationList{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: v1alpha1.SchemeGroupVersion.String(),
@@ -46,7 +53,7 @@ func run(cmd *cobra.Command, args []string) error {
 		},
 	}
 
-	namespace := cmd.Flag("namespace").Value.String()
+	namespace := o.Namespace
 
 	err := sdk.List(namespace, &integrationList)
 	if err != nil {
diff --git a/pkg/client/cmd/install.go b/pkg/client/cmd/install.go
index edeece4..e57257c 100644
--- a/pkg/client/cmd/install.go
+++ b/pkg/client/cmd/install.go
@@ -25,10 +25,14 @@ import (
 )
 
 type InstallCmdOptions struct {
+	*RootCmdOptions
+	ClusterSetupOnly bool
 }
 
-func NewCmdInstall() *cobra.Command {
-	options := InstallCmdOptions{}
+func NewCmdInstall(rootCmdOptions *RootCmdOptions) *cobra.Command {
+	options := InstallCmdOptions{
+		RootCmdOptions: rootCmdOptions,
+	}
 	cmd := cobra.Command{
 		Use:   "install",
 		Short: "Install Camel K on a Kubernetes cluster",
@@ -47,7 +51,7 @@ func (o *InstallCmdOptions) install(cmd *cobra.Command, args []string) error {
 		return nil // TODO better error handling: if here we return err the help page is shown
 	}
 
-	namespace := cmd.Flag("namespace").Value.String()
+	namespace := o.Namespace
 
 	err = installutils.InstallOperator(namespace)
 	if err != nil {
diff --git a/pkg/client/cmd/root.go b/pkg/client/cmd/root.go
index f310f10..4849a8c 100644
--- a/pkg/client/cmd/root.go
+++ b/pkg/client/cmd/root.go
@@ -25,13 +25,13 @@ import (
 	"github.com/pkg/errors"
 )
 
-type rootCmdOptions struct {
+type RootCmdOptions struct {
 	KubeConfig string
 	Namespace  string
 }
 
 func NewKamelCommand() (*cobra.Command, error) {
-	options := rootCmdOptions{}
+	options := RootCmdOptions{}
 	var cmd = cobra.Command{
 		Use:   "kamel",
 		Short: "Kamel is a awesome client tool for running Apache Camel integrations natively on Kubernetes",
@@ -60,9 +60,9 @@ func NewKamelCommand() (*cobra.Command, error) {
 
 	cmd.AddCommand(NewCmdCompletion())
 	cmd.AddCommand(NewCmdVersion())
-	cmd.AddCommand(NewCmdRun())
-	cmd.AddCommand(NewCmdGet())
-	cmd.AddCommand(NewCmdInstall())
+	cmd.AddCommand(NewCmdRun(&options))
+	cmd.AddCommand(NewCmdGet(&options))
+	cmd.AddCommand(NewCmdInstall(&options))
 
 	return &cmd, nil
 }
diff --git a/pkg/client/cmd/run.go b/pkg/client/cmd/run.go
index 1fb90d4..889b326 100644
--- a/pkg/client/cmd/run.go
+++ b/pkg/client/cmd/run.go
@@ -33,11 +33,14 @@ import (
 )
 
 type RunCmdOptions struct {
+	*RootCmdOptions
 	Language string
 }
 
-func NewCmdRun() *cobra.Command {
-	options := RunCmdOptions{}
+func NewCmdRun(rootCmdOptions *RootCmdOptions) *cobra.Command {
+	options := RunCmdOptions{
+		RootCmdOptions: rootCmdOptions,
+	}
 	cmd := cobra.Command{
 		Use:   "run [file to run]",
 		Short: "Run a integration on Kubernetes",
@@ -71,7 +74,7 @@ func (o *RunCmdOptions) run(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	namespace := cmd.Flag("namespace").Value.String()
+	namespace := o.Namespace
 
 	name := kubernetes.SanitizeName(args[0])
 	if name == "" {


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services