You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by as...@apache.org on 2021/02/12 16:38:20 UTC
[camel-k] 02/08: chore(rbac): Install operator ClusterRole from CLI
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 3f45a3091288fb419ccc02664d877b90015a0071
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Thu Feb 11 18:13:56 2021 +0100
chore(rbac): Install operator ClusterRole from CLI
---
pkg/cmd/install.go | 2 +-
pkg/install/cluster.go | 67 ++++++++++++++++++++++++++++++++++++++++---------
pkg/install/optional.go | 8 +++---
3 files changed, 60 insertions(+), 17 deletions(-)
diff --git a/pkg/cmd/install.go b/pkg/cmd/install.go
index 426eba6..8f39642 100644
--- a/pkg/cmd/install.go
+++ b/pkg/cmd/install.go
@@ -228,7 +228,7 @@ func (o *installCmdOptions) install(cobraCmd *cobra.Command, _ []string) error {
}
if !o.SkipClusterSetup && !installViaOLM {
- err := install.SetupClusterWideResourcesOrCollect(o.Context, clientProvider, collection)
+ err := install.SetupClusterWideResourcesOrCollect(o.Context, clientProvider, collection, o.ClusterType)
if err != nil && k8serrors.IsForbidden(err) {
fmt.Fprintln(cobraCmd.OutOrStdout(), "Current user is not authorized to create cluster-wide objects like custom resource definitions or cluster roles: ", err)
diff --git a/pkg/install/cluster.go b/pkg/install/cluster.go
index 04fe75c..1aea956 100644
--- a/pkg/install/cluster.go
+++ b/pkg/install/cluster.go
@@ -40,7 +40,7 @@ import (
)
// SetupClusterWideResourcesOrCollect --
-func SetupClusterWideResourcesOrCollect(ctx context.Context, clientProvider client.Provider, collection *kubernetes.Collection) error {
+func SetupClusterWideResourcesOrCollect(ctx context.Context, clientProvider client.Provider, collection *kubernetes.Collection, clusterType string) error {
// Get a client to install the CRD
c, err := clientProvider.Get()
if err != nil {
@@ -132,18 +132,45 @@ func SetupClusterWideResourcesOrCollect(ctx context.Context, clientProvider clie
}
}
- // Installing ClusterRole
- clusterRoleInstalled, err := IsClusterRoleInstalled(ctx, c)
+ // Installing ClusterRoles
+ ok, err := isClusterRoleInstalled(ctx, c, "camel-k:edit")
if err != nil {
return err
}
- if !clusterRoleInstalled || collection != nil {
- err := installClusterRole(ctx, c, collection)
+ if !ok || collection != nil {
+ err := installResource(ctx, c, collection, "/rbac/user-cluster-role.yaml")
if err != nil {
return err
}
}
+ isOpenShift, err := isOpenShift(c, clusterType)
+ if err != nil {
+ return err
+ }
+ if isOpenShift {
+ ok, err := isClusterRoleInstalled(ctx, c, "camel-k-operator-openshift")
+ if err != nil {
+ return err
+ }
+ if !ok || collection != nil {
+ err := installResource(ctx, c, collection, "/rbac/operator-cluster-role-openshift.yaml")
+ if err != nil {
+ return err
+ }
+ }
+ ok, err = isClusterRoleBindingInstalled(ctx, c, "camel-k-operator-openshift")
+ if err != nil {
+ return err
+ }
+ if !ok || collection != nil {
+ err := installResource(ctx, c, collection, "/rbac/operator-cluster-role-binding-openshift.yaml")
+ if err != nil {
+ return err
+ }
+ }
+ }
+
// Install OpenShift Console download links if possible
err = OpenShiftConsoleDownloadLink(ctx, c)
if err != nil {
@@ -260,22 +287,38 @@ func installCRD(ctx context.Context, c client.Client, kind string, version strin
return nil
}
-// IsClusterRoleInstalled check if cluster role camel-k:edit is installed
-func IsClusterRoleInstalled(ctx context.Context, c client.Client) (bool, error) {
+func isClusterRoleInstalled(ctx context.Context, c client.Client, name string) (bool, error) {
clusterRole := rbacv1.ClusterRole{
TypeMeta: metav1.TypeMeta{
Kind: "ClusterRole",
APIVersion: "rbac.authorization.k8s.io/v1",
},
ObjectMeta: metav1.ObjectMeta{
- Name: "camel-k:edit",
+ Name: name,
},
}
- key, err := k8sclient.ObjectKeyFromObject(&clusterRole)
+ return isResourceInstalled(ctx, c, &clusterRole)
+}
+
+func isClusterRoleBindingInstalled(ctx context.Context, c client.Client, name string) (bool, error) {
+ clusterRoleBinding := rbacv1.ClusterRoleBinding{
+ TypeMeta: metav1.TypeMeta{
+ Kind: "ClusterRoleBinding",
+ APIVersion: "rbac.authorization.k8s.io/v1",
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: name,
+ },
+ }
+ return isResourceInstalled(ctx, c, &clusterRoleBinding)
+}
+
+func isResourceInstalled(ctx context.Context, c client.Client, object runtime.Object) (bool, error) {
+ key, err := k8sclient.ObjectKeyFromObject(object)
if err != nil {
return false, err
}
- err = c.Get(ctx, key, &clusterRole)
+ err = c.Get(ctx, key, object)
if err != nil && k8serrors.IsNotFound(err) {
return false, nil
} else if err != nil {
@@ -284,8 +327,8 @@ func IsClusterRoleInstalled(ctx context.Context, c client.Client) (bool, error)
return true, nil
}
-func installClusterRole(ctx context.Context, c client.Client, collection *kubernetes.Collection) error {
- obj, err := kubernetes.LoadResourceFromYaml(c.GetScheme(), resources.ResourceAsString("/rbac/user-cluster-role.yaml"))
+func installResource(ctx context.Context, c client.Client, collection *kubernetes.Collection, resource string) error {
+ obj, err := kubernetes.LoadResourceFromYaml(c.GetScheme(), resources.ResourceAsString(resource))
if err != nil {
return err
}
diff --git a/pkg/install/optional.go b/pkg/install/optional.go
index e7019f4..aec9d04 100644
--- a/pkg/install/optional.go
+++ b/pkg/install/optional.go
@@ -21,8 +21,9 @@ import (
"context"
"strings"
- "github.com/apache/camel-k/pkg/client"
"github.com/go-logr/logr"
+
+ "github.com/apache/camel-k/pkg/client"
)
// OperatorStartupOptionalTools tries to install optional tools at operator startup and warns if something goes wrong
@@ -35,11 +36,11 @@ func OperatorStartupOptionalTools(ctx context.Context, c client.Client, namespac
}
// Try to register the cluster role for standard admin and edit users
- if clusterRoleInstalled, err := IsClusterRoleInstalled(ctx, c); err != nil {
+ if clusterRoleInstalled, err := isClusterRoleInstalled(ctx, c, "camel-k:edit"); err != nil {
log.Info("Cannot detect user cluster role: skipping.")
log.V(8).Info("Error while getting user cluster role", "error", err)
} else if !clusterRoleInstalled {
- if err := installClusterRole(ctx, c, nil); err != nil {
+ if err := installClusterRole(ctx, c, nil, "/rbac/user-cluster-role.yaml"); err != nil {
log.Info("Cannot install user cluster role: skipping.")
log.V(8).Info("Error while installing user cluster role", "error", err)
}
@@ -69,5 +70,4 @@ func OperatorStartupOptionalTools(ctx context.Context, c client.Client, namespac
}
}
}
-
}