You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by as...@apache.org on 2021/02/12 16:38:20 UTC

[camel-k] 02/08: chore(rbac): Install operator ClusterRole from CLI

This is an automated email from the ASF dual-hosted git repository.

astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git

commit 3f45a3091288fb419ccc02664d877b90015a0071
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Thu Feb 11 18:13:56 2021 +0100

    chore(rbac): Install operator ClusterRole from CLI
---
 pkg/cmd/install.go      |  2 +-
 pkg/install/cluster.go  | 67 ++++++++++++++++++++++++++++++++++++++++---------
 pkg/install/optional.go |  8 +++---
 3 files changed, 60 insertions(+), 17 deletions(-)

diff --git a/pkg/cmd/install.go b/pkg/cmd/install.go
index 426eba6..8f39642 100644
--- a/pkg/cmd/install.go
+++ b/pkg/cmd/install.go
@@ -228,7 +228,7 @@ func (o *installCmdOptions) install(cobraCmd *cobra.Command, _ []string) error {
 	}
 
 	if !o.SkipClusterSetup && !installViaOLM {
-		err := install.SetupClusterWideResourcesOrCollect(o.Context, clientProvider, collection)
+		err := install.SetupClusterWideResourcesOrCollect(o.Context, clientProvider, collection, o.ClusterType)
 		if err != nil && k8serrors.IsForbidden(err) {
 			fmt.Fprintln(cobraCmd.OutOrStdout(), "Current user is not authorized to create cluster-wide objects like custom resource definitions or cluster roles: ", err)
 
diff --git a/pkg/install/cluster.go b/pkg/install/cluster.go
index 04fe75c..1aea956 100644
--- a/pkg/install/cluster.go
+++ b/pkg/install/cluster.go
@@ -40,7 +40,7 @@ import (
 )
 
 // SetupClusterWideResourcesOrCollect --
-func SetupClusterWideResourcesOrCollect(ctx context.Context, clientProvider client.Provider, collection *kubernetes.Collection) error {
+func SetupClusterWideResourcesOrCollect(ctx context.Context, clientProvider client.Provider, collection *kubernetes.Collection, clusterType string) error {
 	// Get a client to install the CRD
 	c, err := clientProvider.Get()
 	if err != nil {
@@ -132,18 +132,45 @@ func SetupClusterWideResourcesOrCollect(ctx context.Context, clientProvider clie
 		}
 	}
 
-	// Installing ClusterRole
-	clusterRoleInstalled, err := IsClusterRoleInstalled(ctx, c)
+	// Installing ClusterRoles
+	ok, err := isClusterRoleInstalled(ctx, c, "camel-k:edit")
 	if err != nil {
 		return err
 	}
-	if !clusterRoleInstalled || collection != nil {
-		err := installClusterRole(ctx, c, collection)
+	if !ok || collection != nil {
+		err := installResource(ctx, c, collection, "/rbac/user-cluster-role.yaml")
 		if err != nil {
 			return err
 		}
 	}
 
+	isOpenShift, err := isOpenShift(c, clusterType)
+	if err != nil {
+		return err
+	}
+	if isOpenShift {
+		ok, err := isClusterRoleInstalled(ctx, c, "camel-k-operator-openshift")
+		if err != nil {
+			return err
+		}
+		if !ok || collection != nil {
+			err := installResource(ctx, c, collection, "/rbac/operator-cluster-role-openshift.yaml")
+			if err != nil {
+				return err
+			}
+		}
+		ok, err = isClusterRoleBindingInstalled(ctx, c, "camel-k-operator-openshift")
+		if err != nil {
+			return err
+		}
+		if !ok || collection != nil {
+			err := installResource(ctx, c, collection, "/rbac/operator-cluster-role-binding-openshift.yaml")
+			if err != nil {
+				return err
+			}
+		}
+	}
+
 	// Install OpenShift Console download links if possible
 	err = OpenShiftConsoleDownloadLink(ctx, c)
 	if err != nil {
@@ -260,22 +287,38 @@ func installCRD(ctx context.Context, c client.Client, kind string, version strin
 	return nil
 }
 
-// IsClusterRoleInstalled check if cluster role camel-k:edit is installed
-func IsClusterRoleInstalled(ctx context.Context, c client.Client) (bool, error) {
+func isClusterRoleInstalled(ctx context.Context, c client.Client, name string) (bool, error) {
 	clusterRole := rbacv1.ClusterRole{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "ClusterRole",
 			APIVersion: "rbac.authorization.k8s.io/v1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name: "camel-k:edit",
+			Name: name,
 		},
 	}
-	key, err := k8sclient.ObjectKeyFromObject(&clusterRole)
+	return isResourceInstalled(ctx, c, &clusterRole)
+}
+
+func isClusterRoleBindingInstalled(ctx context.Context, c client.Client, name string) (bool, error) {
+	clusterRoleBinding := rbacv1.ClusterRoleBinding{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "ClusterRoleBinding",
+			APIVersion: "rbac.authorization.k8s.io/v1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+	}
+	return isResourceInstalled(ctx, c, &clusterRoleBinding)
+}
+
+func isResourceInstalled(ctx context.Context, c client.Client, object runtime.Object) (bool, error) {
+	key, err := k8sclient.ObjectKeyFromObject(object)
 	if err != nil {
 		return false, err
 	}
-	err = c.Get(ctx, key, &clusterRole)
+	err = c.Get(ctx, key, object)
 	if err != nil && k8serrors.IsNotFound(err) {
 		return false, nil
 	} else if err != nil {
@@ -284,8 +327,8 @@ func IsClusterRoleInstalled(ctx context.Context, c client.Client) (bool, error)
 	return true, nil
 }
 
-func installClusterRole(ctx context.Context, c client.Client, collection *kubernetes.Collection) error {
-	obj, err := kubernetes.LoadResourceFromYaml(c.GetScheme(), resources.ResourceAsString("/rbac/user-cluster-role.yaml"))
+func installResource(ctx context.Context, c client.Client, collection *kubernetes.Collection, resource string) error {
+	obj, err := kubernetes.LoadResourceFromYaml(c.GetScheme(), resources.ResourceAsString(resource))
 	if err != nil {
 		return err
 	}
diff --git a/pkg/install/optional.go b/pkg/install/optional.go
index e7019f4..aec9d04 100644
--- a/pkg/install/optional.go
+++ b/pkg/install/optional.go
@@ -21,8 +21,9 @@ import (
 	"context"
 	"strings"
 
-	"github.com/apache/camel-k/pkg/client"
 	"github.com/go-logr/logr"
+
+	"github.com/apache/camel-k/pkg/client"
 )
 
 // OperatorStartupOptionalTools tries to install optional tools at operator startup and warns if something goes wrong
@@ -35,11 +36,11 @@ func OperatorStartupOptionalTools(ctx context.Context, c client.Client, namespac
 	}
 
 	// Try to register the cluster role for standard admin and edit users
-	if clusterRoleInstalled, err := IsClusterRoleInstalled(ctx, c); err != nil {
+	if clusterRoleInstalled, err := isClusterRoleInstalled(ctx, c, "camel-k:edit"); err != nil {
 		log.Info("Cannot detect user cluster role: skipping.")
 		log.V(8).Info("Error while getting user cluster role", "error", err)
 	} else if !clusterRoleInstalled {
-		if err := installClusterRole(ctx, c, nil); err != nil {
+		if err := installClusterRole(ctx, c, nil, "/rbac/user-cluster-role.yaml"); err != nil {
 			log.Info("Cannot install user cluster role: skipping.")
 			log.V(8).Info("Error while installing user cluster role", "error", err)
 		}
@@ -69,5 +70,4 @@ func OperatorStartupOptionalTools(ctx context.Context, c client.Client, namespac
 			}
 		}
 	}
-
 }