summaryrefslogtreecommitdiffstats
path: root/roles/lib_openshift/src
diff options
context:
space:
mode:
authorOpenShift Bot <dmcphers+openshiftbot@redhat.com>2017-03-09 16:07:40 -0500
committerGitHub <noreply@github.com>2017-03-09 16:07:40 -0500
commit28127183106236c332e15d81fce3c6d76768a619 (patch)
tree8e744512d0151cb09915f953ea2503958346f78d /roles/lib_openshift/src
parent573e91d03d7dccd79a03774c6889c2c2753836b1 (diff)
parent3155ee3f727d93132bcbd765cb9d1c843ae13b2a (diff)
downloadopenshift-28127183106236c332e15d81fce3c6d76768a619.tar.gz
openshift-28127183106236c332e15d81fce3c6d76768a619.tar.bz2
openshift-28127183106236c332e15d81fce3c6d76768a619.tar.xz
openshift-28127183106236c332e15d81fce3c6d76768a619.zip
Merge pull request #3605 from kwoodson/oc_adm_policy_user_fix
Merged by openshift-bot
Diffstat (limited to 'roles/lib_openshift/src')
-rw-r--r--roles/lib_openshift/src/class/oc_adm_policy_group.py44
-rw-r--r--roles/lib_openshift/src/class/oc_adm_policy_user.py61
2 files changed, 78 insertions, 27 deletions
diff --git a/roles/lib_openshift/src/class/oc_adm_policy_group.py b/roles/lib_openshift/src/class/oc_adm_policy_group.py
index afb066c77..1e51913e0 100644
--- a/roles/lib_openshift/src/class/oc_adm_policy_group.py
+++ b/roles/lib_openshift/src/class/oc_adm_policy_group.py
@@ -41,6 +41,28 @@ class PolicyGroup(OpenShiftCLI):
self.verbose = verbose
self._rolebinding = None
self._scc = None
+ self._cluster_policy_bindings = None
+ self._policy_bindings = None
+
+ @property
+ def policybindings(self):
+ if self._policy_bindings is None:
+ results = self._get('clusterpolicybindings', None)
+ if results['returncode'] != 0:
+ raise OpenShiftCLIError('Could not retrieve policybindings')
+ self._policy_bindings = results['results'][0]['items'][0]
+
+ return self._policy_bindings
+
+ @property
+ def clusterpolicybindings(self):
+ if self._cluster_policy_bindings is None:
+ results = self._get('clusterpolicybindings', None)
+ if results['returncode'] != 0:
+ raise OpenShiftCLIError('Could not retrieve clusterpolicybindings')
+ self._cluster_policy_bindings = results['results'][0]['items'][0]
+
+ return self._cluster_policy_bindings
@property
def role_binding(self):
@@ -81,18 +103,24 @@ class PolicyGroup(OpenShiftCLI):
def exists_role_binding(self):
''' return whether role_binding exists '''
- results = self.get()
- if results['returncode'] == 0:
- self.role_binding = RoleBinding(results['results'][0])
- if self.role_binding.find_group_name(self.config.config_options['group']['value']) != None:
- return True
+ bindings = None
+ if self.config.config_options['resource_kind']['value'] == 'cluster-role':
+ bindings = self.clusterpolicybindings
+ else:
+ bindings = self.policybindings
+ if bindings is None:
return False
- elif self.config.config_options['name']['value'] in results['stderr'] and '" not found' in results['stderr']:
- return False
+ for binding in bindings['roleBindings']:
+ _rb = binding['roleBinding']
+ if _rb['roleRef']['name'] == self.config.config_options['name']['value'] and \
+ _rb['groupNames'] is not None and \
+ self.config.config_options['group']['value'] in _rb['groupNames']:
+ self.role_binding = binding
+ return True
- return results
+ return False
def exists_scc(self):
''' return whether scc exists '''
diff --git a/roles/lib_openshift/src/class/oc_adm_policy_user.py b/roles/lib_openshift/src/class/oc_adm_policy_user.py
index c9d53acfa..88fcc1ddc 100644
--- a/roles/lib_openshift/src/class/oc_adm_policy_user.py
+++ b/roles/lib_openshift/src/class/oc_adm_policy_user.py
@@ -40,6 +40,28 @@ class PolicyUser(OpenShiftCLI):
self.verbose = verbose
self._rolebinding = None
self._scc = None
+ self._cluster_policy_bindings = None
+ self._policy_bindings = None
+
+ @property
+ def policybindings(self):
+ if self._policy_bindings is None:
+ results = self._get('clusterpolicybindings', None)
+ if results['returncode'] != 0:
+ raise OpenShiftCLIError('Could not retrieve policybindings')
+ self._policy_bindings = results['results'][0]['items'][0]
+
+ return self._policy_bindings
+
+ @property
+ def clusterpolicybindings(self):
+ if self._cluster_policy_bindings is None:
+ results = self._get('clusterpolicybindings', None)
+ if results['returncode'] != 0:
+ raise OpenShiftCLIError('Could not retrieve clusterpolicybindings')
+ self._cluster_policy_bindings = results['results'][0]['items'][0]
+
+ return self._cluster_policy_bindings
@property
def role_binding(self):
@@ -62,36 +84,37 @@ class PolicyUser(OpenShiftCLI):
self._scc = scc
def get(self):
- '''fetch the desired kind'''
+ '''fetch the desired kind
+
+ This is only used for scc objects.
+ The {cluster}rolebindings happen in exists.
+ '''
resource_name = self.config.config_options['name']['value']
if resource_name == 'cluster-reader':
resource_name += 's'
- # oc adm policy add-... creates policy bindings with the name
- # "[resource_name]-binding", however some bindings in the system
- # simply use "[resource_name]". So try both.
-
- results = self._get(self.config.kind, resource_name)
- if results['returncode'] == 0:
- return results
-
- # Now try -binding naming convention
- return self._get(self.config.kind, resource_name + "-binding")
+ return self._get(self.config.kind, resource_name)
def exists_role_binding(self):
''' return whether role_binding exists '''
- results = self.get()
- if results['returncode'] == 0:
- self.role_binding = RoleBinding(results['results'][0])
- if self.role_binding.find_user_name(self.config.config_options['user']['value']) != None:
- return True
+ bindings = None
+ if self.config.config_options['resource_kind']['value'] == 'cluster-role':
+ bindings = self.clusterpolicybindings
+ else:
+ bindings = self.policybindings
+ if bindings is None:
return False
- elif self.config.config_options['name']['value'] in results['stderr'] and '" not found' in results['stderr']:
- return False
+ for binding in bindings['roleBindings']:
+ _rb = binding['roleBinding']
+ if _rb['roleRef']['name'] == self.config.config_options['name']['value'] and \
+ _rb['userNames'] is not None and \
+ self.config.config_options['user']['value'] in _rb['userNames']:
+ self.role_binding = binding
+ return True
- return results
+ return False
def exists_scc(self):
''' return whether scc exists '''