diff options
Diffstat (limited to 'roles/lib_openshift/src/class')
4 files changed, 82 insertions, 31 deletions
diff --git a/roles/lib_openshift/src/class/oc_adm_policy_group.py b/roles/lib_openshift/src/class/oc_adm_policy_group.py index afb066c77..1e51913e0 100644 --- a/roles/lib_openshift/src/class/oc_adm_policy_group.py +++ b/roles/lib_openshift/src/class/oc_adm_policy_group.py @@ -41,6 +41,28 @@ class PolicyGroup(OpenShiftCLI): self.verbose = verbose self._rolebinding = None self._scc = None + self._cluster_policy_bindings = None + self._policy_bindings = None + + @property + def policybindings(self): + if self._policy_bindings is None: + results = self._get('clusterpolicybindings', None) + if results['returncode'] != 0: + raise OpenShiftCLIError('Could not retrieve policybindings') + self._policy_bindings = results['results'][0]['items'][0] + + return self._policy_bindings + + @property + def clusterpolicybindings(self): + if self._cluster_policy_bindings is None: + results = self._get('clusterpolicybindings', None) + if results['returncode'] != 0: + raise OpenShiftCLIError('Could not retrieve clusterpolicybindings') + self._cluster_policy_bindings = results['results'][0]['items'][0] + + return self._cluster_policy_bindings @property def role_binding(self): @@ -81,18 +103,24 @@ class PolicyGroup(OpenShiftCLI): def exists_role_binding(self): ''' return whether role_binding exists ''' - results = self.get() - if results['returncode'] == 0: - self.role_binding = RoleBinding(results['results'][0]) - if self.role_binding.find_group_name(self.config.config_options['group']['value']) != None: - return True + bindings = None + if self.config.config_options['resource_kind']['value'] == 'cluster-role': + bindings = self.clusterpolicybindings + else: + bindings = self.policybindings + if bindings is None: return False - elif self.config.config_options['name']['value'] in results['stderr'] and '" not found' in results['stderr']: - return False + for binding in bindings['roleBindings']: + _rb = binding['roleBinding'] + if _rb['roleRef']['name'] == self.config.config_options['name']['value'] and \ + _rb['groupNames'] is not None and \ + self.config.config_options['group']['value'] in _rb['groupNames']: + self.role_binding = binding + return True - return results + return False def exists_scc(self): ''' return whether scc exists ''' diff --git a/roles/lib_openshift/src/class/oc_adm_policy_user.py b/roles/lib_openshift/src/class/oc_adm_policy_user.py index c9d53acfa..88fcc1ddc 100644 --- a/roles/lib_openshift/src/class/oc_adm_policy_user.py +++ b/roles/lib_openshift/src/class/oc_adm_policy_user.py @@ -40,6 +40,28 @@ class PolicyUser(OpenShiftCLI): self.verbose = verbose self._rolebinding = None self._scc = None + self._cluster_policy_bindings = None + self._policy_bindings = None + + @property + def policybindings(self): + if self._policy_bindings is None: + results = self._get('clusterpolicybindings', None) + if results['returncode'] != 0: + raise OpenShiftCLIError('Could not retrieve policybindings') + self._policy_bindings = results['results'][0]['items'][0] + + return self._policy_bindings + + @property + def clusterpolicybindings(self): + if self._cluster_policy_bindings is None: + results = self._get('clusterpolicybindings', None) + if results['returncode'] != 0: + raise OpenShiftCLIError('Could not retrieve clusterpolicybindings') + self._cluster_policy_bindings = results['results'][0]['items'][0] + + return self._cluster_policy_bindings @property def role_binding(self): @@ -62,36 +84,37 @@ class PolicyUser(OpenShiftCLI): self._scc = scc def get(self): - '''fetch the desired kind''' + '''fetch the desired kind + + This is only used for scc objects. + The {cluster}rolebindings happen in exists. + ''' resource_name = self.config.config_options['name']['value'] if resource_name == 'cluster-reader': resource_name += 's' - # oc adm policy add-... creates policy bindings with the name - # "[resource_name]-binding", however some bindings in the system - # simply use "[resource_name]". So try both. - - results = self._get(self.config.kind, resource_name) - if results['returncode'] == 0: - return results - - # Now try -binding naming convention - return self._get(self.config.kind, resource_name + "-binding") + return self._get(self.config.kind, resource_name) def exists_role_binding(self): ''' return whether role_binding exists ''' - results = self.get() - if results['returncode'] == 0: - self.role_binding = RoleBinding(results['results'][0]) - if self.role_binding.find_user_name(self.config.config_options['user']['value']) != None: - return True + bindings = None + if self.config.config_options['resource_kind']['value'] == 'cluster-role': + bindings = self.clusterpolicybindings + else: + bindings = self.policybindings + if bindings is None: return False - elif self.config.config_options['name']['value'] in results['stderr'] and '" not found' in results['stderr']: - return False + for binding in bindings['roleBindings']: + _rb = binding['roleBinding'] + if _rb['roleRef']['name'] == self.config.config_options['name']['value'] and \ + _rb['userNames'] is not None and \ + self.config.config_options['user']['value'] in _rb['userNames']: + self.role_binding = binding + return True - return results + return False def exists_scc(self): ''' return whether scc exists ''' diff --git a/roles/lib_openshift/src/class/oc_adm_registry.py b/roles/lib_openshift/src/class/oc_adm_registry.py index 37904c43f..c083cd179 100644 --- a/roles/lib_openshift/src/class/oc_adm_registry.py +++ b/roles/lib_openshift/src/class/oc_adm_registry.py @@ -119,7 +119,6 @@ class Registry(OpenShiftCLI): def exists(self): '''does the object exist?''' - self.get() if self.deploymentconfig and self.service: return True @@ -146,7 +145,7 @@ class Registry(OpenShiftCLI): ''' prepare a registry for instantiation ''' options = self.config.to_option_list() - cmd = ['registry', '-n', self.config.namespace] + cmd = ['registry'] cmd.extend(options) cmd.extend(['--dry-run=True', '-o', 'json']) @@ -180,7 +179,8 @@ class Registry(OpenShiftCLI): service.put('spec.portalIP', self.portal_ip) # the dry-run doesn't apply the selector correctly - service.put('spec.selector', self.service.get_selector()) + if self.service: + service.put('spec.selector', self.service.get_selector()) # need to create the service and the deploymentconfig service_file = Utils.create_tmp_file_from_contents('service', service.yaml_dict) diff --git a/roles/lib_openshift/src/class/oc_adm_router.py b/roles/lib_openshift/src/class/oc_adm_router.py index 7b163b120..356d06fdf 100644 --- a/roles/lib_openshift/src/class/oc_adm_router.py +++ b/roles/lib_openshift/src/class/oc_adm_router.py @@ -224,7 +224,7 @@ class Router(OpenShiftCLI): options = self.config.to_option_list() - cmd = ['router', self.config.name, '-n', self.config.namespace] + cmd = ['router', self.config.name] cmd.extend(options) cmd.extend(['--dry-run=True', '-o', 'json']) |