diff options
| author | Kenny Woodson <kwoodson@redhat.com> | 2017-03-08 16:27:07 -0500 |
|---|---|---|
| committer | Kenny Woodson <kwoodson@redhat.com> | 2017-03-08 16:27:07 -0500 |
| commit | 3155ee3f727d93132bcbd765cb9d1c843ae13b2a (patch) | |
| tree | 45c3d1348efc0c28274c321efcb1ce7abf26b46f /roles/lib_openshift/src/class/oc_adm_policy_group.py | |
| parent | 237cdc575ba30d2ccfd080c12d8b405efbc82e29 (diff) | |
| download | openshift-3155ee3f727d93132bcbd765cb9d1c843ae13b2a.tar.gz openshift-3155ee3f727d93132bcbd765cb9d1c843ae13b2a.tar.bz2 openshift-3155ee3f727d93132bcbd765cb9d1c843ae13b2a.tar.xz openshift-3155ee3f727d93132bcbd765cb9d1c843ae13b2a.zip | |
Fixing the way policies are found. The old method was unreliable. This method searches all and matches on properties.
Diffstat (limited to 'roles/lib_openshift/src/class/oc_adm_policy_group.py')
| -rw-r--r-- | roles/lib_openshift/src/class/oc_adm_policy_group.py | 44 |
1 files changed, 36 insertions, 8 deletions
diff --git a/roles/lib_openshift/src/class/oc_adm_policy_group.py b/roles/lib_openshift/src/class/oc_adm_policy_group.py index afb066c77..1e51913e0 100644 --- a/roles/lib_openshift/src/class/oc_adm_policy_group.py +++ b/roles/lib_openshift/src/class/oc_adm_policy_group.py @@ -41,6 +41,28 @@ class PolicyGroup(OpenShiftCLI): self.verbose = verbose self._rolebinding = None self._scc = None + self._cluster_policy_bindings = None + self._policy_bindings = None + + @property + def policybindings(self): + if self._policy_bindings is None: + results = self._get('clusterpolicybindings', None) + if results['returncode'] != 0: + raise OpenShiftCLIError('Could not retrieve policybindings') + self._policy_bindings = results['results'][0]['items'][0] + + return self._policy_bindings + + @property + def clusterpolicybindings(self): + if self._cluster_policy_bindings is None: + results = self._get('clusterpolicybindings', None) + if results['returncode'] != 0: + raise OpenShiftCLIError('Could not retrieve clusterpolicybindings') + self._cluster_policy_bindings = results['results'][0]['items'][0] + + return self._cluster_policy_bindings @property def role_binding(self): @@ -81,18 +103,24 @@ class PolicyGroup(OpenShiftCLI): def exists_role_binding(self): ''' return whether role_binding exists ''' - results = self.get() - if results['returncode'] == 0: - self.role_binding = RoleBinding(results['results'][0]) - if self.role_binding.find_group_name(self.config.config_options['group']['value']) != None: - return True + bindings = None + if self.config.config_options['resource_kind']['value'] == 'cluster-role': + bindings = self.clusterpolicybindings + else: + bindings = self.policybindings + if bindings is None: return False - elif self.config.config_options['name']['value'] in results['stderr'] and '" not found' in results['stderr']: - return False + for binding in bindings['roleBindings']: + _rb = binding['roleBinding'] + if _rb['roleRef']['name'] == self.config.config_options['name']['value'] and \ + _rb['groupNames'] is not None and \ + self.config.config_options['group']['value'] in _rb['groupNames']: + self.role_binding = binding + return True - return results + return False def exists_scc(self): ''' return whether scc exists ''' |