Fixes

Signed-off-by: Anatolii Bazko <[email protected]>

pkg/controller/che/che_cr_validator.go

@@ -33,9 +33,7 @@ func ValidateCheCR(checluster *orgv1.CheCluster) error {
 
 	workspaceNamespaceDefault := util.GetWorkspaceNamespaceDefault(checluster)
 	if strings.Index(workspaceNamespaceDefault, "<username>") == -1 && strings.Index(workspaceNamespaceDefault, "<userid>") == -1 {
-		return fmt.Errorf(`Namespace strategies other than 'per user' is not supported anymore.
- Using the <username> or <userid> placeholder is required in the 'spec.server.workspaceNamespaceDefault' field.
- The current value is: %s`, workspaceNamespaceDefault)
+		return fmt.Errorf(`Namespace strategies other than 'per user' is not supported anymore. Using the <username> or <userid> placeholder is required in the 'spec.server.workspaceNamespaceDefault' field. The current value is: %s`, workspaceNamespaceDefault)
 	}
 
 	return nil

pkg/controller/che/workspace_namespace_permission.go

@@ -17,7 +17,6 @@ import (
 
 	"github.com/eclipse-che/che-operator/pkg/deploy"
 	"github.com/eclipse-che/che-operator/pkg/util"
-	corev1 "k8s.io/api/core/v1"
 	rbac "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/types"
 )
@@ -45,16 +44,7 @@ const (
 
 // Reconcile workspace permissions based on workspace strategy
 func (r *ReconcileChe) reconcileWorkspacePermissions(deployContext *deploy.DeployContext) (bool, error) {
-	// The only supported namespace strategy is `per-user`.
-	// We have to remove some permissions if user switched from others.
-	done, err := r.removeWorkspacePermissionsInSameNamespaceWithChe(deployContext)
-	if !done {
-		return false, err
-	}
-
-	// Add workspaces cluster permission finalizer to the CR if deletion timestamp is 0.
-	// Or delete workspaces cluster permission set and finalizer from CR if deletion timestamp is not 0.
-	done, err = r.delegateWorkspacePermissionsInTheDifferNamespaceThanChe(deployContext)
+	done, err := r.delegateWorkspacePermissionsInTheDifferNamespaceThanChe(deployContext)
 	if !done {
 		return false, err
 	}
@@ -67,41 +57,6 @@ func (r *ReconcileChe) reconcileWorkspacePermissions(deployContext *deploy.Deplo
 	return true, nil
 }
 
-// removeWorkspacePermissionsInSameNamespaceWithChe - removes workspaces in same namespace with Che role and rolebindings.
-func (r *ReconcileChe) removeWorkspacePermissionsInSameNamespaceWithChe(deployContext *deploy.DeployContext) (bool, error) {
-	done, err := deploy.DeleteNamespacedObject(deployContext, deploy.ExecRoleName, &rbac.Role{})
-	if !done {
-		return false, err
-	}
-
-	done, err = deploy.DeleteNamespacedObject(deployContext, ExecRoleBindingName, &rbac.RoleBinding{})
-	if !done {
-		return false, err
-	}
-
-	done, err = deploy.DeleteNamespacedObject(deployContext, deploy.ViewRoleName, &rbac.Role{})
-	if !done {
-		return false, err
-	}
-
-	done, err = deploy.DeleteNamespacedObject(deployContext, ViewRoleBindingName, &rbac.RoleBinding{})
-	if !done {
-		return false, err
-	}
-
-	done, err = deploy.DeleteNamespacedObject(deployContext, EditRoleBindingName, &rbac.RoleBinding{})
-	if !done {
-		return false, err
-	}
-
-	done, err = deploy.DeleteNamespacedObject(deployContext, CheWorkspacesServiceAccount, &corev1.ServiceAccount{})
-	if !done {
-		return false, err
-	}
-
-	return true, nil
-}
-
 // Create cluster roles and cluster role bindings for "che" service account.
 // che-server uses "che" service account for creation new workspaces and workspace components.
 // Operator will create two cluster roles: