From d8a76e3f2f914db83d8e4b20f26a42566f45d4a4 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Wed, 12 May 2021 13:34:37 +0300 Subject: [PATCH] Fixes Signed-off-by: Anatolii Bazko --- pkg/controller/che/che_cr_validator.go | 4 +- .../che/workspace_namespace_permission.go | 47 +------------------ 2 files changed, 2 insertions(+), 49 deletions(-) diff --git a/pkg/controller/che/che_cr_validator.go b/pkg/controller/che/che_cr_validator.go index 337e7895c..1f5d2b47e 100644 --- a/pkg/controller/che/che_cr_validator.go +++ b/pkg/controller/che/che_cr_validator.go @@ -33,9 +33,7 @@ func ValidateCheCR(checluster *orgv1.CheCluster) error { workspaceNamespaceDefault := util.GetWorkspaceNamespaceDefault(checluster) if strings.Index(workspaceNamespaceDefault, "") == -1 && strings.Index(workspaceNamespaceDefault, "") == -1 { - return fmt.Errorf(`Namespace strategies other than 'per user' is not supported anymore. - Using the or placeholder is required in the 'spec.server.workspaceNamespaceDefault' field. - The current value is: %s`, workspaceNamespaceDefault) + return fmt.Errorf(`Namespace strategies other than 'per user' is not supported anymore. Using the or placeholder is required in the 'spec.server.workspaceNamespaceDefault' field. The current value is: %s`, workspaceNamespaceDefault) } return nil diff --git a/pkg/controller/che/workspace_namespace_permission.go b/pkg/controller/che/workspace_namespace_permission.go index eae69bb73..97546c5d3 100644 --- a/pkg/controller/che/workspace_namespace_permission.go +++ b/pkg/controller/che/workspace_namespace_permission.go @@ -17,7 +17,6 @@ import ( "github.com/eclipse-che/che-operator/pkg/deploy" "github.com/eclipse-che/che-operator/pkg/util" - corev1 "k8s.io/api/core/v1" rbac "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/types" ) @@ -45,16 +44,7 @@ const ( // Reconcile workspace permissions based on workspace strategy func (r *ReconcileChe) reconcileWorkspacePermissions(deployContext *deploy.DeployContext) (bool, error) { - // The only supported namespace strategy is `per-user`. - // We have to remove some permissions if user switched from others. - done, err := r.removeWorkspacePermissionsInSameNamespaceWithChe(deployContext) - if !done { - return false, err - } - - // Add workspaces cluster permission finalizer to the CR if deletion timestamp is 0. - // Or delete workspaces cluster permission set and finalizer from CR if deletion timestamp is not 0. - done, err = r.delegateWorkspacePermissionsInTheDifferNamespaceThanChe(deployContext) + done, err := r.delegateWorkspacePermissionsInTheDifferNamespaceThanChe(deployContext) if !done { return false, err } @@ -67,41 +57,6 @@ func (r *ReconcileChe) reconcileWorkspacePermissions(deployContext *deploy.Deplo return true, nil } -// removeWorkspacePermissionsInSameNamespaceWithChe - removes workspaces in same namespace with Che role and rolebindings. -func (r *ReconcileChe) removeWorkspacePermissionsInSameNamespaceWithChe(deployContext *deploy.DeployContext) (bool, error) { - done, err := deploy.DeleteNamespacedObject(deployContext, deploy.ExecRoleName, &rbac.Role{}) - if !done { - return false, err - } - - done, err = deploy.DeleteNamespacedObject(deployContext, ExecRoleBindingName, &rbac.RoleBinding{}) - if !done { - return false, err - } - - done, err = deploy.DeleteNamespacedObject(deployContext, deploy.ViewRoleName, &rbac.Role{}) - if !done { - return false, err - } - - done, err = deploy.DeleteNamespacedObject(deployContext, ViewRoleBindingName, &rbac.RoleBinding{}) - if !done { - return false, err - } - - done, err = deploy.DeleteNamespacedObject(deployContext, EditRoleBindingName, &rbac.RoleBinding{}) - if !done { - return false, err - } - - done, err = deploy.DeleteNamespacedObject(deployContext, CheWorkspacesServiceAccount, &corev1.ServiceAccount{}) - if !done { - return false, err - } - - return true, nil -} - // Create cluster roles and cluster role bindings for "che" service account. // che-server uses "che" service account for creation new workspaces and workspace components. // Operator will create two cluster roles: