Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add method to determine if operation under k8s resource is permitted #209

Closed
wants to merge 1 commit into from
Closed

Add method to determine if operation under k8s resource is permitted #209

wants to merge 1 commit into from

Conversation

AndrienkoAleksandr
Copy link
Contributor

@AndrienkoAleksandr AndrienkoAleksandr commented Mar 25, 2020
edited
Loading

Can be useful for:
#166

Add method to determine if operation under k8s resource is permitted

Example how we can used it:

func checkGetOpenshiftUsersPermission(cr *orgv1.CheCluster) error {
	getUsersResAttr := &authorizationv1.ResourceAttributes{
			Namespace: cr.Namespace,
			Verb: "get",
			Group: "user.openshift.io",
			Resource: "user",
	}
	ok, err := k8sclient.IsResourceOperationPermitted(getUsersResAttr);
	if  err != nil {
		return fmt.Errorf("fail to check permissions to get Openshift cluster users.")
	}

	if !ok {
		return fmt.Errorf("not enougth permissions to get Openshift cluster users.")
	}

	return nil
}

Signed-off-by: Oleksandr Andriienko [email protected]

@AndrienkoAleksandr
Copy link
Contributor Author

@davidfestal we had some discussion #166 (comment)

@davidfestal some ideas about providing several levels of permissions to the che operator (according to the installation context) ,and let the operator logic accommodate these differences to enable or disable some installation options.

What do you think method from current pr will be enough to determine permission and complete #166 ?

@AndrienkoAleksandr AndrienkoAleksandr force-pushed the AddResourcePermissionCheckMethod branch from 6f7e40d to a07e0e3 Compare March 25, 2020 11:25
@tolusha tolusha mentioned this pull request Mar 27, 2020
Closed
43 tasks
@tolusha tolusha mentioned this pull request Apr 16, 2020
Closed
50 tasks
@tolusha tolusha mentioned this pull request May 7, 2020
Closed
56 tasks
@AndrienkoAleksandr AndrienkoAleksandr mentioned this pull request Sep 11, 2020
Merged
@AndrienkoAleksandr
Copy link
Contributor Author

This code was merged in the frame of the another pr #166, so I close it.

@tolusha tolusha deleted the AddResourcePermissionCheckMethod branch April 9, 2021 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidfestal davidfestal Awaiting requested review from davidfestal

@l0rd l0rd Awaiting requested review from l0rd

@nickboldt nickboldt Awaiting requested review from nickboldt

@rhopp rhopp Awaiting requested review from rhopp

@tolusha tolusha Awaiting requested review from tolusha

@vparfonov vparfonov Awaiting requested review from vparfonov

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AndrienkoAleksandr