1. origin
  2. Blame
pkg/user/reaper/group.go
01d9e61f 
 package reaper
 
 import (
 	"time"
 
 	"github.com/golang/glog"
 	kapi "k8s.io/kubernetes/pkg/api"
 	kerrors "k8s.io/kubernetes/pkg/api/errors"
97e6f1de 
 	kcoreclient "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/core/unversioned"
01d9e61f 
 	"k8s.io/kubernetes/pkg/kubectl"
 
 	"github.com/openshift/origin/pkg/client"
 )
 
 func NewGroupReaper(
 	groupClient client.GroupsInterface,
 	clusterBindingClient client.ClusterRoleBindingsInterface,
 	bindingClient client.RoleBindingsNamespacer,
97e6f1de 
 	sccClient kcoreclient.SecurityContextConstraintsGetter,
01d9e61f 
 ) kubectl.Reaper {
 	return &GroupReaper{
 		groupClient:          groupClient,
 		clusterBindingClient: clusterBindingClient,
 		bindingClient:        bindingClient,
 		sccClient:            sccClient,
 	}
 }
 
 type GroupReaper struct {
 	groupClient          client.GroupsInterface
 	clusterBindingClient client.ClusterRoleBindingsInterface
 	bindingClient        client.RoleBindingsNamespacer
97e6f1de 
 	sccClient            kcoreclient.SecurityContextConstraintsGetter
01d9e61f 
 }
 
 // Stop on a reaper is actually used for deletion.  In this case, we'll delete referencing identities, clusterBindings, and bindings,
 // then delete the group
f638b86d 
 func (r *GroupReaper) Stop(namespace, name string, timeout time.Duration, gracePeriod *kapi.DeleteOptions) error {
01d9e61f 
 	removedSubject := kapi.ObjectReference{Kind: "Group", Name: name}
 
 	if err := reapClusterBindings(removedSubject, r.clusterBindingClient); err != nil {
f638b86d 
 		return err
01d9e61f 
 	}
 
 	if err := reapNamespacedBindings(removedSubject, r.bindingClient); err != nil {
f638b86d 
 		return err
01d9e61f 
 	}
 
 	// Remove the group from sccs
f638b86d 
 	sccs, err := r.sccClient.SecurityContextConstraints().List(kapi.ListOptions{})
01d9e61f 
 	if err != nil {
f638b86d 
 		return err
01d9e61f 
 	}
 	for _, scc := range sccs.Items {
 		retainedGroups := []string{}
 		for _, group := range scc.Groups {
 			if group != name {
 				retainedGroups = append(retainedGroups, group)
 			}
 		}
 		if len(retainedGroups) != len(scc.Groups) {
 			updatedSCC := scc
 			updatedSCC.Groups = retainedGroups
 			if _, err := r.sccClient.SecurityContextConstraints().Update(&updatedSCC); err != nil && !kerrors.IsNotFound(err) {
 				glog.Infof("Cannot update scc/%s: %v", scc.Name, err)
 			}
 		}
 	}
 
 	// Remove the group
 	if err := r.groupClient.Groups().Delete(name); err != nil && !kerrors.IsNotFound(err) {
f638b86d 
 		return err
01d9e61f 
 	}
f638b86d 
 	return nil
01d9e61f 
 }