package admin import ( "bytes" "errors" "io" "io/ioutil" "os" "path" "github.com/spf13/cobra" kapi "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/kubectl" kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util" "github.com/openshift/origin/pkg/api/latest" "github.com/openshift/origin/pkg/cmd/server/bootstrappolicy" "github.com/openshift/origin/pkg/template/api" ) const ( DefaultPolicyFile = "openshift.local.config/master/policy.json" CreateBootstrapPolicyFileCommand = "create-bootstrap-policy-file" CreateBootstrapPolicyFileFullCommand = "openshift admin " + CreateBootstrapPolicyFileCommand ) type CreateBootstrapPolicyFileOptions struct { File string OpenShiftSharedResourcesNamespace string } func NewCommandCreateBootstrapPolicyFile(commandName string, fullName string, out io.Writer) *cobra.Command { options := &CreateBootstrapPolicyFileOptions{} cmd := &cobra.Command{ Use: commandName, Short: "Create the default bootstrap policy", Run: func(cmd *cobra.Command, args []string) { if err := options.Validate(args); err != nil { kcmdutil.CheckErr(kcmdutil.UsageError(cmd, err.Error())) } if err := options.CreateBootstrapPolicyFile(); err != nil { kcmdutil.CheckErr(err) } }, } flags := cmd.Flags() flags.StringVar(&options.File, "filename", DefaultPolicyFile, "The policy template file that will be written with roles and bindings.") flags.StringVar(&options.OpenShiftSharedResourcesNamespace, "openshift-namespace", "openshift", "Namespace for shared resources.") // autocompletion hints cmd.MarkFlagFilename("filename") return cmd } func (o CreateBootstrapPolicyFileOptions) Validate(args []string) error { if len(args) != 0 { return errors.New("no arguments are supported") } if len(o.File) == 0 { return errors.New("filename must be provided") } if len(o.OpenShiftSharedResourcesNamespace) == 0 { return errors.New("openshift-namespace must be provided") } return nil } func (o CreateBootstrapPolicyFileOptions) CreateBootstrapPolicyFile() error { if err := os.MkdirAll(path.Dir(o.File), os.FileMode(0755)); err != nil { return err } policyTemplate := &api.Template{} clusterRoles := bootstrappolicy.GetBootstrapClusterRoles() for i := range clusterRoles { versionedObject, err := kapi.Scheme.ConvertToVersion(&clusterRoles[i], latest.Version) if err != nil { return err } policyTemplate.Objects = append(policyTemplate.Objects, versionedObject) } clusterRoleBindings := bootstrappolicy.GetBootstrapClusterRoleBindings() for i := range clusterRoleBindings { versionedObject, err := kapi.Scheme.ConvertToVersion(&clusterRoleBindings[i], latest.Version) if err != nil { return err } policyTemplate.Objects = append(policyTemplate.Objects, versionedObject) } openshiftRoles := bootstrappolicy.GetBootstrapOpenshiftRoles(o.OpenShiftSharedResourcesNamespace) for i := range openshiftRoles { versionedObject, err := kapi.Scheme.ConvertToVersion(&openshiftRoles[i], latest.Version) if err != nil { return err } policyTemplate.Objects = append(policyTemplate.Objects, versionedObject) } openshiftRoleBindings := bootstrappolicy.GetBootstrapOpenshiftRoleBindings(o.OpenShiftSharedResourcesNamespace) for i := range openshiftRoleBindings { versionedObject, err := kapi.Scheme.ConvertToVersion(&openshiftRoleBindings[i], latest.Version) if err != nil { return err } policyTemplate.Objects = append(policyTemplate.Objects, versionedObject) } versionedPolicyTemplate, err := kapi.Scheme.ConvertToVersion(policyTemplate, latest.Version) if err != nil { return err } buffer := &bytes.Buffer{} (&kubectl.JSONPrinter{}).PrintObj(versionedPolicyTemplate, buffer) if err := ioutil.WriteFile(o.File, buffer.Bytes(), 0644); err != nil { return err } return nil }