Skip to content

Commit d70e210

Browse files
committed
Fix oc policy remove-user to remove rolebindings too
Followup to openshift#18102 Signed-off-by: Simo Sorce <[email protected]>
1 parent 073bb37 commit d70e210

File tree

2 files changed

+7
-2
lines changed

2 files changed

+7
-2
lines changed

pkg/oc/admin/policy/remove_from_project.go

+5-1
Original file line numberDiff line numberDiff line change
@@ -176,7 +176,11 @@ func (o *RemoveFromProjectOptions) Run() error {
176176
}
177177

178178
if !o.DryRun {
179-
_, err = o.Client.RoleBindings(o.BindingNamespace).Update(&currBinding)
179+
if len(currBinding.Subjects) > 0 {
180+
_, err = o.Client.RoleBindings(o.BindingNamespace).Update(&currBinding)
181+
} else {
182+
err = o.Client.RoleBindings(o.BindingNamespace).Delete(currBinding.Name, &metav1.DeleteOptions{})
183+
}
180184
if err != nil {
181185
return err
182186
}

test/integration/policy_commands_test.go

+2-1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import (
44
"io/ioutil"
55
"testing"
66

7+
"k8s.io/apimachinery/pkg/api/errors"
78
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
89

910
authorizationclient "github.com/openshift/origin/pkg/authorization/generated/internalclientset"
@@ -90,7 +91,7 @@ func TestPolicyCommands(t *testing.T) {
9091
}
9192

9293
viewers, err = haroldAuthorizationClient.RoleBindings(projectName).Get("view", metav1.GetOptions{})
93-
if err != nil {
94+
if !errors.IsNotFound(err) {
9495
t.Fatalf("unexpected error: %v", err)
9596
}
9697
binding = authorizationinterfaces.NewLocalRoleBindingAdapter(viewers)

0 commit comments

Comments
 (0)