Fix oc policy remove-user to remove rolebindings too

simo5 · simo5 · commit d70e210ec0a5 · 2018-02-09T15:39:24.000-05:00
Followup to openshift#18102 Signed-off-by: Simo Sorce <simo@redhat.com>
diff --git a/pkg/oc/admin/policy/remove_from_project.go b/pkg/oc/admin/policy/remove_from_project.go
@@ -176,7 +176,11 @@ func (o *RemoveFromProjectOptions) Run() error {
 		}
 
 		if !o.DryRun {
-			_, err = o.Client.RoleBindings(o.BindingNamespace).Update(&currBinding)
+			if len(currBinding.Subjects) > 0 {
+				_, err = o.Client.RoleBindings(o.BindingNamespace).Update(&currBinding)
+			} else {
+				err = o.Client.RoleBindings(o.BindingNamespace).Delete(currBinding.Name, &metav1.DeleteOptions{})
+			}
 			if err != nil {
 				return err
 			}
diff --git a/test/integration/policy_commands_test.go b/test/integration/policy_commands_test.go
@@ -4,6 +4,7 @@ import (
 	"io/ioutil"
 	"testing"
 
+	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	authorizationclient "github.com/openshift/origin/pkg/authorization/generated/internalclientset"
@@ -90,7 +91,7 @@ func TestPolicyCommands(t *testing.T) {
 	}
 
 	viewers, err = haroldAuthorizationClient.RoleBindings(projectName).Get("view", metav1.GetOptions{})
-	if err != nil {
+	if !errors.IsNotFound(err) {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	binding = authorizationinterfaces.NewLocalRoleBindingAdapter(viewers)

Original file line number	Diff line number	Diff line change
`@@ -176,7 +176,11 @@ func (o *RemoveFromProjectOptions) Run() error {`
`176`	`176`	`}`
`177`	`177`
`178`	`178`	`if !o.DryRun {`
`179`		`- _, err = o.Client.RoleBindings(o.BindingNamespace).Update(&currBinding)`
	`179`	`+ if len(currBinding.Subjects) > 0 {`
	`180`	`+ _, err = o.Client.RoleBindings(o.BindingNamespace).Update(&currBinding)`
	`181`	`+ } else {`
	`182`	`+ err = o.Client.RoleBindings(o.BindingNamespace).Delete(currBinding.Name, &metav1.DeleteOptions{})`
	`183`	`+ }`
`180`	`184`	`if err != nil {`
`181`	`185`	`return err`
`182`	`186`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ import (`
`4`	`4`	`"io/ioutil"`
`5`	`5`	`"testing"`
`6`	`6`
	`7`	`+ "k8s.io/apimachinery/pkg/api/errors"`
`7`	`8`	`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
`8`	`9`
`9`	`10`	`authorizationclient "github.com/openshift/origin/pkg/authorization/generated/internalclientset"`
`@@ -90,7 +91,7 @@ func TestPolicyCommands(t *testing.T) {`
`90`	`91`	`}`
`91`	`92`
`92`	`93`	`viewers, err = haroldAuthorizationClient.RoleBindings(projectName).Get("view", metav1.GetOptions{})`
`93`		`- if err != nil {`
	`94`	`+ if !errors.IsNotFound(err) {`
`94`	`95`	`t.Fatalf("unexpected error: %v", err)`
`95`	`96`	`}`
`96`	`97`	`binding = authorizationinterfaces.NewLocalRoleBindingAdapter(viewers)`