forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
privileged.go
37 lines (33 loc) · 1.17 KB
/
privileged.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package componentinstall
import (
"fmt"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apiserver/pkg/authentication/serviceaccount"
"k8s.io/client-go/rest"
"k8s.io/client-go/util/retry"
securityclient "github.com/openshift/client-go/security/clientset/versioned/typed/security/v1"
"github.com/openshift/origin/pkg/oc/lib/errors"
)
// AddPrivilegedUser adds the provided user to list of users allowed to use privileged SCC.
func AddPrivilegedUser(clientConfig *rest.Config, namespace, name string) error {
err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
securityClient, err := securityclient.NewForConfig(clientConfig)
if err != nil {
return err
}
privilegedSCC, err := securityClient.SecurityContextConstraints().Get("privileged", metav1.GetOptions{})
if err != nil {
return err
}
privilegedSCC.Users = append(privilegedSCC.Users, serviceaccount.MakeUsername(namespace, name))
_, err = securityClient.SecurityContextConstraints().Update(privilegedSCC)
if err != nil {
return err
}
return nil
})
if err != nil {
return errors.NewError(fmt.Sprintf("cannot update privileged SCC for %q", name)).WithCause(err)
}
return nil
}