forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
deprovision.go
70 lines (58 loc) · 2.5 KB
/
deprovision.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
package servicebroker
import (
"net/http"
"github.com/golang/glog"
kerrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/kubernetes/pkg/apis/authorization"
"github.com/openshift/origin/pkg/authorization/util"
templateapi "github.com/openshift/origin/pkg/template/apis/template"
"github.com/openshift/origin/pkg/templateservicebroker/openservicebroker/api"
)
// Deprovision is the reverse of Provision. We clean up the TemplateInstance,
// Secret and BrokerTemplateInstance objects (in that order); the garbage
// collector is responsible for the removal of the objects provisioned by the
// Template(Instance) itself.
func (b *Broker) Deprovision(u user.Info, instanceID string) *api.Response {
glog.V(4).Infof("Template service broker: Deprovision: instanceID %s", instanceID)
brokerTemplateInstance, err := b.templateclient.BrokerTemplateInstances().Get(instanceID, metav1.GetOptions{})
if err != nil {
if kerrors.IsNotFound(err) {
return api.NewResponse(http.StatusGone, &api.DeprovisionResponse{}, nil)
}
return api.InternalServerError(err)
}
namespace := brokerTemplateInstance.Spec.TemplateInstance.Namespace
// end users are not expected to have access to BrokerTemplateInstance
// objects; SAR on the TemplateInstance instead.
if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorization.ResourceAttributes{
Namespace: namespace,
Verb: "get",
Group: templateapi.GroupName,
Resource: "templateinstances",
Name: brokerTemplateInstance.Spec.TemplateInstance.Name,
}); err != nil {
return api.Forbidden(err)
}
if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorization.ResourceAttributes{
Namespace: namespace,
Verb: "delete",
Group: templateapi.GroupName,
Resource: "templateinstances",
Name: brokerTemplateInstance.Spec.TemplateInstance.Name,
}); err != nil {
return api.Forbidden(err)
}
opts := metav1.NewPreconditionDeleteOptions(string(brokerTemplateInstance.UID))
policy := metav1.DeletePropagationForeground
opts.PropagationPolicy = &policy
err = b.templateclient.BrokerTemplateInstances().Delete(instanceID, opts)
if err != nil {
if kerrors.IsNotFound(err) {
return api.NewResponse(http.StatusGone, &api.DeprovisionResponse{}, nil)
}
return api.InternalServerError(err)
}
return api.NewResponse(http.StatusAccepted, &api.DeprovisionResponse{Operation: api.OperationDeprovisioning}, nil)
}