forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
policy.go
32 lines (27 loc) · 980 Bytes
/
policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
package util
import (
"time"
"github.com/GoogleCloudPlatform/kubernetes/pkg/util/wait"
authorizationapi "github.com/openshift/origin/pkg/authorization/api"
"github.com/openshift/origin/pkg/client"
)
const (
PolicyCachePollInterval = 100 * time.Millisecond
PolicyCachePollTimeout = 5 * time.Second
)
// WaitForPolicyUpdate checks if the given client can perform the named verb and action.
// If PolicyCachePollTimeout is reached without the expected condition matching, an error is returned
func WaitForPolicyUpdate(c *client.Client, namespace, verb, resource string, allowed bool) error {
review := &authorizationapi.SubjectAccessReview{Verb: verb, Resource: resource}
err := wait.Poll(PolicyCachePollInterval, PolicyCachePollTimeout, func() (bool, error) {
response, err := c.SubjectAccessReviews(namespace).Create(review)
if err != nil {
return false, err
}
if response.Allowed != allowed {
return false, nil
}
return true, nil
})
return err
}