Use discovery based version gating for policy commands

Matt Rogers · Matt Rogers · commit 87cc26a150c1 · 2017-09-08T11:07:28.000-04:00
diff --git a/pkg/cmd/server/admin/overwrite_bootstrappolicy.go b/pkg/cmd/server/admin/overwrite_bootstrappolicy.go
@@ -105,7 +105,7 @@ func (o OverwriteBootstrapPolicyOptions) Complete(f *clientcmd.Factory) error {
 		return err
 	}
 
-	return clientcmd.Gate(oClient, "", "3.7.0")
+	return clientcmd.LegacyPolicyResourceGate(oClient)
 }
 
 func (o OverwriteBootstrapPolicyOptions) OverwriteBootstrapPolicy() error {
diff --git a/pkg/cmd/util/clientcmd/gating.go b/pkg/cmd/util/clientcmd/gating.go
@@ -1,64 +1,49 @@
 package clientcmd
 
 import (
-	"encoding/json"
 	"fmt"
 
-	"github.com/blang/semver"
-
 	"github.com/openshift/origin/pkg/client"
-	"github.com/openshift/origin/pkg/version"
 )
 
-// Gate returns an error if the server is below minServerVersion or above/equal maxServerVersion.
-// To test only for min or only max version, set the other string to the empty value.
-func Gate(ocClient *client.Client, minServerVersion, maxServerVersion string) error {
-	if len(minServerVersion) == 0 && len(maxServerVersion) == 0 {
-		return fmt.Errorf("No version info passed to gate command")
+// Return err if the server does not support any of the legacy policy objects (< 3.7)
+func LegacyPolicyResourceGate(ocClient *client.Client) error {
+	return ResourceGate(ocClient, "authorization.openshift.io/v1", []string{
+		"clusterpolicies",
+		"clusterpolicybindings",
+		"policies",
+		"policybindings",
+	})
+}
+
+// Do a discovery for server resources of the provided groupVersion, returning nil if any one of resourceNames is supported
+// by the server.
+func ResourceGate(ocClient *client.Client, groupVersion string, resourceNames []string) error {
+	if len(resourceNames) == 0 {
+		return fmt.Errorf("No resources provided for resource gate check")
 	}
 
-	ocVersionBody, err := ocClient.Get().AbsPath("/version/openshift").Do().Raw()
+	serverVersion, err := ocClient.Discovery().ServerVersion()
 	if err != nil {
-		return err
-	}
-	ocServerInfo := &version.Info{}
-	if err := json.Unmarshal(ocVersionBody, ocServerInfo); err != nil {
-		return err
+		return fmt.Errorf("Could not discover server version")
 	}
-	ocVersion := ocServerInfo.String()
-	// skip first chracter as Openshift returns a 'v' preceding the actual
-	// version string which semver does not grok
-	semVersion, err := semver.Parse(ocVersion[1:])
+
+	serverResources, err := ocClient.Discovery().ServerResourcesForGroupVersion(groupVersion)
 	if err != nil {
-		return fmt.Errorf("Failed to parse server version %s: %v", ocVersion, err)
+		return err
 	}
-	// ignore pre-release version info
-	semVersion.Pre = nil
 
-	if len(minServerVersion) > 0 {
-		min, err := semver.Parse(minServerVersion)
-		if err != nil {
-			return fmt.Errorf("Failed to parse min gate version %s: %v", minServerVersion, err)
-		}
-		// ignore pre-release version info
-		min.Pre = nil
-		if semVersion.LT(min) {
-			return fmt.Errorf("This command works only with server versions > %s, found %s", minServerVersion, ocVersion)
-		}
+	if len(serverResources.APIResources) == 0 {
+		return fmt.Errorf("Could not discover server resources")
 	}
 
-	if len(maxServerVersion) > 0 {
-		max, err := semver.Parse(maxServerVersion)
-		if err != nil {
-			return fmt.Errorf("Failed to parse max gate version %s: %v", maxServerVersion, err)
-		}
-		// ignore pre-release version info
-		max.Pre = nil
-		if semVersion.GTE(max) {
-			return fmt.Errorf("This command works only with server versions < %s, found %s", maxServerVersion, ocVersion)
+	for _, resource := range serverResources.APIResources {
+		for i := range resourceNames {
+			if resourceNames[i] == resource.Name {
+				return nil
+			}
 		}
 	}
 
-	// OK this is within min/max all good!
-	return nil
+	return fmt.Errorf("This command is not supported by server version %s", serverVersion.String())
 }
diff --git a/pkg/oc/admin/migrate/authorization/authorization.go b/pkg/oc/admin/migrate/authorization/authorization.go
@@ -89,7 +89,7 @@ func (o *MigrateAuthorizationOptions) Complete(name string, f *clientcmd.Factory
 		return err
 	}
 
-	if err := clientcmd.Gate(client, "", "3.7.0"); err != nil {
+	if err := clientcmd.LegacyPolicyResourceGate(client); err != nil {
 		return err
 	}
 
diff --git a/pkg/oc/cli/cmd/create/policy_binding.go b/pkg/oc/cli/cmd/create/policy_binding.go
@@ -76,7 +76,7 @@ func (o *CreatePolicyBindingOptions) Complete(cmd *cobra.Command, f *clientcmd.F
 		return err
 	}
 
-	if err := clientcmd.Gate(client, "", "3.7.0"); err != nil {
+	if err := clientcmd.LegacyPolicyResourceGate(client); err != nil {
 		return err
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ func (o OverwriteBootstrapPolicyOptions) Complete(f *clientcmd.Factory) error {`
`105`	`105`	`return err`
`106`	`106`	`}`
`107`	`107`
`108`		`- return clientcmd.Gate(oClient, "", "3.7.0")`
	`108`	`+ return clientcmd.LegacyPolicyResourceGate(oClient)`
`109`	`109`	`}`
`110`	`110`
`111`	`111`	`func (o OverwriteBootstrapPolicyOptions) OverwriteBootstrapPolicy() error {`
Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ func (o MigrateAuthorizationOptions) Complete(name string, f clientcmd.Factory`
`89`	`89`	`return err`
`90`	`90`	`}`
`91`	`91`
`92`		`- if err := clientcmd.Gate(client, "", "3.7.0"); err != nil {`
	`92`	`+ if err := clientcmd.LegacyPolicyResourceGate(client); err != nil {`
`93`	`93`	`return err`
`94`	`94`	`}`
`95`	`95`
Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@ func (o CreatePolicyBindingOptions) Complete(cmd cobra.Command, f *clientcmd.F`
`76`	`76`	`return err`
`77`	`77`	`}`
`78`	`78`
`79`		`- if err := clientcmd.Gate(client, "", "3.7.0"); err != nil {`
	`79`	`+ if err := clientcmd.LegacyPolicyResourceGate(client); err != nil {`
`80`	`80`	`return err`
`81`	`81`	`}`
`82`	`82`