openshift
diff --git a/‎pkg/cmd/server/admin/overwrite_bootstrappolicy.go
Lines changed: 2 additions & 2 deletions b/‎pkg/cmd/server/admin/overwrite_bootstrappolicy.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎pkg/cmd/util/clientcmd/gating.go
Lines changed: 91 additions & 40 deletions b/‎pkg/cmd/util/clientcmd/gating.go
Lines changed: 91 additions & 40 deletions
@@ -100,12 +100,12 @@ func (o OverwriteBootstrapPolicyOptions) Validate(args []string) error {
 }
 
 func (o OverwriteBootstrapPolicyOptions) Complete(f *clientcmd.Factory) error {
-	oClient, _, err := f.Clients()
+	_, kclient, err := f.Clients()
 	if err != nil {
 		return err
 	}
 
-	return clientcmd.Gate(oClient, "", "3.7.0")
+	return clientcmd.LegacyPolicyResourceGate(kclient.Discovery())
 }
 
 func (o OverwriteBootstrapPolicyOptions) OverwriteBootstrapPolicy() error {
 
@@ -1,64 +1,115 @@
 package clientcmd
 
 import (
-	"encoding/json"
 	"fmt"
 
-	"github.com/blang/semver"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/discovery"
 
-	"github.com/openshift/origin/pkg/client"
-	"github.com/openshift/origin/pkg/version"
+	"github.com/openshift/origin/pkg/authorization/apis/authorization"
 )
 
-// Gate returns an error if the server is below minServerVersion or above/equal maxServerVersion.
-// To test only for min or only max version, set the other string to the empty value.
-func Gate(ocClient *client.Client, minServerVersion, maxServerVersion string) error {
-	if len(minServerVersion) == 0 && len(maxServerVersion) == 0 {
-		return fmt.Errorf("No version info passed to gate command")
-	}
+// LegacyPolicyResourceGate returns err if the server does not support the set of legacy policy objects (< 3.7)
+func LegacyPolicyResourceGate(client discovery.DiscoveryInterface) error {
+	// The server must support the 4 legacy policy objects in either of the GV schemes.
+	_, all, err := DiscoverGroupVersionResources(client,
+		schema.GroupVersionResource{
+			Group:    authorization.LegacySchemeGroupVersion.Group,
+			Version:  authorization.LegacySchemeGroupVersion.Version,
+			Resource: "clusterpolicies",
+		},
+		schema.GroupVersionResource{
+			Group:    authorization.LegacySchemeGroupVersion.Group,
+			Version:  authorization.LegacySchemeGroupVersion.Version,
+			Resource: "clusterpolicybindings",
+		},
+		schema.GroupVersionResource{
+			Group:    authorization.LegacySchemeGroupVersion.Group,
+			Version:  authorization.LegacySchemeGroupVersion.Version,
+			Resource: "policies",
+		},
+		schema.GroupVersionResource{
+			Group:    authorization.LegacySchemeGroupVersion.Group,
+			Version:  authorization.LegacySchemeGroupVersion.Version,
+			Resource: "policybindings",
+		},
+	)
 
-	ocVersionBody, err := ocClient.Get().AbsPath("/version/openshift").Do().Raw()
 	if err != nil {
 		return err
 	}
-	ocServerInfo := &version.Info{}
-	if err := json.Unmarshal(ocVersionBody, ocServerInfo); err != nil {
-		return err
+	if all {
+		return nil
 	}
-	ocVersion := ocServerInfo.String()
-	// skip first chracter as Openshift returns a 'v' preceding the actual
-	// version string which semver does not grok
-	semVersion, err := semver.Parse(ocVersion[1:])
+	_, all, err = DiscoverGroupVersionResources(client,
+		schema.GroupVersionResource{
+			Group:    authorization.SchemeGroupVersion.Group,
+			Version:  authorization.SchemeGroupVersion.Version,
+			Resource: "clusterpolicies",
+		},
+		schema.GroupVersionResource{
+			Group:    authorization.SchemeGroupVersion.Group,
+			Version:  authorization.SchemeGroupVersion.Version,
+			Resource: "clusterpolicybindings",
+		},
+		schema.GroupVersionResource{
+			Group:    authorization.SchemeGroupVersion.Group,
+			Version:  authorization.SchemeGroupVersion.Version,
+			Resource: "policies",
+		},
+		schema.GroupVersionResource{
+			Group:    authorization.SchemeGroupVersion.Group,
+			Version:  authorization.SchemeGroupVersion.Version,
+			Resource: "policybindings",
+		},
+	)
+
 	if err != nil {
-		return fmt.Errorf("Failed to parse server version %s: %v", ocVersion, err)
+		return err
+	}
+	if all {
+		return nil
 	}
-	// ignore pre-release version info
-	semVersion.Pre = nil
 
-	if len(minServerVersion) > 0 {
-		min, err := semver.Parse(minServerVersion)
-		if err != nil {
-			return fmt.Errorf("Failed to parse min gate version %s: %v", minServerVersion, err)
-		}
-		// ignore pre-release version info
-		min.Pre = nil
-		if semVersion.LT(min) {
-			return fmt.Errorf("This command works only with server versions > %s, found %s", minServerVersion, ocVersion)
-		}
+	return fmt.Errorf("the server does not support legacy policy resources")
+}
+
+// DiscoverGroupVersionResources performs a server resource discovery for each filterGVR, returning a slice of
+// GVRs for the matching Resources, and a bool for "all" indicating that each item in filterGVR was found.
+func DiscoverGroupVersionResources(client discovery.ServerResourcesInterface, filterGVR ...schema.GroupVersionResource) ([]schema.GroupVersionResource, bool, error) {
+	if len(filterGVR) == 0 {
+		return nil, false, fmt.Errorf("at least one GroupVersionResource must be provided")
 	}
 
-	if len(maxServerVersion) > 0 {
-		max, err := semver.Parse(maxServerVersion)
+	all := true
+
+	// var cache map[schema.GroupVersion][]string TODO: possibly needed if not cached
+
+	ret := []schema.GroupVersionResource{}
+	for i := range filterGVR {
+		// Discover the list of resources for this GVR
+		gv := filterGVR[i].GroupVersion()
+		serverResources, err := client.ServerResourcesForGroupVersion(gv.String())
+		if err != nil && errors.IsNotFound(err) {
+			all = false
+			continue
+		}
 		if err != nil {
-			return fmt.Errorf("Failed to parse max gate version %s: %v", maxServerVersion, err)
+			return nil, false, err
 		}
-		// ignore pre-release version info
-		max.Pre = nil
-		if semVersion.GTE(max) {
-			return fmt.Errorf("This command works only with server versions < %s, found %s", maxServerVersion, ocVersion)
+
+		seen := false
+		// Add matching resources to the return slice
+		for _, resource := range serverResources.APIResources {
+			if filterGVR[i].Resource == resource.Name {
+				seen = true
+				ret = append(ret, filterGVR[i])
+				break
+			}
 		}
+		all = all && seen
 	}
 
-	// OK this is within min/max all good!
-	return nil
+	return ret, all, nil
 }
Original file line number	Diff line number	Diff line change
`@@ -100,12 +100,12 @@ func (o OverwriteBootstrapPolicyOptions) Validate(args []string) error {`
`100`	`100`	`}`
`101`	`101`
`102`	`102`	`func (o OverwriteBootstrapPolicyOptions) Complete(f *clientcmd.Factory) error {`
`103`		`- oClient, _, err := f.Clients()`
	`103`	`+ _, kclient, err := f.Clients()`
`104`	`104`	`if err != nil {`
`105`	`105`	`return err`
`106`	`106`	`}`
`107`	`107`
`108`		`- return clientcmd.Gate(oClient, "", "3.7.0")`
	`108`	`+ return clientcmd.LegacyPolicyResourceGate(kclient.Discovery())`
`109`	`109`	`}`
`110`	`110`
`111`	`111`	`func (o OverwriteBootstrapPolicyOptions) OverwriteBootstrapPolicy() error {`