Skip to content

Commit a744e80

Browse files
sosiouxmesosiouxme
committed
diagnostics: make cluster role warning info, modify text
bug 1381611 https://bugzilla.redhat.com/show_bug.cgi?id=1381611
1 parent 751ffcd commit a744e80

File tree

1 file changed

+31
-4
lines changed

1 file changed

+31
-4
lines changed

pkg/diagnostics/cluster/roles.go

Lines changed: 31 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,34 @@ type ClusterRoles struct {
2020
}
2121

2222
const (
23-
ClusterRolesName = "ClusterRoles"
23+
ClusterRolesName = "ClusterRoles"
24+
clusterRoleMissing = `
25+
clusterrole/%s is missing.
26+
27+
Use the 'oadm policy reconcile-cluster-roles' command to create the role. For example,
28+
29+
$ oadm policy reconcile-cluster-roles \
30+
--additive-only=true --confirm
31+
`
32+
clusterRoleReduced = `
33+
clusterrole/%s has changed, but the existing role has more permissions than the new role.
34+
35+
If you can confirm that the extra permissions are not required, you may use the
36+
'oadm policy reconcile-cluster-roles' command to update the role to reduce permissions.
37+
For example,
38+
39+
$ oadm policy reconcile-cluster-roles \
40+
--additive-only=false --confirm
41+
`
42+
clusterRoleChanged = `
43+
clusterrole/%s has changed and the existing role does not have enough permissions.
44+
45+
Use the 'oadm policy reconcile-cluster-roles' command to update the role.
46+
For example,
47+
48+
$ oadm policy reconcile-cluster-roles \
49+
--additive-only=true --confirm
50+
`
2451
)
2552

2653
func (d *ClusterRoles) Name() string {
@@ -70,7 +97,7 @@ func (d *ClusterRoles) Check() types.DiagnosticResult {
7097
for _, changedClusterRole := range changedClusterRoles {
7198
actualClusterRole, err := d.ClusterRolesClient.ClusterRoles().Get(changedClusterRole.Name)
7299
if kerrs.IsNotFound(err) {
73-
r.Error("CRD1002", nil, fmt.Sprintf("clusterrole/%s is missing.\n\nUse the `oadm policy reconcile-cluster-roles` command to create the role.", changedClusterRole.Name))
100+
r.Error("CRD1002", nil, fmt.Sprintf(clusterRoleMissing, changedClusterRole.Name))
74101
continue
75102
}
76103
if err != nil {
@@ -79,15 +106,15 @@ func (d *ClusterRoles) Check() types.DiagnosticResult {
79106

80107
_, missingRules := rulevalidation.Covers(actualClusterRole.Rules, changedClusterRole.Rules)
81108
if len(missingRules) == 0 {
82-
r.Warn("CRD1003", nil, fmt.Sprintf("clusterrole/%s has changed, but the existing role has more permissions than the new role.\n\nUse the `oadm policy reconcile-cluster-roles` command to update the role to reduce permissions.", changedClusterRole.Name))
109+
r.Info("CRD1003", nil, fmt.Sprintf(clusterRoleReduced, changedClusterRole.Name))
83110
_, extraRules := rulevalidation.Covers(changedClusterRole.Rules, actualClusterRole.Rules)
84111
for _, extraRule := range extraRules {
85112
r.Info("CRD1008", fmt.Sprintf("clusterrole/%s has extra permission %v.", changedClusterRole.Name, extraRule))
86113
}
87114
continue
88115
}
89116

90-
r.Error("CRD1005", nil, fmt.Sprintf("clusterrole/%s has changed and the existing role does not have enough permissions.\n\nUse the `oadm policy reconcile-cluster-roles` command to update the role.", changedClusterRole.Name))
117+
r.Error("CRD1005", nil, fmt.Sprintf(clusterRoleChanged, changedClusterRole.Name))
91118
for _, missingRule := range missingRules {
92119
r.Info("CRD1007", fmt.Sprintf("clusterrole/%s is missing permission %v.", changedClusterRole.Name, missingRule))
93120
}

0 commit comments

Comments
 (0)