func userCan(sarClient osclient.SubjectAccessReviews, action authorizationapi.Action) (bool, error) {
resp, err := sarClient.SubjectAccessReviews().Create(&authorizationapi.SubjectAccessReview{Action: action})
if err != nil {
return false, err
}
if resp.Allowed {
return true, nil
}
return false, nil
}
func verifyPruneAccess(ctx context.Context, client client.SubjectAccessReviews) error {
sar := authorizationapi.SubjectAccessReview{
Action: authorizationapi.Action{
Verb: "delete",
Group: imageapi.GroupName,
Resource: "images",
},
}
response, err := client.SubjectAccessReviews().Create(&sar)
if err != nil {
context.GetLogger(ctx).Errorf("OpenShift client error: %s", err)
if kerrors.IsUnauthorized(err) || kerrors.IsForbidden(err) {
return ErrOpenShiftAccessDenied
}
return err
}
if !response.Allowed {
context.GetLogger(ctx).Errorf("OpenShift access denied: %s", response.Reason)
return ErrOpenShiftAccessDenied
}
return nil
}
