func verifyPruneAccess(client *client.Client) error { sar := authorizationapi.SubjectAccessReview{ Verb: "delete", Resource: "images", } response, err := client.ClusterSubjectAccessReviews().Create(&sar) if err != nil { log.Errorf("OpenShift client error: %s", err) if kerrors.IsUnauthorized(err) || kerrors.IsForbidden(err) { return ErrOpenShiftAccessDenied } return err } if !response.Allowed { log.Errorf("OpenShift access denied: %s", response.Reason) return ErrOpenShiftAccessDenied } return nil }