diff --git a/cli/cmd/checkRunner.go b/cli/cmd/checkRunner.go index 5a05c10a8..7bf75d090 100644 --- a/cli/cmd/checkRunner.go +++ b/cli/cmd/checkRunner.go @@ -2,8 +2,8 @@ package cmd import ( "context" + "embed" "fmt" - "github.com/up9inc/mizu/shared" rbac "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes/scheme" @@ -17,6 +17,11 @@ import ( "github.com/up9inc/mizu/shared/semver" ) +var ( + //go:embed permissionFiles + embedFS embed.FS +) + func runMizuCheck() { logger.Log.Infof("Mizu checks\n===================") @@ -248,12 +253,12 @@ func checkK8sTapPermissions(ctx context.Context, kubernetesProvider *kubernetes. var filePath string if config.Config.IsNsRestrictedMode() { - filePath = "./examples/roles/permissions-ns-tap.yaml" + filePath = "permissionFiles/permissions-ns-tap.yaml" } else { - filePath = "./examples/roles/permissions-all-namespaces-tap.yaml" + filePath = "permissionFiles/permissions-all-namespaces-tap.yaml" } - data, err := shared.ReadFromFile(filePath) + data, err := embedFS.ReadFile(filePath) if err != nil { logger.Log.Errorf("%v error while checking kubernetes permissions, err: %v", fmt.Sprintf(uiUtils.Red, "✗"), err) return false diff --git a/examples/roles/permissions-all-namespaces-debug-optional.yaml b/cli/cmd/permissionFiles/permissions-all-namespaces-debug-optional.yaml similarity index 100% rename from examples/roles/permissions-all-namespaces-debug-optional.yaml rename to cli/cmd/permissionFiles/permissions-all-namespaces-debug-optional.yaml diff --git a/examples/roles/permissions-all-namespaces-ip-resolution-optional.yaml b/cli/cmd/permissionFiles/permissions-all-namespaces-ip-resolution-optional.yaml similarity index 100% rename from examples/roles/permissions-all-namespaces-ip-resolution-optional.yaml rename to cli/cmd/permissionFiles/permissions-all-namespaces-ip-resolution-optional.yaml diff --git a/examples/roles/permissions-all-namespaces-tap.yaml b/cli/cmd/permissionFiles/permissions-all-namespaces-tap.yaml similarity index 100% rename from examples/roles/permissions-all-namespaces-tap.yaml rename to cli/cmd/permissionFiles/permissions-all-namespaces-tap.yaml diff --git a/examples/roles/permissions-ns-debug-optional.yaml b/cli/cmd/permissionFiles/permissions-ns-debug-optional.yaml similarity index 100% rename from examples/roles/permissions-ns-debug-optional.yaml rename to cli/cmd/permissionFiles/permissions-ns-debug-optional.yaml diff --git a/examples/roles/permissions-ns-ip-resolution-optional.yaml b/cli/cmd/permissionFiles/permissions-ns-ip-resolution-optional.yaml similarity index 100% rename from examples/roles/permissions-ns-ip-resolution-optional.yaml rename to cli/cmd/permissionFiles/permissions-ns-ip-resolution-optional.yaml diff --git a/examples/roles/permissions-ns-tap.yaml b/cli/cmd/permissionFiles/permissions-ns-tap.yaml similarity index 100% rename from examples/roles/permissions-ns-tap.yaml rename to cli/cmd/permissionFiles/permissions-ns-tap.yaml diff --git a/docs/PERMISSIONS.md b/docs/PERMISSIONS.md index 0574cdfd0..5301693bf 100644 --- a/docs/PERMISSIONS.md +++ b/docs/PERMISSIONS.md @@ -85,4 +85,4 @@ By default Mizu requires cluster-wide permissions. If these are not available to the user, it is possible to run Mizu in namespace-restricted mode which has a reduced set of requirements. This is done by by setting the `mizu-resources-namespace` config option. See [configuration](CONFIGURATION.md) for instructions. -The different requirements are listed in [the example roles dir](../examples/roles) +The different requirements are listed in [the permission templates dir](../cli/cmd/permissionFiles) diff --git a/shared/fileUtils.go b/shared/fileUtils.go deleted file mode 100644 index 976ff6c2d..000000000 --- a/shared/fileUtils.go +++ /dev/null @@ -1,20 +0,0 @@ -package shared - -import ( - "io/ioutil" - "os" -) - -func ReadFromFile(path string) ([]byte, error) { - reader, err := os.Open(path) - if err != nil { - return nil, err - } - - data, err := ioutil.ReadAll(reader) - if err != nil { - return nil, err - } - - return data, nil -}