Create an official admin command

hack/common.sh

@@ -54,6 +54,7 @@ readonly OPENSHIFT_BINARY_SYMLINKS=(
   openshift-sti-build
   openshift-docker-build
   osc
+  osadm
 )
 readonly OPENSHIFT_BINARY_COPY=(
   osc

hack/test-cmd.sh

@@ -170,27 +170,34 @@ echo "templates: ok"
 # verify some default commands
 [ "$(openshift cli)" ]
 [ "$(openshift ex)" ]
-[ "$(openshift ex config 2>&1)" ]
+[ "$(openshift admin config 2>&1)" ]
+[ "$(openshift cli config 2>&1)" ]
 [ "$(openshift ex tokens)" ]
-[ "$(openshift ex policy  2>&1)" ]
+[ "$(openshift admin policy  2>&1)" ]
 [ "$(openshift kubectl 2>&1)" ]
 [ "$(openshift kube 2>&1)" ]
+[ "$(openshift admin 2>&1)" ]
 
 # help for root commands must be consistent
-[ "$(openshift | grep 'OpenShift for Admins')" ]
+[ "$(openshift | grep 'OpenShift Application Platform')" ]
 [ "$(osc | grep 'OpenShift Client')" ]
 [ "$(openshift cli | grep 'OpenShift Client')" ]
 [ "$(openshift kubectl 2>&1 | grep 'Kubernetes cluster')" ]
+[ "$(osadm 2>&1 | grep 'OpenShift Administrative Commands')" ]
+[ "$(openshift admin 2>&1 | grep 'OpenShift Administrative Commands')" ]
 
 # help for root commands with --help flag must be consistent
-[ "$(openshift --help 2>&1 | grep 'OpenShift for Admins')" ]
+[ "$(openshift --help 2>&1 | grep 'OpenShift Application Platform')" ]
 [ "$(osc --help 2>&1 | grep 'OpenShift Client')" ]
 [ "$(openshift cli --help 2>&1 | grep 'OpenShift Client')" ]
 [ "$(openshift kubectl --help 2>&1 | grep 'Kubernetes cluster')" ]
+[ "$(osadm --help 2>&1 | grep 'OpenShift Administrative Commands')" ]
+[ "$(openshift admin --help 2>&1 | grep 'OpenShift Administrative Commands')" ]
 
 # help for root commands through help command must be consistent
 [ "$(openshift help cli 2>&1 | grep 'OpenShift Client')" ]
 [ "$(openshift help kubectl 2>&1 | grep 'Kubernetes cluster')" ]
+[ "$(openshift help admin 2>&1 | grep 'OpenShift Administrative Commands')" ]
 
 # help for given command with --help flag must be consistent
 [ "$(osc get --help 2>&1 | grep 'Display one or many resources')" ]
@@ -308,44 +315,44 @@ osc describe build ${started} | grep openshift/ruby-20-centos7:success$
 osc cancel-build "${started}" --dump-logs --restart
 echo "cancel-build: ok"
 
-openshift ex policy add-group cluster-admin system:unauthenticated
-openshift ex policy remove-group cluster-admin system:unauthenticated
-openshift ex policy remove-group-from-project system:unauthenticated
-openshift ex policy add-user cluster-admin system:no-user
-openshift ex policy remove-user cluster-admin system:no-user
-openshift ex policy remove-user-from-project system:no-user
+openshift admin policy add-role-to-group cluster-admin system:unauthenticated
+openshift admin policy remove-role-from-group cluster-admin system:unauthenticated
+openshift admin policy remove-role-from-group-from-project system:unauthenticated
+openshift admin policy add-role-to-user cluster-admin system:no-user
+openshift admin policy remove-user cluster-admin system:no-user
+openshift admin policy remove-user-from-project system:no-user
 echo "ex policy: ok"
 
 # Test the commands the UI projects page tells users to run
 # These should match what is described in projects.html
-openshift ex new-project ui-test-project --admin="anypassword:createuser"
-openshift ex policy add-user admin anypassword:adduser -n ui-test-project
+osadm new-project ui-test-project --admin="anypassword:createuser"
+osadm policy add-role-to-user admin anypassword:adduser -n ui-test-project
 # Make sure project can be listed by osc (after auth cache syncs)
-sleep 2 && osc get projects | grep 'ui-test-project'
+sleep 2 && [ "$(osc get projects | grep 'ui-test-project')" ]
 # Make sure users got added
-osc describe policybinding master -n ui-test-project | grep createuser
-osc describe policybinding master -n ui-test-project | grep adduser
+[ "$(osc describe policybinding master -n ui-test-project | grep createuser)" ]
+[ "$(osc describe policybinding master -n ui-test-project | grep adduser)" ]
 echo "ui-project-commands: ok"
 
 # Test deleting and recreating a project
-openshift ex new-project recreated-project --admin="anypassword:createuser1"
+osadm new-project recreated-project --admin="anypassword:createuser1"
 osc delete project recreated-project
-openshift ex new-project recreated-project --admin="anypassword:createuser2"
+osadm new-project recreated-project --admin="anypassword:createuser2"
 osc describe policybinding master -n recreated-project | grep anypassword:createuser2
 echo "ex new-project: ok"
 
 # Test running a router
-[ ! "$(openshift ex router | grep 'does not exist')"]
-[ "$(openshift ex router -o yaml --credentials="${OPENSHIFTCONFIG}" | grep 'openshift/origin-haproxy-')" ]
-openshift ex router --create --credentials="${OPENSHIFTCONFIG}"
-[ "$(openshift ex router | grep 'service exists')" ]
+[ ! "$(osadm router | grep 'does not exist')" ]
+[ "$(osadm router -o yaml --credentials="${OPENSHIFTCONFIG}" | grep 'openshift/origin-haproxy-')" ]
+osadm router --create --credentials="${OPENSHIFTCONFIG}"
+[ "$(osadm router | grep 'service exists')" ]
 echo "ex router: ok"
 
 # Test running a registry
-[ ! "$(openshift ex registry | grep 'does not exist')"]
-[ "$(openshift ex registry -o yaml --credentials="${OPENSHIFTCONFIG}" | grep 'openshift/origin-docker-registry')" ]
-openshift ex registry --create --credentials="${OPENSHIFTCONFIG}"
-[ "$(openshift ex registry | grep 'service exists')" ]
+[ ! "$(osadm registry | grep 'does not exist')"]
+[ "$(osadm registry -o yaml --credentials="${OPENSHIFTCONFIG}" | grep 'openshift/origin-docker-registry')" ]
+osadm registry --create --credentials="${OPENSHIFTCONFIG}"
+[ "$(osadm registry | grep 'service exists')" ]
 echo "ex registry: ok"
 
 # verify the image repository had its tags populated

pkg/cmd/admin/admin.go

@@ -0,0 +1,74 @@
+package admin
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/openshift/origin/pkg/cmd/experimental/buildchain"
+	"github.com/openshift/origin/pkg/cmd/experimental/config"
+	"github.com/openshift/origin/pkg/cmd/experimental/policy"
+	"github.com/openshift/origin/pkg/cmd/experimental/project"
+	exregistry "github.com/openshift/origin/pkg/cmd/experimental/registry"
+	exrouter "github.com/openshift/origin/pkg/cmd/experimental/router"
+	"github.com/openshift/origin/pkg/cmd/server/admin"
+	"github.com/openshift/origin/pkg/cmd/templates"
+	"github.com/openshift/origin/pkg/cmd/util/clientcmd"
+	"github.com/openshift/origin/pkg/version"
+)
+
+const longDesc = `
+OpenShift Administrative Commands
+
+Commands for managing an OpenShift cluster are exposed here. Many administrative
+actions involve interaction with the OpenShift client as well.
+
+Note: This is a beta release of OpenShift and may change significantly.  See
+    https://github.com/openshift/origin for the latest information on OpenShift.
+`
+
+func NewCommandAdmin(name, fullName string) *cobra.Command {
+	// Main command
+	cmd := &cobra.Command{
+		Use:   name,
+		Short: "tools for managing an OpenShift cluster",
+		Long:  fmt.Sprintf(longDesc),
+		Run: func(c *cobra.Command, args []string) {
+			c.SetOutput(os.Stdout)
+			c.Help()
+		},
+	}
+
+	f := clientcmd.New(cmd.PersistentFlags())
+	//in := os.Stdin
+	out := os.Stdout
+
+	templates.UseAdminTemplates(cmd)
+
+	cmd.AddCommand(project.NewCmdNewProject(f, fullName, "new-project"))
+	cmd.AddCommand(policy.NewCommandPolicy(f, fullName, "policy"))
+	cmd.AddCommand(exrouter.NewCmdRouter(f, fullName, "router", out))
+	cmd.AddCommand(exregistry.NewCmdRegistry(f, fullName, "registry", out))
+	cmd.AddCommand(buildchain.NewCmdBuildChain(f, fullName, "build-chain"))
+	cmd.AddCommand(config.NewCmdConfig(fullName, "config"))
+
+	// TODO: these probably belong in a sub command
+	cmd.AddCommand(admin.NewCommandCreateKubeConfig())
+	cmd.AddCommand(admin.NewCommandCreateBootstrapPolicyFile())
+	cmd.AddCommand(admin.NewCommandOverwriteBootstrapPolicy(out))
+	cmd.AddCommand(admin.NewCommandNodeConfig())
+	// TODO: these should be rolled up together
+	cmd.AddCommand(admin.NewCommandCreateAllCerts())
+	cmd.AddCommand(admin.NewCommandCreateClientCert())
+	cmd.AddCommand(admin.NewCommandCreateNodeClientCert())
+	cmd.AddCommand(admin.NewCommandCreateServerCert())
+	cmd.AddCommand(admin.NewCommandCreateSignerCert())
+	cmd.AddCommand(admin.NewCommandCreateClient())
+
+	if name == fullName {
+		cmd.AddCommand(version.NewVersionCommand(fullName))
+	}
+
+	return cmd
+}

pkg/cmd/cli/cli.go

@@ -9,6 +9,7 @@ import (
 	"github.com/spf13/pflag"
 
 	"github.com/openshift/origin/pkg/cmd/cli/cmd"
+	"github.com/openshift/origin/pkg/cmd/experimental/config"
 	"github.com/openshift/origin/pkg/cmd/templates"
 	"github.com/openshift/origin/pkg/cmd/util/clientcmd"
 	"github.com/openshift/origin/pkg/version"
@@ -64,6 +65,7 @@ func NewCommandCLI(name, fullName string) *cobra.Command {
 	templates.UseCliTemplates(cmds)
 
 	cmds.AddCommand(cmd.NewCmdLogin(f, in, out))
+	cmds.AddCommand(cmd.NewCmdProject(f, out))
 	cmds.AddCommand(cmd.NewCmdNewApplication(fullName, f, out))
 	cmds.AddCommand(cmd.NewCmdStartBuild(fullName, f, out))
 	cmds.AddCommand(cmd.NewCmdCancelBuild(fullName, f, out))
@@ -80,9 +82,11 @@ func NewCommandCLI(name, fullName string) *cobra.Command {
 	cmds.AddCommand(cmd.NewCmdExec(fullName, f, os.Stdin, out, os.Stderr))
 	cmds.AddCommand(cmd.NewCmdPortForward(fullName, f))
 	cmds.AddCommand(f.NewCmdProxy(out))
-	cmds.AddCommand(cmd.NewCmdProject(f, out))
 	cmds.AddCommand(cmd.NewCmdOptions(f, out))
-	cmds.AddCommand(version.NewVersionCommand(fullName))
+	if name == fullName {
+		cmds.AddCommand(version.NewVersionCommand(fullName))
+	}
+	cmds.AddCommand(config.NewCmdConfig(fullName, "config"))
 
 	return cmds
 }

pkg/cmd/cli/describe/describer.go

@@ -480,23 +480,45 @@ func (d *RoleBindingDescriber) Describe(namespace, name string) (string, error)
 		return "", err
 	}
 
-	role, roleErr := d.Roles(roleBinding.RoleRef.Namespace).Get(roleBinding.RoleRef.Name)
+	role, err := d.Roles(roleBinding.RoleRef.Namespace).Get(roleBinding.RoleRef.Name)
+	return DescribeRoleBinding(roleBinding, role, err)
+}
 
+// DescribeRoleBinding prints out information about a role binding and its associated role
+func DescribeRoleBinding(roleBinding *authorizationapi.RoleBinding, role *authorizationapi.Role, err error) (string, error) {
 	return tabbedString(func(out *tabwriter.Writer) error {
 		formatMeta(out, roleBinding.ObjectMeta)
 
 		formatString(out, "Role", roleBinding.RoleRef.Namespace+"/"+roleBinding.RoleRef.Name)
 		formatString(out, "Users", roleBinding.Users.List())
 		formatString(out, "Groups", roleBinding.Groups.List())
 
-		if roleErr != nil {
-			formatString(out, "ROLE RESOLUTION ERROR", roleErr)
+		switch {
+		case err != nil:
+			formatString(out, "Policy Rules", fmt.Sprintf("error: %v", err))
 
-		} else {
+		case role != nil:
 			fmt.Fprint(out, policyRuleHeadings+"\n")
 			for _, rule := range role.Rules {
 				describePolicyRule(out, rule, "")
 			}
+
+		default:
+			formatString(out, "Policy Rules", "<none>")
+		}
+
+		return nil
+	})
+}
+
+// DescribeRole prints out information about a role
+func DescribeRole(role *authorizationapi.Role) (string, error) {
+	return tabbedString(func(out *tabwriter.Writer) error {
+		formatMeta(out, role.ObjectMeta)
+
+		fmt.Fprint(out, policyRuleHeadings+"\n")
+		for _, rule := range role.Rules {
+			describePolicyRule(out, rule, "")
 		}
 
 		return nil

pkg/cmd/experimental/config/config.go

@@ -10,7 +10,8 @@ import (
 
 func NewCmdConfig(parentName, name string) *cobra.Command {
 	cmd := config.NewCmdConfig(os.Stdout)
-	cmd.Long = fmt.Sprintf(`Manages .kubeconfig files using subcommands like:
+	cmd.Short = "Change configuration files for the client"
+	cmd.Long = fmt.Sprintf(`Manages the OpenShift config files using subcommands like:
 
 %[1]s %[2]s use-context my-context
 %[1]s %[2]s set preferences.some true

pkg/cmd/experimental/policy/add_group.go

@@ -25,9 +25,9 @@ func NewCmdAddGroup(f *clientcmd.Factory) *cobra.Command {
 	options := &addGroupOptions{}
 
 	cmd := &cobra.Command{
-		Use:   "add-group <role> <group> [group]...",
-		Short: "add group to role",
-		Long:  `add group to role`,
+		Use:   "add-role-to-group",
+		Short: "add groups to a role",
+		Long:  `add groups to a role`,
 		Run: func(cmd *cobra.Command, args []string) {
 			if !options.complete(cmd) {
 				return

pkg/cmd/experimental/policy/add_user.go

@@ -25,12 +25,12 @@ func NewCmdAddUser(f *clientcmd.Factory) *cobra.Command {
 	options := &AddUserOptions{}
 
 	cmd := &cobra.Command{
-		Use:   "add-user <role> <user> [user]...",
-		Short: "add user to role",
-		Long:  `add user to role`,
+		Use:   "add-role-to-user",
+		Short: "add users to a role",
+		Long:  `add users to a role`,
 		Run: func(cmd *cobra.Command, args []string) {
-			if !options.complete(cmd) {
-				return
+			if !options.complete(cmd, args) {
+				glog.Fatalf("You must specify two arguments")
 			}
 
 			var err error
@@ -51,10 +51,8 @@ func NewCmdAddUser(f *clientcmd.Factory) *cobra.Command {
 	return cmd
 }
 
-func (o *AddUserOptions) complete(cmd *cobra.Command) bool {
-	args := cmd.Flags().Args()
+func (o *AddUserOptions) complete(cmd *cobra.Command, args []string) bool {
 	if len(args) < 2 {
-		cmd.Help()
 		return false
 	}
 

pkg/cmd/experimental/policy/policy.go

@@ -20,8 +20,8 @@ func NewCommandPolicy(f *clientcmd.Factory, parentName, name string) *cobra.Comm
 	// Parent command to which all subcommands are added.
 	cmds := &cobra.Command{
 		Use:   name,
-		Short: "manage authorization policy",
-		Long:  `manage authorization policy`,
+		Short: "Manage authorization policy",
+		Long:  `Manage authorization policy`,
 		Run:   runHelp,
 	}
 

pkg/cmd/experimental/policy/remove_group.go

@@ -24,7 +24,7 @@ func NewCmdRemoveGroup(f *clientcmd.Factory) *cobra.Command {
 	options := &RemoveGroupOptions{}
 
 	cmd := &cobra.Command{
-		Use:   "remove-group <role> <group> [group]...",
+		Use:   "remove-role-from-group <role> <group> [group]...",
 		Short: "remove group from role",
 		Long:  `remove group from role`,
 		Run: func(cmd *cobra.Command, args []string) {

pkg/cmd/experimental/policy/remove_group_from_project.go

@@ -22,7 +22,7 @@ func NewCmdRemoveGroupFromProject(f *clientcmd.Factory) *cobra.Command {
 	options := &removeGroupFromProjectOptions{}
 
 	cmd := &cobra.Command{
-		Use:   "remove-group-from-project  <group> [group]...",
+		Use:   "remove-group  <group> [group]...",
 		Short: "remove group from project",
 		Long:  `remove group from project`,
 		Run: func(cmd *cobra.Command, args []string) {

pkg/cmd/experimental/policy/remove_user.go

@@ -24,7 +24,7 @@ func NewCmdRemoveUser(f *clientcmd.Factory) *cobra.Command {
 	options := &removeUserOptions{}
 
 	cmd := &cobra.Command{
-		Use:   "remove-user <role> <user> [user]...",
+		Use:   "remove-role-from-user <role> <user> [user]...",
 		Short: "remove user from role",
 		Long:  `remove user from role`,
 		Run: func(cmd *cobra.Command, args []string) {

pkg/cmd/experimental/policy/remove_user_from_project.go

@@ -22,7 +22,7 @@ func NewCmdRemoveUserFromProject(f *clientcmd.Factory) *cobra.Command {
 	options := &removeUserFromProjectOptions{}
 
 	cmd := &cobra.Command{
-		Use:   "remove-user-from-project  <user> [user]...",
+		Use:   "remove-user  <user> [user]...",
 		Short: "remove user from project",
 		Long:  `remove user from project`,
 		Run: func(cmd *cobra.Command, args []string) {