From b90a84b99b60e48b3ee8e6fa4c2801489d2f29e8 Mon Sep 17 00:00:00 2001
From: hongming <talonwan@yunify.com>
Date: Fri, 30 Nov 2018 17:15:21 +0800
Subject: [PATCH] fix: sync devops rolebindings

Signed-off-by: hongming <talonwan@yunify.com>
---
 pkg/constants/common.go             |  2 ++
 pkg/models/workspaces/workspaces.go | 18 +++++++++---------
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/pkg/constants/common.go b/pkg/constants/common.go
index 211be117c..398d7af70 100644
--- a/pkg/constants/common.go
+++ b/pkg/constants/common.go
@@ -48,6 +48,8 @@ const (
 	WorkspaceAdmin             = "workspace-admin"
 	WorkspaceRegular           = "workspace-regular"
 	WorkspaceViewer            = "workspace-viewer"
+	DevopsOwner                = "owner"
+	DevopsReporter             = "reporter"
 )
 
 var (
diff --git a/pkg/models/workspaces/workspaces.go b/pkg/models/workspaces/workspaces.go
index 5ab72e945..a2bd2ec78 100644
--- a/pkg/models/workspaces/workspaces.go
+++ b/pkg/models/workspaces/workspaces.go
@@ -110,16 +110,16 @@ func CreateDevopsProject(username string, workspace string, devops DevopsProject
 }
 
 func createDefaultDevopsRoleBinding(workspace string, project DevopsProject) {
-	admins := iam.GetWorkspaceUsers(workspace, "admin")
+	admins := iam.GetWorkspaceUsers(workspace, constants.WorkspaceAdmin)
 
 	for _, admin := range admins {
-		createDevopsRoleBinding(workspace, *project.ProjectId, admin, "owner")
+		createDevopsRoleBinding(workspace, *project.ProjectId, admin, constants.DevopsOwner)
 	}
 
-	viewers := iam.GetWorkspaceUsers(workspace, "viewer")
+	viewers := iam.GetWorkspaceUsers(workspace, constants.WorkspaceViewer)
 
 	for _, viewer := range viewers {
-		createDevopsRoleBinding(workspace, *project.ProjectId, viewer, "reporter")
+		createDevopsRoleBinding(workspace, *project.ProjectId, viewer, constants.DevopsReporter)
 	}
 }
 
@@ -1156,7 +1156,7 @@ func CreateWorkspaceRoleBinding(workspace *Workspace, username string, role stri
 				} else {
 					modify = true
 					roleBinding.Subjects = append(roleBinding.Subjects[:i], roleBinding.Subjects[i+1:]...)
-					if roleName == "admin" || roleName == "viewer" {
+					if roleName == constants.WorkspaceAdmin || roleName == constants.WorkspaceViewer {
 						go deleteDevopsRoleBinding(workspace.Name, "", username)
 					}
 					break
@@ -1167,10 +1167,10 @@ func CreateWorkspaceRoleBinding(workspace *Workspace, username string, role stri
 		if roleName == role {
 			modify = true
 			roleBinding.Subjects = append(roleBinding.Subjects, v1.Subject{Kind: v1.UserKind, Name: username})
-			if roleName == "admin" {
-				go createDevopsRoleBinding(workspace.Name, "", username, "owner")
-			} else if roleName == "viewer" {
-				go createDevopsRoleBinding(workspace.Name, "", username, "reporter")
+			if roleName == constants.WorkspaceAdmin {
+				go createDevopsRoleBinding(workspace.Name, "", username, constants.DevopsOwner)
+			} else if roleName == constants.WorkspaceViewer {
+				go createDevopsRoleBinding(workspace.Name, "", username, constants.DevopsReporter)
 			}
 		}