fix: devop IAM bugs

Signed-off-by: hongming <talonwan@yunify.com>

pkg/controller/globalrolebinding/globalrolebinding_controller.go

@@ -229,17 +229,16 @@ func (c *Controller) reconcile(key string) error {
 	}
 
 	if globalRoleBinding.RoleRef.Name == iamv1alpha2.PlatformAdmin {
-		if err := c.relateToClusterAdmin(globalRoleBinding); err != nil {
+		if err := c.assignClusterAdminRole(globalRoleBinding); err != nil {
 			klog.Error(err)
 			return err
 		}
-		if c.devopsClient != nil {
-			username := findExpectUsername(globalRoleBinding)
-			err = c.devopsClient.AssignGlobalRole(modeldevops.JenkinsAdminRoleName, username)
-			if err != nil {
-				klog.Errorf("%+v", err)
-				return err
-			}
+	}
+
+	if c.devopsClient != nil {
+		if err := c.assignDevOpsAdminRole(globalRoleBinding); err != nil {
+			klog.Error(err)
+			return err
 		}
 	}
 
@@ -299,11 +298,9 @@ func (c *Controller) multiClusterSync(globalRoleBinding *iamv1alpha2.GlobalRoleB
 	return nil
 }
 
-func (c *Controller) relateToClusterAdmin(globalRoleBinding *iamv1alpha2.GlobalRoleBinding) error {
+func (c *Controller) assignClusterAdminRole(globalRoleBinding *iamv1alpha2.GlobalRoleBinding) error {
 
 	username := findExpectUsername(globalRoleBinding)
-
-	// unexpected
 	if username == "" {
 		return nil
 	}
@@ -436,6 +433,16 @@ func (c *Controller) ensureNotControlledByKubefed(globalRoleBinding *iamv1alpha2
 	return nil
 }
 
+func (c *Controller) assignDevOpsAdminRole(globalRoleBinding *iamv1alpha2.GlobalRoleBinding) error {
+	if username := findExpectUsername(globalRoleBinding); username != "" {
+		if err := c.devopsClient.AssignGlobalRole(modeldevops.JenkinsAdminRoleName, username); err != nil {
+			klog.Errorf("%+v", err)
+			return err
+		}
+	}
+	return nil
+}
+
 func ensureSubjectAPIVersionIsValid(subjects []rbacv1.Subject) []rbacv1.Subject {
 	validSubjects := make([]rbacv1.Subject, 0)
 	for _, subject := range subjects {