本文整理汇总了Golang中github.com/openshift/origin/pkg/authorization/authorizer.Action.GetVerb方法的典型用法代码示例。如果您正苦于以下问题:Golang Action.GetVerb方法的具体用法?Golang Action.GetVerb怎么用?Golang Action.GetVerb使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类github.com/openshift/origin/pkg/authorization/authorizer.Action
的用法示例。
在下文中一共展示了Action.GetVerb方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: cacheKey
func cacheKey(ctx kapi.Context, a authorizer.Action) (string, error) {
if a.GetRequestAttributes() != nil {
// TODO: see if we can serialize this?
return "", errors.New("cannot cache request attributes")
}
keyData := map[string]interface{}{
"verb": a.GetVerb(),
"apiVersion": a.GetAPIVersion(),
"apiGroup": a.GetAPIGroup(),
"resource": a.GetResource(),
"resourceName": a.GetResourceName(),
"nonResourceURL": a.IsNonResourceURL(),
"url": a.GetURL(),
}
if namespace, ok := kapi.NamespaceFrom(ctx); ok {
keyData["namespace"] = namespace
}
if user, ok := kapi.UserFrom(ctx); ok {
keyData["user"] = user.GetName()
keyData["groups"] = user.GetGroups()
keyData["scopes"] = user.GetExtra()[authorizationapi.ScopesKey]
}
key, err := json.Marshal(keyData)
return string(key), err
}
示例2: getAction
func getAction(namespace string, attributes authorizer.Action) authzapi.Action {
return authzapi.Action{
Namespace: namespace,
Verb: attributes.GetVerb(),
Group: attributes.GetAPIGroup(),
Version: attributes.GetAPIVersion(),
Resource: attributes.GetResource(),
ResourceName: attributes.GetResourceName(),
// TODO: missing from authorizer.Action:
// Content
// TODO: missing from authzapi.Action
// RequestAttributes (unserializable?)
// IsNonResourceURL
// URL (doesn't make sense for remote authz?)
}
}
示例3: Authorize
func (impersonateAuthorizer) Authorize(ctx kapi.Context, a authorizer.Action) (allowed bool, reason string, err error) {
user, exists := kapi.UserFrom(ctx)
if !exists {
return false, "missing user", nil
}
switch {
case user.GetName() == "system:admin":
return true, "", nil
case user.GetName() == "tester":
return false, "", fmt.Errorf("works on my machine")
case user.GetName() == "deny-me":
return false, "denied", nil
}
if len(user.GetGroups()) > 0 && user.GetGroups()[0] == "wheel" && a.GetVerb() == "impersonate" && a.GetResource() == "systemusers" {
return true, "", nil
}
if len(user.GetGroups()) > 0 && user.GetGroups()[0] == "sa-impersonater" && a.GetVerb() == "impersonate" && a.GetResource() == "serviceaccounts" {
return true, "", nil
}
if len(user.GetGroups()) > 0 && user.GetGroups()[0] == "regular-impersonater" && a.GetVerb() == "impersonate" && a.GetResource() == "users" {
return true, "", nil
}
if len(user.GetGroups()) > 1 && user.GetGroups()[1] == "group-impersonater" && a.GetVerb() == "impersonate" && a.GetResource() == "groups" {
return true, "", nil
}
if len(user.GetGroups()) > 1 && user.GetGroups()[1] == "system-group-impersonater" && a.GetVerb() == "impersonate" && a.GetResource() == "systemgroups" {
return true, "", nil
}
return false, "deny by default", nil
}