本文整理汇总了Golang中github.com/openshift/origin/pkg/authorization/authorizer.DefaultAuthorizationAttributes.Verb方法的典型用法代码示例。如果您正苦于以下问题:Golang DefaultAuthorizationAttributes.Verb方法的具体用法?Golang DefaultAuthorizationAttributes.Verb怎么用?Golang DefaultAuthorizationAttributes.Verb使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类github.com/openshift/origin/pkg/authorization/authorizer.DefaultAuthorizationAttributes
的用法示例。
在下文中一共展示了DefaultAuthorizationAttributes.Verb方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: GetRequestAttributes
// GetRequestAttributes populates authorizer attributes for the requests to the kubelet API.
// Default attributes are {apiVersion=v1,verb=proxy,resource=nodes,resourceName=<node name>}
// More specific verb/resource is set for the following request patterns:
// /stats/* => verb=<api verb from request>, resource=nodes/stats
// /metrics/* => verb=<api verb from request>, resource=nodes/metrics
// /logs/* => verb=<api verb from request>, resource=nodes/log
func (n NodeAuthorizerAttributesGetter) GetRequestAttributes(u user.Info, r *http.Request) kauthorizer.Attributes {
namespace := ""
apiVerb := ""
switch r.Method {
case "POST":
apiVerb = "create"
case "GET":
apiVerb = "get"
case "PUT":
apiVerb = "update"
case "PATCH":
apiVerb = "patch"
case "DELETE":
apiVerb = "delete"
}
// Default verb/resource is <apiVerb> nodes/proxy, which allows full access to the kubelet API
attrs := oauthorizer.DefaultAuthorizationAttributes{
APIVersion: "v1",
APIGroup: "",
Verb: apiVerb,
Resource: "nodes/proxy",
ResourceName: n.nodeName,
URL: r.URL.Path,
}
// Override verb/resource for specific paths
// Updates to these rules require updating NodeAdminRole and NodeReaderRole in bootstrap policy
switch {
case isSubpath(r, "/spec"):
attrs.Verb = apiVerb
attrs.Resource = authorizationapi.NodeSpecResource
case isSubpath(r, "/stats"):
attrs.Verb = apiVerb
attrs.Resource = authorizationapi.NodeStatsResource
case isSubpath(r, "/metrics"):
attrs.Verb = apiVerb
attrs.Resource = authorizationapi.NodeMetricsResource
case isSubpath(r, "/logs"):
attrs.Verb = apiVerb
attrs.Resource = authorizationapi.NodeLogResource
}
// TODO: handle other things like /healthz/*? not sure if "non-resource" urls on the kubelet make sense to authorize against master non-resource URL policy
glog.V(2).Infof("Node request attributes: namespace=%s, user=%#v, attrs=%#v", namespace, u, attrs)
return authzadapter.KubernetesAuthorizerAttributes(namespace, u, attrs)
}