当前位置: 首页>>代码示例>>Golang>>正文


Golang authorizer.Attributes类代码示例

本文整理汇总了Golang中k8s/io/kubernetes/pkg/auth/authorizer.Attributes的典型用法代码示例。如果您正苦于以下问题:Golang Attributes类的具体用法?Golang Attributes怎么用?Golang Attributes使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


在下文中一共展示了Attributes类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。

示例1: subjectMatches

// subjectMatches returns true if specified user and group properties in the policy match the attributes
func subjectMatches(p api.Policy, a authorizer.Attributes) bool {
	matched := false

	// If the policy specified a user, ensure it matches
	if len(p.Spec.User) > 0 {
		if p.Spec.User == "*" {
			matched = true
		} else {
			matched = p.Spec.User == a.GetUserName()
			if !matched {
				return false
			}
		}
	}

	// If the policy specified a group, ensure it matches
	if len(p.Spec.Group) > 0 {
		if p.Spec.Group == "*" {
			matched = true
		} else {
			matched = false
			for _, group := range a.GetGroups() {
				if p.Spec.Group == group {
					matched = true
				}
			}
			if !matched {
				return false
			}
		}
	}

	return matched
}
开发者ID:40a,项目名称:bootkube,代码行数:35,代码来源:abac.go

示例2: OriginAuthorizerAttributes

// OriginAuthorizerAttributes adapts Kubernetes authorization attributes to Origin authorization attributes
// Note that some info (like resourceName, apiVersion, apiGroup) is not available from the Kubernetes attributes
func OriginAuthorizerAttributes(kattrs kauthorizer.Attributes) (kapi.Context, oauthorizer.AuthorizationAttributes) {
	// Build a context to hold the namespace and user info
	ctx := kapi.NewContext()
	ctx = kapi.WithNamespace(ctx, kattrs.GetNamespace())
	ctx = kapi.WithUser(ctx, &user.DefaultInfo{
		Name:   kattrs.GetUserName(),
		Groups: kattrs.GetGroups(),
	})

	// If the passed attributes already satisfy our interface, use it directly
	if oattrs, ok := kattrs.(oauthorizer.AuthorizationAttributes); ok {
		return ctx, oattrs
	}

	// Otherwise build what we can
	oattrs := &oauthorizer.DefaultAuthorizationAttributes{
		Verb:     kattrs.GetVerb(),
		Resource: kattrs.GetResource(),

		// TODO: add to kube authorizer attributes
		// APIVersion        string
		// APIGroup          string
		// ResourceName      string
		// RequestAttributes interface{}
		// NonResourceURL    bool
		// URL               string
	}
	return ctx, oattrs
}
开发者ID:ncantor,项目名称:origin,代码行数:31,代码来源:attributes.go

示例3: Authorize

func (sarAuthorizer) Authorize(a authorizer.Attributes) (bool, string, error) {
	if a.GetUser().GetName() == "dave" {
		return false, "no", errors.New("I'm sorry, Dave")
	}

	return true, "you're not dave", nil
}
开发者ID:pst,项目名称:kubernetes,代码行数:7,代码来源:accessreview_test.go

示例4: Authorize

func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (bool, string, error) {
	rules, ruleResolutionError := r.authorizationRuleResolver.RulesFor(requestAttributes.GetUser(), requestAttributes.GetNamespace())
	if RulesAllow(requestAttributes, rules...) {
		return true, "", nil
	}

	return false, "", ruleResolutionError
}
开发者ID:alex-mohr,项目名称:kubernetes,代码行数:8,代码来源:rbac.go

示例5: Authorize

func (r *privilegedGroupAuthorizer) Authorize(attr authorizer.Attributes) (bool, string, error) {
	for attr_group := range attr.GetUser().GetGroups() {
		for priv_group := range r.groups {
			if priv_group == attr_group {
				return true, "", nil
			}
		}
	}
	return false, "Not in privileged list.", nil
}
开发者ID:pst,项目名称:kubernetes,代码行数:10,代码来源:authz.go

示例6: Authorize

func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (bool, string, error) {
	rules, ruleResolutionError := r.authorizationRuleResolver.RulesFor(requestAttributes.GetUser(), requestAttributes.GetNamespace())
	if RulesAllow(requestAttributes, rules...) {
		return true, "", nil
	}

	glog.V(2).Infof("RBAC DENY: user %q groups %v cannot %q on \"%v.%v/%v\"", requestAttributes.GetUser().GetName(), requestAttributes.GetUser().GetGroups(),
		requestAttributes.GetVerb(), requestAttributes.GetResource(), requestAttributes.GetAPIGroup(), requestAttributes.GetSubresource())

	return false, "", ruleResolutionError
}
开发者ID:jonboulle,项目名称:kubernetes,代码行数:11,代码来源:rbac.go

示例7: Authorize

func (r *privilegedGroupAuthorizer) Authorize(attr authorizer.Attributes) (bool, string, error) {
	if attr.GetUser() == nil {
		return false, "Error", errors.New("no user on request.")
	}
	for _, attr_group := range attr.GetUser().GetGroups() {
		for _, priv_group := range r.groups {
			if priv_group == attr_group {
				return true, "", nil
			}
		}
	}
	return false, "", nil
}
开发者ID:nak3,项目名称:kubernetes,代码行数:13,代码来源:builtin.go

示例8: verbMatches

func verbMatches(p api.Policy, a authorizer.Attributes) bool {
	// TODO: match on verb

	// All policies allow read only requests
	if a.IsReadOnly() {
		return true
	}

	// Allow if policy is not readonly
	if !p.Spec.Readonly {
		return true
	}

	return false
}
开发者ID:40a,项目名称:bootkube,代码行数:15,代码来源:abac.go

示例9: Authorize

// alice can't act as anyone and bob can't do anything but act-as someone
func (impersonateAuthorizer) Authorize(a authorizer.Attributes) error {
	if a.GetUserName() == "alice" && a.GetVerb() != "impersonate" {
		return nil
	}
	if a.GetUserName() == "bob" && a.GetVerb() == "impersonate" {
		return nil
	}
	return errors.New("I can't allow that.  Go ask alice.")
}
开发者ID:RomainVabre,项目名称:origin,代码行数:10,代码来源:auth_test.go

示例10: matches

func (p policy) matches(a authorizer.Attributes) bool {
	if p.subjectMatches(a) {
		if p.Readonly == false || (p.Readonly == a.IsReadOnly()) {
			switch {
			case p.NonResourcePath != "":
				if p.NonResourcePath == a.GetNonResourcePath() {
					return true
				}
			// When the path is a non-resource path it cannot match.
			case len(a.GetNonResourcePath()) == 0 && (p.Resource == "" || (p.Resource == a.GetResource())):
				if p.Namespace == "" || (p.Namespace == a.GetNamespace()) {
					return true
				}
			}
		}
	}

	return false
}
开发者ID:ChengTiesheng,项目名称:operations-debs-kubernetes,代码行数:19,代码来源:abac.go

示例11: subjectMatches

func (p policy) subjectMatches(a authorizer.Attributes) bool {
	if p.User != "" {
		// Require user match
		if p.User != a.GetUserName() {
			return false
		}
	}

	if p.Group != "" {
		// Require group match
		for _, group := range a.GetGroups() {
			if p.Group == group {
				return true
			}
		}
		return false
	}

	return true
}
开发者ID:johnmccawley,项目名称:origin,代码行数:20,代码来源:abac.go

示例12: resourceMatches

func resourceMatches(p api.Policy, a authorizer.Attributes) bool {
	// A resource policy cannot match a non-resource request
	if a.IsResourceRequest() {
		if p.Spec.Namespace == "*" || p.Spec.Namespace == a.GetNamespace() {
			if p.Spec.Resource == "*" || p.Spec.Resource == a.GetResource() {
				if p.Spec.APIGroup == "*" || p.Spec.APIGroup == a.GetAPIGroup() {
					return true
				}
			}
		}
	}
	return false
}
开发者ID:40a,项目名称:bootkube,代码行数:13,代码来源:abac.go

示例13: subjectMatches

// subjectMatches returns true if specified user and group properties in the policy match the attributes
func subjectMatches(p api.Policy, a authorizer.Attributes) bool {
	matched := false

	username := ""
	groups := []string{}
	if user := a.GetUser(); user != nil {
		username = user.GetName()
		groups = user.GetGroups()
	}

	// If the policy specified a user, ensure it matches
	if len(p.Spec.User) > 0 {
		if p.Spec.User == "*" {
			matched = true
		} else {
			matched = p.Spec.User == username
			if !matched {
				return false
			}
		}
	}

	// If the policy specified a group, ensure it matches
	if len(p.Spec.Group) > 0 {
		if p.Spec.Group == "*" {
			matched = true
		} else {
			matched = false
			for _, group := range groups {
				if p.Spec.Group == group {
					matched = true
				}
			}
			if !matched {
				return false
			}
		}
	}

	return matched
}
开发者ID:CodeJuan,项目名称:kubernetes,代码行数:42,代码来源:abac.go

示例14: matches

func (p policy) matches(a authorizer.Attributes) bool {
	if p.subjectMatches(a) {
		if p.Readonly == false || (p.Readonly == a.IsReadOnly()) {
			if p.Resource == "" || (p.Resource == a.GetResource()) {
				if p.Namespace == "" || (p.Namespace == a.GetNamespace()) {
					return true
				}
			}
		}
	}
	return false
}
开发者ID:johnmccawley,项目名称:origin,代码行数:12,代码来源:abac.go

示例15: Authorize

func (fakeAuthorizer) Authorize(a authorizer.Attributes) (bool, string, error) {
	username := a.GetUser().GetName()

	if username == "non-deleter" {
		if a.GetVerb() == "delete" {
			return false, "", nil
		}
		return true, "", nil
	}

	if username == "non-pod-deleter" {
		if a.GetVerb() == "delete" && a.GetResource() == "pods" {
			return false, "", nil
		}
		return true, "", nil
	}

	return true, "", nil
}
开发者ID:jbeda,项目名称:kubernetes,代码行数:19,代码来源:gc_admission_test.go


注:本文中的k8s/io/kubernetes/pkg/auth/authorizer.Attributes类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。