本文整理汇总了Golang中k8s/io/kubernetes/pkg/auth/authorizer.Attributes.IsReadOnly方法的典型用法代码示例。如果您正苦于以下问题:Golang Attributes.IsReadOnly方法的具体用法?Golang Attributes.IsReadOnly怎么用?Golang Attributes.IsReadOnly使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类k8s/io/kubernetes/pkg/auth/authorizer.Attributes
的用法示例。
在下文中一共展示了Attributes.IsReadOnly方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: Authorize
func (ka *allowTestAuthorizer) Authorize(a authorizer.Attributes) (string, error) {
var (
tenantName string
ns *api.Namespace
err error
)
if authorizer.IsWhiteListedUser(a.GetUserName()) {
return "", nil
} else {
if !a.IsReadOnly() && a.GetResource() == "tenants" {
return "", errors.New("only admin can write tenant")
}
}
if a.GetNamespace() != "" {
ns, err = ka.kubeClient.Namespaces().Get(a.GetNamespace())
if err != nil {
glog.Error(err)
return "", err
}
tenantName = ns.Tenant
} else {
if a.GetTenant() != "" {
te, err := ka.kubeClient.Tenants().Get(a.GetTenant())
if err != nil {
glog.Error(err)
return "", err
}
tenantName = te.Name
}
}
if tenantName == "" || tenantName == TenantTest {
return TenantTest, nil
}
return "", errors.New("Keystone authorization failed")
}
示例2: Authorize
// Authorizer implements authorizer.Authorize
func (ka *keystoneAuthorizer) Authorize(a authorizer.Attributes) (string, error) {
var (
tenantName string
ns *api.Namespace
err error
)
if a.GetNamespace() != "" {
ns, err = ka.kubeClient.Namespaces().Get(a.GetNamespace())
if err != nil {
return "", err
}
tenantName = ns.Tenant
} else {
if a.GetTenant() != "" {
te, err := ka.kubeClient.Tenants().Get(a.GetTenant())
if err != nil {
return "", err
}
tenantName = te.Name
}
}
if authorizer.IsWhiteListedUser(a.GetUserName()) {
if a.GetUserName() != api.UserAdmin {
return tenantName, nil
} else {
return api.TenantDefault, nil
}
} else {
if !a.IsReadOnly() && a.GetResource() == "tenants" {
return "", errors.New("only admin can write tenant")
}
}
authConfig := &authConfig{
AuthUrl: ka.authUrl,
Username: a.GetUserName(),
Password: a.GetPassword(),
}
osClient, err := newOpenstackClient(authConfig)
if err != nil {
glog.Errorf("%v", err)
return "", err
}
tenant, err := osClient.getTenant()
if err != nil {
glog.Errorf("%v", err)
return "", err
}
if tenantName == "" || tenantName == tenant.Name {
return tenant.Name, nil
}
return "", errors.New("Keystone authorization failed")
}
示例3: matches
func (p policy) matches(a authorizer.Attributes) bool {
if p.subjectMatches(a) {
if p.Readonly == false || (p.Readonly == a.IsReadOnly()) {
if p.Resource == "" || (p.Resource == a.GetResource()) {
if p.Namespace == "" || (p.Namespace == a.GetNamespace()) {
return true
}
}
}
}
return false
}
示例4: verbMatches
func verbMatches(p api.Policy, a authorizer.Attributes) bool {
// TODO: match on verb
// All policies allow read only requests
if a.IsReadOnly() {
return true
}
// Allow if policy is not readonly
if !p.Spec.Readonly {
return true
}
return false
}
示例5: matches
func (p policy) matches(a authorizer.Attributes) bool {
if p.subjectMatches(a) {
if p.Readonly == false || (p.Readonly == a.IsReadOnly()) {
switch {
case p.NonResourcePath != "":
if p.NonResourcePath == a.GetNonResourcePath() {
return true
}
// When the path is a non-resource path it cannot match.
case len(a.GetNonResourcePath()) == 0 && (p.Resource == "" || (p.Resource == a.GetResource())):
if p.Namespace == "" || (p.Namespace == a.GetNamespace()) {
return true
}
}
}
}
return false
}