本文整理匯總了Golang中github.com/openshift/origin/pkg/authorization/api.Resource函數的典型用法代碼示例。如果您正苦於以下問題:Golang Resource函數的具體用法?Golang Resource怎麽用?Golang Resource使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了Resource函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: createRole
func (m *VirtualStorage) createRole(ctx kapi.Context, obj runtime.Object, allowEscalation bool) (*authorizationapi.Role, error) {
if err := rest.BeforeCreate(m.CreateStrategy, ctx, obj); err != nil {
return nil, err
}
role := obj.(*authorizationapi.Role)
if !allowEscalation {
if err := rulevalidation.ConfirmNoEscalation(ctx, authorizationapi.Resource("role"), role.Name, m.RuleResolver, authorizationinterfaces.NewLocalRoleAdapter(role)); err != nil {
return nil, err
}
}
policy, err := m.EnsurePolicy(ctx)
if err != nil {
return nil, err
}
if _, exists := policy.Roles[role.Name]; exists {
return nil, kapierrors.NewAlreadyExists(authorizationapi.Resource("role"), role.Name)
}
role.ResourceVersion = policy.ResourceVersion
policy.Roles[role.Name] = role
policy.LastModified = unversioned.Now()
if err := m.PolicyStorage.UpdatePolicy(ctx, policy); err != nil {
return nil, err
}
return role, nil
}示例2: Complete
func (o *ReconcileClusterRolesOptions) Complete(cmd *cobra.Command, f *clientcmd.Factory, args []string) error {
oclient, _, err := f.Clients()
if err != nil {
return err
}
o.RoleClient = oclient.ClusterRoles()
o.Output = kcmdutil.GetFlagString(cmd, "output")
mapper, _ := f.Object()
for _, resourceString := range args {
resource, name, err := osutil.ResolveResource(authorizationapi.Resource("clusterroles"), resourceString, mapper)
if err != nil {
return err
}
if resource != authorizationapi.Resource("clusterroles") {
return fmt.Errorf("%v is not a valid resource type for this command", resource)
}
if len(name) == 0 {
return fmt.Errorf("%s did not contain a name", resourceString)
}
o.RolesToReconcile = append(o.RolesToReconcile, name)
}
return nil
}示例3: updateRole
func (m *VirtualStorage) updateRole(ctx kapi.Context, name string, objInfo rest.UpdatedObjectInfo, allowEscalation bool) (*authorizationapi.Role, bool, error) {
old, err := m.Get(ctx, name)
if err != nil {
return nil, false, err
}
obj, err := objInfo.UpdatedObject(ctx, old)
if err != nil {
return nil, false, err
}
role, ok := obj.(*authorizationapi.Role)
if !ok {
return nil, false, kapierrors.NewBadRequest(fmt.Sprintf("obj is not a role: %#v", obj))
}
if err := rest.BeforeUpdate(m.UpdateStrategy, ctx, obj, old); err != nil {
return nil, false, err
}
if !allowEscalation {
if err := rulevalidation.ConfirmNoEscalation(ctx, authorizationapi.Resource("role"), role.Name, m.RuleResolver, authorizationinterfaces.NewLocalRoleAdapter(role)); err != nil {
return nil, false, err
}
}
policy, err := m.PolicyStorage.GetPolicy(ctx, authorizationapi.PolicyName)
if err != nil && kapierrors.IsNotFound(err) {
return nil, false, kapierrors.NewNotFound(authorizationapi.Resource("role"), role.Name)
}
if err != nil {
return nil, false, err
}
oldRole, exists := policy.Roles[role.Name]
if !exists {
return nil, false, kapierrors.NewNotFound(authorizationapi.Resource("role"), role.Name)
}
// non-mutating change
if kapi.Semantic.DeepEqual(oldRole, role) {
return role, false, nil
}
role.ResourceVersion = policy.ResourceVersion
policy.Roles[role.Name] = role
policy.LastModified = unversioned.Now()
if err := m.PolicyStorage.UpdatePolicy(ctx, policy); err != nil {
return nil, false, err
}
return role, false, nil
}示例4: Get
func (m *VirtualStorage) Get(ctx kapi.Context, name string) (runtime.Object, error) {
policyBinding, err := m.getPolicyBindingOwningRoleBinding(ctx, name)
if kapierrors.IsNotFound(err) {
return nil, kapierrors.NewNotFound(authorizationapi.Resource("rolebinding"), name)
}
if err != nil {
return nil, err
}
binding, exists := policyBinding.RoleBindings[name]
if !exists {
return nil, kapierrors.NewNotFound(authorizationapi.Resource("rolebinding"), name)
}
return binding, nil
}示例5: NewStorage
// NewStorage returns a RESTStorage object that will work against nodes.
func NewStorage(s storage.Interface) *REST {
store := &etcdgeneric.Etcd{
NewFunc: func() runtime.Object { return &authorizationapi.ClusterPolicy{} },
NewListFunc: func() runtime.Object { return &authorizationapi.ClusterPolicyList{} },
QualifiedResource: authorizationapi.Resource("clusterpolicy"),
KeyRootFunc: func(ctx kapi.Context) string {
return ClusterPolicyPath
},
KeyFunc: func(ctx kapi.Context, id string) (string, error) {
return util.NoNamespaceKeyFunc(ctx, ClusterPolicyPath, id)
},
ObjectNameFunc: func(obj runtime.Object) (string, error) {
return obj.(*authorizationapi.ClusterPolicy).Name, nil
},
PredicateFunc: func(label labels.Selector, field fields.Selector) generic.Matcher {
return clusterpolicy.Matcher(label, field)
},
CreateStrategy: clusterpolicy.Strategy,
UpdateStrategy: clusterpolicy.Strategy,
Storage: s,
}
return &REST{store}
}示例6: Get
func (m *VirtualStorage) Get(ctx kapi.Context, name string) (runtime.Object, error) {
policy, err := m.PolicyStorage.GetPolicy(ctx, authorizationapi.PolicyName)
if err != nil && kapierrors.IsNotFound(err) {
return nil, kapierrors.NewNotFound(authorizationapi.Resource("role"), name)
}
if err != nil {
return nil, err
}
role, exists := policy.Roles[name]
if !exists {
return nil, kapierrors.NewNotFound(authorizationapi.Resource("role"), name)
}
return role, nil
}示例7: NewStorage
// NewStorage returns a RESTStorage object that will work against nodes.
func NewStorage(optsGetter restoptions.Getter) (*REST, error) {
store := ®istry.Store{
NewFunc: func() runtime.Object { return &authorizationapi.ClusterPolicy{} },
NewListFunc: func() runtime.Object { return &authorizationapi.ClusterPolicyList{} },
QualifiedResource: authorizationapi.Resource("clusterpolicies"),
KeyRootFunc: func(ctx kapi.Context) string {
return ClusterPolicyPath
},
KeyFunc: func(ctx kapi.Context, id string) (string, error) {
return util.NoNamespaceKeyFunc(ctx, ClusterPolicyPath, id)
},
ObjectNameFunc: func(obj runtime.Object) (string, error) {
return obj.(*authorizationapi.ClusterPolicy).Name, nil
},
PredicateFunc: func(label labels.Selector, field fields.Selector) generic.Matcher {
return clusterpolicy.Matcher(label, field)
},
CreateStrategy: clusterpolicy.Strategy,
UpdateStrategy: clusterpolicy.Strategy,
}
if err := restoptions.ApplyOptions(optsGetter, store, ClusterPolicyPath); err != nil {
return nil, err
}
return &REST{store}, nil
}示例8: resolveRules
// resolveRules doesn't enforce namespace checks
func (e clusterRoleEvaluator) resolveRules(scope string, clusterPolicyGetter client.ClusterPolicyLister) ([]authorizationapi.PolicyRule, error) {
roleName, _, escalating, err := e.parseScope(scope)
if err != nil {
return nil, err
}
policy, err := clusterPolicyGetter.Get("default")
if err != nil {
return nil, err
}
role, exists := policy.Roles[roleName]
if !exists {
return nil, kapierrors.NewNotFound(authorizationapi.Resource("clusterrole"), roleName)
}
rules := []authorizationapi.PolicyRule{}
for _, rule := range role.Rules {
if escalating {
rules = append(rules, rule)
continue
}
// rules with unbounded access shouldn't be allowed in scopes.
if rule.Verbs.Has(authorizationapi.VerbAll) || rule.Resources.Has(authorizationapi.ResourceAll) || getAPIGroupSet(rule).Has(authorizationapi.APIGroupAll) {
continue
}
// rules that allow escalating resource access should be cleaned.
safeRule := removeEscalatingResources(rule)
rules = append(rules, safeRule)
}
return rules, nil
}示例9: Create
func (m *VirtualStorage) Create(ctx kapi.Context, obj runtime.Object) (runtime.Object, error) {
if err := rest.BeforeCreate(m.CreateStrategy, ctx, obj); err != nil {
return nil, err
}
role := obj.(*authorizationapi.Role)
policy, err := m.EnsurePolicy(ctx)
if err != nil {
return nil, err
}
if _, exists := policy.Roles[role.Name]; exists {
return nil, kapierrors.NewAlreadyExists(authorizationapi.Resource("role"), role.Name)
}
role.ResourceVersion = policy.ResourceVersion
policy.Roles[role.Name] = role
policy.LastModified = unversioned.Now()
if err := m.PolicyStorage.UpdatePolicy(ctx, policy); err != nil {
return nil, err
}
return role, nil
}示例10: confirmNoEscalation
func (m *VirtualStorage) confirmNoEscalation(ctx kapi.Context, roleBinding *authorizationapi.RoleBinding) error {
modifyingRole, err := m.RuleResolver.GetRole(authorizationinterfaces.NewLocalRoleBindingAdapter(roleBinding))
if err != nil {
return err
}
return rulevalidation.ConfirmNoEscalation(ctx, authorizationapi.Resource("rolebinding"), roleBinding.Name, m.RuleResolver, modifyingRole)
}示例11: isAllowed
// isAllowed checks to see if the current user has rights to issue a LocalSubjectAccessReview on the namespace they're attempting to access
func (r *REST) isAllowed(ctx kapi.Context, rar *authorizationapi.ResourceAccessReview) error {
localRARAttributes := authorizer.DefaultAuthorizationAttributes{
Verb: "create",
Resource: "localresourceaccessreviews",
}
allowed, reason, err := r.authorizer.Authorize(kapi.WithNamespace(ctx, rar.Action.Namespace), localRARAttributes)
if err != nil {
return kapierrors.NewForbidden(authorizationapi.Resource(localRARAttributes.GetResource()), localRARAttributes.GetResourceName(), err)
}
if !allowed {
forbiddenError := kapierrors.NewForbidden(authorizationapi.Resource(localRARAttributes.GetResource()), localRARAttributes.GetResourceName(), errors.New("") /*discarded*/)
forbiddenError.ErrStatus.Message = reason
return forbiddenError
}
return nil
}示例12: Get
// Get retrieves the Policy from the indexer for a given namespace and name.
func (s policyNamespaceLister) Get(name string) (*v1.Policy, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(api.Resource("policy"), name)
}
return obj.(*v1.Policy), nil
}示例13: updateRoleBinding
func (m *VirtualStorage) updateRoleBinding(ctx kapi.Context, name string, objInfo rest.UpdatedObjectInfo, allowEscalation bool) (*authorizationapi.RoleBinding, bool, error) {
old, err := m.Get(ctx, name)
if err != nil {
return nil, false, err
}
obj, err := objInfo.UpdatedObject(ctx, old)
if err != nil {
return nil, false, err
}
roleBinding, ok := obj.(*authorizationapi.RoleBinding)
if !ok {
return nil, false, kapierrors.NewBadRequest(fmt.Sprintf("obj is not a role: %#v", obj))
}
if err := rest.BeforeUpdate(m.UpdateStrategy, ctx, obj, old); err != nil {
return nil, false, err
}
if err := m.validateReferentialIntegrity(ctx, roleBinding); err != nil {
return nil, false, err
}
if !allowEscalation {
if err := m.confirmNoEscalation(ctx, roleBinding); err != nil {
return nil, false, err
}
}
policyBinding, err := m.getPolicyBindingForPolicy(ctx, roleBinding.RoleRef.Namespace, allowEscalation)
if err != nil {
return nil, false, err
}
previousRoleBinding, exists := policyBinding.RoleBindings[roleBinding.Name]
if !exists {
return nil, false, kapierrors.NewNotFound(authorizationapi.Resource("rolebinding"), roleBinding.Name)
}
if previousRoleBinding.RoleRef != roleBinding.RoleRef {
return nil, false, errors.New("roleBinding.RoleRef may not be modified")
}
if kapi.Semantic.DeepEqual(previousRoleBinding, roleBinding) {
return roleBinding, false, nil
}
roleBinding.ResourceVersion = policyBinding.ResourceVersion
policyBinding.RoleBindings[roleBinding.Name] = roleBinding
policyBinding.LastModified = unversioned.Now()
if err := m.BindingRegistry.UpdatePolicyBinding(ctx, policyBinding); err != nil {
return nil, false, err
}
return roleBinding, false, nil
}示例14: GetRole
func (a *DefaultRuleResolver) GetRole(roleBinding authorizationinterfaces.RoleBinding) (authorizationinterfaces.Role, error) {
namespace := roleBinding.RoleRef().Namespace
name := roleBinding.RoleRef().Name
if len(namespace) == 0 {
policy, err := a.clusterPolicyGetter.Get(authorizationapi.PolicyName)
if kapierror.IsNotFound(err) {
return nil, kapierror.NewNotFound(authorizationapi.Resource("role"), name)
}
if err != nil {
return nil, err
}
role, exists := policy.Roles[name]
if !exists {
return nil, kapierror.NewNotFound(authorizationapi.Resource("role"), name)
}
return authorizationinterfaces.NewClusterRoleAdapter(role), nil
}
if a.policyGetter == nil {
return nil, kapierror.NewNotFound(authorizationapi.Resource("role"), name)
}
policy, err := a.policyGetter.Policies(namespace).Get(authorizationapi.PolicyName)
if kapierror.IsNotFound(err) {
return nil, kapierror.NewNotFound(authorizationapi.Resource("role"), name)
}
if err != nil {
return nil, err
}
role, exists := policy.Roles[name]
if !exists {
return nil, kapierror.NewNotFound(authorizationapi.Resource("role"), name)
}
return authorizationinterfaces.NewLocalRoleAdapter(role), nil
}示例15: Delete
// Delete(ctx api.Context, name string) (runtime.Object, error)
func (m *VirtualStorage) Delete(ctx kapi.Context, name string, options *kapi.DeleteOptions) (runtime.Object, error) {
policy, err := m.PolicyStorage.GetPolicy(ctx, authorizationapi.PolicyName)
if err != nil && kapierrors.IsNotFound(err) {
return nil, kapierrors.NewNotFound(authorizationapi.Resource("role"), name)
}
if err != nil {
return nil, err
}
if _, exists := policy.Roles[name]; !exists {
return nil, kapierrors.NewNotFound(authorizationapi.Resource("role"), name)
}
delete(policy.Roles, name)
policy.LastModified = unversioned.Now()
if err := m.PolicyStorage.UpdatePolicy(ctx, policy); err != nil {
return nil, err
}
return &unversioned.Status{Status: unversioned.StatusSuccess}, nil
}