scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-02 03:08:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding non persistent review test

Browse Source 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
This commit is contained in:
Serguei Bezverkhi
2019-04-23 18:02:40 -04:00
parent cc7700ae31
commit 6fe28ee957
6 changed files with 59 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/registry/authorization/localsubjectaccessreview/rest.go
View File

@@ -63,6 +63,12 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation
return nil, kapierrors.NewBadRequest(fmt.Sprintf("spec.resourceAttributes.namespace must match namespace: %v", namespace))
}
if createValidation != nil {
if err := createValidation(obj.DeepCopyObject()); err != nil {
return nil, err
}
}
authorizationAttributes := authorizationutil.AuthorizationAttributesFrom(localSubjectAccessReview.Spec)
decision, reason, evaluationErr := r.authorizer.Authorize(authorizationAttributes)

6
pkg/registry/authorization/selfsubjectaccessreview/rest.go
View File

@@ -60,6 +60,12 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation
return nil, apierrors.NewBadRequest("no user present on request")
}
if createValidation != nil {
if err := createValidation(obj.DeepCopyObject()); err != nil {
return nil, err
}
}
var authorizationAttributes authorizer.AttributesRecord
if selfSAR.Spec.ResourceAttributes != nil {
authorizationAttributes = authorizationutil.ResourceAttributesFrom(userToCheck, *selfSAR.Spec.ResourceAttributes)

7
pkg/registry/authorization/selfsubjectrulesreview/rest.go
View File

@@ -65,6 +65,13 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation
if namespace == "" {
return nil, apierrors.NewBadRequest("no namespace on request")
}
if createValidation != nil {
if err := createValidation(obj.DeepCopyObject()); err != nil {
return nil, err
}
}
resourceInfo, nonResourceInfo, incomplete, err := r.ruleResolver.RulesFor(user, namespace)
ret := &authorizationapi.SelfSubjectRulesReview{

6
pkg/registry/authorization/subjectaccessreview/rest.go
View File

@@ -55,6 +55,12 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation
return nil, kapierrors.NewInvalid(authorizationapi.Kind(subjectAccessReview.Kind), "", errs)
}
if createValidation != nil {
if err := createValidation(obj.DeepCopyObject()); err != nil {
return nil, err
}
}
authorizationAttributes := authorizationutil.AuthorizationAttributesFrom(subjectAccessReview.Spec)
decision, reason, evaluationErr := r.authorizer.Authorize(authorizationAttributes)