// purgeDeletedNamespaces will remove all namespaces enumerated in a reviewRecordStore that are not in the namespace set
func purgeDeletedNamespaces(namespaceSet *util.StringSet, userSubjectRecordStore cache.Store, groupSubjectRecordStore cache.Store, reviewRecordStore cache.Store) {
reviewRecordItems := reviewRecordStore.List()
for i := range reviewRecordItems {
reviewRecord := reviewRecordItems[i].(*reviewRecord)
if !namespaceSet.Has(reviewRecord.namespace) {
deleteNamespaceFromSubjects(userSubjectRecordStore, reviewRecord.users, reviewRecord.namespace)
deleteNamespaceFromSubjects(groupSubjectRecordStore, reviewRecord.groups, reviewRecord.namespace)
reviewRecordStore.Delete(reviewRecord)
}
}
}
// getMatchingSecurityContextConstraints returns constraints from the store that match the group,
// uid, or user of the service account.
func getMatchingSecurityContextConstraints(store cache.Store, userInfo user.Info) ([]*kapi.SecurityContextConstraints, error) {
matchedConstraints := make([]*kapi.SecurityContextConstraints, 0)
for _, c := range store.List() {
constraint, ok := c.(*kapi.SecurityContextConstraints)
if !ok {
return nil, errors.NewInternalError(fmt.Errorf("error converting object from store to a security context constraint: %v", c))
}
if constraintAppliesTo(constraint, userInfo) {
matchedConstraints = append(matchedConstraints, constraint)
}
}
return matchedConstraints, nil
}