Exemple #1
0
// NewAuthorizerFromAuthorizationConfig returns the right sort of authorizer.Authorizer
// based on the authorizationMode xor an error.  authorizationMode should be one of AuthorizationModeChoices.
func NewAuthorizerFromAuthorizationConfig(authorizationMode string, authorizationPolicyFile string) (authorizer.Authorizer, error) {
	if authorizationPolicyFile != "" && authorizationMode != "ABAC" {
		return nil, errors.New("Cannot specify --authorization_policy_file without mode ABAC")
	}
	// Keep cases in sync with constant list above.
	switch authorizationMode {
	case ModeAlwaysAllow:
		return NewAlwaysAllowAuthorizer(), nil
	case ModeAlwaysDeny:
		return NewAlwaysDenyAuthorizer(), nil
	case ModeABAC:
		return abac.NewFromFile(authorizationPolicyFile)
	default:
		return nil, errors.New("Unknown authorization mode")
	}
}
Exemple #2
0
func newAuthorizerWithContents(t *testing.T, contents string) authorizer.Authorizer {
	f, err := ioutil.TempFile("", "auth_test")
	if err != nil {
		t.Fatalf("unexpected error creating policyfile: %v", err)
	}
	f.Close()
	defer os.Remove(f.Name())

	if err := ioutil.WriteFile(f.Name(), []byte(contents), 0700); err != nil {
		t.Fatalf("unexpected error writing policyfile: %v", err)
	}

	pl, err := abac.NewFromFile(f.Name())
	if err != nil {
		t.Fatalf("unexpected error creating authorizer from policyfile: %v", err)
	}
	return pl
}