Golang AttributesRecord.APIGroup Exemples

Langage de programmation: Golang

Espace de nommage/Pack: k8s/io/apiserver/pkg/authorization/authorizer

Class/Type: AttributesRecord

Méthode/Fonction: APIGroup

Exemples au hotexamples.com: 2

Golang AttributesRecord.APIGroup - 2 exemples trouvés. Ce sont les exemples réels les mieux notés de k8s/io/apiserver/pkg/authorization/authorizer.AttributesRecord.APIGroup extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Méthodes fréquemment utilisées

Afficher Cacher

APIGroup(2)

Name(2)

Resource(2)

Subresource(2)

APIVersion(1)

Namespace(1)

Path(1)

ResourceRequest(1)

User(1)

Verb(1)

Méthodes fréquemment utilisées

APIGroup (2)

Name (2)

Resource (2)

Subresource (2)

APIVersion (1)

Namespace (1)

Path (1)

ResourceRequest (1)

User (1)

Verb (1)

Exemple #1

0

Afficher le fichier

Fichier : authorization.go Projet : kubernetes/kubernetes

func GetAuthorizerAttributes(ctx request.Context) (authorizer.Attributes, error) { attribs := authorizer.AttributesRecord{} user, ok := request.UserFrom(ctx) if ok { attribs.User = user } requestInfo, found := request.RequestInfoFrom(ctx) if !found { return nil, errors.New("no RequestInfo found in the context") } // Start with common attributes that apply to resource and non-resource requests attribs.ResourceRequest = requestInfo.IsResourceRequest attribs.Path = requestInfo.Path attribs.Verb = requestInfo.Verb attribs.APIGroup = requestInfo.APIGroup attribs.APIVersion = requestInfo.APIVersion attribs.Resource = requestInfo.Resource attribs.Subresource = requestInfo.Subresource attribs.Namespace = requestInfo.Namespace attribs.Name = requestInfo.Name return &attribs, nil }

Exemple #2

0

Afficher le fichier

Fichier : escalation_check.go Projet : kubernetes/kubernetes

// BindingAuthorized returns true if the user associated with the context is explicitly authorized to bind the specified roleRef func BindingAuthorized(ctx genericapirequest.Context, roleRef rbac.RoleRef, bindingNamespace string, a authorizer.Authorizer) bool { if a == nil { return false } user, ok := genericapirequest.UserFrom(ctx) if !ok { return false } attrs := authorizer.AttributesRecord{ User: user, Verb: "bind", // check against the namespace where the binding is being created (or the empty namespace for clusterrolebindings). // this allows delegation to bind particular clusterroles in rolebindings within particular namespaces, // and to authorize binding a clusterrole across all namespaces in a clusterrolebinding. Namespace: bindingNamespace, ResourceRequest: true, } // This occurs after defaulting and conversion, so values pulled from the roleRef won't change // Invalid APIGroup or Name values will fail validation switch roleRef.Kind { case "ClusterRole": attrs.APIGroup = roleRef.APIGroup attrs.Resource = "clusterroles" attrs.Name = roleRef.Name case "Role": attrs.APIGroup = roleRef.APIGroup attrs.Resource = "roles" attrs.Name = roleRef.Name default: return false } ok, _, err := a.Authorize(attrs) if err != nil { utilruntime.HandleError(fmt.Errorf( "error authorizing user %#v to bind %#v in namespace %s: %v", roleRef, bindingNamespace, user, err, )) } return ok }