func (w *userProjectWatcher) GroupMembershipChanged(namespaceName string, users, groups sets.String) { if !w.visibleNamespaces.Has("*") && !w.visibleNamespaces.Has(namespaceName) { // this user is scoped to a level that shouldn't see this update return } hasAccess := users.Has(w.user.GetName()) || groups.HasAny(w.user.GetGroups()...) _, known := w.knownProjects[namespaceName] switch { // this means that we were removed from the project case !hasAccess && known: delete(w.knownProjects, namespaceName) select { case w.cacheIncoming <- watch.Event{ Type: watch.Deleted, Object: projectutil.ConvertNamespace(&kapi.Namespace{ObjectMeta: kapi.ObjectMeta{Name: namespaceName}}), }: default: // remove the watcher so that we wont' be notified again and block w.authCache.RemoveWatcher(w) w.cacheError <- errors.New("delete notification timeout") } case hasAccess: namespace, err := w.projectCache.GetNamespace(namespaceName) if err != nil { utilruntime.HandleError(err) return } event := watch.Event{ Type: watch.Added, Object: projectutil.ConvertNamespace(namespace), } // if we already have this in our list, then we're getting notified because the object changed if lastResourceVersion, known := w.knownProjects[namespaceName]; known { event.Type = watch.Modified // if we've already notified for this particular resourceVersion, there's no work to do if lastResourceVersion == namespace.ResourceVersion { return } } w.knownProjects[namespaceName] = namespace.ResourceVersion select { case w.cacheIncoming <- event: default: // remove the watcher so that we won't be notified again and block w.authCache.RemoveWatcher(w) w.cacheError <- errors.New("add notification timeout") } } }
func (w *userProjectWatcher) GroupMembershipChanged(namespaceName string, latestUsers, lastestGroups, removedUsers, removedGroups, addedUsers, addedGroups sets.String) { hasAccess := latestUsers.Has(w.username) || lastestGroups.HasAny(w.groups...) removed := !hasAccess && (removedUsers.Has(w.username) || removedGroups.HasAny(w.groups...)) switch { case removed: if _, known := w.knownProjects[namespaceName]; !known { return } delete(w.knownProjects, namespaceName) select { case w.cacheIncoming <- watch.Event{ Type: watch.Deleted, Object: projectutil.ConvertNamespace(&kapi.Namespace{ObjectMeta: kapi.ObjectMeta{Name: namespaceName}}), }: default: // remove the watcher so that we wont' be notified again and block w.authCache.RemoveWatcher(w) w.cacheError <- errors.New("delete notification timeout") } case hasAccess: namespace, err := w.projectCache.GetNamespace(namespaceName) if err != nil { utilruntime.HandleError(err) return } event := watch.Event{ Type: watch.Added, Object: projectutil.ConvertNamespace(namespace), } // if we already have this in our list, then we're getting notified because the object changed if lastResourceVersion, known := w.knownProjects[namespaceName]; known { event.Type = watch.Modified // if we've already notified for this particular resourceVersion, there's no work to do if lastResourceVersion == namespace.ResourceVersion { return } } w.knownProjects[namespaceName] = namespace.ResourceVersion select { case w.cacheIncoming <- event: default: // remove the watcher so that we won't be notified again and block w.authCache.RemoveWatcher(w) w.cacheError <- errors.New("add notification timeout") } } }