// UserHasRole checks if the given user has the given role // if the userName is empty, the current user will be used func (c *Context) UserHasRole(userName string, roleName string) (bool, error) { roleBindings, err := c.GetRoleBindingsForRole(roleName) if err != nil { return false, err } if len(roleBindings) == 0 { return false, fmt.Errorf("Could not find a Role Binding for role '%s'", roleName) } if len(userName) == 0 { user, err := c.GetCurrentUser() if err != nil { return false, err } userName = user.Name } namespace, err := c.Namespace() if err != nil { return false, err } allUsers := []string{} for _, rb := range roleBindings { users, _ := authapi.StringSubjectsFor(namespace, rb.Subjects) allUsers = append(allUsers, users...) } return contains(userName, allUsers), nil }
func convert_api_ClusterRoleBinding_To_v1_ClusterRoleBinding(in *newer.ClusterRoleBinding, out *ClusterRoleBinding, s conversion.Scope) error { if err := s.DefaultConvert(in, out, conversion.IgnoreMissingFields|conversion.AllowDifferentFieldTypeNames); err != nil { return err } out.UserNames, out.GroupNames = newer.StringSubjectsFor(in.Namespace, in.Subjects) return nil }
func Convert_api_ClusterRoleBinding_To_v1_ClusterRoleBinding(in *newer.ClusterRoleBinding, out *ClusterRoleBinding, s conversion.Scope) error { if err := autoConvert_api_ClusterRoleBinding_To_v1_ClusterRoleBinding(in, out, s); err != nil { return err } out.UserNames, out.GroupNames = newer.StringSubjectsFor(in.Namespace, in.Subjects) return nil }
func (o *SCCModificationOptions) RemoveSCC() error { scc, err := o.SCCInterface.SecurityContextConstraints().Get(o.SCCName) if err != nil { return err } users, groups := authorizationapi.StringSubjectsFor(o.DefaultSubjectNamespace, o.Subjects) _, remainingUsers := diff(users, scc.Users) _, remainingGroups := diff(groups, scc.Groups) scc.Users = remainingUsers scc.Groups = remainingGroups _, err = o.SCCInterface.SecurityContextConstraints().Update(scc) if err != nil { return err } return nil }
func (o *SCCModificationOptions) AddSCC() error { scc, err := o.SCCInterface.SecurityContextConstraints().Get(o.SCCName) if err != nil { return err } users, groups := authorizationapi.StringSubjectsFor(o.DefaultSubjectNamespace, o.Subjects) usersToAdd, _ := diff(users, scc.Users) groupsToAdd, _ := diff(groups, scc.Groups) scc.Users = append(scc.Users, usersToAdd...) scc.Groups = append(scc.Groups, groupsToAdd...) _, err = o.SCCInterface.SecurityContextConstraints().Update(scc) if err != nil { return err } return nil }
// GroupHasRole checks that the given group has the given role func (c *Context) GroupHasRole(groupName string, roleName string) (bool, error) { roleBindings, err := c.GetRoleBindingsForRole(roleName) if err != nil { return false, err } if len(roleBindings) == 0 { return false, fmt.Errorf("Could not find a Role Binding for role '%s'", roleName) } namespace, err := c.Namespace() if err != nil { return false, err } allGroups := []string{} for _, rb := range roleBindings { _, groups := authapi.StringSubjectsFor(namespace, rb.Subjects) allGroups = append(allGroups, groups...) } return contains(groupName, allGroups), nil }
func (a ClusterRoleBindingAdapter) Groups() sets.String { _, groups := authorizationapi.StringSubjectsFor(a.roleBinding.Namespace, a.roleBinding.Subjects) return sets.NewString(groups...) }
func (a ClusterRoleBindingAdapter) Users() sets.String { users, _ := authorizationapi.StringSubjectsFor(a.roleBinding.Namespace, a.roleBinding.Subjects) return sets.NewString(users...) }
func (a RoleBindingAdapter) Groups() util.StringSet { _, groups := authorizationapi.StringSubjectsFor(a.roleBinding.Namespace, a.roleBinding.Subjects) return util.NewStringSet(groups...) }
func (a RoleBindingAdapter) Users() util.StringSet { users, _ := authorizationapi.StringSubjectsFor(a.roleBinding.Namespace, a.roleBinding.Subjects) return util.NewStringSet(users...) }