func authorize(manifest manifest.Manifest) error { var policy auth.Policy var err error switch *authType { case auth.Null: if *keyring != "" { return util.Errorf("--keyring may not be specified if --auth-type is '%s'", *authType) } if *deployPolicy != "" { return util.Errorf("--deploy-policy may not be specified if --auth-type is '%s'", *authType) } if len(*allowedUsers) != 0 { return util.Errorf("--allowed-users may not be specified if --auth-type is '%s'", *authType) } return nil case auth.Keyring: if *keyring == "" { return util.Errorf("Must specify --keyring if --auth-type is '%s'", *authType) } if len(*allowedUsers) == 0 { return util.Errorf("Must specify at least one allowed user if using a keyring auth type") } policy, err = auth.NewFileKeyringPolicy( *keyring, map[types.PodID][]string{ constants.PreparerPodID: *allowedUsers, }, ) if err != nil { return err } case auth.User: if *keyring == "" { return util.Errorf("Must specify --keyring if --auth-type is '%s'", *authType) } if *deployPolicy == "" { return util.Errorf("Must specify --deploy-policy if --auth-type is '%s'", *authType) } policy, err = auth.NewUserPolicy( *keyring, *deployPolicy, constants.PreparerPodID, constants.PreparerPodID.String(), ) if err != nil { return err } default: return util.Errorf("Unknown --auth-type: %s", *authType) } logger := logging.NewLogger(logrus.Fields{}) logger.Logger.Formatter = new(logrus.TextFormatter) err = policy.AuthorizeApp(manifest, logger) if err != nil { if err, ok := err.(auth.Error); ok { logger.WithFields(err.Fields).Errorln(err) } else { logger.NoFields().Errorln(err) } return err } return nil }