// NewAuthorizerFromAuthorizationConfig returns the right sort of authorizer.Authorizer // based on the authorizationMode xor an error. authorizationMode should be one of AuthorizationModeChoices. func NewAuthorizerFromAuthorizationConfig(authorizationMode string, authorizationPolicyFile string) (authorizer.Authorizer, error) { if authorizationPolicyFile != "" && authorizationMode != "ABAC" { return nil, errors.New("Cannot specify --authorization_policy_file without mode ABAC") } // Keep cases in sync with constant list above. switch authorizationMode { case ModeAlwaysAllow: return NewAlwaysAllowAuthorizer(), nil case ModeAlwaysDeny: return NewAlwaysDenyAuthorizer(), nil case ModeABAC: return abac.NewFromFile(authorizationPolicyFile) default: return nil, errors.New("Unknown authorization mode") } }
func newAuthorizerWithContents(t *testing.T, contents string) authorizer.Authorizer { f, err := ioutil.TempFile("", "auth_test") if err != nil { t.Fatalf("unexpected error creating policyfile: %v", err) } f.Close() defer os.Remove(f.Name()) if err := ioutil.WriteFile(f.Name(), []byte(contents), 0700); err != nil { t.Fatalf("unexpected error writing policyfile: %v", err) } pl, err := abac.NewFromFile(f.Name()) if err != nil { t.Fatalf("unexpected error creating authorizer from policyfile: %v", err) } return pl }