Пример #1
0
func (p policy) matches(a authorizer.Attributes) bool {
	if p.User == "" || p.User == a.GetUserName() {
		if p.Readonly == false || (p.Readonly == a.IsReadOnly()) {
			if p.Kind == "" || (p.Kind == a.GetKind()) {
				if p.Namespace == "" || (p.Namespace == a.GetNamespace()) {
					return true
				}
			}
		}
	}
	return false
}
Пример #2
0
func (p policy) subjectMatches(a authorizer.Attributes) bool {
	if p.User != "" {
		// Require user match
		if p.User != a.GetUserName() {
			return false
		}
	}

	if p.Group != "" {
		// Require group match
		for _, group := range a.GetGroups() {
			if p.Group == group {
				return true
			}
		}
		return false
	}

	return true
}
Пример #3
0
func (p policy) matches(a authorizer.Attributes) bool {
	if p.subjectMatches(a) {
		if p.Readonly == false || (p.Readonly == a.IsReadOnly()) {
			if p.Resource == "" || (p.Resource == a.GetResource()) {
				if p.Namespace == "" || (p.Namespace == a.GetNamespace()) {
					return true
				}
			}
		}
	}
	return false
}
Пример #4
0
func (allowAliceAuthorizer) Authorize(a authorizer.Attributes) error {
	if a.GetUserName() == "alice" {
		return nil
	}
	return errors.New("I can't allow that.  Go ask alice.")
}