Golang AuthorizationAttributes.GetVerb示例

编程语言: Golang

命名空间/包名称: github.com/openshift/origin/pkg/authorization/authorizer

方法/功能: GetVerb

hotexamples.com的示例: 3

Golang AuthorizationAttributes.GetVerb - 已找到3个示例。这些是从开源项目中提取的最受好评的github.com/openshift/origin/pkg/authorization/authorizer.AuthorizationAttributes.GetVerb现实Golang示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

GetResource(8)

GetAPIGroup(4)

GetResourceName(4)

GetAPIVersion(3)

GetVerb(3)

GetRequestAttributes(1)

GetURL(1)

IsNonResourceURL(1)

示例#1

显示文件

文件： authorizer.go 项目： johnmccawley/origin

func cacheKey(ctx kapi.Context, a authorizer.AuthorizationAttributes) (string, error) {
	if a.GetRequestAttributes() != nil {
		// TODO: see if we can serialize this?
		return "", errors.New("cannot cache request attributes")
	}

	keyData := map[string]interface{}{
		"verb":           a.GetVerb(),
		"apiVersion":     a.GetAPIVersion(),
		"apiGroup":       a.GetAPIGroup(),
		"resource":       a.GetResource(),
		"resourceName":   a.GetResourceName(),
		"nonResourceURL": a.IsNonResourceURL(),
		"url":            a.GetURL(),
	}

	if namespace, ok := kapi.NamespaceFrom(ctx); ok {
		keyData["namespace"] = namespace
	}
	if user, ok := kapi.UserFrom(ctx); ok {
		keyData["user"] = user.GetName()
		keyData["groups"] = user.GetGroups()
	}

	key, err := json.Marshal(keyData)
	return string(key), err
}

示例#2

显示文件

文件： authorizer.go 项目： johnmccawley/origin

func getAction(namespace string, attributes authorizer.AuthorizationAttributes) authzapi.AuthorizationAttributes {
	return authzapi.AuthorizationAttributes{
		Namespace:    namespace,
		Verb:         attributes.GetVerb(),
		Resource:     attributes.GetResource(),
		ResourceName: attributes.GetResourceName(),

		// TODO: missing from authorizer.AuthorizationAttributes:
		// Content

		// TODO: missing from authzapi.AuthorizationAttributes
		// APIVersion
		// APIGroup
		// RequestAttributes (unserializable?)
		// IsNonResourceURL
		// URL (doesn't make sense for remote authz?)
	}
}

示例#3

显示文件

文件： handlers_test.go 项目： RomainVabre/origin

func (impersonateAuthorizer) Authorize(ctx kapi.Context, a authorizer.AuthorizationAttributes) (allowed bool, reason string, err error) {
	user, exists := kapi.UserFrom(ctx)
	if !exists {
		return false, "missing user", nil
	}

	switch {
	case user.GetName() == "system:admin":
		return true, "", nil

	case user.GetName() == "tester":
		return false, "", fmt.Errorf("works on my machine")

	case user.GetName() == "deny-me":
		return false, "denied", nil
	}

	if len(user.GetGroups()) == 1 && user.GetGroups()[0] == "wheel" && a.GetVerb() == "impersonate" && a.GetResource() == "systemusers" {
		return true, "", nil
	}

	if len(user.GetGroups()) == 1 && user.GetGroups()[0] == "sa-impersonater" && a.GetVerb() == "impersonate" && a.GetResource() == "serviceaccounts" {
		return true, "", nil
	}

	if len(user.GetGroups()) == 1 && user.GetGroups()[0] == "regular-impersonater" && a.GetVerb() == "impersonate" && a.GetResource() == "users" {
		return true, "", nil
	}

	return false, "deny by default", nil
}