github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-07 12:11:43 +00:00
Code Issues Projects Releases Wiki Activity

Authorization based on namespace, kind, readonly.

Browse Source 
Also, pass Authorizer into master.Config.
This commit is contained in:
Eric Tune
2014-11-01 23:50:00 -07:00
parent d6e36a4756
commit 1668c6f107
9 changed files with 374 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/apiserver/authz.go
View File

@@ -36,6 +36,10 @@ func (alwaysAllowAuthorizer) Authorize(a authorizer.Attributes) (err error) {
return nil
}
func NewAlwaysAllowAuthorizer() authorizer.Authorizer {
return new(alwaysAllowAuthorizer)
}
// alwaysDenyAuthorizer is an implementation of authorizer.Attributes
// which always says no to an authorization request.
// It is useful in unit tests to force an operation to be forbidden.
@@ -45,6 +49,10 @@ func (alwaysDenyAuthorizer) Authorize(a authorizer.Attributes) (err error) {
return errors.New("Everything is forbidden.")
}
func NewAlwaysDenyAuthorizer() authorizer.Authorizer {
return new(alwaysDenyAuthorizer)
}
const (
ModeAlwaysAllow string = "AlwaysAllow"
ModeAlwaysDeny string = "AlwaysDeny"
@@ -59,9 +67,9 @@ func NewAuthorizerFromAuthorizationConfig(authorizationMode string) (authorizer.
// Keep cases in sync with constant list above.
switch authorizationMode {
case ModeAlwaysAllow:
return new(alwaysAllowAuthorizer), nil
return NewAlwaysAllowAuthorizer(), nil
case ModeAlwaysDeny:
return new(alwaysDenyAuthorizer), nil
return NewAlwaysDenyAuthorizer(), nil
default:
return nil, errors.New("Unknown authorization mode")
}