From dbb696508a4f990689097fe751f2b764b4cb1538 Mon Sep 17 00:00:00 2001 From: James Lucktaylor Date: Mon, 25 Mar 2019 15:43:28 +0000 Subject: [PATCH] Enact golint recommendations per issue 68026. Remove the 'abac' package from the golint exclusion list. Add/edit comments per golint feedback. Set PolicyList to be exported, as not exporting was breaking one of golint's rules around exported funcs returning an unexported type. Fix a broken test --- hack/.golint_failures | 1 - pkg/auth/authorizer/abac/abac.go | 22 +++++++++++++--------- pkg/auth/authorizer/abac/abac_test.go | 2 +- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/hack/.golint_failures b/hack/.golint_failures index 59618617ac0..fb08f6ae4ef 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -66,7 +66,6 @@ pkg/apis/storage/v1 pkg/apis/storage/v1/util pkg/apis/storage/v1beta1 pkg/apis/storage/v1beta1/util -pkg/auth/authorizer/abac pkg/capabilities pkg/cloudprovider/providers/fake pkg/cloudprovider/providers/photon diff --git a/pkg/auth/authorizer/abac/abac.go b/pkg/auth/authorizer/abac/abac.go index 8f49c98246b..09188b96f16 100644 --- a/pkg/auth/authorizer/abac/abac.go +++ b/pkg/auth/authorizer/abac/abac.go @@ -14,11 +14,9 @@ See the License for the specific language governing permissions and limitations under the License. */ +// Package abac authorizes Kubernetes API actions using an Attribute-based access control scheme. package abac -// Policy authorizes Kubernetes API actions using an Attribute-based access -// control scheme. - import ( "bufio" "fmt" @@ -31,6 +29,8 @@ import ( "k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/kubernetes/pkg/apis/abac" + + // Import latest API for init/side-effects _ "k8s.io/kubernetes/pkg/apis/abac/latest" "k8s.io/kubernetes/pkg/apis/abac/v0" ) @@ -49,10 +49,13 @@ func (p policyLoadError) Error() string { return fmt.Sprintf("error reading policy file %s: %v", p.path, p.err) } -type policyList []*abac.Policy +// PolicyList is simply a slice of Policy structs. +type PolicyList []*abac.Policy +// NewFromFile attempts to create a policy list from the given file. +// // TODO: Have policies be created via an API call and stored in REST storage. -func NewFromFile(path string) (policyList, error) { +func NewFromFile(path string) (PolicyList, error) { // File format is one map per line. This allows easy concatenation of files, // comments in files, and identification of errors by line number. file, err := os.Open(path) @@ -62,7 +65,7 @@ func NewFromFile(path string) (policyList, error) { defer file.Close() scanner := bufio.NewScanner(file) - pl := make(policyList, 0) + pl := make(PolicyList, 0) decoder := abac.Codecs.UniversalDecoder() @@ -220,8 +223,8 @@ func resourceMatches(p abac.Policy, a authorizer.Attributes) bool { return false } -// Authorizer implements authorizer.Authorize -func (pl policyList) Authorize(a authorizer.Attributes) (authorizer.Decision, string, error) { +// Authorize implements authorizer.Authorize +func (pl PolicyList) Authorize(a authorizer.Attributes) (authorizer.Decision, string, error) { for _, p := range pl { if matches(*p, a) { return authorizer.DecisionAllow, "", nil @@ -233,7 +236,8 @@ func (pl policyList) Authorize(a authorizer.Attributes) (authorizer.Decision, st // Then, add Caching only if needed. } -func (pl policyList) RulesFor(user user.Info, namespace string) ([]authorizer.ResourceRuleInfo, []authorizer.NonResourceRuleInfo, bool, error) { +// RulesFor returns rules for the given user and namespace. +func (pl PolicyList) RulesFor(user user.Info, namespace string) ([]authorizer.ResourceRuleInfo, []authorizer.NonResourceRuleInfo, bool, error) { var ( resourceRules []authorizer.ResourceRuleInfo nonResourceRules []authorizer.NonResourceRuleInfo diff --git a/pkg/auth/authorizer/abac/abac_test.go b/pkg/auth/authorizer/abac/abac_test.go index 6d732399201..8884151db5e 100644 --- a/pkg/auth/authorizer/abac/abac_test.go +++ b/pkg/auth/authorizer/abac/abac_test.go @@ -815,7 +815,7 @@ func TestSubjectMatches(t *testing.T) { } } -func newWithContents(t *testing.T, contents string) (policyList, error) { +func newWithContents(t *testing.T, contents string) (PolicyList, error) { f, err := ioutil.TempFile("", "abac_test") if err != nil { t.Fatalf("unexpected error creating policyfile: %v", err)