github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 20:24:09 +00:00
Code Issues Projects Releases Wiki Activity

refactor authorizer to return a tristate decision

Browse Source
This commit is contained in:
Mike Danese 2017-09-29 14:21:08 -07:00
parent 71918892c1
commit ee4d2d0a94
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
staging/src/k8s.io/apiserver/pkg/authorization/authorizer/interfaces.go
View File

@ -67,12 +67,12 @@ type Attributes interface {
// zero or more calls to methods of the Attributes interface. It returns nil when an action is // zero or more calls to methods of the Attributes interface. It returns nil when an action is
// authorized, otherwise it returns an error. // authorized, otherwise it returns an error.
type Authorizer interface { type Authorizer interface {
Authorize(a Attributes) (authorized bool, reason string, err error) Authorize(a Attributes) (authorized Decision, reason string, err error)
} }
type AuthorizerFunc func(a Attributes) (bool, string, error) type AuthorizerFunc func(a Attributes) (Decision, string, error)
func (f AuthorizerFunc) Authorize(a Attributes) (bool, string, error) { func (f AuthorizerFunc) Authorize(a Attributes) (Decision, string, error) {
return f(a) return f(a)
} }
@ -144,3 +144,15 @@ func (a AttributesRecord) IsResourceRequest() bool {
func (a AttributesRecord) GetPath() string { func (a AttributesRecord) GetPath() string {
return a.Path return a.Path
} }
type Decision int
const (
// DecisionDeny means that an authorizer decided to deny the action.
DecisionDeny Decision = iota
// DecisionAllow means that an authorizer decided to allow the action.
DecisionAllow
// DecisionNoOpionion means that an authorizer has no opinion on wether
// to allow or deny an action.
DecisionNoOpinion
)