github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-16 06:32:32 +00:00
Code Issues Projects Releases Wiki Activity

Admission control attributes has access to resource name

Browse Source
This commit is contained in:
derekwaynecarr
2015-06-17 16:40:36 -04:00
parent 5e25827919
commit f6fb72ec51
12 changed files with 71 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/apiserver/resthandler.go
View File

@@ -165,7 +165,8 @@ func ConnectResource(connecter rest.Connecter, scope RequestScope, admit admissi
ResourcePath: restPath,
}
userInfo, _ := api.UserFrom(ctx)
err = admit.Admit(admission.NewAttributesRecord(connectRequest, scope.Kind, namespace, scope.Resource, scope.Subresource, admission.Connect, userInfo))
err = admit.Admit(admission.NewAttributesRecord(connectRequest, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Connect, userInfo))
if err != nil {
errorJSON(err, scope.Codec, w)
return
@@ -309,7 +310,8 @@ func createHandler(r rest.NamedCreater, scope RequestScope, typer runtime.Object
if admit.Handles(admission.Create) {
userInfo, _ := api.UserFrom(ctx)
err = admit.Admit(admission.NewAttributesRecord(obj, scope.Kind, namespace, scope.Resource, scope.Subresource, admission.Create, userInfo))
err = admit.Admit(admission.NewAttributesRecord(obj, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Create, userInfo))
if err != nil {
errorJSON(err, scope.Codec, w)
return
@@ -379,7 +381,8 @@ func PatchResource(r rest.Patcher, scope RequestScope, typer runtime.ObjectTyper
// PATCH requires same permission as UPDATE
if admit.Handles(admission.Update) {
userInfo, _ := api.UserFrom(ctx)
err = admit.Admit(admission.NewAttributesRecord(obj, scope.Kind, namespace, scope.Resource, scope.Subresource, admission.Update, userInfo))
err = admit.Admit(admission.NewAttributesRecord(obj, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Update, userInfo))
if err != nil {
errorJSON(err, scope.Codec, w)
return
@@ -479,7 +482,8 @@ func UpdateResource(r rest.Updater, scope RequestScope, typer runtime.ObjectType
if admit.Handles(admission.Update) {
userInfo, _ := api.UserFrom(ctx)
err = admit.Admit(admission.NewAttributesRecord(obj, scope.Kind, namespace, scope.Resource, scope.Subresource, admission.Update, userInfo))
err = admit.Admit(admission.NewAttributesRecord(obj, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Update, userInfo))
if err != nil {
errorJSON(err, scope.Codec, w)
return
@@ -543,7 +547,8 @@ func DeleteResource(r rest.GracefulDeleter, checkBody bool, scope RequestScope,
if admit.Handles(admission.Delete) {
userInfo, _ := api.UserFrom(ctx)
err = admit.Admit(admission.NewAttributesRecord(nil, scope.Kind, namespace, scope.Resource, scope.Subresource, admission.Delete, userInfo))
err = admit.Admit(admission.NewAttributesRecord(nil, scope.Kind, namespace, name, scope.Resource, scope.Subresource, admission.Delete, userInfo))
if err != nil {
errorJSON(err, scope.Codec, w)
return