github/steve
1
0
Fork 0
mirror of https://github.com/niusmallnan/steve.git synced 2025-07-05 18:56:17 +00:00
Code Issues Projects Releases Wiki Activity

Support lookups where user.Info refers to a serviceaccount.

Browse Source
This commit is contained in:
Darren Shepherd 2020-08-11 10:59:02 -07:00
parent 6ebfa39af8
commit 4911ec913f
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/accesscontrol/policy_rule_index.go
View File

@ -1,6 +1,7 @@
package accesscontrol
import (
"fmt"
"hash"
"sort"
@ -51,6 +52,9 @@ func (p *policyRuleIndex) clusterRoleBindingBySubjectIndexer(crb *rbacv1.Cluster
for _, subject := range crb.Subjects {
if subject.APIGroup == rbacGroup && subject.Kind == p.kind && crb.RoleRef.Kind == "ClusterRole" {
result = append(result, subject.Name)
} else if subject.APIGroup == "" && p.kind == "User" && subject.Kind == "ServiceAccount" && subject.Namespace != "" && crb.RoleRef.Kind == "ClusterRole" {
// Index is for Users and this references a service account
result = append(result, fmt.Sprintf("serviceaccount:%s:%s", subject.Namespace, subject.Name))
}
}
return
@ -60,6 +64,9 @@ func (p *policyRuleIndex) roleBindingBySubject(rb *rbacv1.RoleBinding) (result [
for _, subject := range rb.Subjects {
if subject.APIGroup == rbacGroup && subject.Kind == p.kind {
result = append(result, subject.Name)
} else if subject.APIGroup == "" && p.kind == "User" && subject.Kind == "ServiceAccount" && subject.Namespace != "" {
// Index is for Users and this references a service account
result = append(result, fmt.Sprintf("serviceaccount:%s:%s", subject.Namespace, subject.Name))
}
}
return