github/steve
1
0
Fork 0
mirror of https://github.com/niusmallnan/steve.git synced 2025-08-31 04:41:40 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #7 from ibuildthecloud/serviceaccount

Browse Source 
Support user.Info having serviceaccount name
This commit is contained in:
Darren Shepherd
2020-08-27 21:30:42 -07:00
committed by GitHub
parent 6ebfa39af8 4911ec913f
commit 6193c19db6
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/accesscontrol/policy_rule_index.go
View File

@@ -1,6 +1,7 @@
package accesscontrol
import (
"fmt"
"hash"
"sort"
@@ -51,6 +52,9 @@ func (p *policyRuleIndex) clusterRoleBindingBySubjectIndexer(crb *rbacv1.Cluster
for _, subject := range crb.Subjects {
if subject.APIGroup == rbacGroup && subject.Kind == p.kind && crb.RoleRef.Kind == "ClusterRole" {
result = append(result, subject.Name)
} else if subject.APIGroup == "" && p.kind == "User" && subject.Kind == "ServiceAccount" && subject.Namespace != "" && crb.RoleRef.Kind == "ClusterRole" {
// Index is for Users and this references a service account
result = append(result, fmt.Sprintf("serviceaccount:%s:%s", subject.Namespace, subject.Name))
}
}
return
@@ -60,6 +64,9 @@ func (p *policyRuleIndex) roleBindingBySubject(rb *rbacv1.RoleBinding) (result [
for _, subject := range rb.Subjects {
if subject.APIGroup == rbacGroup && subject.Kind == p.kind {
result = append(result, subject.Name)
} else if subject.APIGroup == "" && p.kind == "User" && subject.Kind == "ServiceAccount" && subject.Namespace != "" {
// Index is for Users and this references a service account
result = append(result, fmt.Sprintf("serviceaccount:%s:%s", subject.Namespace, subject.Name))
}
}
return