github/steve
1
0
Fork 0
mirror of https://github.com/niusmallnan/steve.git synced 2025-07-16 07:35:53 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #7 from ibuildthecloud/serviceaccount

Browse Source 
Support user.Info having serviceaccount name
This commit is contained in:
Darren Shepherd 2020-08-27 21:30:42 -07:00 committed by GitHub
commit 6193c19db6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/accesscontrol/policy_rule_index.go
View File

@ -1,6 +1,7 @@
package accesscontrol
import (
"fmt"
"hash"
"sort"
@ -51,6 +52,9 @@ func (p *policyRuleIndex) clusterRoleBindingBySubjectIndexer(crb *rbacv1.Cluster
for _, subject := range crb.Subjects {
if subject.APIGroup == rbacGroup && subject.Kind == p.kind && crb.RoleRef.Kind == "ClusterRole" {
result = append(result, subject.Name)
} else if subject.APIGroup == "" && p.kind == "User" && subject.Kind == "ServiceAccount" && subject.Namespace != "" && crb.RoleRef.Kind == "ClusterRole" {
// Index is for Users and this references a service account
result = append(result, fmt.Sprintf("serviceaccount:%s:%s", subject.Namespace, subject.Name))
}
}
return
@ -60,6 +64,9 @@ func (p *policyRuleIndex) roleBindingBySubject(rb *rbacv1.RoleBinding) (result [
for _, subject := range rb.Subjects {
if subject.APIGroup == rbacGroup && subject.Kind == p.kind {
result = append(result, subject.Name)
} else if subject.APIGroup == "" && p.kind == "User" && subject.Kind == "ServiceAccount" && subject.Namespace != "" {
// Index is for Users and this references a service account
result = append(result, fmt.Sprintf("serviceaccount:%s:%s", subject.Namespace, subject.Name))
}
}
return