github/steve
1
0
Fork 0
mirror of https://github.com/niusmallnan/steve.git synced 2025-07-05 10:46:19 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #23 from ibuildthecloud/master

Browse Source 
Fix issues when creating clusterrolebindings to namespaces objects
This commit is contained in:
Darren Shepherd 2021-08-04 12:23:45 -07:00 committed by GitHub
commit b2d940920c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pkg/accesscontrol/access_set.go
View File

@ -144,20 +144,35 @@ func (a AccessListByVerb) Granted(verb string) (result map[string]Resources) {
verbs = append(verbs, "get") verbs = append(verbs, "get")
} }
for _, verb := range verbs { for _, access := range a[verb] {
for _, access := range a[verb] { resources := result[access.Namespace]
if access.ResourceName == All {
resources.All = true
} else {
if resources.Names == nil {
resources.Names = sets.String{}
}
resources.Names.Insert(access.ResourceName)
}
result[access.Namespace] = resources
}
if verb == "list" {
// look for objects referenced by get
for _, access := range a["get"] {
resources := result[access.Namespace] resources := result[access.Namespace]
if access.ResourceName == All { if access.ResourceName == All {
resources.All = true continue
} else { } else if len(access.ResourceName) > 0 {
if resources.Names == nil { if resources.Names == nil {
resources.Names = sets.String{} resources.Names = sets.String{}
} }
resources.Names.Insert(access.ResourceName) resources.Names.Insert(access.ResourceName)
result[access.Namespace] = resources
} }
result[access.Namespace] = resources
} }
} }
return result return result
} }

2
pkg/stores/partition/store.go
View File

@ -101,7 +101,7 @@ func (s *Store) List(apiOp *types.APIRequest, schema *types.APISchema) (types.AP
result.Revision = lister.Revision() result.Revision = lister.Revision()
result.Continue = lister.Continue() result.Continue = lister.Continue()
return result, nil return result, lister.Err()
} }
func (s *Store) Create(apiOp *types.APIRequest, schema *types.APISchema, data types.APIObject) (types.APIObject, error) { func (s *Store) Create(apiOp *types.APIRequest, schema *types.APISchema, data types.APIObject) (types.APIObject, error) {

6
pkg/stores/proxy/proxy_store.go
View File

@ -213,6 +213,12 @@ func tableToObjects(obj map[string]interface{}) []unstructured.Unstructured {
} }
func (s *Store) ByNames(apiOp *types.APIRequest, schema *types.APISchema, names sets.String) (types.APIObjectList, error) { func (s *Store) ByNames(apiOp *types.APIRequest, schema *types.APISchema, names sets.String) (types.APIObjectList, error) {
if apiOp.Namespace == "*" {
// This happens when you grant namespaced objects with "get" by name in a clusterrolebinding. We will treat
// this as an invalid situation instead of listing all objects in the cluster and filtering by name.
return types.APIObjectList{}, nil
}
adminClient, err := s.clientGetter.TableAdminClient(apiOp, schema, apiOp.Namespace) adminClient, err := s.clientGetter.TableAdminClient(apiOp, schema, apiOp.Namespace)
if err != nil { if err != nil {
return types.APIObjectList{}, err return types.APIObjectList{}, err