github/steve
1
0
Fork 0
mirror of https://github.com/niusmallnan/steve.git synced 2025-04-29 11:44:13 +00:00
Code Issues Projects Releases Wiki Activity

Allow passing in access control impl to the server

Browse Source
This commit is contained in:
Darren Shepherd 2020-02-04 14:11:21 -07:00
parent 10418db494
commit b51e14edfb
4 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/accesscontrol/access_store.go
View File

@ -5,6 +5,10 @@ import (
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
) )
type AccessSetLookup interface {
AccessFor(user user.Info) *AccessSet
}
type AccessStore struct { type AccessStore struct {
users *policyRuleIndex users *policyRuleIndex
groups *policyRuleIndex groups *policyRuleIndex

4
pkg/schema/collection.go
View File

@ -29,7 +29,7 @@ type Collection struct {
byGVR map[schema.GroupVersionResource]string byGVR map[schema.GroupVersionResource]string
byGVK map[schema.GroupVersionKind]string byGVK map[schema.GroupVersionKind]string
as *accesscontrol.AccessStore as accesscontrol.AccessSetLookup
} }
type Template struct { type Template struct {
@ -46,7 +46,7 @@ type Template struct {
ComputedColumns func(data.Object) ComputedColumns func(data.Object)
} }
func NewCollection(baseSchema *types.APISchemas, access *accesscontrol.AccessStore) *Collection { func NewCollection(baseSchema *types.APISchemas, access accesscontrol.AccessSetLookup) *Collection {
return &Collection{ return &Collection{
baseSchema: baseSchema, baseSchema: baseSchema,
schemas: map[string]*types.APISchema{}, schemas: map[string]*types.APISchema{},

2
pkg/server/config.go
View File

@ -5,6 +5,7 @@ import (
"net/http" "net/http"
"time" "time"
"github.com/rancher/steve/pkg/accesscontrol"
"github.com/rancher/steve/pkg/auth" "github.com/rancher/steve/pkg/auth"
"github.com/rancher/steve/pkg/schema" "github.com/rancher/steve/pkg/schema"
"github.com/rancher/steve/pkg/schemaserver/types" "github.com/rancher/steve/pkg/schemaserver/types"
@ -30,6 +31,7 @@ type Server struct {
Namespace string Namespace string
BaseSchemas *types.APISchemas BaseSchemas *types.APISchemas
AccessSetLookup accesscontrol.AccessSetLookup
SchemaTemplates []schema.Template SchemaTemplates []schema.Template
AuthMiddleware auth.Middleware AuthMiddleware auth.Middleware
Next http.Handler Next http.Handler

7
pkg/server/server.go
View File

@ -61,7 +61,12 @@ func setup(ctx context.Context, server *Server) (http.Handler, *schema.Collectio
server.BaseSchemas = resources.DefaultSchemas(server.BaseSchemas, server.K8s.Discovery(), ccache) server.BaseSchemas = resources.DefaultSchemas(server.BaseSchemas, server.K8s.Discovery(), ccache)
server.SchemaTemplates = append(server.SchemaTemplates, resources.DefaultSchemaTemplates(cf)...) server.SchemaTemplates = append(server.SchemaTemplates, resources.DefaultSchemaTemplates(cf)...)
sf := schema.NewCollection(server.BaseSchemas, accesscontrol.NewAccessStore(server.RBAC)) asl := server.AccessSetLookup
if asl == nil {
asl = accesscontrol.NewAccessStore(server.RBAC)
}
sf := schema.NewCollection(server.BaseSchemas, asl)
sync := schemacontroller.Register(ctx, sync := schemacontroller.Register(ctx,
server.K8s.Discovery(), server.K8s.Discovery(),
server.CRD.CustomResourceDefinition(), server.CRD.CustomResourceDefinition(),