Allow passing in access control impl to the server

2025-04-28 19:25:51 +00:00 · 2020-02-04 14:11:21 -07:00 · 2020-02-04 14:11:21 -07:00 · b51e14edfb
commit b51e14edfb
parent 10418db494
4 changed files with 14 additions and 3 deletions
--- a/pkg/accesscontrol/access_store.go
+++ b/pkg/accesscontrol/access_store.go
@ -5,6 +5,10 @@ import (
 	"k8s.io/apiserver/pkg/authentication/user"
 )

+type AccessSetLookup interface {
+	AccessFor(user user.Info) *AccessSet
+}
+
 type AccessStore struct {
 	users  *policyRuleIndex
 	groups *policyRuleIndex
--- a/pkg/schema/collection.go
+++ b/pkg/schema/collection.go
@ -29,7 +29,7 @@ type Collection struct {
 	byGVR      map[schema.GroupVersionResource]string
 	byGVK      map[schema.GroupVersionKind]string

-	as *accesscontrol.AccessStore
+	as accesscontrol.AccessSetLookup
 }

 type Template struct {
@ -46,7 +46,7 @@ type Template struct {
 	ComputedColumns func(data.Object)
 }

-func NewCollection(baseSchema *types.APISchemas, access *accesscontrol.AccessStore) *Collection {
+func NewCollection(baseSchema *types.APISchemas, access accesscontrol.AccessSetLookup) *Collection {
 	return &Collection{
 		baseSchema: baseSchema,
 		schemas:    map[string]*types.APISchema{},
--- a/pkg/server/config.go
+++ b/pkg/server/config.go
@ -5,6 +5,7 @@ import (
 	"net/http"
 	"time"

+	"github.com/rancher/steve/pkg/accesscontrol"
 	"github.com/rancher/steve/pkg/auth"
 	"github.com/rancher/steve/pkg/schema"
 	"github.com/rancher/steve/pkg/schemaserver/types"
@ -30,6 +31,7 @@ type Server struct {

 	Namespace       string
 	BaseSchemas     *types.APISchemas
+	AccessSetLookup accesscontrol.AccessSetLookup
 	SchemaTemplates []schema.Template
 	AuthMiddleware  auth.Middleware
 	Next            http.Handler
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@ -61,7 +61,12 @@ func setup(ctx context.Context, server *Server) (http.Handler, *schema.Collectio
 	server.BaseSchemas = resources.DefaultSchemas(server.BaseSchemas, server.K8s.Discovery(), ccache)
 	server.SchemaTemplates = append(server.SchemaTemplates, resources.DefaultSchemaTemplates(cf)...)

-	sf := schema.NewCollection(server.BaseSchemas, accesscontrol.NewAccessStore(server.RBAC))
+	asl := server.AccessSetLookup
+	if asl == nil {
+		asl = accesscontrol.NewAccessStore(server.RBAC)
+	}
+
+	sf := schema.NewCollection(server.BaseSchemas, asl)
 	sync := schemacontroller.Register(ctx,
 		server.K8s.Discovery(),
 		server.CRD.CustomResourceDefinition(),