github/steve
1
0
Fork 0
mirror of https://github.com/niusmallnan/steve.git synced 2025-09-14 13:59:54 +00:00
Code Issues Projects Releases Wiki Activity

Full dynamic RBAC and pagination

Browse Source
This commit is contained in:
Darren Shepherd
2020-02-10 10:18:20 -07:00
parent 12df5d1a3d
commit e64845dcb9
18 changed files with 656 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/server/resources/common/formatter.go
View File

@@ -1,15 +1,16 @@
package common
import (
"github.com/rancher/steve/pkg/accesscontrol"
"github.com/rancher/steve/pkg/schema"
"github.com/rancher/steve/pkg/schemaserver/types"
"github.com/rancher/steve/pkg/server/store/proxy"
"k8s.io/apimachinery/pkg/api/meta"
)
func DefaultTemplate(clientGetter proxy.ClientGetter) schema.Template {
func DefaultTemplate(clientGetter proxy.ClientGetter, asl accesscontrol.AccessSetLookup) schema.Template {
return schema.Template{
Store: proxy.NewProxyStore(clientGetter),
Store: proxy.NewProxyStore(clientGetter, asl),
Formatter: Formatter,
}
}

9
pkg/server/resources/counts/counts.go
View File

@@ -232,18 +232,25 @@ func (s *Store) getCount(apiOp *types.APIRequest) Count {
for _, schema := range s.schemasToWatch(apiOp) {
gvr := attributes.GVR(schema)
access, _ := attributes.Access(schema).(accesscontrol.AccessListByVerb)
rev := 0
itemCount := ItemCount{
Namespaces: map[string]int{},
}
all := access.Grants("list", "*", "*")
for _, obj := range s.ccache.List(gvr) {
_, ns, revision, ok := getInfo(obj)
name, ns, revision, ok := getInfo(obj)
if !ok {
continue
}
if !all && !access.Grants("list", ns, name) && !access.Grants("get", ns, name) {
continue
}
if revision > rev {
rev = revision
}

5
pkg/server/resources/schema.go
View File

@@ -1,6 +1,7 @@
package resources
import (
"github.com/rancher/steve/pkg/accesscontrol"
"github.com/rancher/steve/pkg/client"
"github.com/rancher/steve/pkg/clustercache"
"github.com/rancher/steve/pkg/schema"
@@ -21,8 +22,8 @@ func DefaultSchemas(baseSchema *types.APISchemas, discovery discovery.DiscoveryI
return baseSchema
}
func DefaultSchemaTemplates(cf *client.Factory) []schema.Template {
func DefaultSchemaTemplates(cf *client.Factory, lookup accesscontrol.AccessSetLookup) []schema.Template {
return []schema.Template{
common.DefaultTemplate(cf),
common.DefaultTemplate(cf, lookup),
}
}