#47483 - Adding NonResourceURLs support to AccessStore (#299)

* adding NonResourceURLs support to access_store * added tests to AccessSet NonResourceURLs handling * change on test script suggested by @tomleb + go mod tidy * added nonresource to ext api authorization * added NonResourceURLs implementation in Authorizes + test * removed non-resource-url tests from the main test * added new tests for non-resource-urls * removed unused test data * changed nonResourceKey to point to struct{} * addressed comments from @tomleb * addressed more comments * fixing typo * check for empty accessSet
2025-09-15 23:08:26 +00:00 · 2024-11-04 23:47:48 -03:00
parent 2175e090fe
commit 6ee8201c8d
10 changed files with 588 additions and 39 deletions
--- a/pkg/accesscontrol/user_grants.go
+++ b/pkg/accesscontrol/user_grants.go
@@ -22,8 +22,8 @@ type subjectGrants struct {

 // roleRef contains information from a Role or ClusterRole
 type roleRef struct {
-	namespace, roleName, resourceVersion string
-	rules                                []rbacv1.PolicyRule
+	namespace, roleName, resourceVersion, kind string
+	rules                                      []rbacv1.PolicyRule
 }

 // hash calculates a unique identifier from all the grants for a user
@@ -51,11 +51,11 @@ func (b subjectGrants) toAccessSet() *AccessSet {
 	result := new(AccessSet)

 	for _, binding := range b.roleBindings {
-		addAccess(result, binding.namespace, binding.rules)
+		addAccess(result, binding.namespace, binding)
 	}

 	for _, binding := range b.clusterRoleBindings {
-		addAccess(result, All, binding.rules)
+		addAccess(result, All, binding)
 	}

 	return result