Inicio Explorar Axuda
Iniciar sesión
tzeneto
/
custom-kube-scheduler
Seguir 1
Destacar 0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 13aef3af5a
Ramas Etiquetas
custom-kube-...
/
kubernetes-v1.15.4
/
pkg
/
registry
/
authorization
/
rest
/
storage_authorization.go

storage_authorization.go 3.9 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. /*
    2. 

  2. Copyright 2016 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package rest
    18. 

  18. 

  19. import (
    20. 

  20. 	authorizationv1 "k8s.io/api/authorization/v1"
    21. 

  21. 	authorizationv1beta1 "k8s.io/api/authorization/v1beta1"
    22. 

  22. 	"k8s.io/apiserver/pkg/authorization/authorizer"
    23. 

  23. 	"k8s.io/apiserver/pkg/registry/generic"
    24. 

  24. 	"k8s.io/apiserver/pkg/registry/rest"
    25. 

  25. 	genericapiserver "k8s.io/apiserver/pkg/server"
    26. 

  26. 	serverstorage "k8s.io/apiserver/pkg/server/storage"
    27. 

  27. 	"k8s.io/kubernetes/pkg/api/legacyscheme"
    28. 

  28. 	"k8s.io/kubernetes/pkg/apis/authorization"
    29. 

  29. 	"k8s.io/kubernetes/pkg/registry/authorization/localsubjectaccessreview"
    30. 

  30. 	"k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview"
    31. 

  31. 	"k8s.io/kubernetes/pkg/registry/authorization/selfsubjectrulesreview"
    32. 

  32. 	"k8s.io/kubernetes/pkg/registry/authorization/subjectaccessreview"
    33. 

  33. )
    34. 

  34. 

  35. type RESTStorageProvider struct {
    36. 

  36. 	Authorizer   authorizer.Authorizer
    37. 

  37. 	RuleResolver authorizer.RuleResolver
    38. 

  38. }
    39. 

  39. 

  40. func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, bool) {
    41. 

  41. 	if p.Authorizer == nil {
    42. 

  42. 		return genericapiserver.APIGroupInfo{}, false
    43. 

  43. 	}
    44. 

  44. 

  45. 	apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(authorization.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs)
    46. 

  46. 	// If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities.
    47. 

  47. 	// TODO refactor the plumbing to provide the information in the APIGroupInfo
    48. 

  48. 

  49. 	if apiResourceConfigSource.VersionEnabled(authorizationv1beta1.SchemeGroupVersion) {
    50. 

  50. 		apiGroupInfo.VersionedResourcesStorageMap[authorizationv1beta1.SchemeGroupVersion.Version] = p.v1beta1Storage(apiResourceConfigSource, restOptionsGetter)
    51. 

  51. 	}
    52. 

  52. 

  53. 	if apiResourceConfigSource.VersionEnabled(authorizationv1.SchemeGroupVersion) {
    54. 

  54. 		apiGroupInfo.VersionedResourcesStorageMap[authorizationv1.SchemeGroupVersion.Version] = p.v1Storage(apiResourceConfigSource, restOptionsGetter)
    55. 

  55. 	}
    56. 

  56. 

  57. 	return apiGroupInfo, true
    58. 

  58. }
    59. 

  59. 

  60. func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage {
    61. 

  61. 	storage := map[string]rest.Storage{}
    62. 

  62. 	// subjectaccessreviews
    63. 

  63. 	storage["subjectaccessreviews"] = subjectaccessreview.NewREST(p.Authorizer)
    64. 

  64. 	// selfsubjectaccessreviews
    65. 

  65. 	storage["selfsubjectaccessreviews"] = selfsubjectaccessreview.NewREST(p.Authorizer)
    66. 

  66. 	// localsubjectaccessreviews
    67. 

  67. 	storage["localsubjectaccessreviews"] = localsubjectaccessreview.NewREST(p.Authorizer)
    68. 

  68. 	// selfsubjectrulesreviews
    69. 

  69. 	storage["selfsubjectrulesreviews"] = selfsubjectrulesreview.NewREST(p.RuleResolver)
    70. 

  70. 

  71. 	return storage
    72. 

  72. }
    73. 

  73. 

  74. func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage {
    75. 

  75. 	storage := map[string]rest.Storage{}
    76. 

  76. 	// subjectaccessreviews
    77. 

  77. 	storage["subjectaccessreviews"] = subjectaccessreview.NewREST(p.Authorizer)
    78. 

  78. 	// selfsubjectaccessreviews
    79. 

  79. 	storage["selfsubjectaccessreviews"] = selfsubjectaccessreview.NewREST(p.Authorizer)
    80. 

  80. 	// localsubjectaccessreviews
    81. 

  81. 	storage["localsubjectaccessreviews"] = localsubjectaccessreview.NewREST(p.Authorizer)
    82. 

  82. 	// selfsubjectrulesreviews
    83. 

  83. 	storage["selfsubjectrulesreviews"] = selfsubjectrulesreview.NewREST(p.RuleResolver)
    84. 

  84. 

  85. 	return storage
    86. 

  86. }
    87. 

  87. 

  88. func (p RESTStorageProvider) GroupName() string {
    89. 

  89. 	return authorization.GroupName
    90. 

  90. }
    91. 

  91.