-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathauthorization_request.go
More file actions
89 lines (74 loc) · 2.42 KB
/
authorization_request.go
File metadata and controls
89 lines (74 loc) · 2.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package main
import "encoding/json"
import "io"
// ResourceAttributesSpec defines resource attributes
type ResourceAttributesSpec struct {
Namespace string `json:"namespace,omitempty"`
Verb string `json:"verb"`
Group string `json:"group,omitempty"`
Resource string `json:"resource"`
}
// NonResourceAttributesSpec defines non-resource attributes (like /api)
type NonResourceAttributesSpec struct {
Path string `json:"path"`
Verb string `json:"verb"`
}
// AuthorizationRequestSpec represents auth request structure found in HTTP call
type AuthorizationRequestSpec struct {
NonResourceAttributes *NonResourceAttributesSpec `json:"nonResourceAttributes,omitempty"`
ResourceAttributes *ResourceAttributesSpec `json:"resourceAttributes,omitempty"`
User string `json:"user"`
Group []string `json:"group,omitempty"`
}
// AuthorizationRequest represents incoming HTTP request body
type AuthorizationRequest struct {
ApiVersion string `json:"apiVersion"`
Kind string `json:"kind"`
Spec AuthorizationRequestSpec `json:"spec"`
}
// NewAuthorizationRequest returns AuthorizationRequest struct based on
// HTTP request body
func NewAuthorizationRequest(body io.Reader) (*AuthorizationRequest, error) {
var req *AuthorizationRequest
decoder := json.NewDecoder(body)
err := decoder.Decode(&req)
return req, err
}
// Namespace returns namespace from request
func (r *AuthorizationRequest) Namespace() string {
if !r.IsResourceRequest() {
return ""
}
return r.Spec.ResourceAttributes.Namespace
}
func (r *AuthorizationRequest) IsResourceRequest() bool {
return r.Spec.ResourceAttributes != nil
}
func (r *AuthorizationRequest) Action() string {
if !r.IsResourceRequest() {
return r.Spec.NonResourceAttributes.Verb
}
return r.Spec.ResourceAttributes.Verb
}
// Path is in NonResourceAttributes only
func (r *AuthorizationRequest) Path() string {
if r.IsResourceRequest() {
return ""
}
return r.Spec.NonResourceAttributes.Path
}
func (r *AuthorizationRequest) Group() string {
if !r.IsResourceRequest() {
return ""
}
return r.Spec.ResourceAttributes.Group
}
func (r *AuthorizationRequest) Resource() string {
if !r.IsResourceRequest() {
return ""
}
return r.Spec.ResourceAttributes.Resource
}
func (r *AuthorizationRequest) ServiceAccount() *ServiceAccount {
return NewServiceAccount(r.Spec.User)
}