Commit b4ebfd47 authored by deads2k's avatar deads2k

add user.Info.GetExtra

parent 96586e7c
......@@ -147,6 +147,19 @@ func DeepCopy_authorization_SubjectAccessReviewSpec(in SubjectAccessReviewSpec,
} else {
out.Groups = nil
}
if in.Extra != nil {
in, out := in.Extra, &out.Extra
*out = make(map[string][]string)
for key, val := range in {
if newVal, err := c.DeepCopy(val); err != nil {
return err
} else {
(*out)[key] = newVal.([]string)
}
}
} else {
out.Extra = nil
}
return nil
}
......
......@@ -101,6 +101,9 @@ type SubjectAccessReviewSpec struct {
User string
// Groups is the groups you're testing for.
Groups []string
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
// it needs a reflection here.
Extra map[string][]string
}
// SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAttributes
......
......@@ -321,6 +321,20 @@ func autoConvert_v1beta1_SubjectAccessReviewSpec_To_authorization_SubjectAccessR
} else {
out.Groups = nil
}
if in.Extra != nil {
in, out := &in.Extra, &out.Extra
*out = make(map[string][]string, len(*in))
for key, val := range *in {
newVal := new([]string)
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&val, newVal, 0); err != nil {
return err
}
(*out)[key] = *newVal
}
} else {
out.Extra = nil
}
return nil
}
......@@ -358,6 +372,20 @@ func autoConvert_authorization_SubjectAccessReviewSpec_To_v1beta1_SubjectAccessR
} else {
out.Groups = nil
}
if in.Extra != nil {
in, out := &in.Extra, &out.Extra
*out = make(map[string][]string, len(*in))
for key, val := range *in {
newVal := new([]string)
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&val, newVal, 0); err != nil {
return err
}
(*out)[key] = *newVal
}
} else {
out.Extra = nil
}
return nil
}
......
......@@ -147,6 +147,19 @@ func DeepCopy_v1beta1_SubjectAccessReviewSpec(in SubjectAccessReviewSpec, out *S
} else {
out.Groups = nil
}
if in.Extra != nil {
in, out := in.Extra, &out.Extra
*out = make(map[string][]string)
for key, val := range in {
if newVal, err := c.DeepCopy(val); err != nil {
return err
} else {
(*out)[key] = newVal.([]string)
}
}
} else {
out.Extra = nil
}
return nil
}
......
......@@ -100,6 +100,9 @@ type SubjectAccessReviewSpec struct {
User string `json:"user,omitempty"`
// Groups is the groups you're testing for.
Groups []string `json:"group,omitempty"`
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
// it needs a reflection here.
Extra map[string][]string `json:"extra,omitempty"`
}
// SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes
......
......@@ -98,6 +98,7 @@ var map_SubjectAccessReviewSpec = map[string]string{
"nonResourceAttributes": "NonResourceAttributes describes information for a non-resource access request",
"user": "User is the user you're testing for. If you specify \"User\" but not \"Group\", then is it interpreted as \"What if User were not a member of any groups",
"group": "Groups is the groups you're testing for.",
"extra": "Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here.",
}
func (SubjectAccessReviewSpec) SwaggerDoc() map[string]string {
......
......@@ -27,6 +27,16 @@ type Info interface {
GetUID() string
// GetGroups returns the names of the groups the user is a member of
GetGroups() []string
// GetExtra can contain any additional information that the authenticator
// thought was interesting. One example would be scopes on a token.
// Keys in this map should be namespaced to the authenticator or
// authenticator/authorizer pair making use of them.
// For instance: "example.org/foo" instead of "foo"
// This is a map[string][]string because it needs to be serializeable into
// a SubjectAccessReviewSpec.authorization.k8s.io for proper authorization
// delegation flows
GetExtra() map[string][]string
}
// DefaultInfo provides a simple user information exchange object
......@@ -35,6 +45,7 @@ type DefaultInfo struct {
Name string
UID string
Groups []string
Extra map[string][]string
}
func (i *DefaultInfo) GetName() string {
......@@ -48,3 +59,7 @@ func (i *DefaultInfo) GetUID() string {
func (i *DefaultInfo) GetGroups() []string {
return i.Groups
}
func (i *DefaultInfo) GetExtra() map[string][]string {
return i.Extra
}
......@@ -355,7 +355,7 @@ func startServiceAccountTestServer(t *testing.T) (*clientset.Clientset, restclie
// 2. A ServiceAccountToken authenticator that validates ServiceAccount tokens
rootTokenAuth := authenticator.TokenFunc(func(token string) (user.Info, bool, error) {
if token == rootToken {
return &user.DefaultInfo{rootUserName, "", []string{}}, true, nil
return &user.DefaultInfo{Name: rootUserName}, true, nil
}
return nil, false, nil
})
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment