/
converter.go
97 lines (86 loc) · 2.84 KB
/
converter.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package webhook
// TODO: This whole converter is temporary.
import (
authz "k8s.io/api/authorization/v1"
authzv1beta1 "k8s.io/api/authorization/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func getExtras(rV1Beta1 *authzv1beta1.SubjectAccessReview) map[string]authz.ExtraValue {
v1Extra := make(map[string]authz.ExtraValue)
if rV1Beta1 == nil || rV1Beta1.Spec.Extra == nil {
return v1Extra
}
for key, value := range rV1Beta1.Spec.Extra {
v1Extra[key] = authz.ExtraValue(value)
}
return v1Extra
}
func getNonResourceAttributes(rV1Beta1 *authzv1beta1.SubjectAccessReview) (nra *authz.NonResourceAttributes) {
if rV1Beta1 == nil || rV1Beta1.Spec.NonResourceAttributes == nil {
return nra
}
nra = &authz.NonResourceAttributes{
Path: rV1Beta1.Spec.NonResourceAttributes.Path,
Verb: rV1Beta1.Spec.NonResourceAttributes.Verb,
}
return nra
}
func getResourceAttributes(rV1Beta1 *authzv1beta1.SubjectAccessReview) (ra *authz.ResourceAttributes) {
if rV1Beta1 == nil || rV1Beta1.Spec.ResourceAttributes == nil {
return ra
}
ra = &authz.ResourceAttributes{
Namespace: rV1Beta1.Spec.ResourceAttributes.Namespace,
Verb: rV1Beta1.Spec.ResourceAttributes.Verb,
Group: rV1Beta1.Spec.ResourceAttributes.Group,
Version: rV1Beta1.Spec.ResourceAttributes.Version,
Resource: rV1Beta1.Spec.ResourceAttributes.Resource,
Subresource: rV1Beta1.Spec.ResourceAttributes.Subresource,
Name: rV1Beta1.Spec.ResourceAttributes.Name,
}
return ra
}
func getSpec(rV1Beta1 *authzv1beta1.SubjectAccessReview) (spec authz.SubjectAccessReviewSpec) {
if rV1Beta1 == nil {
return spec
}
spec = authz.SubjectAccessReviewSpec{
User: rV1Beta1.Spec.User,
UID: rV1Beta1.Spec.UID,
Extra: getExtras(rV1Beta1),
Groups: rV1Beta1.Spec.Groups,
NonResourceAttributes: getNonResourceAttributes(rV1Beta1),
ResourceAttributes: getResourceAttributes(rV1Beta1),
}
return spec
}
func getStatus(rV1Beta1 *authzv1beta1.SubjectAccessReview) (status authz.SubjectAccessReviewStatus) {
if rV1Beta1 == nil {
return status
}
status = authz.SubjectAccessReviewStatus{
Allowed: rV1Beta1.Status.Allowed,
Denied: rV1Beta1.Status.Denied,
Reason: rV1Beta1.Status.Reason,
EvaluationError: rV1Beta1.Status.EvaluationError,
}
return status
}
func getObjectMeta(rV1Beta1 *authzv1beta1.SubjectAccessReview) (om metav1.ObjectMeta) {
if rV1Beta1 == nil {
return om
}
om = *rV1Beta1.ObjectMeta.DeepCopy()
return om
}
func ConvertIntoV1(rV1Beta1 authzv1beta1.SubjectAccessReview) authz.SubjectAccessReview {
return authz.SubjectAccessReview{
TypeMeta: metav1.TypeMeta{
Kind: rV1Beta1.Kind,
APIVersion: authzSupportedVersion,
},
ObjectMeta: getObjectMeta(&rV1Beta1),
Spec: getSpec(&rV1Beta1),
Status: getStatus(&rV1Beta1),
}
}