forked from kiali/kiali
-
Notifications
You must be signed in to change notification settings - Fork 0
/
service_role_bind_checker.go
50 lines (39 loc) · 1.38 KB
/
service_role_bind_checker.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
package checkers
import (
"github.com/kiali/kiali/business/checkers/authorization"
"github.com/kiali/kiali/kubernetes"
"github.com/kiali/kiali/models"
)
const ServiceRoleBindingCheckerType = "servicerolebinding"
type ServiceRoleBindChecker struct {
RBACDetails kubernetes.RBACDetails
}
func (s ServiceRoleBindChecker) Check() models.IstioValidations {
validations := models.IstioValidations{}
for _, roleBindings := range s.RBACDetails.ServiceRoleBindings {
validations.MergeValidations(s.runChecks(roleBindings))
}
return validations
}
func (s ServiceRoleBindChecker) runChecks(roleBind kubernetes.IstioObject) models.IstioValidations {
serviceRoleBindName := roleBind.GetObjectMeta().Name
key := models.IstioValidationKey{Name: serviceRoleBindName, Namespace: roleBind.GetObjectMeta().Namespace, ObjectType: ServiceRoleBindingCheckerType}
validations := &models.IstioValidation{
Name: key.Name,
ObjectType: key.ObjectType,
Valid: true,
Checks: []*models.IstioCheck{},
}
enabledCheckers := []Checker{
authorization.BindingChecker{
ServiceRoleBinding: roleBind,
ServiceRoles: s.RBACDetails.ServiceRoles,
},
}
for _, checker := range enabledCheckers {
checks, valid := checker.Check()
validations.Checks = append(validations.Checks, checks...)
validations.Valid = validations.Valid && valid
}
return models.IstioValidations{key: validations}
}