forked from rancher/rancher
-
Notifications
You must be signed in to change notification settings - Fork 0
/
rtb_store.go
75 lines (64 loc) · 2.21 KB
/
rtb_store.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package authn
import (
"strings"
"context"
"github.com/rancher/norman/httperror"
"github.com/rancher/norman/store/transform"
"github.com/rancher/norman/types"
"github.com/rancher/norman/types/values"
"github.com/rancher/rancher/pkg/auth/providers"
"github.com/rancher/rancher/pkg/auth/requests"
"github.com/rancher/types/client/management/v3"
"github.com/rancher/types/config"
"github.com/sirupsen/logrus"
)
func SetRTBStore(ctx context.Context, schema *types.Schema, mgmt *config.ScaledContext) {
providers.Configure(ctx, mgmt)
userLister := mgmt.Management.Users("").Controller().Lister()
t := &transform.Store{
Store: schema.Store,
Transformer: func(apiContext *types.APIContext, schema *types.Schema, data map[string]interface{}, opt *types.QueryOptions) (map[string]interface{}, error) {
if id, ok := data[client.ClusterRoleTemplateBindingFieldUserID].(string); ok && id != "" {
u, err := userLister.Get("", id)
if err != nil {
logrus.Errorf("problem retrieving user for CRTB %v from cache during CRTB transformation: %v", data, err)
return data, nil
}
for _, pid := range u.PrincipalIDs {
if strings.HasPrefix(pid, "system://") {
if opt != nil && opt.Options["ByID"] == "true" {
return nil, httperror.NewAPIError(httperror.NotFound, "resource not found")
}
return nil, nil
}
}
}
return data, nil
},
}
s := &Store{
Store: t,
auth: requests.NewAuthenticator(ctx, mgmt),
}
schema.Store = s
}
type Store struct {
types.Store
auth requests.Authenticator
}
func (s *Store) Create(apiContext *types.APIContext, schema *types.Schema, data map[string]interface{}) (map[string]interface{}, error) {
if principalID, ok := data[client.ClusterRoleTemplateBindingFieldUserPrincipalID].(string); ok && principalID != "" && !strings.HasPrefix(principalID, "local://") {
token, err := s.auth.TokenFromRequest(apiContext.Request)
if err != nil {
return nil, err
}
princ, err := providers.GetPrincipal(principalID, *token)
if err != nil {
return nil, err
}
if princ.DisplayName != "" {
values.PutValue(data, princ.DisplayName, "annotations", "auth.cattle.io/principal-display-name")
}
}
return s.Store.Create(apiContext, schema, data)
}