-
Notifications
You must be signed in to change notification settings - Fork 8
/
policy_check.go
37 lines (31 loc) · 1.02 KB
/
policy_check.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package cli
import (
"github.com/servicemeshinterface/smi-sdk-go/pkg/apis/access/v1alpha3"
corev1 "k8s.io/api/core/v1"
)
const (
serviceAccountKind = "ServiceAccount"
)
// DoesTargetRefDstPod checks whether the TrafficTarget spec refers to the destination pod's service account
func DoesTargetRefDstPod(spec v1alpha3.TrafficTargetSpec, dstPod *corev1.Pod) bool {
if spec.Destination.Kind != serviceAccountKind {
return false
}
// Map traffic targets to the given pods
if spec.Destination.Name == dstPod.Spec.ServiceAccountName && spec.Destination.Namespace == dstPod.Namespace {
return true
}
return false
}
// DoesTargetRefSrcPod checks whether the TrafficTarget spec refers to the source pod's service account
func DoesTargetRefSrcPod(spec v1alpha3.TrafficTargetSpec, srcPod *corev1.Pod) bool {
for _, source := range spec.Sources {
if source.Kind != serviceAccountKind {
continue
}
if source.Name == srcPod.Spec.ServiceAccountName && source.Namespace == srcPod.Namespace {
return true
}
}
return false
}