-
Notifications
You must be signed in to change notification settings - Fork 39
/
enforcer_accessible.go
51 lines (44 loc) · 1.32 KB
/
enforcer_accessible.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package intercept
import (
corev1 "k8s.io/api/core/v1"
extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
networkingv1 "k8s.io/api/networking/v1"
"k8s.io/apimachinery/pkg/api/meta"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/sets"
)
func init() {
// Emit, transfer and record.
//
// Only consider accessible types.
//
for _, gvk := range []schema.GroupVersionKind{
corev1.SchemeGroupVersion.WithKind("Service"),
networkingv1.SchemeGroupVersion.WithKind("Ingress"),
extensionsv1beta1.SchemeGroupVersion.WithKind("Ingress"),
} {
acEnforcer.gvks.Insert(gvk)
gvr, _ := meta.UnsafeGuessKindToResource(gvk)
acEnforcer.gvrs.Insert(gvr)
}
}
// Accessible returns Enforcer to detect if the given Kubernetes GVK/GVR is accessible enforcer.
func Accessible() Enforcer {
// Singleton pattern.
return acEnforcer
}
// accessibleEnforcer implements Enforcer.
type accessibleEnforcer struct {
gvks sets.Set[schema.GroupVersionKind]
gvrs sets.Set[schema.GroupVersionResource]
}
func (e accessibleEnforcer) AllowGVK(gvk schema.GroupVersionKind) bool {
return e.gvks.Has(gvk)
}
func (e accessibleEnforcer) AllowGVR(gvr schema.GroupVersionResource) bool {
return e.gvrs.Has(gvr)
}
var acEnforcer = accessibleEnforcer{
gvks: sets.Set[schema.GroupVersionKind]{},
gvrs: sets.Set[schema.GroupVersionResource]{},
}