/
entity_privilege.go
51 lines (40 loc) · 2.12 KB
/
entity_privilege.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package privileges
import (
"context"
"errors"
"fmt"
"github.com/vmware/govmomi/find"
corev1 "k8s.io/api/core/v1"
"github.com/spectrocloud-labs/validator-plugin-vsphere/api/v1alpha1"
"github.com/spectrocloud-labs/validator-plugin-vsphere/internal/constants"
vapi "github.com/spectrocloud-labs/validator/api/v1alpha1"
vapiconstants "github.com/spectrocloud-labs/validator/pkg/constants"
"github.com/spectrocloud-labs/validator/pkg/types"
"github.com/spectrocloud-labs/validator/pkg/util"
)
var ErrRequiredEntityPrivilegesNotFound = errors.New("one or more required entity privileges was not found")
func buildEntityPrivilegeValidationResult(rule v1alpha1.EntityPrivilegeValidationRule, validationType string) *types.ValidationRuleResult {
state := vapi.ValidationSucceeded
latestCondition := vapi.DefaultValidationCondition()
latestCondition.Message = fmt.Sprintf("All required %s permissions were found for account: %s", validationType, rule.Username)
latestCondition.ValidationRule = fmt.Sprintf("%s-%s-%s", vapiconstants.ValidationRulePrefix, rule.EntityType, rule.EntityName)
latestCondition.ValidationType = validationType
return &types.ValidationRuleResult{Condition: &latestCondition, State: &state}
}
func (s *PrivilegeValidationService) ReconcileEntityPrivilegeRule(rule v1alpha1.EntityPrivilegeValidationRule, finder *find.Finder) (*types.ValidationRuleResult, error) {
var err error
vr := buildEntityPrivilegeValidationResult(rule, constants.ValidationTypeEntityPrivileges)
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
valid, failures, err := s.driver.ValidateUserPrivilegeOnEntities(ctx, s.authManager, s.datacenter, finder, rule.EntityName, rule.EntityType, rule.Privileges, rule.Username, rule.ClusterName)
if !valid {
vr.Condition.Failures = failures
}
if len(vr.Condition.Failures) > 0 {
vr.State = util.Ptr(vapi.ValidationFailed)
vr.Condition.Message = fmt.Sprintf("One or more required privileges was not found, or a condition was not met for account: %s", rule.Username)
vr.Condition.Status = corev1.ConditionFalse
err = ErrRequiredEntityPrivilegesNotFound
}
return vr, err
}