forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
reviewer.go
62 lines (51 loc) · 1.61 KB
/
reviewer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package auth
import (
authorizationapi "github.com/openshift/origin/pkg/authorization/api"
"github.com/openshift/origin/pkg/client"
)
// Review is a list of users and groups that can access a resource
type Review interface {
Users() []string
Groups() []string
}
type review struct {
response *authorizationapi.ResourceAccessReviewResponse
}
// Users returns the users that can access a resource
func (r *review) Users() []string {
return r.response.Users.List()
}
// Groups returns the groups that can access a resource
func (r *review) Groups() []string {
return r.response.Groups.List()
}
// Reviewer performs access reviews for a project by name
type Reviewer interface {
Review(name string) (Review, error)
}
// reviewer performs access reviews for a project by name
type reviewer struct {
resourceAccessReviewsNamespacer client.ResourceAccessReviewsNamespacer
}
// NewReviewer knows how to make access control reviews for a resource by name
func NewReviewer(resourceAccessReviewsNamespacer client.ResourceAccessReviewsNamespacer) Reviewer {
return &reviewer{
resourceAccessReviewsNamespacer: resourceAccessReviewsNamespacer,
}
}
// Review performs a resource access review for the given resource by name
func (r *reviewer) Review(name string) (Review, error) {
resourceAccessReview := &authorizationapi.ResourceAccessReview{
Verb: "get",
Resource: "namespaces",
ResourceName: name,
}
response, err := r.resourceAccessReviewsNamespacer.ResourceAccessReviews(name).Create(resourceAccessReview)
if err != nil {
return nil, err
}
review := &review{
response: response,
}
return review, nil
}