github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add localSAR

Browse Source
This commit is contained in:
deads2k
2016-09-09 14:48:44 -04:00
parent ac8aae584d
commit 8fac64b43f
14 changed files with 431 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/apis/authorization/validation/validation.go
View File

@@ -67,8 +67,19 @@ func ValidateSelfSubjectAccessReview(sar *authorizationapi.SelfSubjectAccessRevi
func ValidateLocalSubjectAccessReview(sar *authorizationapi.LocalSubjectAccessReview) field.ErrorList {
allErrs := ValidateSubjectAccessReviewSpec(sar.Spec, field.NewPath("spec"))
if !api.Semantic.DeepEqual(api.ObjectMeta{}, sar.ObjectMeta) {
allErrs = append(allErrs, field.Invalid(field.NewPath("metadata"), sar.ObjectMeta, `must be empty`))
objectMetaShallowCopy := sar.ObjectMeta
objectMetaShallowCopy.Namespace = ""
if !api.Semantic.DeepEqual(api.ObjectMeta{}, objectMetaShallowCopy) {
allErrs = append(allErrs, field.Invalid(field.NewPath("metadata"), sar.ObjectMeta, `must be empty except for namespace`))
}
if sar.Spec.ResourceAttributes != nil && sar.Spec.ResourceAttributes.Namespace != sar.Namespace {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec.resourceAttributes.namespace"), sar.Spec.ResourceAttributes.Namespace, `must match metadata.namespace`))
}
if sar.Spec.NonResourceAttributes != nil {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec.nonResourceAttributes"), sar.Spec.NonResourceAttributes, `disallowed on this kind of request`))
}
return allErrs
}