github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Propagate context to Authorize() calls

Browse Source
This commit is contained in:
Jordan Liggitt
2019-09-24 10:06:32 -04:00
parent 4ffa91a388
commit 92eb072989
36 changed files with 97 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/auth/authorizer/abac/abac.go
View File

@@ -19,6 +19,7 @@ package abac
import (
"bufio"
"context"
"fmt"
"os"
"strings"
@@ -224,7 +225,7 @@ func resourceMatches(p abac.Policy, a authorizer.Attributes) bool {
}
// Authorize implements authorizer.Authorize
func (pl PolicyList) Authorize(a authorizer.Attributes) (authorizer.Decision, string, error) {
func (pl PolicyList) Authorize(ctx context.Context, a authorizer.Attributes) (authorizer.Decision, string, error) {
for _, p := range pl {
if matches(*p, a) {
return authorizer.DecisionAllow, "", nil

5
pkg/auth/authorizer/abac/abac_test.go
View File

@@ -17,6 +17,7 @@ limitations under the License.
package abac
import (
"context"
"io/ioutil"
"os"
"reflect"
@@ -133,7 +134,7 @@ func TestAuthorizeV0(t *testing.T) {
ResourceRequest: len(tc.NS) > 0 || len(tc.Resource) > 0,
}
decision, _, _ := a.Authorize(attr)
decision, _, _ := a.Authorize(context.Background(), attr)
if tc.ExpectDecision != decision {
t.Logf("tc: %v -> attr %v", tc, attr)
t.Errorf("%d: Expected allowed=%v but actually allowed=%v\n\t%v",
@@ -451,7 +452,7 @@ func TestAuthorizeV1beta1(t *testing.T) {
Path: tc.Path,
}
// t.Logf("tc %2v: %v -> attr %v", i, tc, attr)
decision, _, _ := a.Authorize(attr)
decision, _, _ := a.Authorize(context.Background(), attr)
if tc.ExpectDecision != decision {
t.Errorf("%d: Expected allowed=%v but actually allowed=%v, for case %+v & %+v",
i, tc.ExpectDecision, decision, tc, attr)