github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Propagate context to Authorize() calls

Browse Source
This commit is contained in:
Jordan Liggitt
2019-09-24 10:06:32 -04:00
parent 4ffa91a388
commit 92eb072989
36 changed files with 97 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/registry/authorization/localsubjectaccessreview/rest.go
View File

@@ -70,7 +70,7 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation
}
authorizationAttributes := authorizationutil.AuthorizationAttributesFrom(localSubjectAccessReview.Spec)
decision, reason, evaluationErr := r.authorizer.Authorize(authorizationAttributes)
decision, reason, evaluationErr := r.authorizer.Authorize(ctx, authorizationAttributes)
localSubjectAccessReview.Status = authorizationapi.SubjectAccessReviewStatus{
Allowed: (decision == authorizer.DecisionAllow),

2
pkg/registry/authorization/selfsubjectaccessreview/rest.go
View File

@@ -73,7 +73,7 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation
authorizationAttributes = authorizationutil.NonResourceAttributesFrom(userToCheck, *selfSAR.Spec.NonResourceAttributes)
}
decision, reason, evaluationErr := r.authorizer.Authorize(authorizationAttributes)
decision, reason, evaluationErr := r.authorizer.Authorize(ctx, authorizationAttributes)
selfSAR.Status = authorizationapi.SubjectAccessReviewStatus{
Allowed: (decision == authorizer.DecisionAllow),

2
pkg/registry/authorization/subjectaccessreview/rest.go
View File

@@ -62,7 +62,7 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation
}
authorizationAttributes := authorizationutil.AuthorizationAttributesFrom(subjectAccessReview.Spec)
decision, reason, evaluationErr := r.authorizer.Authorize(authorizationAttributes)
decision, reason, evaluationErr := r.authorizer.Authorize(ctx, authorizationAttributes)
subjectAccessReview.Status = authorizationapi.SubjectAccessReviewStatus{
Allowed: (decision == authorizer.DecisionAllow),

3
pkg/registry/authorization/subjectaccessreview/rest_test.go
View File

@@ -17,6 +17,7 @@ limitations under the License.
package subjectaccessreview
import (
"context"
"errors"
"strings"
"testing"
@@ -39,7 +40,7 @@ type fakeAuthorizer struct {
err error
}
func (f *fakeAuthorizer) Authorize(attrs authorizer.Attributes) (authorizer.Decision, string, error) {
func (f *fakeAuthorizer) Authorize(ctx context.Context, attrs authorizer.Attributes) (authorizer.Decision, string, error) {
f.attrs = attrs
return f.decision, f.reason, f.err
}