github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #32555 from pweil-/admission-authorizer

Browse Source 
Automatic merge from submit-queue

WantsAuthorizer admission plugin support

The next step of PSP admission is to be able to limit the PSPs used based on user information.  To do this the admission plugin would need to make authz checks for the `user.Info` in the request.  This code allows a plugin to request the injection of an authorizer to allow it to make the authz checks.

Note:  this could be done with a SAR, however since admission is running in the api server using the SAR would incur an extra hop vs using the authorizer directly.

@deads2k @derekwaynecarr
This commit is contained in:
Kubernetes Submit Queue
2016-10-13 03:40:11 -07:00
committed by GitHub
parent 5496d22733 5c66dcb526
commit ca75b47657
8 changed files with 81 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/admission/namespace/autoprovision/admission_test.go
View File

@@ -38,7 +38,7 @@ func newHandlerForTest(c clientset.Interface) (admission.Interface, informers.Sh
f := informers.NewSharedInformerFactory(c, 5*time.Minute)
handler := NewProvision(c)
plugins := []admission.Interface{handler}
pluginInitializer := admission.NewPluginInitializer(f)
pluginInitializer := admission.NewPluginInitializer(f, nil)
pluginInitializer.Initialize(plugins)
err := admission.Validate(plugins)
return handler, f, err

2
plugin/pkg/admission/namespace/exists/admission_test.go
View File

@@ -37,7 +37,7 @@ func newHandlerForTest(c clientset.Interface) (admission.Interface, informers.Sh
f := informers.NewSharedInformerFactory(c, 5*time.Minute)
handler := NewExists(c)
plugins := []admission.Interface{handler}
pluginInitializer := admission.NewPluginInitializer(f)
pluginInitializer := admission.NewPluginInitializer(f, nil)
pluginInitializer.Initialize(plugins)
err := admission.Validate(plugins)
return handler, f, err

2
plugin/pkg/admission/namespace/lifecycle/admission_test.go
View File

@@ -47,7 +47,7 @@ func newHandlerForTestWithClock(c clientset.Interface, cacheClock clock.Clock) (
return nil, f, err
}
plugins := []admission.Interface{handler}
pluginInitializer := admission.NewPluginInitializer(f)
pluginInitializer := admission.NewPluginInitializer(f, nil)
pluginInitializer.Initialize(plugins)
err = admission.Validate(plugins)
return handler, f, err