github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

run authorization from a cache

Browse Source
This commit is contained in:
deads2k
2016-10-04 16:02:56 -04:00
parent 2c4e618be1
commit e1638f11a3
4 changed files with 42 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
plugin/pkg/auth/authorizer/rbac/rbac.go
View File

@@ -22,10 +22,6 @@ import (
"k8s.io/kubernetes/pkg/apis/rbac/validation"
"k8s.io/kubernetes/pkg/auth/authorizer"
"k8s.io/kubernetes/pkg/auth/user"
"k8s.io/kubernetes/pkg/registry/rbac/clusterrole"
"k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding"
"k8s.io/kubernetes/pkg/registry/rbac/role"
"k8s.io/kubernetes/pkg/registry/rbac/rolebinding"
)
type RequestToRuleMapper interface {
@@ -55,14 +51,11 @@ func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (boo
return false, "", ruleResolutionError
}
func New(roleRegistry role.Registry, roleBindingRegistry rolebinding.Registry, clusterRoleRegistry clusterrole.Registry, clusterRoleBindingRegistry clusterrolebinding.Registry, superUser string) *RBACAuthorizer {
func New(roles validation.RoleGetter, roleBindings validation.RoleBindingLister, clusterRoles validation.ClusterRoleGetter, clusterRoleBindings validation.ClusterRoleBindingLister, superUser string) *RBACAuthorizer {
authorizer := &RBACAuthorizer{
superUser: superUser,
authorizationRuleResolver: validation.NewDefaultRuleResolver(
role.AuthorizerAdapter{Registry: roleRegistry},
rolebinding.AuthorizerAdapter{Registry: roleBindingRegistry},
clusterrole.AuthorizerAdapter{Registry: clusterRoleRegistry},
clusterrolebinding.AuthorizerAdapter{Registry: clusterRoleBindingRegistry},
roles, roleBindings, clusterRoles, clusterRoleBindings,
),
}
return authorizer