...
1
16
17 package rest
18
19 import (
20 authorizationv1 "k8s.io/api/authorization/v1"
21 "k8s.io/apiserver/pkg/authorization/authorizer"
22 "k8s.io/apiserver/pkg/registry/generic"
23 "k8s.io/apiserver/pkg/registry/rest"
24 genericapiserver "k8s.io/apiserver/pkg/server"
25 serverstorage "k8s.io/apiserver/pkg/server/storage"
26 "k8s.io/kubernetes/pkg/api/legacyscheme"
27 "k8s.io/kubernetes/pkg/apis/authorization"
28 "k8s.io/kubernetes/pkg/registry/authorization/localsubjectaccessreview"
29 "k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview"
30 "k8s.io/kubernetes/pkg/registry/authorization/selfsubjectrulesreview"
31 "k8s.io/kubernetes/pkg/registry/authorization/subjectaccessreview"
32 )
33
34 type RESTStorageProvider struct {
35 Authorizer authorizer.Authorizer
36 RuleResolver authorizer.RuleResolver
37 }
38
39 func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) {
40 if p.Authorizer == nil {
41 return genericapiserver.APIGroupInfo{}, nil
42 }
43
44 apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(authorization.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs)
45
46
47
48 if storageMap := p.v1Storage(apiResourceConfigSource, restOptionsGetter); len(storageMap) > 0 {
49 apiGroupInfo.VersionedResourcesStorageMap[authorizationv1.SchemeGroupVersion.Version] = storageMap
50 }
51
52 return apiGroupInfo, nil
53 }
54
55 func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage {
56 storage := map[string]rest.Storage{}
57
58
59 if resource := "subjectaccessreviews"; apiResourceConfigSource.ResourceEnabled(authorizationv1.SchemeGroupVersion.WithResource(resource)) {
60 storage[resource] = subjectaccessreview.NewREST(p.Authorizer)
61 }
62
63
64 if resource := "selfsubjectaccessreviews"; apiResourceConfigSource.ResourceEnabled(authorizationv1.SchemeGroupVersion.WithResource(resource)) {
65 storage[resource] = selfsubjectaccessreview.NewREST(p.Authorizer)
66 }
67
68
69 if resource := "localsubjectaccessreviews"; apiResourceConfigSource.ResourceEnabled(authorizationv1.SchemeGroupVersion.WithResource(resource)) {
70 storage[resource] = localsubjectaccessreview.NewREST(p.Authorizer)
71 }
72
73
74 if resource := "selfsubjectrulesreviews"; apiResourceConfigSource.ResourceEnabled(authorizationv1.SchemeGroupVersion.WithResource(resource)) {
75 storage[resource] = selfsubjectrulesreview.NewREST(p.RuleResolver)
76 }
77
78 return storage
79 }
80
81 func (p RESTStorageProvider) GroupName() string {
82 return authorization.GroupName
83 }
84
View as plain text