refactor: auth package logger (#3696)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2024-12-14 11:57:48 +00:00 · 2022-04-27 15:34:08 +02:00 · 2022-04-27 15:34:08 +02:00 · 8b36441cd1
commit 8b36441cd1
parent f32ea23c9d
3 changed files with 16 additions and 17 deletions
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@ -4,7 +4,6 @@ import (
 	"fmt"
 	"reflect"

-	"github.com/go-logr/logr"
 	client "github.com/kyverno/kyverno/pkg/dclient"
 	authorizationv1 "k8s.io/api/authorization/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -17,21 +16,16 @@ type CanIOptions struct {
 	verb      string
 	kind      string
 	client    *client.Client
-	log       logr.Logger
 }

 //NewCanI returns a new instance of operation access controller evaluator
-func NewCanI(client *client.Client, kind, namespace, verb string, log logr.Logger) *CanIOptions {
-	o := CanIOptions{
-		client: client,
-		log:    log,
+func NewCanI(client *client.Client, kind, namespace, verb string) *CanIOptions {
+	return &CanIOptions{
+		namespace: namespace,
+		kind:      kind,
+		verb:      verb,
+		client:    client,
 	}
-
-	o.namespace = namespace
-	o.kind = kind
-	o.verb = verb
-
-	return &o
 }

 //RunAccessCheck checks if the caller can perform the operation
@ -68,7 +62,7 @@ func (o *CanIOptions) RunAccessCheck() (bool, error) {
 	// - verb
 	// - resource
 	// - subresource
-	logger := o.log.WithValues("kind", sar.Kind, "namespace", sar.Namespace, "name", sar.Name)
+	logger := logger.WithValues("kind", sar.Kind, "namespace", sar.Namespace, "name", sar.Name)

 	// Create the Resource
 	resp, err := o.client.CreateResource("", "SelfSubjectAccessReview", "", sar, false)
--- a/pkg/auth/log.go
+++ b/pkg/auth/log.go
@ -0,0 +1,5 @@
+package auth
+
+import "sigs.k8s.io/controller-runtime/pkg/log"
+
+var logger = log.Log.WithName("auth")
--- a/pkg/policy/generate/auth.go
+++ b/pkg/policy/generate/auth.go
@ -35,7 +35,7 @@ func NewAuth(client *dclient.Client, log logr.Logger) *Auth {

 // CanICreate returns 'true' if self can 'create' resource
 func (a *Auth) CanICreate(kind, namespace string) (bool, error) {
-	canI := auth.NewCanI(a.client, kind, namespace, "create", a.log)
+	canI := auth.NewCanI(a.client, kind, namespace, "create")
 	ok, err := canI.RunAccessCheck()
 	if err != nil {
 		return false, err
@ -45,7 +45,7 @@ func (a *Auth) CanICreate(kind, namespace string) (bool, error) {

 // CanIUpdate returns 'true' if self can 'update' resource
 func (a *Auth) CanIUpdate(kind, namespace string) (bool, error) {
-	canI := auth.NewCanI(a.client, kind, namespace, "update", a.log)
+	canI := auth.NewCanI(a.client, kind, namespace, "update")
 	ok, err := canI.RunAccessCheck()
 	if err != nil {
 		return false, err
@ -55,7 +55,7 @@ func (a *Auth) CanIUpdate(kind, namespace string) (bool, error) {

 // CanIDelete returns 'true' if self can 'delete' resource
 func (a *Auth) CanIDelete(kind, namespace string) (bool, error) {
-	canI := auth.NewCanI(a.client, kind, namespace, "delete", a.log)
+	canI := auth.NewCanI(a.client, kind, namespace, "delete")
 	ok, err := canI.RunAccessCheck()
 	if err != nil {
 		return false, err
@ -65,7 +65,7 @@ func (a *Auth) CanIDelete(kind, namespace string) (bool, error) {

 // CanIGet returns 'true' if self can 'get' resource
 func (a *Auth) CanIGet(kind, namespace string) (bool, error) {
-	canI := auth.NewCanI(a.client, kind, namespace, "get", a.log)
+	canI := auth.NewCanI(a.client, kind, namespace, "get")
 	ok, err := canI.RunAccessCheck()
 	if err != nil {
 		return false, err