mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

refactor: auth package logger (#3696)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-04-27 15:34:08 +02:00 committed by GitHub
parent f32ea23c9d
commit 8b36441cd1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
pkg/auth/auth.go
View file

@ -4,7 +4,6 @@ import (
"fmt" "fmt"
"reflect" "reflect"
"github.com/go-logr/logr"
client "github.com/kyverno/kyverno/pkg/dclient" client "github.com/kyverno/kyverno/pkg/dclient"
authorizationv1 "k8s.io/api/authorization/v1" authorizationv1 "k8s.io/api/authorization/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -17,21 +16,16 @@ type CanIOptions struct {
verb string verb string
kind string kind string
client *client.Client client *client.Client
log logr.Logger
} }
//NewCanI returns a new instance of operation access controller evaluator //NewCanI returns a new instance of operation access controller evaluator
func NewCanI(client *client.Client, kind, namespace, verb string, log logr.Logger) *CanIOptions { func NewCanI(client *client.Client, kind, namespace, verb string) *CanIOptions {
o := CanIOptions{ return &CanIOptions{
client: client, namespace: namespace,
log: log, kind: kind,
verb: verb,
client: client,
} }
o.namespace = namespace
o.kind = kind
o.verb = verb
return &o
} }
//RunAccessCheck checks if the caller can perform the operation //RunAccessCheck checks if the caller can perform the operation
@ -68,7 +62,7 @@ func (o *CanIOptions) RunAccessCheck() (bool, error) {
// - verb // - verb
// - resource // - resource
// - subresource // - subresource
logger := o.log.WithValues("kind", sar.Kind, "namespace", sar.Namespace, "name", sar.Name) logger := logger.WithValues("kind", sar.Kind, "namespace", sar.Namespace, "name", sar.Name)
// Create the Resource // Create the Resource
resp, err := o.client.CreateResource("", "SelfSubjectAccessReview", "", sar, false) resp, err := o.client.CreateResource("", "SelfSubjectAccessReview", "", sar, false)

5
pkg/auth/log.go Normal file
View file

@ -0,0 +1,5 @@
package auth
import "sigs.k8s.io/controller-runtime/pkg/log"
var logger = log.Log.WithName("auth")

8
pkg/policy/generate/auth.go
View file

@ -35,7 +35,7 @@ func NewAuth(client *dclient.Client, log logr.Logger) *Auth {
// CanICreate returns 'true' if self can 'create' resource // CanICreate returns 'true' if self can 'create' resource
func (a *Auth) CanICreate(kind, namespace string) (bool, error) { func (a *Auth) CanICreate(kind, namespace string) (bool, error) {
canI := auth.NewCanI(a.client, kind, namespace, "create", a.log) canI := auth.NewCanI(a.client, kind, namespace, "create")
ok, err := canI.RunAccessCheck() ok, err := canI.RunAccessCheck()
if err != nil { if err != nil {
return false, err return false, err
@ -45,7 +45,7 @@ func (a *Auth) CanICreate(kind, namespace string) (bool, error) {
// CanIUpdate returns 'true' if self can 'update' resource // CanIUpdate returns 'true' if self can 'update' resource
func (a *Auth) CanIUpdate(kind, namespace string) (bool, error) { func (a *Auth) CanIUpdate(kind, namespace string) (bool, error) {
canI := auth.NewCanI(a.client, kind, namespace, "update", a.log) canI := auth.NewCanI(a.client, kind, namespace, "update")
ok, err := canI.RunAccessCheck() ok, err := canI.RunAccessCheck()
if err != nil { if err != nil {
return false, err return false, err
@ -55,7 +55,7 @@ func (a *Auth) CanIUpdate(kind, namespace string) (bool, error) {
// CanIDelete returns 'true' if self can 'delete' resource // CanIDelete returns 'true' if self can 'delete' resource
func (a *Auth) CanIDelete(kind, namespace string) (bool, error) { func (a *Auth) CanIDelete(kind, namespace string) (bool, error) {
canI := auth.NewCanI(a.client, kind, namespace, "delete", a.log) canI := auth.NewCanI(a.client, kind, namespace, "delete")
ok, err := canI.RunAccessCheck() ok, err := canI.RunAccessCheck()
if err != nil { if err != nil {
return false, err return false, err
@ -65,7 +65,7 @@ func (a *Auth) CanIDelete(kind, namespace string) (bool, error) {
// CanIGet returns 'true' if self can 'get' resource // CanIGet returns 'true' if self can 'get' resource
func (a *Auth) CanIGet(kind, namespace string) (bool, error) { func (a *Auth) CanIGet(kind, namespace string) (bool, error) {
canI := auth.NewCanI(a.client, kind, namespace, "get", a.log) canI := auth.NewCanI(a.client, kind, namespace, "get")
ok, err := canI.RunAccessCheck() ok, err := canI.RunAccessCheck()
if err != nil { if err != nil {
return false, err return false, err