• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

Golang abac.NewFromFile函数代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了Golang中k8s/io/kubernetes/pkg/auth/authorizer/abac.NewFromFile函数的典型用法代码示例。如果您正苦于以下问题:Golang NewFromFile函数的具体用法?Golang NewFromFile怎么用?Golang NewFromFile使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。



在下文中一共展示了NewFromFile函数的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。

示例1: kubeAuthorize

func (s *RoloServer) kubeAuthorize(a authorizer.Attributes) error {
	pl, err := abac.NewFromFile(s.policyFile)
	if err != nil {
		return err
	}
	return pl.Authorize(a)
}
开发者ID:polvi,项目名称:rolo,代码行数:7,代码来源:server.go


示例2: checkAndReloadPolicyFile

func checkAndReloadPolicyFile(policyAuthz *abac.PolicyAuthorizer, file string) {
	lastModifyTime := time.Now()
	for {
		func() {
			defer func() {
				if x := recover(); x != nil {
					glog.Errorf("APIServer panic'd on checkAndReloadPolicyFile: %s, err: %v", file, x)
				}
			}()
			//var info os.FileInfo
			info, err := os.Stat(file)
			if err != nil {
				glog.Errorf("Stat authorizationPolicyFile: %s fail, err: %v, will retry to reload later", file, err)
				return
			}
			if info.ModTime().After(lastModifyTime) {
				lastModifyTime = info.ModTime()
				newPolicyList, err := abac.NewFromFile(file)
				if err != nil { // file format not correct
					glog.Errorf("Stat authorizationPolicyFile: %s fail, err: %v, will retry to reload later", file, err)
					return
				}

				glog.Infof("authorizationPolicyFile: %s is modified, reload finished, number of policy lines change from %d to %d", file, len(*policyAuthz.PL), len(newPolicyList))
				policyAuthz.Lock.Lock()
				*(policyAuthz.PL) = newPolicyList
				policyAuthz.Lock.Unlock()
			}
		}()
		time.Sleep(5 * time.Second)
	}
}
开发者ID:chaolou,项目名称:kubernetes,代码行数:32,代码来源:authz.go


示例3: NewAuthorizerFromAuthorizationConfig

// NewAuthorizerFromAuthorizationConfig returns the right sort of union of multiple authorizer.Authorizer objects
// based on the authorizationMode or an error.  authorizationMode should be a comma separated values
// of AuthorizationModeChoices.
func NewAuthorizerFromAuthorizationConfig(authorizationModes []string, config AuthorizationConfig) (authorizer.Authorizer, error) {

	if len(authorizationModes) == 0 {
		return nil, errors.New("Atleast one authorization mode should be passed")
	}

	var authorizers []authorizer.Authorizer
	authorizerMap := make(map[string]bool)

	for _, authorizationMode := range authorizationModes {
		if authorizerMap[authorizationMode] {
			return nil, fmt.Errorf("Authorization mode %s specified more than once", authorizationMode)
		}
		// Keep cases in sync with constant list above.
		switch authorizationMode {
		case ModeAlwaysAllow:
			authorizers = append(authorizers, NewAlwaysAllowAuthorizer())
		case ModeAlwaysDeny:
			authorizers = append(authorizers, NewAlwaysDenyAuthorizer())
		case ModeABAC:
			if config.PolicyFile == "" {
				return nil, errors.New("ABAC's authorization policy file not passed")
			}
			abacAuthorizer, err := abac.NewFromFile(config.PolicyFile)
			if err != nil {
				return nil, err
			}
			authorizers = append(authorizers, abacAuthorizer)
		case ModeWebhook:
			if config.WebhookConfigFile == "" {
				return nil, errors.New("Webhook's configuration file not passed")
			}
			webhookAuthorizer, err := webhook.New(config.WebhookConfigFile,
				config.WebhookCacheAuthorizedTTL,
				config.WebhookCacheUnauthorizedTTL)
			if err != nil {
				return nil, err
			}
			authorizers = append(authorizers, webhookAuthorizer)
		default:
			return nil, fmt.Errorf("Unknown authorization mode %s specified", authorizationMode)
		}
		authorizerMap[authorizationMode] = true
	}

	if !authorizerMap[ModeABAC] && config.PolicyFile != "" {
		return nil, errors.New("Cannot specify --authorization-policy-file without mode ABAC")
	}
	if !authorizerMap[ModeWebhook] && config.WebhookConfigFile != "" {
		return nil, errors.New("Cannot specify --authorization-webhook-config-file without mode Webhook")
	}

	return union.New(authorizers...), nil
}
开发者ID:ipbabble,项目名称:kubernetes,代码行数:57,代码来源:authz.go


示例4: NewAuthorizerFromAuthorizationConfig

// NewAuthorizerFromAuthorizationConfig returns the right sort of union of multiple authorizer.Authorizer objects
// based on the authorizationMode or an error.  authorizationMode should be a comma separated values
// of AuthorizationModeChoices.
func NewAuthorizerFromAuthorizationConfig(authzConfig AuthorizerConfig) (authorizer.Authorizer, error) {

	if len(authzConfig.AuthorizationModes) == 0 {
		return nil, errors.New("Atleast one authorization mode should be passed")
	}

	var authorizers []authorizer.Authorizer
	authorizerMap := make(map[string]bool)

	for _, authorizationMode := range authzConfig.AuthorizationModes {
		if authorizerMap[authorizationMode] {
			return nil, fmt.Errorf("Authorization mode %s specified more than once", authorizationMode)
		}
		// Keep cases in sync with constant list above.
		switch authorizationMode {
		case ModeAlwaysAllow:
			authorizers = append(authorizers, NewAlwaysAllowAuthorizer())
		case ModeAlwaysDeny:
			authorizers = append(authorizers, NewAlwaysDenyAuthorizer())
		case ModeABAC:
			if authzConfig.AuthorizationPolicyFile == "" {
				return nil, errors.New("ABAC's authorization policy file not passed")
			}
			abacAuthorizer, err := abac.NewFromFile(authzConfig.AuthorizationPolicyFile)
			if err != nil {
				return nil, err
			}
			authorizers = append(authorizers, abacAuthorizer)
		case ModeKeystone:
			if authzConfig.KeystonAuthURL == "" {
				return nil, errors.New("Cannot use mode Keystone without specifying --experimental-keystone-url")
			}
			keystoneAuthorizer, err := keystone.NewKeystoneAuthorizer(authzConfig.KubeClient, authzConfig.KeystonAuthURL)
			if err != nil {
				return nil, err
			}
			authorizers = append(authorizers, keystoneAuthorizer)
		default:
			return nil, fmt.Errorf("Unknown authorization mode %s specified", authorizationMode)
		}
		authorizerMap[authorizationMode] = true
	}

	if !authorizerMap[ModeABAC] && authzConfig.AuthorizationPolicyFile != "" {
		return nil, errors.New("Cannot specify --authorization-policy-file without mode ABAC")
	}
	if !authorizerMap[ModeKeystone] && authzConfig.KeystonAuthURL != "" {
		return nil, errors.New("Cannot specify --experimental-keystone-url without mode Keystone")
	}

	return union.New(authorizers...), nil
}
开发者ID:kuenzaa,项目名称:hypernetes,代码行数:55,代码来源:authz.go


示例5: NewAuthorizerFromAuthorizationConfig

// NewAuthorizerFromAuthorizationConfig returns the right sort of authorizer.Authorizer
// based on the authorizationMode xor an error.  authorizationMode should be one of AuthorizationModeChoices.
func NewAuthorizerFromAuthorizationConfig(authorizationMode string, authorizationPolicyFile string) (authorizer.Authorizer, error) {
	if authorizationPolicyFile != "" && authorizationMode != "ABAC" {
		return nil, errors.New("Cannot specify --authorization-policy-file without mode ABAC")
	}
	// Keep cases in sync with constant list above.
	switch authorizationMode {
	case ModeAlwaysAllow:
		return NewAlwaysAllowAuthorizer(), nil
	case ModeAlwaysDeny:
		return NewAlwaysDenyAuthorizer(), nil
	case ModeABAC:
		return abac.NewFromFile(authorizationPolicyFile)
	default:
		return nil, errors.New("Unknown authorization mode")
	}
}
开发者ID:MarWestermann,项目名称:gofabric8,代码行数:18,代码来源:authz.go


示例6: newAuthorizerWithContents

func newAuthorizerWithContents(t *testing.T, contents string) authorizer.Authorizer {
	f, err := ioutil.TempFile("", "auth_test")
	if err != nil {
		t.Fatalf("unexpected error creating policyfile: %v", err)
	}
	f.Close()
	defer os.Remove(f.Name())

	if err := ioutil.WriteFile(f.Name(), []byte(contents), 0700); err != nil {
		t.Fatalf("unexpected error writing policyfile: %v", err)
	}

	pl, err := abac.NewFromFile(f.Name())
	if err != nil {
		t.Fatalf("unexpected error creating authorizer from policyfile: %v", err)
	}
	return pl
}
开发者ID:pologood,项目名称:kubernetes,代码行数:18,代码来源:auth_test.go


示例7: NewAuthorizerFromAuthorizationConfig

// NewAuthorizerFromAuthorizationConfig returns the right sort of union of multiple authorizer.Authorizer objects
// based on the authorizationMode or an error.  authorizationMode should be a comma separated values
// of AuthorizationModeChoices.
func NewAuthorizerFromAuthorizationConfig(authorizationModes []string, authorizationPolicyFile string) (authorizer.Authorizer, error) {

	if len(authorizationModes) == 0 {
		return nil, errors.New("Atleast one authorization mode should be passed")
	}

	var authorizers []authorizer.Authorizer
	authorizerMap := make(map[string]bool)

	for _, authorizationMode := range authorizationModes {
		if authorizerMap[authorizationMode] {
			return nil, fmt.Errorf("Authorization mode %s specified more than once", authorizationMode)
		}
		// Keep cases in sync with constant list above.
		switch authorizationMode {
		case ModeAlwaysAllow:
			authorizers = append(authorizers, NewAlwaysAllowAuthorizer())
		case ModeAlwaysDeny:
			authorizers = append(authorizers, NewAlwaysDenyAuthorizer())
		case ModeABAC:
			if authorizationPolicyFile == "" {
				return nil, errors.New("ABAC's authorization policy file not passed")
			}
			abacAuthorizer, err := abac.NewFromFile(authorizationPolicyFile)
			authorizerLock := &abac.PolicyAuthorizer{PL: &abacAuthorizer, Lock: &sync.RWMutex{}}
			go checkAndReloadPolicyFile(authorizerLock, authorizationPolicyFile)
			if err != nil {
				return nil, err
			}
			authorizers = append(authorizers, authorizerLock)
		default:
			return nil, fmt.Errorf("Unknown authorization mode %s specified", authorizationMode)
		}
		authorizerMap[authorizationMode] = true
	}

	if !authorizerMap[ModeABAC] && authorizationPolicyFile != "" {
		return nil, errors.New("Cannot specify --authorization-policy-file without mode ABAC")
	}

	return union.New(authorizers...), nil
}
开发者ID:chaolou,项目名称:kubernetes,代码行数:45,代码来源:authz.go



注:本文中的k8s/io/kubernetes/pkg/auth/authorizer/abac.NewFromFile函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
Golang union.New函数代码示例发布时间:2022-05-28
下一篇:
Golang authorizer.Authorizer类代码示例发布时间:2022-05-28
热门推荐
热门话题
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap