• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

Golang authorizer.NewForbiddenMessageResolver函数代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了Golang中github.com/openshift/origin/pkg/authorization/authorizer.NewForbiddenMessageResolver函数的典型用法代码示例。如果您正苦于以下问题:Golang NewForbiddenMessageResolver函数的具体用法?Golang NewForbiddenMessageResolver怎么用?Golang NewForbiddenMessageResolver使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。



在下文中一共展示了NewForbiddenMessageResolver函数的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。

示例1: newAuthorizer

func newAuthorizer(policyClient policyclient.ReadOnlyPolicyClient, projectRequestDenyMessage string) authorizer.Authorizer {
	authorizer := authorizer.NewAuthorizer(rulevalidation.NewDefaultRuleResolver(
		rulevalidation.PolicyGetter(policyClient),
		rulevalidation.BindingLister(policyClient),
		rulevalidation.ClusterPolicyGetter(policyClient),
		rulevalidation.ClusterBindingLister(policyClient),
	), authorizer.NewForbiddenMessageResolver(projectRequestDenyMessage))
	return authorizer
}
开发者ID:vikaslaad,项目名称:origin,代码行数:9,代码来源:master_config.go


示例2: TestAuthorize

func TestAuthorize(t *testing.T) {
	testCases := []struct {
		name                string
		user                user.Info
		attributes          defaultauthorizer.DefaultAuthorizationAttributes
		delegateAuthAllowed bool
		expectedCalled      bool
		expectedAllowed     bool
		expectedErr         string
		expectedMsg         string
	}{
		{
			name:        "no user",
			expectedErr: `user missing from context`,
		},
		{
			name:           "no extra",
			user:           &user.DefaultInfo{},
			expectedCalled: true,
		},
		{
			name:           "empty extra",
			user:           &user.DefaultInfo{Extra: map[string][]string{}},
			expectedCalled: true,
		},
		{
			name:           "empty scopes",
			user:           &user.DefaultInfo{Extra: map[string][]string{authorizationapi.ScopesKey: {}}},
			expectedCalled: true,
		},
		{
			name:        "bad scope",
			user:        &user.DefaultInfo{Extra: map[string][]string{authorizationapi.ScopesKey: {"does-not-exist"}}},
			expectedMsg: `scopes [does-not-exist] prevent this action; User "" cannot "" "" with name "" in project "ns"`,
			expectedErr: `no scope evaluator found for "does-not-exist"`,
		},
		{
			name:        "bad scope 2",
			user:        &user.DefaultInfo{Extra: map[string][]string{authorizationapi.ScopesKey: {"user:dne"}}},
			expectedMsg: `scopes [user:dne] prevent this action; User "" cannot "" "" with name "" in project "ns"`,
			expectedErr: `unrecognized scope: user:dne`,
		},
		{
			name:        "scope doesn't cover",
			user:        &user.DefaultInfo{Extra: map[string][]string{authorizationapi.ScopesKey: {"user:info"}}},
			attributes:  defaultauthorizer.DefaultAuthorizationAttributes{Verb: "get", Resource: "users", ResourceName: "harold"},
			expectedMsg: `scopes [user:info] prevent this action; User "" cannot get users in project "ns"`,
		},
		{
			name:           "scope covers",
			user:           &user.DefaultInfo{Extra: map[string][]string{authorizationapi.ScopesKey: {"user:info"}}},
			attributes:     defaultauthorizer.DefaultAuthorizationAttributes{Verb: "get", Resource: "users", ResourceName: "~"},
			expectedCalled: true,
		},
		{
			name:           "scope covers for discovery",
			user:           &user.DefaultInfo{Extra: map[string][]string{authorizationapi.ScopesKey: {"user:info"}}},
			attributes:     defaultauthorizer.DefaultAuthorizationAttributes{Verb: "get", NonResourceURL: true, URL: "/api"},
			expectedCalled: true,
		},
	}

	for _, tc := range testCases {
		delegate := &fakeAuthorizer{allowed: tc.delegateAuthAllowed}
		authorizer := NewAuthorizer(delegate, nil, defaultauthorizer.NewForbiddenMessageResolver(""))

		ctx := kapi.WithNamespace(kapi.NewContext(), "ns")
		if tc.user != nil {
			ctx = kapi.WithUser(ctx, tc.user)

		}

		actualAllowed, actualMsg, actualErr := authorizer.Authorize(ctx, tc.attributes)
		switch {
		case len(tc.expectedErr) == 0 && actualErr == nil:
		case len(tc.expectedErr) == 0 && actualErr != nil:
			t.Errorf("%s: unexpected error: %v", tc.name, actualErr)
		case len(tc.expectedErr) != 0 && actualErr == nil:
			t.Errorf("%s: missing error: %v", tc.name, tc.expectedErr)
		case len(tc.expectedErr) != 0 && actualErr != nil:
			if !strings.Contains(actualErr.Error(), tc.expectedErr) {
				t.Errorf("%s: expected %v, got %v", tc.name, tc.expectedErr, actualErr)
			}
		}
		if tc.expectedMsg != actualMsg {
			t.Errorf("%s: expected %v, got %v", tc.name, tc.expectedMsg, actualMsg)
		}
		if tc.expectedAllowed != actualAllowed {
			t.Errorf("%s: expected %v, got %v", tc.name, tc.expectedAllowed, actualAllowed)
		}
		if tc.expectedCalled != delegate.called {
			t.Errorf("%s: expected %v, got %v", tc.name, tc.expectedCalled, delegate.called)
		}
	}
}
开发者ID:RomainVabre,项目名称:origin,代码行数:95,代码来源:authorizer_test.go


示例3: newAuthorizer

func newAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, informerFactory shared.InformerFactory, projectRequestDenyMessage string) authorizer.Authorizer {
	messageMaker := authorizer.NewForbiddenMessageResolver(projectRequestDenyMessage)
	roleBasedAuthorizer := authorizer.NewAuthorizer(ruleResolver, messageMaker)
	scopeLimitedAuthorizer := scope.NewAuthorizer(roleBasedAuthorizer, informerFactory.ClusterPolicies().Lister().ClusterPolicies(), messageMaker)
	return scopeLimitedAuthorizer
}
开发者ID:rhamilto,项目名称:origin,代码行数:6,代码来源:master_config.go


示例4: newAuthorizer

func newAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, policyClient policyclient.ReadOnlyPolicyClient, projectRequestDenyMessage string) authorizer.Authorizer {
	messageMaker := authorizer.NewForbiddenMessageResolver(projectRequestDenyMessage)
	roleBasedAuthorizer := authorizer.NewAuthorizer(ruleResolver, messageMaker)
	scopeLimitedAuthorizer := scope.NewAuthorizer(roleBasedAuthorizer, policyClient, messageMaker)
	return scopeLimitedAuthorizer
}
开发者ID:sgallagher,项目名称:origin,代码行数:6,代码来源:master_config.go



注:本文中的github.com/openshift/origin/pkg/authorization/authorizer.NewForbiddenMessageResolver函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
Golang authorizer.ToDefaultAuthorizationAttributes函数代码示例发布时间:2022-05-28
下一篇:
Golang authorizer.NewAuthorizer函数代码示例发布时间:2022-05-28
热门推荐
热门话题
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap