k8s.io/kubernetes@v1.29.3/pkg/registry/authorization/rest/storage_authorization.go (about) 1 /* 2 Copyright 2016 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package rest 18 19 import ( 20 authorizationv1 "k8s.io/api/authorization/v1" 21 "k8s.io/apiserver/pkg/authorization/authorizer" 22 "k8s.io/apiserver/pkg/registry/generic" 23 "k8s.io/apiserver/pkg/registry/rest" 24 genericapiserver "k8s.io/apiserver/pkg/server" 25 serverstorage "k8s.io/apiserver/pkg/server/storage" 26 "k8s.io/kubernetes/pkg/api/legacyscheme" 27 "k8s.io/kubernetes/pkg/apis/authorization" 28 "k8s.io/kubernetes/pkg/registry/authorization/localsubjectaccessreview" 29 "k8s.io/kubernetes/pkg/registry/authorization/selfsubjectaccessreview" 30 "k8s.io/kubernetes/pkg/registry/authorization/selfsubjectrulesreview" 31 "k8s.io/kubernetes/pkg/registry/authorization/subjectaccessreview" 32 ) 33 34 type RESTStorageProvider struct { 35 Authorizer authorizer.Authorizer 36 RuleResolver authorizer.RuleResolver 37 } 38 39 func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, error) { 40 if p.Authorizer == nil { 41 return genericapiserver.APIGroupInfo{}, nil 42 } 43 44 apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(authorization.GroupName, legacyscheme.Scheme, legacyscheme.ParameterCodec, legacyscheme.Codecs) 45 // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. 46 // TODO refactor the plumbing to provide the information in the APIGroupInfo 47 48 if storageMap := p.v1Storage(apiResourceConfigSource, restOptionsGetter); len(storageMap) > 0 { 49 apiGroupInfo.VersionedResourcesStorageMap[authorizationv1.SchemeGroupVersion.Version] = storageMap 50 } 51 52 return apiGroupInfo, nil 53 } 54 55 func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage { 56 storage := map[string]rest.Storage{} 57 58 // subjectaccessreviews 59 if resource := "subjectaccessreviews"; apiResourceConfigSource.ResourceEnabled(authorizationv1.SchemeGroupVersion.WithResource(resource)) { 60 storage[resource] = subjectaccessreview.NewREST(p.Authorizer) 61 } 62 63 // selfsubjectaccessreviews 64 if resource := "selfsubjectaccessreviews"; apiResourceConfigSource.ResourceEnabled(authorizationv1.SchemeGroupVersion.WithResource(resource)) { 65 storage[resource] = selfsubjectaccessreview.NewREST(p.Authorizer) 66 } 67 68 // localsubjectaccessreviews 69 if resource := "localsubjectaccessreviews"; apiResourceConfigSource.ResourceEnabled(authorizationv1.SchemeGroupVersion.WithResource(resource)) { 70 storage[resource] = localsubjectaccessreview.NewREST(p.Authorizer) 71 } 72 73 // selfsubjectrulesreviews 74 if resource := "selfsubjectrulesreviews"; apiResourceConfigSource.ResourceEnabled(authorizationv1.SchemeGroupVersion.WithResource(resource)) { 75 storage[resource] = selfsubjectrulesreview.NewREST(p.RuleResolver) 76 } 77 78 return storage 79 } 80 81 func (p RESTStorageProvider) GroupName() string { 82 return authorization.GroupName 83 }