Merge pull request #34 from yue9944882/chore/expose-loopback-authz

k8s-ci-robot · web-flow · commit e20867ae0d8d · 2021-02-01T04:21:50.000-08:00
Exposing loopback authorizer so that custom authorization can be invoked in the REST implementation
diff --git a/pkg/builder/builder_misc.go b/pkg/builder/builder_misc.go
@@ -40,10 +40,18 @@ func (a *Server) WithAdditionalSchemesToBuild(s ...*runtime.Scheme) *Server {
 	return a
 }
 
-// ExposeLoopbackClientConfig exposes loopback client config as an external variable.
+// ExposeLoopbackClientConfig exposes loopback client config as an external singleton.
 func (a *Server) ExposeLoopbackClientConfig() *Server {
 	return a.WithServerFns(func(c *GenericAPIServer) *GenericAPIServer {
 		loopback.SetLoopbackClientConfig(c.LoopbackClientConfig)
 		return c
 	})
 }
+
+// ExposeLoopbackAuthorizer exposes loopback authorizer as an external singleton.
+func (a *Server) ExposeLoopbackAuthorizer() *Server {
+	return a.WithServerFns(func(s *GenericAPIServer) *GenericAPIServer {
+		loopback.SetAuthorizer(s.Authorizer)
+		return s
+	})
+}
diff --git a/pkg/util/loopback/authorizer.go b/pkg/util/loopback/authorizer.go
@@ -0,0 +1,38 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package loopback
+
+import (
+	"sync"
+
+	"k8s.io/apiserver/pkg/authorization/authorizer"
+)
+
+var authzOnce sync.Once
+var authz authorizer.Authorizer
+
+// SetAuthorizer provides loopback authorizer for one time
+func SetAuthorizer(c authorizer.Authorizer) {
+	authzOnce.Do(func() {
+		authz = c
+	})
+}
+
+// GetAuthorizer gets loopback authorizer performing delegated authorization.
+func GetAuthorizer() authorizer.Authorizer {
+	return authz
+}
diff --git a/pkg/util/loopback/client.go b/pkg/util/loopback/client.go
@@ -14,7 +14,6 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-// Package loopback is a set of utilities for apiserver loopback connections.
 package loopback
 
 import (
diff --git a/pkg/util/loopback/doc.go b/pkg/util/loopback/doc.go
@@ -0,0 +1,18 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package loopback is a set of utilities for apiserver loopback connections.
+package loopback
