Skip to content

Commit

Permalink
Merge pull request #820 from lpabon/ownership-oidc2
Browse files Browse the repository at this point in the history
Ownership support for volumes
  • Loading branch information
lpabon authored Jan 16, 2019
2 parents 573c33b + 233c32a commit dacb2a4
Show file tree
Hide file tree
Showing 27 changed files with 2,456 additions and 1,090 deletions.
7 changes: 4 additions & 3 deletions SDK_CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
# Changelog

> NOTE: The SDK is still in tech preview. Once officially released, this changelog will also
> use the SDK version numbers.
## Releases

### v0.37.0 - Tech Preview (1/16/2019)

* Ownership support in the VolumeSpec

### v0.36.0 - Tech Preview (1/7/2019)

* Refactor confusing labels.
Expand Down
29 changes: 29 additions & 0 deletions api/api.go
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
package api

import (
"context"
"fmt"
"math"
"strconv"
"strings"
"time"

"github.com/golang/protobuf/ptypes"
"github.com/libopenstorage/openstorage/pkg/auth"

"github.com/mohae/deepcopy"
)
Expand Down Expand Up @@ -943,3 +945,30 @@ func (l *VolumeLocator) MergeVolumeSpecLabels(s *VolumeSpec) *VolumeLocator {

return l
}

func (v *Volume) IsPermitted(ctx context.Context) bool {
return v.GetSpec().IsPermitted(ctx)
}

func (v *VolumeSpec) IsPermitted(ctx context.Context) bool {
if v.GetOwnership() != nil {
if userinfo, ok := auth.NewUserInfoFromContext(ctx); ok {
// Check Access
return v.IsPermittedFromUserInfo(userinfo)
} else {
// There is no user information in the context so
// authorization is not running
return true
}
}

// There is no ownership on this volume, so allow access
return true
}

func (v *VolumeSpec) IsPermittedFromUserInfo(user *auth.UserInfo) bool {
if v.GetOwnership() != nil {
return v.GetOwnership().IsPermitted(user)
}
return true
}
Loading

0 comments on commit dacb2a4

Please sign in to comment.