Examples with V1SubjectAccessReviewStatus io.kubernetes.client.models.V1SubjectAccessReviewStatus used on opensource projects

Example 1 with V1SubjectAccessReviewStatus

use of io.kubernetes.client.models.V1SubjectAccessReviewStatus in project weblogic-kubernetes-operator by oracle.

the class AuthorizationProxy method check.

/**
 * Check if the specified principal is allowed to perform the specified operation on the
 * specified resource in the specified scope.
 *
 * @param principal     The user, group or service account.
 * @param groups        The groups that principal is a member of.
 * @param operation     The operation to be authorized.
 * @param resource      The kind of resource on which the operation is to be authorized.
 * @param resourceName  The name of the resource instance on which the operation is to be authorized.
 * @param scope         The scope of the operation (cluster or namespace).
 * @param namespaceName name of the namespace if scope is namespace else null.
 * @return true if the operation is allowed, or false if not.
 */
public boolean check(String principal, final List<String> groups, Operation operation, Resource resource, String resourceName, Scope scope, String namespaceName) {
    LOGGER.entering();
    V1SubjectAccessReview subjectAccessReview = prepareSubjectAccessReview(principal, groups, operation, resource, resourceName, scope, namespaceName);
    try {
        CallBuilderFactory factory = ContainerResolver.getInstance().getContainer().getSPI(CallBuilderFactory.class);
        subjectAccessReview = factory.create().createSubjectAccessReview(subjectAccessReview);
    } catch (ApiException e) {
        LOGGER.severe(MessageKeys.APIEXCEPTION_FROM_SUBJECT_ACCESS_REVIEW, e);
        LOGGER.exiting(Boolean.FALSE);
        return Boolean.FALSE;
    }
    V1SubjectAccessReviewStatus subjectAccessReviewStatus = subjectAccessReview.getStatus();
    Boolean result = subjectAccessReviewStatus.isAllowed();
    LOGGER.exiting(result);
    return result;
}