kuma
1package access
2
3import (
4"context"
5
6config_access "github.com/kumahq/kuma/pkg/config/access"
7"github.com/kumahq/kuma/pkg/core/access"
8"github.com/kumahq/kuma/pkg/core/user"
9)
10
11type staticZoneTokenAccess struct {
12usernames map[string]bool
13groups map[string]bool
14}
15
16var _ ZoneTokenAccess = &staticZoneTokenAccess{}
17
18func NewStaticZoneTokenAccess(cfg config_access.GenerateZoneTokenStaticAccessConfig) ZoneTokenAccess {
19s := &staticZoneTokenAccess{
20usernames: map[string]bool{},
21groups: map[string]bool{},
22}
23for _, user := range cfg.Users {
24s.usernames[user] = true
25}
26for _, group := range cfg.Groups {
27s.groups[group] = true
28}
29return s
30}
31
32func (s *staticZoneTokenAccess) ValidateGenerateZoneToken(ctx context.Context, zone string, user user.User) error {
33allowed := s.usernames[user.Name]
34for _, group := range user.Groups {
35if s.groups[group] {
36allowed = true
37}
38}
39if !allowed {
40return &access.AccessDeniedError{Reason: "action not allowed"}
41}
42return nil
43}
44