public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
054e12b1aca94dea145f15475f80076c279ea20b
grafana/pkg/services/apiserver/auth/authorizer/impersonation.go
T
Karl Persson 43f56c5ca1 Apiserver: Refactor authenticator and authorizers (#101449) 
* Clean up authenticator

* Cleanup authorizers and replace org_id and stack_id with namespace authorizer

* Remove dependency on org service

* Extract orgID from /apis/ urls and validate stack id
2025-03-06 16:01:12 +01:00

24 lines
672 B
Go
Raw Blame History

package authorizer
import (
"context"
"k8s.io/apiserver/pkg/authorization/authorizer"
)
var _ authorizer.Authorizer = (*impersonationAuthorizer)(nil)
func newImpersonationAuthorizer() *impersonationAuthorizer {
return &impersonationAuthorizer{}
}
// ImpersonationAuthorizer denies all impersonation requests.
type impersonationAuthorizer struct{}
func (auth impersonationAuthorizer) Authorize(ctx context.Context, a authorizer.Attributes) (authorized authorizer.Decision, reason string, err error) {
if a.GetVerb() == "impersonate" {
return authorizer.DecisionDeny, "user impersonation is not supported", nil
}
return authorizer.DecisionNoOpinion, "", nil
}
Reference in New Issue View Git Blame Copy Permalink