mirror of
https://github.com/fluxcd/flagger.git
synced 2026-03-02 01:30:48 +00:00
6085753d84
This allows to forbid access from canaries in non-whitelisted namespaces. In a multi-tenant context, this can be combined with network policies to maintain isolation between namespaces. Signed-off-by: Cédric Connes <cedric.connes@gmail.com>
38 lines
1.0 KiB
Go
38 lines
1.0 KiB
Go
/*
|
|
Copyright 2020 The Flux authors
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package loadtester
|
|
|
|
import (
|
|
"regexp"
|
|
|
|
flaggerv1 "github.com/fluxcd/flagger/pkg/apis/flagger/v1beta1"
|
|
)
|
|
|
|
type Authorizer struct {
|
|
namespaceRegexp *regexp.Regexp
|
|
}
|
|
|
|
func NewAuthorizer(namespaceRegexp *regexp.Regexp) *Authorizer {
|
|
return &Authorizer{
|
|
namespaceRegexp: namespaceRegexp,
|
|
}
|
|
}
|
|
|
|
func (a *Authorizer) Authorize(payload *flaggerv1.CanaryWebhookPayload) bool {
|
|
return a.namespaceRegexp == nil || a.namespaceRegexp.MatchString(payload.Namespace)
|
|
}
|