newVserverUserAccess builds a vserver user access map based on access grants.
(cluster *config.Cluster)
| 45 | |
| 46 | // newVserverUserAccess builds a vserver user access map based on access grants. |
| 47 | func newVserverUserAccess(cluster *config.Cluster) (vserverUserAccess, error) { |
| 48 | vua := make(vserverUserAccess) |
| 49 | for _, vs := range cluster.Vservers { |
| 50 | for _, ag := range vs.AccessGrants { |
| 51 | if !ag.IsGroup { |
| 52 | vua.grantAccess(vs.Name, ag.Grantee, ag.Key()) |
| 53 | continue |
| 54 | } |
| 55 | group, ok := cluster.AccessGroups[ag.Grantee] |
| 56 | if !ok { |
| 57 | log.Warningf("vserver %v references non-existent access group %q, ignoring", vs.Name, ag.Grantee) |
| 58 | continue |
| 59 | } |
| 60 | for _, username := range group.Members { |
| 61 | vua.grantAccess(vs.Name, username, ag.Key()) |
| 62 | } |
| 63 | } |
| 64 | } |
| 65 | return vua, nil |
| 66 | } |
| 67 | |
| 68 | // vserverAccess handles access control evaluation for vservers. |
| 69 | type vserverAccess struct { |