Skip to content

Commit f83796c

Browse files
smarterclaytonsmarterclayton
committed
Make authorization conversions efficient
1 parent c983121 commit f83796c

File tree

4 files changed

+89
-74
lines changed

4 files changed

+89
-74
lines changed

Diff for: pkg/authorization/api/types.go

+12-4
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,8 @@ type RoleBinding struct {
105105
RoleRef kapi.ObjectReference
106106
}
107107

108+
type RolesByName map[string]*Role
109+
108110
// +genclient=true
109111

110112
// Policy is a object that holds all the Roles for a particular namespace. There is at most
@@ -117,9 +119,11 @@ type Policy struct {
117119
LastModified unversioned.Time
118120

119121
// Roles holds all the Roles held by this Policy, mapped by Role.Name
120-
Roles map[string]*Role
122+
Roles RolesByName
121123
}
122124

125+
type RoleBindingsByName map[string]*RoleBinding
126+
123127
// PolicyBinding is a object that holds all the RoleBindings for a particular namespace. There is
124128
// one PolicyBinding document per referenced Policy namespace
125129
type PolicyBinding struct {
@@ -133,7 +137,7 @@ type PolicyBinding struct {
133137
// PolicyRef is a reference to the Policy that contains all the Roles that this PolicyBinding's RoleBindings may reference
134138
PolicyRef kapi.ObjectReference
135139
// RoleBindings holds all the RoleBindings held by this PolicyBinding, mapped by RoleBinding.Name
136-
RoleBindings map[string]*RoleBinding
140+
RoleBindings RoleBindingsByName
137141
}
138142

139143
// SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace
@@ -331,6 +335,8 @@ type ClusterRoleBinding struct {
331335
RoleRef kapi.ObjectReference
332336
}
333337

338+
type ClusterRolesByName map[string]*ClusterRole
339+
334340
// ClusterPolicy is a object that holds all the ClusterRoles for a particular namespace. There is at most
335341
// one ClusterPolicy document per namespace.
336342
type ClusterPolicy struct {
@@ -342,9 +348,11 @@ type ClusterPolicy struct {
342348
LastModified unversioned.Time
343349

344350
// Roles holds all the ClusterRoles held by this ClusterPolicy, mapped by Role.Name
345-
Roles map[string]*ClusterRole
351+
Roles ClusterRolesByName
346352
}
347353

354+
type ClusterRoleBindingsByName map[string]*ClusterRoleBinding
355+
348356
// ClusterPolicyBinding is a object that holds all the ClusterRoleBindings for a particular namespace. There is
349357
// one ClusterPolicyBinding document per referenced ClusterPolicy namespace
350358
type ClusterPolicyBinding struct {
@@ -358,7 +366,7 @@ type ClusterPolicyBinding struct {
358366
// ClusterPolicyRef is a reference to the ClusterPolicy that contains all the ClusterRoles that this ClusterPolicyBinding's RoleBindings may reference
359367
PolicyRef kapi.ObjectReference
360368
// RoleBindings holds all the RoleBindings held by this ClusterPolicyBinding, mapped by RoleBinding.Name
361-
RoleBindings map[string]*ClusterRoleBinding
369+
RoleBindings ClusterRoleBindingsByName
362370
}
363371

364372
// ClusterPolicyList is a collection of ClusterPolicies

Diff for: pkg/authorization/api/v1/conversion.go

+60-66
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,6 @@ func Convert_api_ResourceAccessReviewResponse_To_v1_ResourceAccessReviewResponse
6666

6767
out.UsersSlice = in.Users.List()
6868
out.GroupsSlice = in.Groups.List()
69-
7069
return nil
7170
}
7271

@@ -112,19 +111,17 @@ func Convert_api_PolicyRule_To_v1_PolicyRule(in *newer.PolicyRule, out *PolicyRu
112111
}
113112

114113
func Convert_v1_Policy_To_api_Policy(in *Policy, out *newer.Policy, s conversion.Scope) error {
115-
out.LastModified = in.LastModified
116-
out.Roles = make(map[string]*newer.Role)
117-
return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
118-
}
119-
120-
func Convert_api_Policy_To_v1_Policy(in *newer.Policy, out *Policy, s conversion.Scope) error {
121-
out.LastModified = in.LastModified
122-
out.Roles = make([]NamedRole, 0, 0)
123-
return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
114+
if err := autoConvert_v1_Policy_To_api_Policy(in, out, s); err != nil {
115+
return err
116+
}
117+
if out.Roles == nil {
118+
out.Roles = make(map[string]*newer.Role)
119+
}
120+
return nil
124121
}
125122

126123
func Convert_v1_RoleBinding_To_api_RoleBinding(in *RoleBinding, out *newer.RoleBinding, s conversion.Scope) error {
127-
if err := s.DefaultConvert(in, out, conversion.IgnoreMissingFields|conversion.AllowDifferentFieldTypeNames); err != nil {
124+
if err := autoConvert_v1_RoleBinding_To_api_RoleBinding(in, out, s); err != nil {
128125
return err
129126
}
130127

@@ -139,7 +136,7 @@ func Convert_v1_RoleBinding_To_api_RoleBinding(in *RoleBinding, out *newer.RoleB
139136
}
140137

141138
func Convert_api_RoleBinding_To_v1_RoleBinding(in *newer.RoleBinding, out *RoleBinding, s conversion.Scope) error {
142-
if err := s.DefaultConvert(in, out, conversion.IgnoreMissingFields|conversion.AllowDifferentFieldTypeNames); err != nil {
139+
if err := autoConvert_api_RoleBinding_To_v1_RoleBinding(in, out, s); err != nil {
143140
return err
144141
}
145142

@@ -149,32 +146,28 @@ func Convert_api_RoleBinding_To_v1_RoleBinding(in *newer.RoleBinding, out *RoleB
149146
}
150147

151148
func Convert_v1_PolicyBinding_To_api_PolicyBinding(in *PolicyBinding, out *newer.PolicyBinding, s conversion.Scope) error {
152-
out.LastModified = in.LastModified
153-
out.RoleBindings = make(map[string]*newer.RoleBinding)
154-
return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
155-
}
156-
157-
func Convert_api_PolicyBinding_To_v1_PolicyBinding(in *newer.PolicyBinding, out *PolicyBinding, s conversion.Scope) error {
158-
out.LastModified = in.LastModified
159-
out.RoleBindings = make([]NamedRoleBinding, 0, 0)
160-
return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
149+
if err := autoConvert_v1_PolicyBinding_To_api_PolicyBinding(in, out, s); err != nil {
150+
return err
151+
}
152+
if out.RoleBindings == nil {
153+
out.RoleBindings = make(map[string]*newer.RoleBinding)
154+
}
155+
return nil
161156
}
162157

163158
// and now the globals
164159
func Convert_v1_ClusterPolicy_To_api_ClusterPolicy(in *ClusterPolicy, out *newer.ClusterPolicy, s conversion.Scope) error {
165-
out.LastModified = in.LastModified
166-
out.Roles = make(map[string]*newer.ClusterRole)
167-
return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
168-
}
169-
170-
func Convert_api_ClusterPolicy_To_v1_ClusterPolicy(in *newer.ClusterPolicy, out *ClusterPolicy, s conversion.Scope) error {
171-
out.LastModified = in.LastModified
172-
out.Roles = make([]NamedClusterRole, 0, 0)
173-
return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
160+
if err := autoConvert_v1_ClusterPolicy_To_api_ClusterPolicy(in, out, s); err != nil {
161+
return err
162+
}
163+
if out.Roles == nil {
164+
out.Roles = make(map[string]*newer.ClusterRole)
165+
}
166+
return nil
174167
}
175168

176169
func Convert_v1_ClusterRoleBinding_To_api_ClusterRoleBinding(in *ClusterRoleBinding, out *newer.ClusterRoleBinding, s conversion.Scope) error {
177-
if err := s.DefaultConvert(in, out, conversion.IgnoreMissingFields|conversion.AllowDifferentFieldTypeNames); err != nil {
170+
if err := autoConvert_v1_ClusterRoleBinding_To_api_ClusterRoleBinding(in, out, s); err != nil {
178171
return err
179172
}
180173

@@ -189,7 +182,7 @@ func Convert_v1_ClusterRoleBinding_To_api_ClusterRoleBinding(in *ClusterRoleBind
189182
}
190183

191184
func Convert_api_ClusterRoleBinding_To_v1_ClusterRoleBinding(in *newer.ClusterRoleBinding, out *ClusterRoleBinding, s conversion.Scope) error {
192-
if err := s.DefaultConvert(in, out, conversion.IgnoreMissingFields|conversion.AllowDifferentFieldTypeNames); err != nil {
185+
if err := autoConvert_api_ClusterRoleBinding_To_v1_ClusterRoleBinding(in, out, s); err != nil {
193186
return err
194187
}
195188

@@ -199,29 +192,31 @@ func Convert_api_ClusterRoleBinding_To_v1_ClusterRoleBinding(in *newer.ClusterRo
199192
}
200193

201194
func Convert_v1_ClusterPolicyBinding_To_api_ClusterPolicyBinding(in *ClusterPolicyBinding, out *newer.ClusterPolicyBinding, s conversion.Scope) error {
202-
out.LastModified = in.LastModified
203-
out.RoleBindings = make(map[string]*newer.ClusterRoleBinding)
204-
return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
195+
if err := autoConvert_v1_ClusterPolicyBinding_To_api_ClusterPolicyBinding(in, out, s); err != nil {
196+
return err
197+
}
198+
if out.RoleBindings == nil {
199+
out.RoleBindings = make(map[string]*newer.ClusterRoleBinding)
200+
}
201+
return nil
205202
}
206203

207-
func Convert_api_ClusterPolicyBinding_To_v1_ClusterPolicyBinding(in *newer.ClusterPolicyBinding, out *ClusterPolicyBinding, s conversion.Scope) error {
208-
out.LastModified = in.LastModified
209-
out.RoleBindings = make([]NamedClusterRoleBinding, 0, 0)
210-
return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)
211-
}
204+
func Convert_v1_NamedRoles_To_api_RolesByName(in *NamedRoles, out *newer.RolesByName, s conversion.Scope) error {
205+
if *out == nil {
206+
*out = make(newer.RolesByName)
207+
}
212208

213-
func Convert_v1_NamedRoleArray_to_api_RoleArray(in *[]NamedRole, out *map[string]*newer.Role, s conversion.Scope) error {
214209
for _, curr := range *in {
215210
newRole := &newer.Role{}
216-
if err := s.Convert(&curr.Role, newRole, 0); err != nil {
211+
if err := Convert_v1_Role_To_api_Role(&curr.Role, newRole, s); err != nil {
217212
return err
218213
}
219214
(*out)[curr.Name] = newRole
220215
}
221216

222217
return nil
223218
}
224-
func Convert_api_NamedRoleArray_to_v1_RoleArray(in *map[string]*newer.Role, out *[]NamedRole, s conversion.Scope) error {
219+
func Convert_api_RolesByName_To_v1_NamedRoles(in *newer.RolesByName, out *NamedRoles, s conversion.Scope) error {
225220
allKeys := make([]string, 0, len(*in))
226221
for key := range *in {
227222
allKeys = append(allKeys, key)
@@ -231,7 +226,7 @@ func Convert_api_NamedRoleArray_to_v1_RoleArray(in *map[string]*newer.Role, out
231226
for _, key := range allKeys {
232227
newRole := (*in)[key]
233228
oldRole := &Role{}
234-
if err := s.Convert(newRole, oldRole, 0); err != nil {
229+
if err := Convert_api_Role_To_v1_Role(newRole, oldRole, s); err != nil {
235230
return err
236231
}
237232

@@ -242,18 +237,21 @@ func Convert_api_NamedRoleArray_to_v1_RoleArray(in *map[string]*newer.Role, out
242237
return nil
243238
}
244239

245-
func Convert_v1_NamedRoleBindingArray_to_api_RoleBindingArray(in *[]NamedRoleBinding, out *map[string]*newer.RoleBinding, s conversion.Scope) error {
240+
func Convert_v1_NamedRoleBindings_To_api_RoleBindingsByName(in *NamedRoleBindings, out *newer.RoleBindingsByName, s conversion.Scope) error {
241+
if *out == nil {
242+
*out = make(newer.RoleBindingsByName)
243+
}
246244
for _, curr := range *in {
247245
newRoleBinding := &newer.RoleBinding{}
248-
if err := s.Convert(&curr.RoleBinding, newRoleBinding, 0); err != nil {
246+
if err := Convert_v1_RoleBinding_To_api_RoleBinding(&curr.RoleBinding, newRoleBinding, s); err != nil {
249247
return err
250248
}
251249
(*out)[curr.Name] = newRoleBinding
252250
}
253251

254252
return nil
255253
}
256-
func Convert_api_RoleBindingArray_to_v1_NamedRoleBindingArray(in *map[string]*newer.RoleBinding, out *[]NamedRoleBinding, s conversion.Scope) error {
254+
func Convert_api_RoleBindingsByName_To_v1_NamedRoleBindings(in *newer.RoleBindingsByName, out *NamedRoleBindings, s conversion.Scope) error {
257255
allKeys := make([]string, 0, len(*in))
258256
for key := range *in {
259257
allKeys = append(allKeys, key)
@@ -263,7 +261,7 @@ func Convert_api_RoleBindingArray_to_v1_NamedRoleBindingArray(in *map[string]*ne
263261
for _, key := range allKeys {
264262
newRoleBinding := (*in)[key]
265263
oldRoleBinding := &RoleBinding{}
266-
if err := s.Convert(newRoleBinding, oldRoleBinding, 0); err != nil {
264+
if err := Convert_api_RoleBinding_To_v1_RoleBinding(newRoleBinding, oldRoleBinding, s); err != nil {
267265
return err
268266
}
269267

@@ -274,18 +272,21 @@ func Convert_api_RoleBindingArray_to_v1_NamedRoleBindingArray(in *map[string]*ne
274272
return nil
275273
}
276274

277-
func Convert_v1_NamedClusterRoleArray_to_api_ClusterRoleArray(in *[]NamedClusterRole, out *map[string]*newer.ClusterRole, s conversion.Scope) error {
275+
func Convert_v1_NamedClusterRoles_To_api_ClusterRolesByName(in *NamedClusterRoles, out *newer.ClusterRolesByName, s conversion.Scope) error {
276+
if *out == nil {
277+
*out = make(newer.ClusterRolesByName)
278+
}
278279
for _, curr := range *in {
279280
newRole := &newer.ClusterRole{}
280-
if err := s.Convert(&curr.Role, newRole, 0); err != nil {
281+
if err := Convert_v1_ClusterRole_To_api_ClusterRole(&curr.Role, newRole, s); err != nil {
281282
return err
282283
}
283284
(*out)[curr.Name] = newRole
284285
}
285286

286287
return nil
287288
}
288-
func Convert_api_ClusterRoleArray_to_v1_NamedClusterRoleArray(in *map[string]*newer.ClusterRole, out *[]NamedClusterRole, s conversion.Scope) error {
289+
func Convert_api_ClusterRolesByName_To_v1_NamedClusterRoles(in *newer.ClusterRolesByName, out *NamedClusterRoles, s conversion.Scope) error {
289290
allKeys := make([]string, 0, len(*in))
290291
for key := range *in {
291292
allKeys = append(allKeys, key)
@@ -295,7 +296,7 @@ func Convert_api_ClusterRoleArray_to_v1_NamedClusterRoleArray(in *map[string]*ne
295296
for _, key := range allKeys {
296297
newRole := (*in)[key]
297298
oldRole := &ClusterRole{}
298-
if err := s.Convert(newRole, oldRole, 0); err != nil {
299+
if err := Convert_api_ClusterRole_To_v1_ClusterRole(newRole, oldRole, s); err != nil {
299300
return err
300301
}
301302

@@ -305,18 +306,20 @@ func Convert_api_ClusterRoleArray_to_v1_NamedClusterRoleArray(in *map[string]*ne
305306

306307
return nil
307308
}
308-
func Convert_v1_NamedClusterRoleBindingArray_to_ClusterRoleBindingArray(in *[]NamedClusterRoleBinding, out *map[string]*newer.ClusterRoleBinding, s conversion.Scope) error {
309+
func Convert_v1_NamedClusterRoleBindings_To_api_ClusterRoleBindingsByName(in *NamedClusterRoleBindings, out *newer.ClusterRoleBindingsByName, s conversion.Scope) error {
310+
if *out == nil {
311+
*out = make(newer.ClusterRoleBindingsByName)
312+
}
309313
for _, curr := range *in {
310314
newRoleBinding := &newer.ClusterRoleBinding{}
311-
if err := s.Convert(&curr.RoleBinding, newRoleBinding, 0); err != nil {
315+
if err := Convert_v1_ClusterRoleBinding_To_api_ClusterRoleBinding(&curr.RoleBinding, newRoleBinding, s); err != nil {
312316
return err
313317
}
314318
(*out)[curr.Name] = newRoleBinding
315319
}
316-
317320
return nil
318321
}
319-
func Convert_api_ClusterRoleBindingArray_to_v1_NamedClusterRoleBindingArray(in *map[string]*newer.ClusterRoleBinding, out *[]NamedClusterRoleBinding, s conversion.Scope) error {
322+
func Convert_api_ClusterRoleBindingsByName_To_v1_NamedClusterRoleBindings(in *newer.ClusterRoleBindingsByName, out *NamedClusterRoleBindings, s conversion.Scope) error {
320323
allKeys := make([]string, 0, len(*in))
321324
for key := range *in {
322325
allKeys = append(allKeys, key)
@@ -326,7 +329,7 @@ func Convert_api_ClusterRoleBindingArray_to_v1_NamedClusterRoleBindingArray(in *
326329
for _, key := range allKeys {
327330
newRoleBinding := (*in)[key]
328331
oldRoleBinding := &ClusterRoleBinding{}
329-
if err := s.Convert(newRoleBinding, oldRoleBinding, 0); err != nil {
332+
if err := Convert_api_ClusterRoleBinding_To_v1_ClusterRoleBinding(newRoleBinding, oldRoleBinding, s); err != nil {
330333
return err
331334
}
332335

@@ -339,15 +342,6 @@ func Convert_api_ClusterRoleBindingArray_to_v1_NamedClusterRoleBindingArray(in *
339342

340343
func addConversionFuncs(scheme *runtime.Scheme) {
341344
err := scheme.AddConversionFuncs(
342-
Convert_v1_NamedRoleArray_to_api_RoleArray,
343-
Convert_api_NamedRoleArray_to_v1_RoleArray,
344-
Convert_v1_NamedRoleBindingArray_to_api_RoleBindingArray,
345-
Convert_api_RoleBindingArray_to_v1_NamedRoleBindingArray,
346-
Convert_v1_NamedClusterRoleArray_to_api_ClusterRoleArray,
347-
Convert_api_ClusterRoleArray_to_v1_NamedClusterRoleArray,
348-
Convert_v1_NamedClusterRoleBindingArray_to_ClusterRoleBindingArray,
349-
Convert_api_ClusterRoleBindingArray_to_v1_NamedClusterRoleBindingArray,
350-
351345
Convert_v1_SubjectAccessReview_To_api_SubjectAccessReview,
352346
Convert_api_SubjectAccessReview_To_v1_SubjectAccessReview,
353347
Convert_v1_LocalSubjectAccessReview_To_api_LocalSubjectAccessReview,

0 commit comments

Comments
 (0)