func()

in pkg/admission/metadata/usergroup.go [50:81]

• 29 lines of code
• 9 McCabe index (conditional complexity)

func (u *UserGroupAnnotationHandler) IsAnnotationAllowed(userName string, groups []string) bool {
	if u.conf.GetTrustControllers() {
		for _, sysUser := range u.conf.GetSystemUsers() {
			if sysUser.MatchString(userName) {
				log.Log(log.Admission).Debug("Request submitted from a system user, bypassing",
					zap.String("userName", userName))
				return true
			}
		}
	}

	for _, allowedUser := range u.conf.GetExternalUsers() {
		if allowedUser.MatchString(userName) {
			log.Log(log.Admission).Debug("Request submitted from an allowed external user",
				zap.String("userName", userName))
			return true
		}
	}

	for _, allowedGroup := range u.conf.GetExternalGroups() {
		for _, group := range groups {
			if allowedGroup.MatchString(group) {
				log.Log(log.Admission).Debug("Request submitted from an allowed external group",
					zap.String("userName", userName),
					zap.String("group", group))
				return true
			}
		}
	}

	return false
}