func CopyToAuthorization()

in pkg/authority/k8s/controller.go [220:325]

• 103 lines of code
• 20 McCabe index (conditional complexity)

func CopyToAuthorization(key, rootNamespace string, pa *apiV1beta1.AuthorizationPolicy) *authorization.Policy {
	a := &authorization.Policy{}
	a.Name = key
	a.Spec = &authorization.PolicySpec{}
	a.Spec.Action = pa.Spec.Action
	if pa.Spec.Rules != nil {
		for _, rule := range pa.Spec.Rules {
			r := &authorization.PolicyRule{
				From: &authorization.Source{
					Namespaces:    rule.From.Namespaces,
					NotNamespaces: rule.From.NotNamespaces,
					IpBlocks:      rule.From.IpBlocks,
					NotIpBlocks:   rule.From.NotIpBlocks,
					Principals:    rule.From.Principals,
					NotPrincipals: rule.From.NotPrincipals,
				},
				To: &authorization.Target{
					Namespaces:    rule.To.Namespaces,
					NotNamespaces: rule.To.NotNamespaces,
					IpBlocks:      rule.To.IpBlocks,
					NotIpBlocks:   rule.To.NotIpBlocks,
					Principals:    rule.To.Principals,
					NotPrincipals: rule.To.NotPrincipals,
				},
				When: &authorization.Condition{
					Key: rule.When.Key,
				},
			}
			if rule.From.Extends != nil {
				for _, extends := range rule.From.Extends {
					r.From.Extends = append(r.From.Extends, &authorization.Extend{
						Key:   extends.Key,
						Value: extends.Value,
					})
				}
			}
			if rule.From.NotExtends != nil {
				for _, notExtend := range rule.From.NotExtends {
					r.From.NotExtends = append(r.From.NotExtends, &authorization.Extend{
						Key:   notExtend.Key,
						Value: notExtend.Value,
					})
				}
			}
			if rule.To.Extends != nil {
				for _, extends := range rule.To.Extends {
					r.To.Extends = append(r.To.Extends, &authorization.Extend{
						Key:   extends.Key,
						Value: extends.Value,
					})
				}
			}
			if rule.To.NotExtends != nil {
				for _, notExtend := range rule.To.NotExtends {
					r.To.NotExtends = append(r.To.NotExtends, &authorization.Extend{
						Key:   notExtend.Key,
						Value: notExtend.Value,
					})
				}
			}
			if rule.When.Values != nil {
				for _, value := range rule.When.Values {
					r.When.Values = append(r.When.Values, &authorization.Match{
						Type:  value.Type,
						Value: value.Value,
					})
				}
			}
			if rule.When.NotValues != nil {
				for _, notValue := range rule.When.NotValues {
					r.When.Values = append(r.When.Values, &authorization.Match{
						Type:  notValue.Type,
						Value: notValue.Value,
					})
				}
			}

			a.Spec.Rules = append(a.Spec.Rules, r)
		}
	}
	a.Spec.Samples = pa.Spec.Samples
	a.Spec.Order = pa.Spec.Order
	a.Spec.MatchType = pa.Spec.MatchType

	if rootNamespace == pa.Namespace {
		return a
	}

	if len(a.Spec.Rules) == 0 {
		a.Spec.Rules = append(a.Spec.Rules, &authorization.PolicyRule{
			To: &authorization.Target{
				Namespaces: []string{pa.Namespace},
			},
		})
	} else {
		for _, rule := range a.Spec.Rules {
			if rule.To != nil {
				rule.To = &authorization.Target{}
			}
			if !slices.Contains(rule.To.Namespaces, pa.Namespace) {
				rule.To.Namespaces = append(rule.To.Namespaces, pa.Namespace)
			}
		}
	}
	return a
}