func()

in internal/beater/auth/anonymous.go [47:80]

• 30 lines of code
• 10 McCabe index (conditional complexity)

func (a *anonymousAuth) Authorize(ctx context.Context, action Action, resource Resource) error {
	switch action {
	case ActionAgentConfig:
		// Anonymous access to agent config should be restricted by service.
		// Agent config queries do not provide an agent name, so that is not
		// checked here. Instead, the agent config handlers will filter results
		// down to those in the allowed agent list.
		if len(a.allowedServices) != 0 && !a.allowedServices[resource.ServiceName] {
			return fmt.Errorf(
				"%w: anonymous access not permitted for service %q",
				ErrUnauthorized, resource.ServiceName,
			)
		}
		return nil
	case ActionEventIngest:
		if len(a.allowedServices) != 0 && !a.allowedServices[resource.ServiceName] {
			return fmt.Errorf(
				"%w: anonymous access not permitted for service %q",
				ErrUnauthorized, resource.ServiceName,
			)
		}
		if len(a.allowedAgents) != 0 && !a.allowedAgents[resource.AgentName] {
			return fmt.Errorf(
				"%w: anonymous access not permitted for agent %q",
				ErrUnauthorized, resource.AgentName,
			)
		}
		return nil
	case ActionSourcemapUpload:
		return fmt.Errorf("%w: anonymous access not permitted for sourcemap uploads", ErrUnauthorized)
	default:
		return fmt.Errorf("unknown action %q", action)
	}
}