func getAllowed()

in pkg/identity/keystone/authorizer.go [53:99]

• 41 lines of code
• 21 McCabe index (conditional complexity)

func getAllowed(definition string, str string) (sets.String, error) {
	allowed := sets.NewString()

	if definition == str || definition == "*" || str == "" {
		allowed.Insert(str)
	} else if strings.Index(definition, "!") == 0 && strings.Index(definition, "[") != 1 {
		// "!namespace"
		if definition[1:] == str || definition[1:] == "*" {
			return nil, fmt.Errorf("")
		}
		allowed.Insert(str)
	} else if strings.Index(definition, "[") == 0 && strings.Index(definition, "]") == (len(definition)-1) {
		// "['namespace1', 'namespace2']"
		var items []string
		if err := json.Unmarshal([]byte(strings.Replace(definition, "'", "\"", -1)), &items); err != nil {
			klog.V(4).Infof("Skip the permission definition %s", definition)
			return nil, fmt.Errorf("")
		}
		for _, val := range items {
			if val == "*" {
				allowed.Insert(str)
				continue
			}
			allowed.Insert(val)
		}
	} else if strings.Index(definition, "!") == 0 && strings.Index(definition, "[") == 1 && strings.Index(definition, "]") == (len(definition)-1) {
		// "!['namespace1', 'namespace2']"
		var items []string
		if err := json.Unmarshal([]byte(strings.Replace(definition[1:], "'", "\"", -1)), &items); err != nil {
			klog.V(4).Infof("Skip the permission definition %s", definition)
			return nil, fmt.Errorf("")
		}
		found := false
		for _, val := range items {
			if val == str || val == "*" {
				found = true
			}
		}

		if found {
			return nil, fmt.Errorf("")
		}
		allowed.Insert(str)
	}

	return allowed, nil
}