func match()

in pkg/identity/keystone/authorizer.go [237:311]

• 70 lines of code
• 25 McCabe index (conditional complexity)

func match(match []policyMatch, attributes authorizer.Attributes) bool {
	user := attributes.GetUser()
	var find = false
	types := []string{TypeGroup, TypeProject, TypeRole, TypeUser}

	for _, m := range match {
		if !findString(m.Type, types) {
			klog.Warningf("unknown type %s", m.Type)
			return false
		}
		if findString("*", m.Values) {
			continue
		}

		find = false

		if m.Type == TypeGroup {
			for _, group := range user.GetGroups() {
				if findString(group, m.Values) {
					find = true
					break
				}
			}
			if !find {
				return false
			}
		} else if m.Type == TypeUser {
			if !findString(user.GetName(), m.Values) && !findString(user.GetUID(), m.Values) {
				return false
			}
		} else if m.Type == TypeProject {
			if val, ok := user.GetExtra()[ProjectID]; ok {
				for _, item := range val {
					if findString(item, m.Values) {
						find = true
						break
					}
				}
				if find {
					continue
				}
			}

			if val, ok := user.GetExtra()[ProjectName]; ok {
				for _, item := range val {
					if findString(item, m.Values) {
						find = true
						break
					}
				}
				if find {
					continue
				}
			}
			return false
		} else if m.Type == TypeRole {
			if val, ok := user.GetExtra()[Roles]; ok {
				for _, item := range val {
					if findString(item, m.Values) {
						find = true
						break
					}
				}
				if find {
					continue
				}
			}
			return false
		} else {
			klog.Infof("unknown type %s. skipping.", m.Type)
		}
	}

	return true
}