update dependencies and run make fmt

Author: dims

cmd/k8s-keystone-auth/main.go

@@ -19,8 +19,8 @@ import (
 	"log"
 	"net/http"
 
-	"github.com/dims/k8s-keystone-auth/pkg/authenticator/token/keystone"
-	"github.com/dims/k8s-keystone-auth/pkg/identity/webhook"
+	"git.openstack.org/openstack/openstack-cloud-controller-manager/pkg/authenticator/token/keystone"
+	"git.openstack.org/openstack/openstack-cloud-controller-manager/pkg/identity/webhook"
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authorization/authorizer"
 )

glide.lock

@@ -27,6 +27,7 @@ import:
   - openstack/networking/v2/extensions/security/rules
   - openstack/networking/v2/networks
   - openstack/networking/v2/ports
+  - openstack/utils
   - pagination
 - package: github.com/kubernetes-incubator/external-storage
   repo: https://github.com/dims/external-storage
@@ -57,6 +58,9 @@ import:
 - package: k8s.io/apiserver
   version: kubernetes-1.9.2
   subpackages:
+  - pkg/authentication/authenticator
+  - pkg/authentication/user
+  - pkg/authorization/authorizer
   - pkg/server/healthz
   - pkg/util/flag
   - pkg/util/logs

glide.yaml

@@ -17,11 +17,11 @@ limitations under the License.
 package keystone
 
 import (
-	"log"
 	"github.com/gophercloud/gophercloud"
+	"log"
 
-	"k8s.io/apiserver/pkg/authorization/authorizer"
 	"encoding/json"
+	"k8s.io/apiserver/pkg/authorization/authorizer"
 )
 
 type KeystoneAuthorizer struct {
@@ -96,7 +96,7 @@ func nonResourceMatches(p Policy, a authorizer.Attributes) bool {
 func match(match Match, attributes authorizer.Attributes) bool {
 	user := attributes.GetUser()
 	if match.Type == "group" {
-		for _, group  := range user.GetGroups() {
+		for _, group := range user.GetGroups() {
 			if match.Value == "*" || group == match.Value {
 				return true
 			}
@@ -143,7 +143,7 @@ func match(match Match, attributes authorizer.Attributes) bool {
 	return false
 }
 
-func (KeystoneAuthorizer *KeystoneAuthorizer) Authorize(a authorizer.Attributes) (authorized bool, reason string, err error) {
+func (KeystoneAuthorizer *KeystoneAuthorizer) Authorize(a authorizer.Attributes) (authorized authorizer.Decision, reason string, err error) {
 	log.Printf("Authorizing user : %#v\n", a.GetUser())
 	for _, p := range KeystoneAuthorizer.pl {
 		if p.NonResourceSpec != nil && p.ResourceSpec != nil {
@@ -152,13 +152,13 @@ func (KeystoneAuthorizer *KeystoneAuthorizer) Authorize(a authorizer.Attributes)
 		}
 		if p.ResourceSpec != nil {
 			if resourceMatches(*p, a) {
-				return true, "", nil
+				return authorizer.DecisionAllow, "", nil
 			}
 		} else if p.NonResourceSpec != nil {
 			if nonResourceMatches(*p, a) {
-				return true, "", nil
+				return authorizer.DecisionAllow, "", nil
 			}
 		}
 	}
-	return false, "No policy matched.", nil
+	return authorizer.DecisionDeny, "No policy matched.", nil
 }

pkg/authenticator/token/keystone/authorizer.go

@@ -18,11 +18,11 @@ package keystone
 
 import (
 	"crypto/tls"
-	"errors"
 	"encoding/json"
+	"errors"
 	"fmt"
-	"net/http"
 	"log"
+	"net/http"
 	//"strings"
 
 	"github.com/golang/glog"
@@ -127,5 +127,5 @@ func NewKeystoneAuthorizer(authURL string, caFile string, policyFile string) (*K
 		log.Fatalf(">>> Error %#v", err)
 	}
 
-	return &KeystoneAuthorizer{authURL: authURL, client: client, pl:policyList}, nil
-}
+	return &KeystoneAuthorizer{authURL: authURL, client: client, pl: policyList}, nil
+}

pkg/authenticator/token/keystone/keystone.go

@@ -17,9 +17,9 @@ limitations under the License.
 package keystone
 
 import (
-	"os"
 	"bufio"
 	"encoding/json"
+	"os"
 )
 
 type Policy struct {

pkg/authenticator/token/keystone/policy.go

@@ -20,8 +20,8 @@ import (
 	"net/http"
 
 	"k8s.io/apiserver/pkg/authentication/authenticator"
-	"k8s.io/apiserver/pkg/authorization/authorizer"
 	"k8s.io/apiserver/pkg/authentication/user"
+	"k8s.io/apiserver/pkg/authorization/authorizer"
 	"log"
 )
 
@@ -126,28 +126,28 @@ func (h *WebhookHandler) authorizeToken(w http.ResponseWriter, r *http.Request,
 
 	spec := data["spec"].(map[string]interface{})
 
-	username :=  spec["user"]
+	username := spec["user"]
 	usr := &user.DefaultInfo{
-		Name:   username.(string),
+		Name: username.(string),
 	}
 	attrs := authorizer.AttributesRecord{
 		User: usr,
 	}
 
 	groups := spec["group"].([]interface{})
 	for _, v := range groups {
-			usr.Groups = append(usr.Groups, v.(string))
+		usr.Groups = append(usr.Groups, v.(string))
 	}
 	if extras, ok := spec["extra"].(map[string]interface{}); ok {
 		usr.Extra = make(map[string][]string, len(extras))
 		for key, value := range extras {
-				for _,v := range value.([]interface{}) {
-					if data, ok := usr.Extra[key] ; ok {
-						usr.Extra[key] = append(data, v.(string))
-					} else {
-						usr.Extra[key] = []string{v.(string)}
-					}
+			for _, v := range value.([]interface{}) {
+				if data, ok := usr.Extra[key]; ok {
+					usr.Extra[key] = append(data, v.(string))
+				} else {
+					usr.Extra[key] = []string{v.(string)}
 				}
+			}
 		}
 	}