Skip to content

Commit

Permalink
Add support for service accounts - RHCLOUD-30358 (#330)
Browse files Browse the repository at this point in the history
Co-authored-by: Tahmid Efaz <tefaz@redhat.com>
dehort and tahmidefaz authored Jan 30, 2024
1 parent 888da7f commit 4d5a1d6
Showing 2 changed files with 5 additions and 1 deletion.
5 changes: 4 additions & 1 deletion internal/api/middleware/identityType.go
Original file line number Diff line number Diff line change
@@ -9,6 +9,7 @@ import (
)

const userType = "user"
const serviceAccountType = "serviceaccount"

func EnforceIdentityType(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -20,7 +21,9 @@ func EnforceIdentityType(next http.Handler) http.Handler {
return
}

if principalType := strings.ToLower(identity.Identity.Type); principalType != userType {
principalType := strings.ToLower(identity.Identity.Type)

if principalType != userType && principalType != serviceAccountType {
http.Error(w, fmt.Sprintf("unauthorized principal type: %s", principalType), 403)
return
}
1 change: 1 addition & 0 deletions internal/api/middleware/identityType_test.go
Original file line number Diff line number Diff line change
@@ -35,6 +35,7 @@ var _ = Describe("Identity type middleware", func() {
},

Entry("User", "User", 200, ""),
Entry("ServiceAccount", "ServiceAccount", 200, ""),
Entry("System", "System", 403, "unauthorized principal type: system\n"),
Entry("Random", "salad", 403, "unauthorized principal type: salad\n"),
)

0 comments on commit 4d5a1d6

Please sign in to comment.