Merge pull request kubernetes#75834 from jlucktay/golint_pkg/auth/authorizer/abac

Golint pkg/auth/authorizer/abac

Author: k8s-ci-robot

hack/.golint_failures

@@ -61,7 +61,6 @@ pkg/apis/storage/v1
 pkg/apis/storage/v1/util
 pkg/apis/storage/v1beta1
 pkg/apis/storage/v1beta1/util
-pkg/auth/authorizer/abac
 pkg/capabilities
 pkg/cloudprovider/providers/fake
 pkg/cloudprovider/providers/photon

pkg/auth/authorizer/abac/abac.go

@@ -14,11 +14,9 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+// Package abac authorizes Kubernetes API actions using an Attribute-based access control scheme.
 package abac
 
-// Policy authorizes Kubernetes API actions using an Attribute-based access
-// control scheme.
-
 import (
 	"bufio"
 	"fmt"
@@ -31,6 +29,8 @@ import (
 	"k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/apiserver/pkg/authorization/authorizer"
 	"k8s.io/kubernetes/pkg/apis/abac"
+
+	// Import latest API for init/side-effects
 	_ "k8s.io/kubernetes/pkg/apis/abac/latest"
 	"k8s.io/kubernetes/pkg/apis/abac/v0"
 )
@@ -49,10 +49,13 @@ func (p policyLoadError) Error() string {
 	return fmt.Sprintf("error reading policy file %s: %v", p.path, p.err)
 }
 
-type policyList []*abac.Policy
+// PolicyList is simply a slice of Policy structs.
+type PolicyList []*abac.Policy
 
+// NewFromFile attempts to create a policy list from the given file.
+//
 // TODO: Have policies be created via an API call and stored in REST storage.
-func NewFromFile(path string) (policyList, error) {
+func NewFromFile(path string) (PolicyList, error) {
 	// File format is one map per line.  This allows easy concatenation of files,
 	// comments in files, and identification of errors by line number.
 	file, err := os.Open(path)
@@ -62,7 +65,7 @@ func NewFromFile(path string) (policyList, error) {
 	defer file.Close()
 
 	scanner := bufio.NewScanner(file)
-	pl := make(policyList, 0)
+	pl := make(PolicyList, 0)
 
 	decoder := abac.Codecs.UniversalDecoder()
 
@@ -220,8 +223,8 @@ func resourceMatches(p abac.Policy, a authorizer.Attributes) bool {
 	return false
 }
 
-// Authorizer implements authorizer.Authorize
-func (pl policyList) Authorize(a authorizer.Attributes) (authorizer.Decision, string, error) {
+// Authorize implements authorizer.Authorize
+func (pl PolicyList) Authorize(a authorizer.Attributes) (authorizer.Decision, string, error) {
 	for _, p := range pl {
 		if matches(*p, a) {
 			return authorizer.DecisionAllow, "", nil
@@ -233,7 +236,8 @@ func (pl policyList) Authorize(a authorizer.Attributes) (authorizer.Decision, st
 	// Then, add Caching only if needed.
 }
 
-func (pl policyList) RulesFor(user user.Info, namespace string) ([]authorizer.ResourceRuleInfo, []authorizer.NonResourceRuleInfo, bool, error) {
+// RulesFor returns rules for the given user and namespace.
+func (pl PolicyList) RulesFor(user user.Info, namespace string) ([]authorizer.ResourceRuleInfo, []authorizer.NonResourceRuleInfo, bool, error) {
 	var (
 		resourceRules    []authorizer.ResourceRuleInfo
 		nonResourceRules []authorizer.NonResourceRuleInfo

pkg/auth/authorizer/abac/abac_test.go

@@ -815,7 +815,7 @@ func TestSubjectMatches(t *testing.T) {
 	}
 }
 
-func newWithContents(t *testing.T, contents string) (policyList, error) {
+func newWithContents(t *testing.T, contents string) (PolicyList, error) {
 	f, err := ioutil.TempFile("", "abac_test")
 	if err != nil {
 		t.Fatalf("unexpected error creating policyfile: %v", err)