Documentation
¶
Index ¶
- Constants
- func HasServiceAccountPrefix(idName string) bool
- func NewContext(ctx context.Context, info *Info) context.Context
- func SameSubject(subject rbacv1.Subject, identity Identity) (bool, error)
- func ServiceAccountNSAndName(serviceAccountSubjectName string) (string, string)
- type CachingIdentityProvider
- type CertIdentityInspector
- type CertInspector
- type CertTokenIdentityProvider
- type ClientWrappingFunc
- type Identity
- type IdentityProvider
- type Info
- type InfoParser
- type NamespacePermissions
- func (o *NamespacePermissions) AuthorizedIn(ctx context.Context, identity Identity, namespace string) (bool, error)
- func (o *NamespacePermissions) GetAuthorizedOrgNamespaces(ctx context.Context, info Info) (map[string]bool, error)
- func (o *NamespacePermissions) GetAuthorizedSpaceNamespaces(ctx context.Context, info Info) (map[string]bool, error)
- type SpaceFilteringClient
- type TokenIdentityInspector
- type TokenReviewer
- type UnprivilegedClientFactory
- type UnprivilegedClientsetFactory
- type UserClientFactory
- type UserClientsetFactory
Constants ¶
View Source
const ( BearerScheme string = "bearer" CertScheme string = "clientcert" UnknownScheme string = "unknown" )
Variables ¶
This section is empty.
Functions ¶
func HasServiceAccountPrefix ¶ added in v0.7.0
func SameSubject ¶ added in v0.7.0
func ServiceAccountNSAndName ¶ added in v0.7.0
Types ¶
type CachingIdentityProvider ¶
type CachingIdentityProvider struct {
// contains filtered or unexported fields
}
func NewCachingIdentityProvider ¶
func NewCachingIdentityProvider(identityProvider IdentityProvider, identityCache *cache.Expiring) *CachingIdentityProvider
func (*CachingIdentityProvider) GetIdentity ¶
type CertIdentityInspector ¶
type CertInspector ¶
type CertInspector struct {
// contains filtered or unexported fields
}
func NewCertInspector ¶
func NewCertInspector(restConfig *rest.Config) *CertInspector
type CertTokenIdentityProvider ¶
type CertTokenIdentityProvider struct {
// contains filtered or unexported fields
}
func NewCertTokenIdentityProvider ¶
func NewCertTokenIdentityProvider(tokenInspector TokenIdentityInspector, certInspector CertIdentityInspector) *CertTokenIdentityProvider
func (*CertTokenIdentityProvider) GetIdentity ¶
type ClientWrappingFunc ¶ added in v0.14.0
type IdentityProvider ¶
type NamespacePermissions ¶
type NamespacePermissions struct {
// contains filtered or unexported fields
}
func NewNamespacePermissions ¶
func NewNamespacePermissions(privilegedClient client.Client, identityProvider IdentityProvider) *NamespacePermissions
func (*NamespacePermissions) AuthorizedIn ¶
func (*NamespacePermissions) GetAuthorizedOrgNamespaces ¶
func (*NamespacePermissions) GetAuthorizedSpaceNamespaces ¶
type SpaceFilteringClient ¶ added in v0.14.0
func NewSpaceFilteringClient ¶ added in v0.14.0
func NewSpaceFilteringClient( client client.WithWatch, privilegedClient client.WithWatch, nsPerms *NamespacePermissions, ) SpaceFilteringClient
func (SpaceFilteringClient) List ¶ added in v0.14.0
func (c SpaceFilteringClient) List(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error
type TokenIdentityInspector ¶
type TokenReviewer ¶
type TokenReviewer struct {
// contains filtered or unexported fields
}
func NewTokenReviewer ¶
func NewTokenReviewer(privilegedClient client.Client) *TokenReviewer
type UnprivilegedClientFactory ¶
type UnprivilegedClientFactory struct {
// contains filtered or unexported fields
}
func NewUnprivilegedClientFactory ¶
func NewUnprivilegedClientFactory(config *rest.Config, mapper meta.RESTMapper) UnprivilegedClientFactory
func (UnprivilegedClientFactory) BuildClient ¶
func (f UnprivilegedClientFactory) BuildClient(authInfo Info) (client.WithWatch, error)
func (UnprivilegedClientFactory) WithWrappingFunc ¶ added in v0.14.0
func (f UnprivilegedClientFactory) WithWrappingFunc(wrapper ClientWrappingFunc) UnprivilegedClientFactory
type UnprivilegedClientsetFactory ¶ added in v0.14.0
type UnprivilegedClientsetFactory struct {
// contains filtered or unexported fields
}
func NewUnprivilegedClientsetFactory ¶ added in v0.14.0
func NewUnprivilegedClientsetFactory(config *rest.Config) UnprivilegedClientsetFactory
func (UnprivilegedClientsetFactory) BuildClientset ¶ added in v0.14.0
func (f UnprivilegedClientsetFactory) BuildClientset(authInfo Info) (k8sclient.Interface, error)
type UserClientFactory ¶ added in v0.14.0
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.