authorization

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 27, 2023 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	BearerScheme  string = "bearer"
	CertScheme    string = "clientcert"
	UnknownScheme string = "unknown"
)

Variables

This section is empty.

Functions

func HasServiceAccountPrefix added in v0.7.0 

func HasServiceAccountPrefix(idName string) bool

func NewAuthRetryingClient 

func NewAuthRetryingClient(c client.WithWatch, backoff wait.Backoff) client.WithWatch

func NewContext 

func NewContext(ctx context.Context, info *Info) context.Context

func NewDefaultBackoff 

func NewDefaultBackoff() wait.Backoff

func SameSubject added in v0.7.0 

func SameSubject(subject rbacv1.Subject, identity Identity) (bool, error)

func ServiceAccountNSAndName added in v0.7.0 

func ServiceAccountNSAndName(serviceAccountSubjectName string) (string, string)

Types

type AuthRetryingClient 

type AuthRetryingClient struct {
	client.WithWatch
	// contains filtered or unexported fields
}

func (AuthRetryingClient) Create 

func (a AuthRetryingClient) Create(ctx context.Context, obj client.Object, opts ...client.CreateOption) error

func (AuthRetryingClient) Delete 

func (a AuthRetryingClient) Delete(ctx context.Context, obj client.Object, opts ...client.DeleteOption) error

func (AuthRetryingClient) DeleteAllOf 

func (a AuthRetryingClient) DeleteAllOf(ctx context.Context, obj client.Object, opts ...client.DeleteAllOfOption) error

func (AuthRetryingClient) Get 

func (a AuthRetryingClient) Get(ctx context.Context, key client.ObjectKey, obj client.Object, opts ...client.GetOption) error

func (AuthRetryingClient) List 

func (a AuthRetryingClient) List(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error

func (AuthRetryingClient) Patch 

func (a AuthRetryingClient) Patch(ctx context.Context, obj client.Object, patch client.Patch, opts ...client.PatchOption) error

func (AuthRetryingClient) Update 

func (a AuthRetryingClient) Update(ctx context.Context, obj client.Object, opts ...client.UpdateOption) error

type CachingIdentityProvider 

type CachingIdentityProvider struct {
	// contains filtered or unexported fields
}

func NewCachingIdentityProvider 

func NewCachingIdentityProvider(identityProvider IdentityProvider, identityCache *cache.Expiring) *CachingIdentityProvider

func (*CachingIdentityProvider) GetIdentity 

func (p *CachingIdentityProvider) GetIdentity(ctx context.Context, info Info) (Identity, error)

type CertIdentityInspector 

type CertIdentityInspector interface {
	WhoAmI(context.Context, []byte) (Identity, error)
}

type CertInspector 

type CertInspector struct {
	// contains filtered or unexported fields
}

func NewCertInspector 

func NewCertInspector(restConfig *rest.Config) *CertInspector

func (*CertInspector) WhoAmI 

func (c *CertInspector) WhoAmI(ctx context.Context, certPEM []byte) (Identity, error)

type CertTokenIdentityProvider 

type CertTokenIdentityProvider struct {
	// contains filtered or unexported fields
}

func NewCertTokenIdentityProvider 

func NewCertTokenIdentityProvider(tokenInspector TokenIdentityInspector, certInspector CertIdentityInspector) *CertTokenIdentityProvider

func (*CertTokenIdentityProvider) GetIdentity 

func (p *CertTokenIdentityProvider) GetIdentity(ctx context.Context, info Info) (Identity, error)

type Identity 

type Identity struct {
	Name string
	Kind string
}

func (*Identity) Hash added in v0.5.0 

func (i *Identity) Hash() string

type IdentityProvider 

type IdentityProvider interface {
	GetIdentity(context.Context, Info) (Identity, error)
}

type Info 

type Info struct {
	Token    string
	CertData []byte
}

func InfoFromContext 

func InfoFromContext(ctx context.Context) (Info, bool)

func (Info) Hash 

func (i Info) Hash() string

func (Info) Scheme 

func (i Info) Scheme() string

type InfoParser 

type InfoParser struct{}

func NewInfoParser 

func NewInfoParser() *InfoParser

func (*InfoParser) Parse 

func (p *InfoParser) Parse(authorizationHeader string) (Info, error)

type NamespacePermissions 

type NamespacePermissions struct {
	// contains filtered or unexported fields
}

func NewNamespacePermissions 

func NewNamespacePermissions(privilegedClient client.Client, identityProvider IdentityProvider) *NamespacePermissions

func (*NamespacePermissions) AuthorizedIn 

func (o *NamespacePermissions) AuthorizedIn(ctx context.Context, identity Identity, namespace string) (bool, error)

func (*NamespacePermissions) GetAuthorizedOrgNamespaces 

func (o *NamespacePermissions) GetAuthorizedOrgNamespaces(ctx context.Context, info Info) (map[string]bool, error)

func (*NamespacePermissions) GetAuthorizedSpaceNamespaces 

func (o *NamespacePermissions) GetAuthorizedSpaceNamespaces(ctx context.Context, info Info) (map[string]bool, error)

type TokenIdentityInspector 

type TokenIdentityInspector interface {
	WhoAmI(context.Context, string) (Identity, error)
}

type TokenReviewer 

type TokenReviewer struct {
	// contains filtered or unexported fields
}

func NewTokenReviewer 

func NewTokenReviewer(privilegedClient client.Client) *TokenReviewer

func (*TokenReviewer) WhoAmI 

func (r *TokenReviewer) WhoAmI(ctx context.Context, token string) (Identity, error)

type UnprivilegedClientFactory 

type UnprivilegedClientFactory struct {
	// contains filtered or unexported fields
}

func NewUnprivilegedClientFactory 

func NewUnprivilegedClientFactory(config *rest.Config, mapper meta.RESTMapper, backoff wait.Backoff) UnprivilegedClientFactory

func (UnprivilegedClientFactory) BuildClient 

func (f UnprivilegedClientFactory) BuildClient(authInfo Info) (client.WithWatch, error)

func (UnprivilegedClientFactory) BuildK8sClient 

func (f UnprivilegedClientFactory) BuildK8sClient(authInfo Info) (k8sclient.Interface, error)

type UserK8sClientFactory 

type UserK8sClientFactory interface {
	BuildClient(Info) (client.WithWatch, error)
	BuildK8sClient(info Info) (k8sclient.Interface, error)
}

Source Files

View all Source files

Directories

Path Synopsis
Code generated by counterfeiter.
 Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.