authorization

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 30, 2023 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source
const (
	BearerScheme  string = "bearer"
	CertScheme    string = "clientcert"
	UnknownScheme string = "unknown"
)

Variables

This section is empty.

Functions

func HasServiceAccountPrefix added in v0.7.0

func HasServiceAccountPrefix(idName string) bool

func NewAuthRetryingClient

func NewAuthRetryingClient(c client.WithWatch, backoff wait.Backoff) client.WithWatch

func NewContext

func NewContext(ctx context.Context, info *Info) context.Context

func NewDefaultBackoff

func NewDefaultBackoff() wait.Backoff

func SameSubject added in v0.7.0

func SameSubject(subject rbacv1.Subject, identity Identity) (bool, error)

func ServiceAccountNSAndName added in v0.7.0

func ServiceAccountNSAndName(serviceAccountSubjectName string) (string, string)

Types

type AuthRetryingClient

type AuthRetryingClient struct {
	client.WithWatch
	// contains filtered or unexported fields
}

func (AuthRetryingClient) Create

func (AuthRetryingClient) Delete

func (AuthRetryingClient) DeleteAllOf

func (a AuthRetryingClient) DeleteAllOf(ctx context.Context, obj client.Object, opts ...client.DeleteAllOfOption) error

func (AuthRetryingClient) Get

func (AuthRetryingClient) List

func (AuthRetryingClient) Patch

func (a AuthRetryingClient) Patch(ctx context.Context, obj client.Object, patch client.Patch, opts ...client.PatchOption) error

func (AuthRetryingClient) Update

type CachingIdentityProvider

type CachingIdentityProvider struct {
	// contains filtered or unexported fields
}

func NewCachingIdentityProvider

func NewCachingIdentityProvider(identityProvider IdentityProvider, identityCache *cache.Expiring) *CachingIdentityProvider

func (*CachingIdentityProvider) GetIdentity

func (p *CachingIdentityProvider) GetIdentity(ctx context.Context, info Info) (Identity, error)

type CertIdentityInspector

type CertIdentityInspector interface {
	WhoAmI(context.Context, []byte) (Identity, error)
}

type CertInspector

type CertInspector struct {
	// contains filtered or unexported fields
}

func NewCertInspector

func NewCertInspector(restConfig *rest.Config) *CertInspector

func (*CertInspector) WhoAmI

func (c *CertInspector) WhoAmI(ctx context.Context, certPEM []byte) (Identity, error)

type CertTokenIdentityProvider

type CertTokenIdentityProvider struct {
	// contains filtered or unexported fields
}

func NewCertTokenIdentityProvider

func NewCertTokenIdentityProvider(tokenInspector TokenIdentityInspector, certInspector CertIdentityInspector) *CertTokenIdentityProvider

func (*CertTokenIdentityProvider) GetIdentity

func (p *CertTokenIdentityProvider) GetIdentity(ctx context.Context, info Info) (Identity, error)

type Identity

type Identity struct {
	Name string
	Kind string
}

func (*Identity) Hash added in v0.5.0

func (i *Identity) Hash() string

type IdentityProvider

type IdentityProvider interface {
	GetIdentity(context.Context, Info) (Identity, error)
}

type Info

type Info struct {
	Token    string
	CertData []byte
}

func InfoFromContext

func InfoFromContext(ctx context.Context) (Info, bool)

func (Info) Hash

func (i Info) Hash() string

func (Info) Scheme

func (i Info) Scheme() string

type InfoParser

type InfoParser struct{}

func NewInfoParser

func NewInfoParser() *InfoParser

func (*InfoParser) Parse

func (p *InfoParser) Parse(authorizationHeader string) (Info, error)

type NamespacePermissions

type NamespacePermissions struct {
	// contains filtered or unexported fields
}

func NewNamespacePermissions

func NewNamespacePermissions(privilegedClient client.Client, identityProvider IdentityProvider) *NamespacePermissions

func (*NamespacePermissions) AuthorizedIn

func (o *NamespacePermissions) AuthorizedIn(ctx context.Context, identity Identity, namespace string) (bool, error)

func (*NamespacePermissions) GetAuthorizedOrgNamespaces

func (o *NamespacePermissions) GetAuthorizedOrgNamespaces(ctx context.Context, info Info) (map[string]bool, error)

func (*NamespacePermissions) GetAuthorizedSpaceNamespaces

func (o *NamespacePermissions) GetAuthorizedSpaceNamespaces(ctx context.Context, info Info) (map[string]bool, error)

type TokenIdentityInspector

type TokenIdentityInspector interface {
	WhoAmI(context.Context, string) (Identity, error)
}

type TokenReviewer

type TokenReviewer struct {
	// contains filtered or unexported fields
}

func NewTokenReviewer

func NewTokenReviewer(privilegedClient client.Client) *TokenReviewer

func (*TokenReviewer) WhoAmI

func (r *TokenReviewer) WhoAmI(ctx context.Context, token string) (Identity, error)

type UnprivilegedClientFactory

type UnprivilegedClientFactory struct {
	// contains filtered or unexported fields
}

func NewUnprivilegedClientFactory

func NewUnprivilegedClientFactory(config *rest.Config, mapper meta.RESTMapper, backoff wait.Backoff) UnprivilegedClientFactory

func (UnprivilegedClientFactory) BuildClient

func (f UnprivilegedClientFactory) BuildClient(authInfo Info) (client.WithWatch, error)

func (UnprivilegedClientFactory) BuildK8sClient

func (f UnprivilegedClientFactory) BuildK8sClient(authInfo Info) (k8sclient.Interface, error)

type UserK8sClientFactory

type UserK8sClientFactory interface {
	BuildClient(Info) (client.WithWatch, error)
	BuildK8sClient(info Info) (k8sclient.Interface, error)
}

Directories

Path Synopsis
Code generated by counterfeiter.
Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL