Documentation ¶
Overview ¶
Package auth provides mechanisms for enforcing authorization to Project resources in OpenShift
Index ¶
- func NewUserProjectWatcher(user user.Info, visibleNamespaces sets.String, ...) *userProjectWatcher
- type AuthorizationCache
- func (ac *AuthorizationCache) AddWatcher(watcher CacheWatcher)
- func (ac *AuthorizationCache) GetClusterRoleLister() SyncedClusterRoleLister
- func (ac *AuthorizationCache) List(userInfo user.Info, selector labels.Selector) (*corev1.NamespaceList, error)
- func (ac *AuthorizationCache) ReadyForAccess() bool
- func (ac *AuthorizationCache) RemoveWatcher(watcher CacheWatcher)
- func (ac *AuthorizationCache) Run(period time.Duration)
- type CacheWatcher
- type LastSyncResourceVersioner
- type Lister
- type Review
- type Reviewer
- type SyncedClusterRoleBindingLister
- type SyncedClusterRoleLister
- type SyncedRoleBindingLister
- type SyncedRoleLister
- type WatchableCache
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewUserProjectWatcher ¶ added in v1.3.0
func NewUserProjectWatcher(user user.Info, visibleNamespaces sets.String, projectCache *projectcache.ProjectCache, authCache WatchableCache, includeAllExistingProjects bool, predicate kstorage.SelectionPredicate) *userProjectWatcher
Types ¶
type AuthorizationCache ¶
type AuthorizationCache struct {
// contains filtered or unexported fields
}
AuthorizationCache maintains a cache on the set of namespaces a user or group can access.
func NewAuthorizationCache ¶
func NewAuthorizationCache( namespaceLister corev1listers.NamespaceLister, namespaceLastSyncResourceVersioner LastSyncResourceVersioner, reviewer Reviewer, informers rbacv1informers.Interface, ) *AuthorizationCache
NewAuthorizationCache creates a new AuthorizationCache
func (*AuthorizationCache) AddWatcher ¶ added in v1.3.0
func (ac *AuthorizationCache) AddWatcher(watcher CacheWatcher)
func (*AuthorizationCache) GetClusterRoleLister ¶
func (ac *AuthorizationCache) GetClusterRoleLister() SyncedClusterRoleLister
func (*AuthorizationCache) List ¶
func (ac *AuthorizationCache) List(userInfo user.Info, selector labels.Selector) (*corev1.NamespaceList, error)
List returns the set of namespace names the user has access to view
func (*AuthorizationCache) ReadyForAccess ¶
func (ac *AuthorizationCache) ReadyForAccess() bool
func (*AuthorizationCache) RemoveWatcher ¶ added in v1.3.0
func (ac *AuthorizationCache) RemoveWatcher(watcher CacheWatcher)
func (*AuthorizationCache) Run ¶
func (ac *AuthorizationCache) Run(period time.Duration)
Run begins watching and synchronizing the cache
type CacheWatcher ¶ added in v1.3.0
type CacheWatcher interface { // GroupMembershipChanged is called serially for all changes for all watchers. This method MUST NOT BLOCK. // The serial nature makes reasoning about the code easy, but if you block in this method you will doom all watchers. GroupMembershipChanged(namespaceName string, users, groups sets.String) }
type LastSyncResourceVersioner ¶
type LastSyncResourceVersioner interface {
LastSyncResourceVersion() string
}
LastSyncResourceVersioner is any object that can divulge a LastSyncResourceVersion
type Lister ¶
type Lister interface { // List returns the list of Namespace items that the user can access List(user user.Info, selector labels.Selector) (*corev1.NamespaceList, error) }
Lister enforces ability to enumerate a resource based on role
type Reviewer ¶
Reviewer performs access reviews for a project by name
func NewAuthorizerReviewer ¶ added in v1.0.8
func NewAuthorizerReviewer(policyChecker rbac.SubjectLocator) Reviewer
type SyncedClusterRoleBindingLister ¶
type SyncedClusterRoleBindingLister interface { rbacv1listers.ClusterRoleBindingLister LastSyncResourceVersioner }
type SyncedClusterRoleLister ¶
type SyncedClusterRoleLister interface { rbacv1listers.ClusterRoleLister LastSyncResourceVersioner }
type SyncedRoleBindingLister ¶
type SyncedRoleBindingLister interface { rbacv1listers.RoleBindingLister LastSyncResourceVersioner }
type SyncedRoleLister ¶
type SyncedRoleLister interface { rbacv1listers.RoleLister LastSyncResourceVersioner }
type WatchableCache ¶ added in v1.3.0
type WatchableCache interface { // RemoveWatcher removes a watcher RemoveWatcher(CacheWatcher) // List returns the set of namespace names the user has access to view List(userInfo user.Info, selector labels.Selector) (*corev1.NamespaceList, error) }
Click to show internal directories.
Click to hide internal directories.