Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ExpandResult ¶
type ExpandResult struct {
Metadata collect.ClusterMetadata `json:"metadata"`
ServiceAccounts []ExpandedServiceAccount `json:"serviceAccounts"`
Nodes []ExpandedNode `json:"nodes"`
Users []ExpandedNamedEntry `json:"users"`
Groups []ExpandedNamedEntry `json:"groups"`
}
Expanded RBAC permissions in a cluster Result of Expand()
func Expand ¶
func Expand(collectResult collect.CollectResult) *ExpandResult
Expands roleRefs in collectResult so that each serviceAccount or node enty directly lists its permissions. For a more readble output
type ExpandedNamedEntry ¶ added in v1.1.0
type ExpandedNamedEntry struct {
Name string `json:"name"`
Roles []ExpandedRole `json:"roles"`
}
RBAC permissions of an identity denoted by name, like a user or a group
type ExpandedNode ¶
type ExpandedNode struct {
Name string `json:"name"`
Roles []ExpandedRole `json:"roles"`
ServiceAccounts []string `json:"serviceAccounts"`
}
RBAC permissions of a node
type ExpandedRole ¶
type ExpandedRole struct {
Name string `json:"name"`
EffectiveNamespace string `json:"effectiveNamespace,omitempty"`
Rules []rbac.PolicyRule `json:"rules"`
}
A role granted in @EffectiveNamespace
type ExpandedServiceAccount ¶
type ExpandedServiceAccount struct {
Name string `json:"name"`
Namespace string `json:"namespace"`
Nodes []collect.NodeToPods `json:"nodes"`
ProviderIAM map[string]string `json:"providerIAM,omitempty"`
Roles []ExpandedRole `json:"roles"`
}
RBAC permissions of a serviceAccount
Source Files
Click to show internal directories.
Click to hide internal directories.