auth

package
v0.0.0-...-4d89874 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 21, 2022 License: Apache-2.0 Imports: 27 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewUserProjectWatcher

func NewUserProjectWatcher(user user.Info, visibleNamespaces sets.String, nsLister corev1listers.NamespaceLister, authCache WatchableCache, includeAllExistingProjects bool) *userProjectWatcher

Types

type AuthorizationCache

type AuthorizationCache struct {
	// contains filtered or unexported fields
}

AuthorizationCache maintains a cache on the set of namespaces a user or group can access.

func NewAuthorizationCache

NewAuthorizationCache creates a new AuthorizationCache

func (*AuthorizationCache) AddWatcher

func (ac *AuthorizationCache) AddWatcher(watcher CacheWatcher)

func (*AuthorizationCache) List

func (ac *AuthorizationCache) List(userInfo user.Info) (*v1.NamespaceList, error)

List returns the set of namespace names the user has access to view

func (*AuthorizationCache) ReadyForAccess

func (ac *AuthorizationCache) ReadyForAccess() bool

func (*AuthorizationCache) RemoveWatcher

func (ac *AuthorizationCache) RemoveWatcher(watcher CacheWatcher)

func (*AuthorizationCache) Run

func (ac *AuthorizationCache) Run(period time.Duration)

Run begins watching and synchronizing the cache

type CacheWatcher

type CacheWatcher interface {
	// GroupMembershipChanged is called serially for all changes for all watchers.  This method MUST NOT BLOCK.
	// The serial nature makes reasoning about the code easy, but if you block in this method you will doom all watchers.
	GroupMembershipChanged(namespaceName string, users, groups sets.String)
}

type LastSyncResourceVersioner

type LastSyncResourceVersioner interface {
	LastSyncResourceVersion() string
}

LastSyncResourceVersioner is any object that can divulge a LastSyncResourceVersion

type Lister

type Lister interface {
	// List returns the list of Namespace items that the user can access
	List(user user.Info) (*v1.NamespaceList, error)
}

Lister enforces ability to enumerate a resource based on role

type Reviewer

type Reviewer interface {
	Review(name string) ([]rbacv1.Subject, error)
}

Reviewer performs access reviews for a project by name

func NewReviewer

func NewReviewer(subjectAccessEvaluator *subjectlocator.SubjectAccessEvaluator) Reviewer

NewReviewer knows how to make access control reviews for a resource by name

type WatchableCache

type WatchableCache interface {
	// RemoveWatcher removes a watcher
	RemoveWatcher(CacheWatcher)
	// List returns the set of namespace names the user has access to view
	List(userInfo user.Info) (*v1.NamespaceList, error)
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL