Documentation ¶
Index ¶
- func NewUserProjectWatcher(user user.Info, visibleNamespaces sets.String, ...) *userProjectWatcher
- type AuthorizationCache
- func (ac *AuthorizationCache) AddWatcher(watcher CacheWatcher)
- func (ac *AuthorizationCache) List(userInfo user.Info) (*v1.NamespaceList, error)
- func (ac *AuthorizationCache) ReadyForAccess() bool
- func (ac *AuthorizationCache) RemoveWatcher(watcher CacheWatcher)
- func (ac *AuthorizationCache) Run(period time.Duration)
- type CacheWatcher
- type LastSyncResourceVersioner
- type Lister
- type Reviewer
- type WatchableCache
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewUserProjectWatcher ¶
func NewUserProjectWatcher(user user.Info, visibleNamespaces sets.String, nsLister corev1listers.NamespaceLister, authCache WatchableCache, includeAllExistingProjects bool) *userProjectWatcher
Types ¶
type AuthorizationCache ¶
type AuthorizationCache struct {
// contains filtered or unexported fields
}
AuthorizationCache maintains a cache on the set of namespaces a user or group can access.
func NewAuthorizationCache ¶
func NewAuthorizationCache(reviewer Reviewer, namespaceInformer corev1informers.NamespaceInformer, clusterRoles rbacv1informers.ClusterRoleInformer, clusterRoleBindings rbacv1informers.ClusterRoleBindingInformer, roles rbacv1informers.RoleInformer, roleBindings rbacv1informers.RoleBindingInformer, ) *AuthorizationCache
NewAuthorizationCache creates a new AuthorizationCache
func (*AuthorizationCache) AddWatcher ¶
func (ac *AuthorizationCache) AddWatcher(watcher CacheWatcher)
func (*AuthorizationCache) List ¶
func (ac *AuthorizationCache) List(userInfo user.Info) (*v1.NamespaceList, error)
List returns the set of namespace names the user has access to view
func (*AuthorizationCache) ReadyForAccess ¶
func (ac *AuthorizationCache) ReadyForAccess() bool
func (*AuthorizationCache) RemoveWatcher ¶
func (ac *AuthorizationCache) RemoveWatcher(watcher CacheWatcher)
func (*AuthorizationCache) Run ¶
func (ac *AuthorizationCache) Run(period time.Duration)
Run begins watching and synchronizing the cache
type CacheWatcher ¶
type CacheWatcher interface { // GroupMembershipChanged is called serially for all changes for all watchers. This method MUST NOT BLOCK. // The serial nature makes reasoning about the code easy, but if you block in this method you will doom all watchers. GroupMembershipChanged(namespaceName string, users, groups sets.String) }
type LastSyncResourceVersioner ¶
type LastSyncResourceVersioner interface {
LastSyncResourceVersion() string
}
LastSyncResourceVersioner is any object that can divulge a LastSyncResourceVersion
type Lister ¶
type Lister interface { // List returns the list of Namespace items that the user can access List(user user.Info) (*v1.NamespaceList, error) }
Lister enforces ability to enumerate a resource based on role
type Reviewer ¶
Reviewer performs access reviews for a project by name
func NewReviewer ¶
func NewReviewer(subjectAccessEvaluator *subjectlocator.SubjectAccessEvaluator) Reviewer
NewReviewer knows how to make access control reviews for a resource by name
type WatchableCache ¶
type WatchableCache interface { // RemoveWatcher removes a watcher RemoveWatcher(CacheWatcher) // List returns the set of namespace names the user has access to view List(userInfo user.Info) (*v1.NamespaceList, error) }
Click to show internal directories.
Click to hide internal directories.