Documentation ¶
Index ¶
- func DescribeSubject(s *rbacv1.Subject, bindingNamespace string) string
- func ReplaceToCore(l []string)
- func ReplaceToWildCard(l []string)
- type ClusterRoleBindingDescriber
- type NamespacedPolicyRule
- type Permissions
- type PolicyRule
- type RoleBindingDescriber
- type StaticRoles
- func (r *StaticRoles) GetClusterRole(name string) (*rbacv1.ClusterRole, error)
- func (r *StaticRoles) GetRole(namespace, name string) (*rbacv1.Role, error)
- func (r *StaticRoles) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)
- func (r *StaticRoles) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)
- type SubjectPermissions
- type SubjectPolicyList
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ReplaceToCore ¶
func ReplaceToCore(l []string)
func ReplaceToWildCard ¶
func ReplaceToWildCard(l []string)
Types ¶
type ClusterRoleBindingDescriber ¶
type ClusterRoleBindingDescriber struct {
// contains filtered or unexported fields
}
func (*ClusterRoleBindingDescriber) String ¶
func (d *ClusterRoleBindingDescriber) String() string
type NamespacedPolicyRule ¶
type NamespacedPolicyRule struct { Namespace string `json:"namespace,omitempty"` // Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. Verb string `json:"verb"` // The name of the APIGroup that contains the resources. APIGroup string `json:"apiGroup,omitempty"` // Resources is a list of resources this rule applies to. ResourceAll represents all resources. Resource string `json:"resource,omitempty"` // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. ResourceNames []string `json:"resourceNames,omitempty"` // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. NonResourceURLs []string `json:"nonResourceURLs,omitempty"` //The Role/ClusterRole rule references OriginatedFrom []v1.RoleRef `json:"originatedFrom,omitempty"` }
type Permissions ¶
type Permissions struct { ServiceAccounts map[string]map[string]v1.ServiceAccount // Roles & RoleBinding maps captures Cluster & ClusterRoleBinding in namespace "" // - ClusterRoles are stored in Roles[""] // - ClusterRoleBindings are stored in RoleBindings[""] Roles map[string]map[string]rbacv1.Role RoleBindings map[string]map[string]rbacv1.RoleBinding //deprecated PodSecurityPolicies map[string]policy.PodSecurityPolicy }
func NewPermissionsFromCluster ¶
func NewPermissionsFromCluster(client *kube.KubeClient) (*Permissions, error)
func NewPermissionsFromResourceList ¶
func NewPermissionsFromResourceList(objs []runtime.Object) (*Permissions, error)
type PolicyRule ¶
type PolicyRule struct { v1.PolicyRule //Specify the Roles or ClusterRoles this rule originated from OriginatedFrom []v1.RoleRef }
type RoleBindingDescriber ¶
type RoleBindingDescriber struct {
// contains filtered or unexported fields
}
func (*RoleBindingDescriber) String ¶
func (d *RoleBindingDescriber) String() string
type StaticRoles ¶
type StaticRoles struct {
// contains filtered or unexported fields
}
StaticRoles is a rule resolver that resolves from lists of role objects.
func (*StaticRoles) GetClusterRole ¶
func (r *StaticRoles) GetClusterRole(name string) (*rbacv1.ClusterRole, error)
func (*StaticRoles) GetRole ¶
func (r *StaticRoles) GetRole(namespace, name string) (*rbacv1.Role, error)
func (*StaticRoles) ListClusterRoleBindings ¶
func (r *StaticRoles) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)
func (*StaticRoles) ListRoleBindings ¶
func (r *StaticRoles) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)
type SubjectPermissions ¶
type SubjectPermissions struct { Subject v1.Subject //Rules Per Namespace ... "" means cluster-wide Rules map[string][]PolicyRule }
func NewSubjectPermissions ¶
func NewSubjectPermissions(perms *Permissions) []SubjectPermissions
type SubjectPolicyList ¶
type SubjectPolicyList struct { v1.Subject AllowedTo []NamespacedPolicyRule `json:"allowedTo,omitempty"` }
func NewSubjectPermissionsList ¶
func NewSubjectPermissionsList(policies []SubjectPermissions) []SubjectPolicyList
Click to show internal directories.
Click to hide internal directories.