rbac

package
v0.0.0-...-081007f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 15, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DescribeSubject

func DescribeSubject(s *rbacv1.Subject, bindingNamespace string) string

func ReplaceToCore

func ReplaceToCore(l []string)

func ReplaceToWildCard

func ReplaceToWildCard(l []string)

Types

type ClusterRoleBindingDescriber

type ClusterRoleBindingDescriber struct {
	// contains filtered or unexported fields
}

func (*ClusterRoleBindingDescriber) String

func (d *ClusterRoleBindingDescriber) String() string

type NamespacedPolicyRule

type NamespacedPolicyRule struct {
	Namespace string `json:"namespace,omitempty"`

	// Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.  VerbAll represents all kinds.
	Verb string `json:"verb"`

	// The name of the APIGroup that contains the resources.
	APIGroup string `json:"apiGroup,omitempty"`

	// Resources is a list of resources this rule applies to.  ResourceAll represents all resources.
	Resource string `json:"resource,omitempty"`

	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
	ResourceNames []string `json:"resourceNames,omitempty"`

	// NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path
	// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
	NonResourceURLs []string `json:"nonResourceURLs,omitempty"`

	//The Role/ClusterRole rule references
	OriginatedFrom []v1.RoleRef `json:"originatedFrom,omitempty"`
}

type Permissions

type Permissions struct {
	ServiceAccounts map[string]map[string]v1.ServiceAccount

	// Roles & RoleBinding maps captures Cluster & ClusterRoleBinding in namespace ""
	// - ClusterRoles are stored in Roles[""]
	// - ClusterRoleBindings are stored in RoleBindings[""]
	Roles        map[string]map[string]rbacv1.Role
	RoleBindings map[string]map[string]rbacv1.RoleBinding

	//deprecated
	PodSecurityPolicies map[string]policy.PodSecurityPolicy
}

func NewPermissionsFromCluster

func NewPermissionsFromCluster(client *kube.KubeClient) (*Permissions, error)

func NewPermissionsFromResourceList

func NewPermissionsFromResourceList(objs []runtime.Object) (*Permissions, error)

type PolicyRule

type PolicyRule struct {
	v1.PolicyRule

	//Specify the Roles or ClusterRoles this rule originated from
	OriginatedFrom []v1.RoleRef
}

type RoleBindingDescriber

type RoleBindingDescriber struct {
	// contains filtered or unexported fields
}

func (*RoleBindingDescriber) String

func (d *RoleBindingDescriber) String() string

type StaticRoles

type StaticRoles struct {
	// contains filtered or unexported fields
}

StaticRoles is a rule resolver that resolves from lists of role objects.

func (*StaticRoles) GetClusterRole

func (r *StaticRoles) GetClusterRole(name string) (*rbacv1.ClusterRole, error)

func (*StaticRoles) GetRole

func (r *StaticRoles) GetRole(namespace, name string) (*rbacv1.Role, error)

func (*StaticRoles) ListClusterRoleBindings

func (r *StaticRoles) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)

func (*StaticRoles) ListRoleBindings

func (r *StaticRoles) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)

type SubjectPermissions

type SubjectPermissions struct {
	Subject v1.Subject

	//Rules Per Namespace ... "" means cluster-wide
	Rules map[string][]PolicyRule
}

func NewSubjectPermissions

func NewSubjectPermissions(perms *Permissions) []SubjectPermissions

type SubjectPolicyList

type SubjectPolicyList struct {
	v1.Subject

	AllowedTo []NamespacedPolicyRule `json:"allowedTo,omitempty"`
}

func NewSubjectPermissionsList

func NewSubjectPermissionsList(policies []SubjectPermissions) []SubjectPolicyList

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL