Documentation ¶
Index ¶
- type Authorizer
- func (a Authorizer) Authorize(ctx context.Context, attr authorizer.Attributes) error
- func (a Authorizer) AuthorizeContext(ctx context.Context) error
- func (a Authorizer) AuthorizeGet(ctx context.Context, name string) error
- func (a Authorizer) AuthorizeVerb(ctx context.Context, verb string, name string) error
- type StandardStorage
- type Storage
- type StorageScoper
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authorizer ¶
type Authorizer struct { Authorizer authorizer.Authorizer // contains filtered or unexported fields }
Authorizer processes authorization requests for `{rbacID.Resource}` and checks them based on rbac rules for `{rbacID}`
func NewAuthorizer ¶
func NewAuthorizer(rbacID metav1.GroupVersionResource, authorizer authorizer.Authorizer) Authorizer
func (Authorizer) Authorize ¶
func (a Authorizer) Authorize(ctx context.Context, attr authorizer.Attributes) error
Authorizer makes an authorization decision based on the Attributes. It returns nil when an action is authorized, otherwise it returns an error.
func (Authorizer) AuthorizeContext ¶
func (a Authorizer) AuthorizeContext(ctx context.Context) error
AuthorizerContext makes an authorization decision based on the Attributes present in the given Context. It returns nil when the context contains Attributes and the action is authorized, otherwise it returns an error.
func (Authorizer) AuthorizeGet ¶
func (a Authorizer) AuthorizeGet(ctx context.Context, name string) error
AuthorizerGet makes an authorization decision based on the Attributes present in the given Context, but overriding the verb to `get` and the object name to the provided values It returns nil when the context contains Attributes and the action is authorized, otherwise it returns an error.
func (Authorizer) AuthorizeVerb ¶
AuthorizerVerb makes an authorization decision based on the Attributes present in the given Context, but overriding the verb and object name to the provided values It returns nil when the context contains Attributes and the action is authorized, otherwise it returns an error.
type StandardStorage ¶
type Storage ¶
type Storage interface { rest.Connecter rest.Storage // Storage returns the underlying storage Storage() rest.Storage }
func NewAuthorizedStorage ¶
func NewAuthorizedStorage(storage StorageScoper, rbacID metav1.GroupVersionResource, auth authorizer.Authorizer) (Storage, error)
NewAuthorizedStorage returns a new wrapper around the given storage authorizing all requests based on rbacID and implementing the rest.Storage or rest.StandardStorage interface. It allows filtering list and watch results based on the user's RBAC permissions. If the storage implements rest.StandardStorage, the returned storage will implement rest.StandardStorage. If the storage implements rest.Storage, the returned storage will implement rest.Storage. Only cluster-scoped resources currently are supported. Panics if the storage is namespace-scoped.