authwrapper

package
v0.31.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 19, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authorizer

type Authorizer struct {
	Authorizer authorizer.Authorizer
	// contains filtered or unexported fields
}

Authorizer processes authorization requests for `{rbacID.Resource}` and checks them based on rbac rules for `{rbacID}`

func NewAuthorizer

func NewAuthorizer(rbacID metav1.GroupVersionResource, authorizer authorizer.Authorizer) Authorizer

func (Authorizer) Authorize

func (a Authorizer) Authorize(ctx context.Context, attr authorizer.Attributes) error

Authorizer makes an authorization decision based on the Attributes. It returns nil when an action is authorized, otherwise it returns an error.

func (Authorizer) AuthorizeContext

func (a Authorizer) AuthorizeContext(ctx context.Context) error

AuthorizerContext makes an authorization decision based on the Attributes present in the given Context. It returns nil when the context contains Attributes and the action is authorized, otherwise it returns an error.

func (Authorizer) AuthorizeGet

func (a Authorizer) AuthorizeGet(ctx context.Context, name string) error

AuthorizerGet makes an authorization decision based on the Attributes present in the given Context, but overriding the verb to `get` and the object name to the provided values It returns nil when the context contains Attributes and the action is authorized, otherwise it returns an error.

func (Authorizer) AuthorizeVerb

func (a Authorizer) AuthorizeVerb(ctx context.Context, verb string, name string) error

AuthorizerVerb makes an authorization decision based on the Attributes present in the given Context, but overriding the verb and object name to the provided values It returns nil when the context contains Attributes and the action is authorized, otherwise it returns an error.

type StandardStorage

type StandardStorage interface {
	rest.Connecter
	rest.StandardStorage

	// Storage returns the underlying storage
	Storage() rest.Storage
}

type Storage

type Storage interface {
	rest.Connecter
	rest.Storage

	// Storage returns the underlying storage
	Storage() rest.Storage
}

func NewAuthorizedStorage

func NewAuthorizedStorage(storage StorageScoper, rbacID metav1.GroupVersionResource, auth authorizer.Authorizer) (Storage, error)

NewAuthorizedStorage returns a new wrapper around the given storage authorizing all requests based on rbacID and implementing the rest.Storage or rest.StandardStorage interface. It allows filtering list and watch results based on the user's RBAC permissions. If the storage implements rest.StandardStorage, the returned storage will implement rest.StandardStorage. If the storage implements rest.Storage, the returned storage will implement rest.Storage. Only cluster-scoped resources currently are supported. Panics if the storage is namespace-scoped.

type StorageScoper

type StorageScoper interface {
	rest.Storage
	rest.Scoper
}

Directories

Path Synopsis
Code generated by MockGen.
Code generated by MockGen.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL