rulevalidation

package

v3.10.32-1+incompatible Latest Latest Go to latest Published: Aug 21, 2018 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/bparees/origin

Documentation ¶

Index ¶

func BreakdownRule(rule authorizationapi.PolicyRule) []authorizationapi.PolicyRule
func CompactRules(rules []authorizationapi.PolicyRule) ([]authorizationapi.PolicyRule, error)
func ConfirmNoEscalation(ctx apirequest.Context, resource schema.GroupResource, name string, ...) error
func Covers(ownerRules, servantRules []authorizationapi.PolicyRule) (bool, []authorizationapi.PolicyRule)
func EscalationAllowed(ctx apirequest.Context) bool
type AuthorizationRuleResolver

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BreakdownRule ¶ added in v1.3.0

func BreakdownRule(rule authorizationapi.PolicyRule) []authorizationapi.PolicyRule

BreakdownRule takes a rule and builds an equivalent list of rules that each have at most one verb, one resource, and one resource name

func CompactRules ¶ added in v1.3.0

func CompactRules(rules []authorizationapi.PolicyRule) ([]authorizationapi.PolicyRule, error)

CompactRules combines rules that contain a single APIGroup/Resource, differ only by verb, and contain no other attributes. this is a fast check, and works well with the decomposed "missing rules" list from a Covers check.

func ConfirmNoEscalation ¶ added in v1.1.4

func ConfirmNoEscalation(ctx apirequest.Context, resource schema.GroupResource, name string, ruleResolver, cachedRuleResolver AuthorizationRuleResolver, role authorizationinterfaces.Role) error

func Covers ¶

func Covers(ownerRules, servantRules []authorizationapi.PolicyRule) (bool, []authorizationapi.PolicyRule)

Covers determines whether or not the ownerRules cover the servantRules in terms of allowed actions. It returns whether or not the ownerRules cover and a list of the rules that the ownerRules do not cover.

func EscalationAllowed ¶

func EscalationAllowed(ctx apirequest.Context) bool

EscalationAllowed returns true if a particular user is allowed to escalate his powers

Types ¶

type AuthorizationRuleResolver ¶

type AuthorizationRuleResolver interface {
	GetRoleBindings(namespace string) ([]authorizationinterfaces.RoleBinding, error)
	GetRole(roleBinding authorizationinterfaces.RoleBinding) (authorizationinterfaces.Role, error)
	// RulesFor returns the list of rules that apply to a given user in a given namespace and error.  If an error is returned, the slice of
	// PolicyRules may not be complete, but it contains all retrievable rules.  This is done because policy rules are purely additive and policy determinations
	// can be made on the basis of those rules that are found.
	RulesFor(info user.Info, namespace string) ([]authorizationapi.PolicyRule, error)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL