Documentation
¶
Index ¶
- func NewSarAuthorizer(client authorizationclient.AuthorizationV1Interface) (authorizer.Authorizer, error)
- func NewStaticAuthorizer(config []StaticAuthorizationConfig) (*staticAuthorizer, error)
- type Config
- type HTTPHeaderRewriteConfig
- type QueryParameterRewriteConfig
- type ResourceAttributes
- type StaticAuthorizationConfig
- type SubjectAccessReviewRewrites
- type UserConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewSarAuthorizer ¶ added in v0.10.0
func NewSarAuthorizer(client authorizationclient.AuthorizationV1Interface) (authorizer.Authorizer, error)
NewSarAuthorizer creates an authorizer compatible with the kubelet's needs
func NewStaticAuthorizer ¶ added in v0.10.0
func NewStaticAuthorizer(config []StaticAuthorizationConfig) (*staticAuthorizer, error)
Types ¶
type Config ¶
type Config struct {
Rewrites *SubjectAccessReviewRewrites `json:"rewrites,omitempty"`
ResourceAttributes *ResourceAttributes `json:"resourceAttributes,omitempty"`
ResourceAttributesFile string `json:"-"`
Static []StaticAuthorizationConfig `json:"static,omitempty"`
}
Config holds configuration enabling request authorization
type HTTPHeaderRewriteConfig ¶ added in v0.9.0
type HTTPHeaderRewriteConfig struct {
Name string `json:"name,omitempty"`
}
HTTPHeaderRewriteConfig describes which HTTP header is to be used to rewrite a SubjectAccessReview on a given request.
type QueryParameterRewriteConfig ¶
type QueryParameterRewriteConfig struct {
Name string `json:"name,omitempty"`
}
QueryParameterRewriteConfig describes which HTTP URL query parameter is to be used to rewrite a SubjectAccessReview on a given request.
type ResourceAttributes ¶
type ResourceAttributes struct {
Namespace string `json:"namespace,omitempty"`
APIGroup string `json:"apiGroup,omitempty"`
APIVersion string `json:"apiVersion,omitempty"`
Resource string `json:"resource,omitempty"`
Subresource string `json:"subresource,omitempty"`
Name string `json:"name,omitempty"`
}
ResourceAttributes describes attributes available for resource request authorization
type StaticAuthorizationConfig ¶ added in v0.10.0
type StaticAuthorizationConfig struct {
User UserConfig
Verb string `json:"verb,omitempty"`
Namespace string `json:"namespace,omitempty"`
APIGroup string `json:"apiGroup,omitempty"`
Resource string `json:"resource,omitempty"`
Subresource string `json:"subresource,omitempty"`
Name string `json:"name,omitempty"`
ResourceRequest bool `json:"resourceRequest,omitempty"`
Path string `json:"path,omitempty"`
}
StaticAuthorizationConfig describes what is needed to specify a static authorization.
func (StaticAuthorizationConfig) Matches ¶ added in v0.13.1
func (saConfig StaticAuthorizationConfig) Matches(a authorizer.Attributes) bool
type SubjectAccessReviewRewrites ¶
type SubjectAccessReviewRewrites struct {
ByQueryParameter *QueryParameterRewriteConfig `json:"byQueryParameter,omitempty"`
ByHTTPHeader *HTTPHeaderRewriteConfig `json:"byHttpHeader,omitempty"`
}
SubjectAccessReviewRewrites describes how SubjectAccessReview may be rewritten on a given request.
type UserConfig ¶ added in v0.10.0
Source Files
Click to show internal directories.
Click to hide internal directories.