Documentation ¶
Index ¶
- func NewAlwaysAllowAuthorizer() authorizer.Authorizer
- func NewAlwaysDenyAuthorizer() authorizer.Authorizer
- func NewAlwaysFailAuthorizer() authorizer.Authorizer
- func NewAuthorizerFromAuthorizationConfig(authorizationModes []string, config AuthorizationConfig) (authorizer.Authorizer, error)
- func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer
- type AuthorizationConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAlwaysAllowAuthorizer ¶
func NewAlwaysAllowAuthorizer() authorizer.Authorizer
func NewAlwaysDenyAuthorizer ¶
func NewAlwaysDenyAuthorizer() authorizer.Authorizer
func NewAlwaysFailAuthorizer ¶
func NewAlwaysFailAuthorizer() authorizer.Authorizer
func NewAuthorizerFromAuthorizationConfig ¶
func NewAuthorizerFromAuthorizationConfig(authorizationModes []string, config AuthorizationConfig) (authorizer.Authorizer, error)
NewAuthorizerFromAuthorizationConfig returns the right sort of union of multiple authorizer.Authorizer objects based on the authorizationMode or an error. authorizationMode should be a comma separated values of options.AuthorizationModeChoices.
func NewPrivilegedGroups ¶ added in v1.5.0
func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer
NewPrivilegedGroups is for use in loopback scenarios
Types ¶
type AuthorizationConfig ¶
type AuthorizationConfig struct { // Path to an ABAC policy file. PolicyFile string // Kubeconfig file for Webhook authorization plugin. WebhookConfigFile string // TTL for caching of authorized responses from the webhook server. WebhookCacheAuthorizedTTL time.Duration WebhookCacheUnauthorizedTTL time.Duration // User which can bootstrap role policies RBACSuperUser string RBACClusterRoleRegistry clusterrole.Registry RBACClusterRoleBindingRegistry clusterrolebinding.Registry RBACRoleRegistry role.Registry RBACRoleBindingRegistry rolebinding.Registry }
Click to show internal directories.
Click to hide internal directories.