Documentation
¶
Index ¶
- type Access
- type CodeConverter
- type MatrixPrinter
- type ResourceAccess
- type ResourceAccessItem
- type RoleRef
- type SubjectAccess
- func (sa *SubjectAccess) Empty() bool
- func (sa *SubjectAccess) Get() map[SubjectRef]sets.String
- func (sa *SubjectAccess) MatchRules(r RoleRef, rule v1.PolicyRule)
- func (sa *SubjectAccess) Print(w io.Writer, converter CodeConverter, requestedVerbs []string)
- func (sa *SubjectAccess) ResolveRoleRef(r RoleRef, subjects []v1.Subject)
- type SubjectRef
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CodeConverter ¶
CodeConverter converts an access code to a human-readable string.
type MatrixPrinter ¶
type MatrixPrinter interface {
// Print writes the result for the requestedVerbs to w using the code converter.
Print(w io.Writer, converter CodeConverter, requestedVerbs []string)
}
MatrixPrinter needs to be implemented by result types.
type ResourceAccess ¶
type ResourceAccess []ResourceAccessItem
ResourceAccess holds the access result for all resources.
func NewResourceAccess ¶
func NewResourceAccess(items []ResourceAccessItem) ResourceAccess
NewResourceAccess creates a fresh ResourceAccess and sorts the results by resource name.
func (ResourceAccess) Len ¶
func (ra ResourceAccess) Len() int
func (ResourceAccess) Less ¶
func (ra ResourceAccess) Less(i, j int) bool
func (ResourceAccess) Print ¶
func (ra ResourceAccess) Print(w io.Writer, converter CodeConverter, requestedVerbs []string)
Print implements MatrixPrinter.Print. It prints a tab-separated table with a header.
func (ResourceAccess) Swap ¶
func (ra ResourceAccess) Swap(i, j int)
type ResourceAccessItem ¶
type ResourceAccessItem struct {
// Name is the resource name.
Name string
// Access maps from verb to access code.
Access map[string]Access
}
ResourceAccessItem holds the access result for a resource.
type RoleRef ¶
type RoleRef struct {
Name, Kind string
}
RoleRef uniquely identifies a ClusterRole or namespaced Role. The namespace is always fixed and need not be part of RoleRef to identify a namespaced Role.
type SubjectAccess ¶
type SubjectAccess struct {
// Resource is the kubernetes resource of this query.
Resource string
// ResourceName is the name of the kubernetes resource instance of this query.
ResourceName string
// contains filtered or unexported fields
}
SubjectAccess holds the access information of all subjects for the given resource.
func NewSubjectAccess ¶
func NewSubjectAccess(resource, resourceName string) *SubjectAccess
NewSubjectAccess creates a new SubjectAccess with initialized fields.
func (*SubjectAccess) Empty ¶
func (sa *SubjectAccess) Empty() bool
Empty checks if any subjects with access were found.
func (*SubjectAccess) Get ¶
func (sa *SubjectAccess) Get() map[SubjectRef]sets.String
Get provides access to the actual result (for testing).
func (*SubjectAccess) MatchRules ¶
func (sa *SubjectAccess) MatchRules(r RoleRef, rule v1.PolicyRule)
MatchRules takes a RoleRef and a PolicyRule and adds the rule verbs to the allowed verbs for the RoleRef, if the sa.resource matches the rule. The RoleRef and rule usually come from a (Cluster)Role.
func (*SubjectAccess) Print ¶
func (sa *SubjectAccess) Print(w io.Writer, converter CodeConverter, requestedVerbs []string)
Print implements MatrixPrinter.Print. It prints a tab-separated table with a header.
func (*SubjectAccess) ResolveRoleRef ¶
func (sa *SubjectAccess) ResolveRoleRef(r RoleRef, subjects []v1.Subject)
ResolveRoleRef takes a RoleRef and a list of subjects and stores the access rights of the given role for each subject. The RoleRef and subjects usually come from a (Cluster)RoleBinding.
type SubjectRef ¶
type SubjectRef struct {
Name, Kind, Namespace string
}
SubjectRef uniquely identifies the subject of a RoleBinding or ClusterRoleBinding
Source Files