rbactypes

Documentation

Index

• Variables
• type APIResourcePermissions
• type APIResourcePermissionsList
• type Permission
  • func NewPermissionFromPolicyRule(rule *rbacv1.PolicyRule) *Permission
  • func (p *Permission) Allows(verb, resourceName string) bool
  • func (p *Permission) AllowsAll() bool
  • func (p *Permission) AllowsVerb(verb string) bool
  • func (p *Permission) Contains(c *Permission) bool
  • func (p *Permission) DeniesAll() bool
  • func (p *Permission) Minify()
• type Permissions
  • func (pms Permissions) Allows(verb, resourceName string) bool
  • func (pms Permissions) DeniesAll() bool
  • func (pms Permissions) Filter(walk PermissionsFilter) Permissions
  • func (pms *Permissions) Minify()
• type PermissionsFilter

Variables

var (
	// FilterDenyingAll filters Permission denying all(not matter)
	FilterDenyingAll = func(p *Permission) bool {
		return !p.DeniesAll()
	}
)

Types

type APIResourcePermissions

type APIResourcePermissions struct {
	APIResource *metav1.APIResource

	Permissions
}

APIResourcePermissions represents the permissions for APIResource

type APIResourcePermissionsList

type APIResourcePermissionsList struct {
	// GroupVersion is the group and version this APIResourceList is for.
	GroupVersion string

	// APIResources is the list of APIResourcePermissions
	APIResources []*APIResourcePermissions
}

APIResourcePermissionsList the list of ResourcePermissions

type Permission

type Permission struct {
	Verbs         util.StringSet
	ResourceNames util.StringSet
}

Permission represents a relationship b/w PolicyRule and APIResource

func NewPermissionFromPolicyRule

func NewPermissionFromPolicyRule(rule *rbacv1.PolicyRule) *Permission

NewPermissionFromPolicyRule initializes Permission from PolicyRule

func (*Permission) Allows

func (p *Permission) Allows(verb, resourceName string) bool

Allows returns if the verb and resourceName was allowed in this permission

func (*Permission) AllowsAll

func (p *Permission) AllowsAll() bool

AllowsAll returns if all requests are permitted by this Permission

func (*Permission) AllowsVerb

func (p *Permission) AllowsVerb(verb string) bool

AllowsVerb returns if the verb was allowed, but resource names are ignored. You should use IsAllowed instead.

func (*Permission) Contains

func (p *Permission) Contains(c *Permission) bool

Contains returns if c is covered by this Permission

func (*Permission) DeniesAll

func (p *Permission) DeniesAll() bool

DeniesAll returns if all requests are rejected by this Permission

func (*Permission) Minify

func (p *Permission) Minify()

Minify organizes the Permission

type Permissions

type Permissions []*Permission

Permissions bundles some Permission reousrces

func (Permissions) Allows

func (pms Permissions) Allows(verb, resourceName string) bool

Allows returns if the verb and resourceName was allowed in these permissions

func (Permissions) DeniesAll

func (pms Permissions) DeniesAll() bool

DeniesAll returns if all requests will be rejected by these permissions

func (Permissions) Filter

func (pms Permissions) Filter(walk PermissionsFilter) Permissions

Filter filters Permissions by walk function

func (*Permissions) Minify

func (pms *Permissions) Minify()

Minify organizes permissions TODO: Better algorithm (current: O(N^2))

type PermissionsFilter

type PermissionsFilter func(p *Permission) bool

PermissionsFilter should return if the Permission will be in the filtered Permissions