Documentation ¶
Overview ¶
Package acl provides utilities for asserting cross-namespace access to GitOps Toolkit objects.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsAccessDenied ¶
IsAccessDenied returns true if the supplied error is an access denied error; e.g., as returned by HasAccessToRef.
Types ¶
type AccessDeniedError ¶
type AccessDeniedError string
AccessDeniedError represents a failed access control list check.
func (AccessDeniedError) Error ¶
func (e AccessDeniedError) Error() string
type Authorization ¶
type Authorization struct {
// contains filtered or unexported fields
}
Authorization is an ACL helper for asserting access to cross-namespace references.
func NewAuthorization ¶
func NewAuthorization(kubeClient client.Client) *Authorization
NewAuthorization takes a controller runtime client and returns an Authorization object that allows asserting access to cross-namespace references.
func (*Authorization) HasAccessToRef ¶
func (a *Authorization) HasAccessToRef(ctx context.Context, object client.Object, reference types.NamespacedName, acl *aclapi.AccessFrom) error
HasAccessToRef checks if a namespaced object has access to a cross-namespace reference based on the ACL defined on the referenced object. It returns `nil` if access is possible, or an AccessDeniedError if it is not possible; any other kind of error indicates that the check could not be completed.