acl

package

v0.53.1 Latest Latest Go to latest Published: Feb 11, 2025 License: Apache-2.0 Imports: 9 Imported by: 19

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/fluxcd/pkg

Documentation ¶

Overview ¶

Package acl provides utilities for asserting cross-namespace access to GitOps Toolkit objects.

Index ¶

func IsAccessDenied(e error) bool
type AccessDeniedError
- func (e AccessDeniedError) Error() string
type Authorization
- func NewAuthorization(kubeClient client.Client) *Authorization
- func (a *Authorization) HasAccessToRef(ctx context.Context, object client.Object, reference types.NamespacedName, ...) error
type Options
- func (o *Options) BindFlags(fs *pflag.FlagSet)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsAccessDenied ¶

func IsAccessDenied(e error) bool

IsAccessDenied returns true if the supplied error is an access denied error; e.g., as returned by HasAccessToRef.

Types ¶

type AccessDeniedError ¶

type AccessDeniedError string

AccessDeniedError represents a failed access control list check.

func (AccessDeniedError) Error ¶

func (e AccessDeniedError) Error() string

type Authorization ¶

type Authorization struct {
	// contains filtered or unexported fields
}

Authorization is an ACL helper for asserting access to cross-namespace references.

func NewAuthorization ¶

func NewAuthorization(kubeClient client.Client) *Authorization

NewAuthorization takes a controller runtime client and returns an Authorization object that allows asserting access to cross-namespace references.

func (*Authorization) HasAccessToRef ¶

func (a *Authorization) HasAccessToRef(ctx context.Context, object client.Object, reference types.NamespacedName, acl *aclapi.AccessFrom) error

HasAccessToRef checks if a namespaced object has access to a cross-namespace reference based on the ACL defined on the referenced object. It returns `nil` if access is possible, or an AccessDeniedError if it is not possible; any other kind of error indicates that the check could not be completed.

type Options ¶

type Options struct {
	// NoCrossNamespaceRefs indicates that references between custom resources are allowed
	// only if the reference and the referee are in the same namespace.
	NoCrossNamespaceRefs bool
}

Options contains the ACL configuration for a GitOps Toolkit controller.

The struct can be used in the main.go file of your controller by binding it to the main flag set, and then utilizing the configured options later:

func main() {
	var (
		// other controller specific configuration variables
		aclOptions acl.Options
	)

	// Bind the options to the main flag set, and parse it
	aclOptions.BindFlags(flag.CommandLine)
	flag.Parse()
}

func (*Options) BindFlags ¶

func (o *Options) BindFlags(fs *pflag.FlagSet)

BindFlags will parse the given pflag.FlagSet for ACL option flags and set the Options accordingly.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL