access

package

v0.2.0 Latest Latest Go to latest Published: Jun 15, 2020 License: Apache-2.0, MIT Imports: 7 Imported by: 3

Documentation ¶

const (
	ACCESS_PROCEED = iota
	ACCESS_GRANTED
	ACCESS_DENIED
)

View Source

const (
	MAX_PRIO = 0
	MIN_PRIO = 32768
)

View Source

const ANNOTATION_IGNORE_OWNERS = "resources.gardener.cloud/ignore-owners-for-access-control"

This section is empty.

func Allowed(src resources.ClusterObjectKey, verb string, tgt resources.ClusterObjectKey) (bool, string, error)

func CheckAccess(object resources.Object, verb string, used resources.Object) error

func CheckAccessWithRealms(object resources.Object, verb string, used resources.Object, rtypes RealmTypes) error

func Register(ctr AccessController, clusterId string, priority int)

func RegisterNamespaceOnlyAccess()

type AccessController interface {
	Name() string
	Allowed(src resources.ClusterObjectKey, verb string, tgt resources.ClusterObjectKey) (int, error)
}

type NamespaceLocalAccessOnly struct {
}

func (this *NamespaceLocalAccessOnly) Allowed(src resources.ClusterObjectKey, verb string, tgt resources.ClusterObjectKey) (int, error)

func (this *NamespaceLocalAccessOnly) Name() string

type RealmType struct {
	// contains filtered or unexported fields
}

func NewRealmType(anno string) *RealmType

func (this *RealmType) GetAnnotation() string

func (this *RealmType) NewRealms(value string) *Realms

func (this *RealmType) RealmsForObject(obj metav1.Object) *Realms

type RealmTypes map[string]*RealmType

type Realms struct {
	// contains filtered or unexported fields
}

func (this *Realms) AnnotationValue() string

func (this *Realms) Contains(realm string) bool

func (this *Realms) ContainsAnyOf(realms *Realms) bool

func (this *Realms) IsDefault() bool

func (this *Realms) IsResponsibleFor(obj resources.Object) bool

func (this *Realms) Realms() utils.StringSet

func (this *Realms) Size() int

func (this *Realms) String() string