seed

package
v1.81.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 18, 2023 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 35 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// HandlerName is the name of this authorization webhook handler.
	HandlerName = "seedauthorizer"
	// WebhookPath is the HTTP handler path for this authorization webhook handler.
	WebhookPath = "/webhooks/auth/seed"
)

Variables

View Source
var (

	// DecisionTimeout is the maximum time for the authorizer to take a decision. Exposed for testing.
	DecisionTimeout = 10 * time.Second
)

Functions

func Allowed

Allowed constructs a SubjectAccessReview and indicates in its status that the given operation is allowed.

func AuthorizationAttributesFrom

func AuthorizationAttributesFrom(spec authorizationv1.SubjectAccessReviewSpec) auth.AttributesRecord

AuthorizationAttributesFrom takes a spec and returns the proper authz attributes to check it.

func Denied

Denied constructs a SubjectAccessReview and indicates in its status that the given operation is denied and that other authenticators should not be consulted for their opinion.

func Errored

Errored constructs a SubjectAccessReview and indicates in its status that the an error has been occurred during the evaluation of the result.

func NewAuthorizer

func NewAuthorizer(logger logr.Logger, graph graph.Interface) *authorizer

NewAuthorizer returns a new authorizer for requests from gardenlets. It never has an opinion on the request.

func NoOpinion

NoOpinion constructs a SubjectAccessReview and indicates in its status that the authorizer does not have an opinion about the result, i.e., other authenticators should be consulted for their opinion.

func NonResourceAttributesFrom

func NonResourceAttributesFrom(user user.Info, in authorizationv1.NonResourceAttributes) auth.AttributesRecord

NonResourceAttributesFrom combines the API object information and the user.Info from the context to build a full auth.AttributesRecord for non resource access.

func ResourceAttributesFrom

func ResourceAttributesFrom(user user.Info, in authorizationv1.ResourceAttributes) auth.AttributesRecord

ResourceAttributesFrom combines the API object information and the user.Info from the context to build a full auth.AttributesRecord for resource access.

Types

type Handler added in v1.60.0

type Handler struct {
	Logger     logr.Logger
	Authorizer auth.Authorizer
}

Handler authorizing requests for resources related to a Seed.

func (*Handler) AddToManager added in v1.60.0

func (h *Handler) AddToManager(ctx context.Context, mgr manager.Manager, enableDebugHandlers *bool) error

AddToManager adds Handler to the given manager.

func (*Handler) Handle added in v1.60.0

func (h *Handler) Handle(w http.ResponseWriter, r *http.Request)

Handle authorizing requests for resources related to a Seed.

Directories

Path Synopsis
mock
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL