auth

package

v0.0.0-...-d125d34 Latest Latest Go to latest Published: May 8, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/horizoncd/horizon

Links

Open Source Insights

Documentation ¶

Index ¶

type Attributes
type AttributesRecord
type Authorizer
type Decision
type RequestInfo
type RequestInfoFactory
- func (r *RequestInfoFactory) NewRequestInfo(ctx context.Context, req *http.Request) (*RequestInfo, error)
type RequestInfoResolver

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Attributes ¶

type Attributes interface {
	// GetUser return the user.Info object to authorize
	GetUser() user.User

	// GetVerb returns the kube verb associated with API requests
	// (this includes get, list,  create, update, patch, delete),
	// or the lowercased HTTP verb associated with non-API requests
	// (this includes get, put, post, patch, and delete)
	GetVerb() string

	// IsReadOnly true represent the request has no side effects.
	IsReadOnly() bool

	// GetScope return the scope of the rest resource
	GetScope() string

	// GetResource The kind of object, if a request is for a REST object.
	GetResource() string

	// GetSubResource returns the subresource being requested, if present
	GetSubResource() string

	// GetName returns the name of the object as parsed off the request.
	GetName() string

	// GetAPIGroup  The group of the resource, if a request is for a REST object.
	GetAPIGroup() string

	// GetAPIVersion  returns the version of the group requested,
	// if a request is for a REST object.
	GetAPIVersion() string

	// IsResourceRequest  returns true  for requests to API resources /apis/core/groups
	// and false for non-resource endpoints. /healthz
	IsResourceRequest() bool

	// GetPath returns the path of the request
	GetPath() string
}

Attributes is an interface used by an Authorizer to get information about a request that is used to make an authorization decision.

type AttributesRecord ¶

type AttributesRecord struct {
	User            user.User
	Verb            string
	APIGroup        string
	APIVersion      string
	Resource        string
	SubResource     string
	Name            string
	Scope           string
	ResourceRequest bool
	Path            string
}

AttributesRecord implements Attributes interface.

func (AttributesRecord) GetAPIGroup ¶

func (a AttributesRecord) GetAPIGroup() string

func (AttributesRecord) GetAPIVersion ¶

func (a AttributesRecord) GetAPIVersion() string

func (AttributesRecord) GetName ¶

func (a AttributesRecord) GetName() string

func (AttributesRecord) GetPath ¶

func (a AttributesRecord) GetPath() string

func (AttributesRecord) GetResource ¶

func (a AttributesRecord) GetResource() string

func (AttributesRecord) GetScope ¶

func (a AttributesRecord) GetScope() string

func (AttributesRecord) GetSubResource ¶

func (a AttributesRecord) GetSubResource() string

func (AttributesRecord) GetUser ¶

func (a AttributesRecord) GetUser() user.User

func (AttributesRecord) GetVerb ¶

func (a AttributesRecord) GetVerb() string

func (AttributesRecord) IsReadOnly ¶

func (a AttributesRecord) IsReadOnly() bool

func (AttributesRecord) IsResourceRequest ¶

func (a AttributesRecord) IsResourceRequest() bool

type Authorizer ¶

type Authorizer interface {
	Authorize(ctx context.Context, a Attributes) (decision Decision, reason string, err error)
}

type Decision ¶

type Decision int

const (
	// DecisionDeny means that an authorizer decided to deny the action
	DecisionDeny Decision = iota
	// DecisionAllow means that an authorizer  decided to allow the action.
	DecisionAllow
)

type RequestInfo ¶

type RequestInfo struct {
	// IsResourceRequest indicates whether the request is
	// for an API resource or subresource
	IsResourceRequest bool

	// Path is the URL path of the request
	Path string

	// Verb is the verb associated with the request for API requests.
	// not the http verb.  This includes things like list and watch.
	// for non-resource requests, this is the lowercase http verb
	Verb string

	APIPrefix  string
	APIGroup   string
	APIVersion string

	// Resource is the name of the resource being requested.
	// This is not the kind.  For example: pods
	Resource string
	Name     string

	// Subresource is the name of the subresource being requested.
	Scope       string
	Subresource string
	Parts       []string
}

type RequestInfoFactory ¶

type RequestInfoFactory struct {
	APIPrefixes sets.String
}

func (*RequestInfoFactory) NewRequestInfo ¶

func (r *RequestInfoFactory) NewRequestInfo(ctx context.Context,
	req *http.Request) (*RequestInfo, error)

type RequestInfoResolver ¶

type RequestInfoResolver interface {
	NewRequestInfo(req *http.Request) (*RequestInfo, error)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL