v1beta1

package

v0.0.0-...-cc38a72 Latest Latest Go to latest Published: May 30, 2017 License: GPL-3.0 Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ideahitme/k8s-api-webhook

Links

Open Source Insights

Documentation ¶

Index ¶

type NonResourceAttributes
type RequestParser
type ResourceAttributes
type ResponseConstructor
- func (ResponseConstructor) NewFailResponse(reason string) []byte
- func (ResponseConstructor) NewSuccessResponse() []byte
type SubjectAccessReview
type SubjectAccessReviewSpec

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type NonResourceAttributes ¶

type NonResourceAttributes struct {
	// Path is the URL path of the request
	Path string `json:"path,omitempty"`
	// Verb is the standard HTTP verb
	Verb string `json:"verb,omitempty"`
}

NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface

type RequestParser ¶

type RequestParser struct {
	// contains filtered or unexported fields
}

RequestParser implements extraction of the spec according to the official requirement for v1beta1 version

func (*RequestParser) ExtractNonResourceSpecs ¶

func (req *RequestParser) ExtractNonResourceSpecs() *unversioned.NonResourceSpec

ExtractNonResourceSpecs extracts non-resource related fields from previously read request body see ReadBody method

func (*RequestParser) ExtractResourceSpecs ¶

func (req *RequestParser) ExtractResourceSpecs() *unversioned.ResourceSpec

ExtractResourceSpecs extracts resource related fields from previously read request body see ReadBody method

func (*RequestParser) ExtractUserSpecs ¶

func (req *RequestParser) ExtractUserSpecs() *unversioned.UserSpec

ExtractUserSpecs reads the request body received from API server and extracts all required scopes by the user

func (*RequestParser) IsNonResourceRequest ¶

func (req *RequestParser) IsNonResourceRequest() bool

IsNonResourceRequest returns true if the request is targeted for a non-resource, for example "metrics" exposed by API Server

func (*RequestParser) IsResourceRequest ¶

func (req *RequestParser) IsResourceRequest() bool

IsResourceRequest returns true if the request is targeted for a resource for example "create pod"

func (*RequestParser) ReadBody ¶

func (req *RequestParser) ReadBody(body io.ReadCloser) error

ReadBody parses the request body into k8s API Server specified format it should be called before extracting specs

type ResourceAttributes ¶

type ResourceAttributes struct {
	// Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces
	Namespace string `json:"namespace,omitempty"`
	// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy.  "*" means all.
	Verb string `json:"verb,omitempty"`
	// Group is the API Group of the Resource.  "*" means all.
	Group string `json:"group,omitempty"`
	// Version is the API Version of the Resource.  "*" means all.
	Version string `json:"version,omitempty"`
	// Resource is one of the existing resource types.  "*" means all.
	Resource string `json:"resource,omitempty"`
	// Subresource is one of the existing resource types.  "" means none.
	Subresource string `json:"subresource,omitempty"`
	// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
	Name string `json:"name,omitempty"`
}

ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface

type ResponseConstructor ¶

type ResponseConstructor struct {
}

ResponseConstructor constructs response to authorization requests according to official requirements of v1beta1 version

func (ResponseConstructor) NewFailResponse ¶

func (ResponseConstructor) NewFailResponse(reason string) []byte

NewFailResponse returns response to API server to signify that user is not authorized

func (ResponseConstructor) NewSuccessResponse ¶

func (ResponseConstructor) NewSuccessResponse() []byte

NewSuccessResponse returns response to API server to signify that user is authorized

type SubjectAccessReview ¶

type SubjectAccessReview struct {
	APIVersion string `json:"apiVersion"`
	Kind       string `json:"kind"`
	// Spec holds information about the request being evaluated
	Spec SubjectAccessReviewSpec `json:"spec"`
}

SubjectAccessReview checks whether or not a user or group can perform an action.

type SubjectAccessReviewSpec ¶

type SubjectAccessReviewSpec struct {
	// ResourceAuthorizationAttributes describes information for a resource access request
	ResourceAttributes *ResourceAttributes `json:"resourceAttributes,omitempty"`
	// NonResourceAttributes describes information for a non-resource access request
	NonResourceAttributes *NonResourceAttributes `json:"nonResourceAttributes,omitempty"`
	// User is the user you're testing for.
	User string `json:"user,omitempty"`
	// Groups is the groups you're testing for.
	Groups []string `json:"group,omitempty"`
}

SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL