Documentation
¶
Index ¶
- func NewCachingAuthorizer(client kcpkubernetesclientset.ClusterInterface, auth CachingAuthorizerFunc, ...) *cachingAuthorizer
- func NewDelegatedAuthorizer(clusterName logicalcluster.Name, client kcpkubernetesclient.ClusterInterface, ...) (authorizer.Authorizer, error)
- type Cache
- type CachingAuthorizerFunc
- type CachingOptions
- type DelegatedAuthorizerFactory
- type Options
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewCachingAuthorizer ¶ added in v0.11.0
func NewCachingAuthorizer(client kcpkubernetesclientset.ClusterInterface, auth CachingAuthorizerFunc, opts CachingOptions) *cachingAuthorizer
NewCachingAuthorizer creates a new Authorizer that holds an internal cache of Delegated Authorizer(s).
func NewDelegatedAuthorizer ¶
func NewDelegatedAuthorizer(clusterName logicalcluster.Name, client kcpkubernetesclient.ClusterInterface, opts Options) (authorizer.Authorizer, error)
NewDelegatedAuthorizer returns a new authorizer for use in e.g. admission plugins that delegates to the kube API server via SubjectAccessReview.
Types ¶
type Cache ¶ added in v0.11.0
type Cache interface {
// Get returns the delegated authorizer for the given logical cluster.
Get(clusterName logicalcluster.Name) (authorizer.Authorizer, error)
}
Cache contains methods that define a delegated caching authorizer.
type CachingAuthorizerFunc ¶ added in v0.11.0
type CachingAuthorizerFunc func(ctx context.Context, cache Cache, a authorizer.Attributes) (authorizer.Decision, string, error)
CachingAuthorizerFunc looks similar to authorizer.AuthorizerFunc with the additional cache parameter for delegated authorizers.
type CachingOptions ¶ added in v0.11.0
type CachingOptions struct {
Options
// TTL is the default time-to-live when a delegated authorizer
// is stored in the internal cache.
TTL time.Duration
}
CachingOptions contains options to create a new Delegated Caching Authorizer.
type DelegatedAuthorizerFactory ¶
type DelegatedAuthorizerFactory func(clusterName logicalcluster.Name, client kcpkubernetesclient.ClusterInterface, opts Options) (authorizer.Authorizer, error)
type Options ¶ added in v0.11.0
type Options struct {
// AllowCacheTTL is the length of time that a successful authorization response will be cached
AllowCacheTTL time.Duration
// DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached.
// You generally want more responsive, "deny, try again" flows.
DenyCacheTTL time.Duration
}
Options provides options to customize the created DelegatedAuthorizer.
Source Files
Click to show internal directories.
Click to hide internal directories.