permissionclaim

package

v0.26.1 Latest Latest Go to latest Published: Dec 11, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kcp-dev/kcp

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func InstallIndexers(apiExportInformer apisv1alpha1informers.APIExportClusterInformer)
type Labeler
- func NewLabeler(apiBindingInformer apisv1alpha1informers.APIBindingClusterInformer, ...) *Labeler
- func (l *Labeler) LabelsFor(ctx context.Context, cluster logicalcluster.Name, ...) (map[string]string, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var NonPersistedResourcesClaimable = map[schema.GroupResource]bool{
	authorizationv1.SchemeGroupVersion.WithResource("localsubjectaccessreviews").GroupResource(): true,
	authorizationv1.SchemeGroupVersion.WithResource("selfsubjectaccessreviews").GroupResource():  false,
	authorizationv1.SchemeGroupVersion.WithResource("selfsubjectrulesreviews").GroupResource():   false,
	authorizationv1.SchemeGroupVersion.WithResource("subjectaccessreviews").GroupResource():      true,
	authenticationv1.SchemeGroupVersion.WithResource("selfsubjectreviews").GroupResource():       false,
	authenticationv1.SchemeGroupVersion.WithResource("tokenreviews").GroupResource():             false,
}

NonPersistedResourcesClaimable is a list of resources that are not persisted to etcd, and therefore should not be labeled with permission claims. The value means whether they are claimable or not.

Functions ¶

func InstallIndexers ¶ added in v0.25.0

func InstallIndexers(apiExportInformer apisv1alpha1informers.APIExportClusterInformer)

InstallIndexers adds the additional indexers that this controller requires to the informers.

Types ¶

type Labeler ¶

type Labeler struct {
	// contains filtered or unexported fields
}

Labeler calculates labels to apply to all instances of a cluster-group-resource based on permission claims.

func (*Labeler) LabelsFor ¶

func (l *Labeler) LabelsFor(ctx context.Context, cluster logicalcluster.Name, groupResource schema.GroupResource, resourceName string) (map[string]string, error)

LabelsFor returns all the applicable labels for the cluster-group-resource relating to permission claims. This is the intersection of (1) all APIBindings in the cluster that have accepted claims for the group-resource with (2) associated APIExports that are claiming group-resource.

Source Files ¶

View all Source files

permissionclaim_labeler.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL