delegated

package
v0.22.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 25, 2024 License: Apache-2.0 Imports: 9 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCachingAuthorizer added in v0.11.0

func NewCachingAuthorizer(client kcpkubernetesclientset.ClusterInterface, auth CachingAuthorizerFunc, opts CachingOptions) *cachingAuthorizer

NewCachingAuthorizer creates a new Authorizer that holds an internal cache of Delegated Authorizer(s).

func NewDelegatedAuthorizer

func NewDelegatedAuthorizer(clusterName logicalcluster.Name, client kcpkubernetesclient.ClusterInterface, opts Options) (authorizer.Authorizer, error)

NewDelegatedAuthorizer returns a new authorizer for use in e.g. admission plugins that delegates to the kube API server via SubjectAccessReview.

Types

type Cache added in v0.11.0

type Cache interface {
	// Get returns the delegated authorizer for the given logical cluster.
	Get(clusterName logicalcluster.Name) (authorizer.Authorizer, error)
}

Cache contains methods that define a delegated caching authorizer.

type CachingAuthorizerFunc added in v0.11.0

type CachingAuthorizerFunc func(ctx context.Context, cache Cache, a authorizer.Attributes) (authorizer.Decision, string, error)

CachingAuthorizerFunc looks similar to authorizer.AuthorizerFunc with the additional cache parameter for delegated authorizers.

type CachingOptions added in v0.11.0

type CachingOptions struct {
	Options

	// TTL is the default time-to-live when a delegated authorizer
	// is stored in the internal cache.
	TTL time.Duration
}

CachingOptions contains options to create a new Delegated Caching Authorizer.

type DelegatedAuthorizerFactory

type DelegatedAuthorizerFactory func(clusterName logicalcluster.Name, client kcpkubernetesclient.ClusterInterface, opts Options) (authorizer.Authorizer, error)

type Options added in v0.11.0

type Options struct {
	// AllowCacheTTL is the length of time that a successful authorization response will be cached
	AllowCacheTTL time.Duration

	// DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached.
	// You generally want more responsive, "deny, try again" flows.
	DenyCacheTTL time.Duration
}

Options provides options to customize the created DelegatedAuthorizer.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL