Documentation
¶
Overview ¶
Package rbac implements the authorizer.Authorizer interface using roles base access control.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RuleAllows ¶
func RuleAllows(requestAttributes authorizer.Attributes, rule rbac.PolicyRule) bool
func RulesAllow ¶
func RulesAllow(requestAttributes authorizer.Attributes, rules ...rbac.PolicyRule) bool
Types ¶
type RBACAuthorizer ¶
type RBACAuthorizer struct {
// contains filtered or unexported fields
}
func New ¶
func New(roleRegistry role.Registry, roleBindingRegistry rolebinding.Registry, clusterRoleRegistry clusterrole.Registry, clusterRoleBindingRegistry clusterrolebinding.Registry, superUser string) *RBACAuthorizer
func (*RBACAuthorizer) Authorize ¶
func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (bool, string, error)
type RequestToRuleMapper ¶
type RequestToRuleMapper interface {
// RulesFor returns all known PolicyRules and any errors that happened while locating those rules.
// Any rule returned is still valid, since rules are deny by default. If you can pass with the rules
// supplied, you do not have to fail the request. If you cannot, you should indicate the error along
// with your denial.
RulesFor(subject user.Info, namespace string) ([]rbac.PolicyRule, error)
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.