authorization

package
v1.22.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 30, 2020 License: Apache-2.0 Imports: 9 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BindingChecker

type BindingChecker struct {
	ServiceRoles       []kubernetes.IstioObject
	ServiceRoleBinding kubernetes.IstioObject
}

func (BindingChecker) Check

func (sc BindingChecker) Check() ([]*models.IstioCheck, bool)

type MtlsEnabledChecker added in v1.22.0

type MtlsEnabledChecker struct {
	Namespace             string
	AuthorizationPolicies []kubernetes.IstioObject
	MtlsDetails           kubernetes.MTLSDetails
}

func (MtlsEnabledChecker) Check added in v1.22.0

Checks if mTLS is enabled, mark all Authz Policies with error

type NamespaceMethodChecker added in v1.14.0

type NamespaceMethodChecker struct {
	AuthorizationPolicy kubernetes.IstioObject
	Namespaces          models.NamespaceNames
}

func (NamespaceMethodChecker) Check added in v1.14.0

func (ap NamespaceMethodChecker) Check() ([]*models.IstioCheck, bool)

type NoHostChecker added in v1.15.0

type NoHostChecker struct {
	AuthorizationPolicy kubernetes.IstioObject
	Namespace           string
	Namespaces          models.Namespaces
	ServiceEntries      map[string][]string
	Services            []core_v1.Service
}

func (NoHostChecker) Check added in v1.15.0

func (n NoHostChecker) Check() ([]*models.IstioCheck, bool)

type ServiceChecker

type ServiceChecker struct {
	ServiceRole kubernetes.IstioObject
	Services    []core_v1.Service
}

func (ServiceChecker) Check

func (sc ServiceChecker) Check() ([]*models.IstioCheck, bool)

Check verifies that the services point to existing ones. ServiceRole can only affect the defined namespace, no other even if FQDN is used to point to different namespace

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL