seed

package
v1.7.1-0...-23dd39d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 16, 2021 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const AuthorizerName = "seedauthorizer"

AuthorizerName is the name of this authorizer.

View Source
const WebhookPath = "/webhooks/auth/seed"

WebhookPath is the HTTP handler path for this authorization webhook handler.

Variables

View Source
var (

	// DecisionTimeout is the maximum time for the authorizer to take a decision. Exposed for testing.
	DecisionTimeout = 10 * time.Second
)

Functions

func Allowed

Allowed constructs a SubjectAccessReview and indicates in its status that the given operation is allowed.

func AuthorizationAttributesFrom

func AuthorizationAttributesFrom(spec authorizationv1.SubjectAccessReviewSpec) auth.AttributesRecord

AuthorizationAttributesFrom takes a spec and returns the proper authz attributes to check it.

func Denied

Denied constructs a SubjectAccessReview and indicates in its status that the given operation is denied and that other authenticators should not be consulted for their opinion.

func Errored

Errored constructs a SubjectAccessReview and indicates in its status that the an error has been occurred during the evaluation of the result.

func Identity

func Identity(u user.Info) (string, bool)

Identity returns the seed name and a boolean indicating whether the provided user has the gardener.cloud:system:seeds group. If the seed name is ambigious then an empty string will be returned.

func NewAuthorizer

func NewAuthorizer(logger logr.Logger, graph graph.Interface) *authorizer

NewAuthorizer returns a new authorizer for requests from gardenlets. It never has an opinion on the request.

func NewHandler

func NewHandler(logger logr.Logger, authorizer auth.Authorizer) http.HandlerFunc

NewHandler creates a new HTTP handler for authorizing requests for resources related to a Seed.

func NoOpinion

NoOpinion constructs a SubjectAccessReview and indicates in its status that the authorizer does not have an opinion about the result, i.e., other authenticators should be consulted for their opinion.

func NonResourceAttributesFrom

func NonResourceAttributesFrom(user user.Info, in authorizationv1.NonResourceAttributes) auth.AttributesRecord

NonResourceAttributesFrom combines the API object information and the user.Info from the context to build a full auth.AttributesRecord for non resource access.

func ResourceAttributesFrom

func ResourceAttributesFrom(user user.Info, in authorizationv1.ResourceAttributes) auth.AttributesRecord

ResourceAttributesFrom combines the API object information and the user.Info from the context to build a full auth.AttributesRecord for resource access.

Types

This section is empty.

Directories

Path Synopsis
mock
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL