authorizer

package

v1.3.2 Latest Latest Go to latest Published: Mar 14, 2023 License: Apache-2.0 Imports: 2 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubeclipper/kubeclipper

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Attributes
type AttributesRecord
type Authorizer
type AuthorizerFunc
- func (f AuthorizerFunc) Authorize(a Attributes) (Decision, string, error)
type Decision
type NonResourceRuleInfo
type RequestAttributesGetter
type ResourceRuleInfo
type RuleResolver

Constants ¶

View Source

const (
	// VerbList represents the verb of listing resources
	VerbList = "list"
	// VerbCreate represents the verb of creating a resource
	VerbCreate = "create"
	// VerbGet represents the verb of getting a resource or resources
	VerbGet = "get"
	// VerbWatch represents the verb of watching a resource
	VerbWatch = "watch"
	// VerbDelete represents the verb of deleting a resource
	VerbDelete = "delete"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Attributes ¶

type Attributes interface {
	// GetUser returns the user.Info object to authorize
	GetUser() user.Info

	// GetVerb returns the kube verb associated with API requests (this includes get, list, watch, create, update, patch, delete, deletecollection, and proxy),
	// or the lowercased HTTP verb associated with non-API requests (this includes get, put, post, patch, and delete)
	GetVerb() string

	// The kind of object, if a request is for a REST object.
	GetResource() string

	// GetSubresource returns the subresource being requested, if present
	GetSubresource() string

	// GetName returns the name of the object as parsed off the request.  This will not be present for all request types, but
	// will be present for: get, update, delete
	GetName() string

	// The group of the resource, if a request is for a REST object.
	GetAPIGroup() string

	// GetAPIVersion returns the version of the group requested, if a request is for a REST object.
	GetAPIVersion() string

	// IsResourceRequest returns true for requests to API resources, like /api/v1/nodes,
	// and false for non-resource endpoints like /api, /healthz
	IsResourceRequest() bool

	// GetPath returns the path of the request
	GetPath() string
}

type AttributesRecord ¶

type AttributesRecord struct {
	User            user.Info
	Verb            string
	APIGroup        string
	APIVersion      string
	Resource        string
	Subresource     string
	Name            string
	ResourceRequest bool
	Path            string
}

AttributesRecord implements Attributes interface.

func (*AttributesRecord) GetAPIGroup ¶

func (a *AttributesRecord) GetAPIGroup() string

func (*AttributesRecord) GetAPIVersion ¶

func (a *AttributesRecord) GetAPIVersion() string

func (*AttributesRecord) GetName ¶

func (a *AttributesRecord) GetName() string

func (*AttributesRecord) GetPath ¶

func (a *AttributesRecord) GetPath() string

func (*AttributesRecord) GetResource ¶

func (a *AttributesRecord) GetResource() string

func (*AttributesRecord) GetSubresource ¶

func (a *AttributesRecord) GetSubresource() string

func (*AttributesRecord) GetUser ¶

func (a *AttributesRecord) GetUser() user.Info

func (*AttributesRecord) GetVerb ¶

func (a *AttributesRecord) GetVerb() string

func (*AttributesRecord) IsResourceRequest ¶

func (a *AttributesRecord) IsResourceRequest() bool

type Authorizer ¶

type Authorizer interface {
	Authorize(a Attributes) (authorized Decision, reason string, err error)
}

type AuthorizerFunc ¶

type AuthorizerFunc func(a Attributes) (Decision, string, error)

func (AuthorizerFunc) Authorize ¶

func (f AuthorizerFunc) Authorize(a Attributes) (Decision, string, error)

type Decision ¶

type Decision int

const (
	DecisionDeny Decision = iota
	DecisionAllow
	DecisionNoOpinion
)

type NonResourceRuleInfo ¶

type NonResourceRuleInfo interface {
	// GetVerbs returns a list of kubernetes resource API verbs.
	GetVerbs() []string
	// GetNonResourceURLs return a set of partial urls that a user should have access to.
	GetNonResourceURLs() []string
}

type RequestAttributesGetter ¶

type RequestAttributesGetter interface {
	GetRequestAttributes(user.Info, *http.Request) Attributes
}

RequestAttributesGetter provides a function that extracts Attributes from an http.Request

type ResourceRuleInfo ¶

type ResourceRuleInfo interface {
	// GetVerbs returns a list of kubernetes resource API verbs.
	GetVerbs() []string
	// GetAPIGroups return the names of the APIGroup that contains the resources.
	GetAPIGroups() []string
	// GetResources return a list of resources the rule applies to.
	GetResources() []string
	// GetResourceNames return a white list of names that the rule applies to.
	GetResourceNames() []string
}

type RuleResolver ¶

type RuleResolver interface {
	// RulesFor get the list of cluster wide rules, the list of rules in the specific namespace, incomplete status and errors.
	RulesFor(user user.Info, namespace string) ([]ResourceRuleInfo, []NonResourceRuleInfo, bool, error)
}

RuleResolver provides a mechanism for resolving the list of rules that apply to a given user within a namespace.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL