rbac

package

v0.3.6 Latest Latest Go to latest Published: Oct 24, 2021 License: GPL-3.0 Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kvdi/kvdi

Links

Open Source Insights

Documentation ¶

Index ¶

func EvaluateRole(r *types.VDIUserRole, action *types.APIAction) bool
func EvaluateRule(r rbacv1.Rule, action *types.APIAction) bool
func EvaluateUser(u *types.VDIUser, action *types.APIAction) bool
func FilterTemplates(u *types.VDIUser, tmpls []*desktopsv1.Template) []*desktopsv1.Template
func FilterUserNamespaces(u *types.VDIUser, nss []string) []string
func FilterUserServiceAccounts(u *types.VDIUser, sas []string, ns string) []string
func RoleIncludesRule(r *types.VDIUserRole, ruleToCheck rbacv1.Rule, ...) bool
func RuleIncludes(r, ruleToCheck rbacv1.Rule, resourceGetter types.ResourceGetter) bool
func UserIncludesRule(u *types.VDIUser, ruleToCheck rbacv1.Rule, resourceGetter types.ResourceGetter) bool
func VDIRoleToUserRole(v *rbacv1.VDIRole) *types.VDIUserRole

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func EvaluateRole ¶

func EvaluateRole(r *types.VDIUserRole, action *types.APIAction) bool

EvaluateRole iterates all the rules in the given role role and returns true if any of them allow the provided action.

func EvaluateRule ¶

func EvaluateRule(r rbacv1.Rule, action *types.APIAction) bool

EvaluateRule checks if the given rule allows the given action. First the verb is matched, then the resource type, and then optionally a name and namespace.

func EvaluateUser ¶

func EvaluateUser(u *types.VDIUser, action *types.APIAction) bool

EvaluateUser will iterate the user's roles and return true if any of them have a rule that allows the given action.

func FilterTemplates ¶

func FilterTemplates(u *types.VDIUser, tmpls []*desktopsv1.Template) []*desktopsv1.Template

FilterTemplates will take a list of DesktopTemplates and filter them based off which ones the user is allowed to use.

func FilterUserNamespaces ¶

func FilterUserNamespaces(u *types.VDIUser, nss []string) []string

FilterUserNamespaces will take a list of namespaces and filter them based off the ones this user can provision desktops in.

func FilterUserServiceAccounts ¶

func FilterUserServiceAccounts(u *types.VDIUser, sas []string, ns string) []string

FilterUserServiceAccounts will take a list of service accounts and a given namespace, and filter them based off the ones this user can assume with desktops.

func RoleIncludesRule ¶

func RoleIncludesRule(r *types.VDIUserRole, ruleToCheck rbacv1.Rule, resourceGetter types.ResourceGetter) bool

RoleIncludesRule returns true if the rules applied to this role are not elevated by any of the permissions in the provided rule.

func RuleIncludes ¶

func RuleIncludes(r, ruleToCheck rbacv1.Rule, resourceGetter types.ResourceGetter) bool

RuleIncludes returns false if ruleToCheck matches any actions or resources that r does not.

func UserIncludesRule ¶

func UserIncludesRule(u *types.VDIUser, ruleToCheck rbacv1.Rule, resourceGetter types.ResourceGetter) bool

UserIncludesRule returns true if the rules applied to this user are not elevated by any of the permissions in the provided rule.

func VDIRoleToUserRole ¶

func VDIRoleToUserRole(v *rbacv1.VDIRole) *types.VDIUserRole

VDIRoleToUserRole converts the given VDIRole to the VDIUserRole format. The VDIUserRole is a condensed representation meant to be stored in JWTs.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL