Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CanIOptions ¶
type CanIOptions struct {
// contains filtered or unexported fields
}
CanIOptions provides utility to check if user has authorization for the given operation
func NewCanI ¶
func NewCanI(client client.Interface, kind, namespace, verb string) *CanIOptions
NewCanI returns a new instance of operation access controller evaluator
func (*CanIOptions) RunAccessCheck ¶
func (o *CanIOptions) RunAccessCheck() (bool, error)
RunAccessCheck checks if the caller can perform the operation - operation is a combination of namespace, kind, verb - can only evaluate a single verb - group version resource is determined from the kind using the discovery client REST mapper - If disallowed, the reason and evaluationError is available in the logs - each can generates a SelfSubjectAccessReview resource and response is evaluated for permissions
Click to show internal directories.
Click to hide internal directories.