Documentation ¶
Index ¶
- func IsPersonalAccessReview(a AuthorizationAttributes) (bool, error)
- type AuthorizationAttributeBuilder
- type AuthorizationAttributes
- type Authorizer
- type DefaultAuthorizationAttributes
- func (a DefaultAuthorizationAttributes) GetAPIVersion() string
- func (a DefaultAuthorizationAttributes) GetRequestAttributes() interface{}
- func (a DefaultAuthorizationAttributes) GetResource() string
- func (a DefaultAuthorizationAttributes) GetResourceName() string
- func (a DefaultAuthorizationAttributes) GetURL() string
- func (a DefaultAuthorizationAttributes) GetVerb() string
- func (a DefaultAuthorizationAttributes) IsNonResourceURL() bool
- func (a DefaultAuthorizationAttributes) RuleMatches(rule authorizationapi.PolicyRule) (bool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsPersonalAccessReview ¶ added in v0.4.2
func IsPersonalAccessReview(a AuthorizationAttributes) (bool, error)
Types ¶
type AuthorizationAttributeBuilder ¶
type AuthorizationAttributeBuilder interface {
GetAttributes(request *http.Request) (AuthorizationAttributes, error)
}
func NewAuthorizationAttributeBuilder ¶
func NewAuthorizationAttributeBuilder(contextMapper kapi.RequestContextMapper, infoResolver *kapiserver.APIRequestInfoResolver) AuthorizationAttributeBuilder
type AuthorizationAttributes ¶
type AuthorizationAttributes interface { GetVerb() string GetAPIVersion() string // GetResource returns the resource type. If IsNonResourceURL() is true, then GetResource() is "". GetResource() string GetResourceName() string // GetRequestAttributes is of type interface{} because different verbs and different Authorizer/AuthorizationAttributeBuilder pairs may have different contract requirements. GetRequestAttributes() interface{} // IsNonResourceURL returns true if this is not an action performed against the resource API IsNonResourceURL() bool // GetURL returns the URL path being requested, including the leading '/' GetURL() string }
type Authorizer ¶
type Authorizer interface { Authorize(ctx kapi.Context, a AuthorizationAttributes) (allowed bool, reason string, err error) GetAllowedSubjects(ctx kapi.Context, attributes AuthorizationAttributes) (util.StringSet, util.StringSet, error) }
func NewAuthorizer ¶
func NewAuthorizer(masterAuthorizationNamespace string, ruleResolver rulevalidation.AuthorizationRuleResolver) Authorizer
type DefaultAuthorizationAttributes ¶ added in v0.3.1
type DefaultAuthorizationAttributes struct { Verb string APIVersion string Resource string ResourceName string RequestAttributes interface{} NonResourceURL bool URL string }
func (DefaultAuthorizationAttributes) GetAPIVersion ¶ added in v0.4.4
func (a DefaultAuthorizationAttributes) GetAPIVersion() string
func (DefaultAuthorizationAttributes) GetRequestAttributes ¶ added in v0.3.1
func (a DefaultAuthorizationAttributes) GetRequestAttributes() interface{}
func (DefaultAuthorizationAttributes) GetResource ¶ added in v0.3.1
func (a DefaultAuthorizationAttributes) GetResource() string
func (DefaultAuthorizationAttributes) GetResourceName ¶ added in v0.3.1
func (a DefaultAuthorizationAttributes) GetResourceName() string
func (DefaultAuthorizationAttributes) GetURL ¶ added in v0.3.2
func (a DefaultAuthorizationAttributes) GetURL() string
func (DefaultAuthorizationAttributes) GetVerb ¶ added in v0.3.1
func (a DefaultAuthorizationAttributes) GetVerb() string
func (DefaultAuthorizationAttributes) IsNonResourceURL ¶ added in v0.3.2
func (a DefaultAuthorizationAttributes) IsNonResourceURL() bool
func (DefaultAuthorizationAttributes) RuleMatches ¶ added in v0.3.1
func (a DefaultAuthorizationAttributes) RuleMatches(rule authorizationapi.PolicyRule) (bool, error)
Click to show internal directories.
Click to hide internal directories.