Documentation ¶
Overview ¶
Package rbac implements the authorizer.Authorizer interface using roles base access control.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RuleAllows ¶
func RuleAllows(requestAttributes authorizer.Attributes, rule rbac.PolicyRule) bool
func RulesAllow ¶
func RulesAllow(requestAttributes authorizer.Attributes, rules ...rbac.PolicyRule) bool
Types ¶
type RBACAuthorizer ¶
type RBACAuthorizer struct {
// contains filtered or unexported fields
}
func New ¶
func New(roles validation.RoleGetter, roleBindings validation.RoleBindingLister, clusterRoles validation.ClusterRoleGetter, clusterRoleBindings validation.ClusterRoleBindingLister, superUser string) *RBACAuthorizer
func (*RBACAuthorizer) Authorize ¶
func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (bool, string, error)
type RequestToRuleMapper ¶
type RequestToRuleMapper interface { // RulesFor returns all known PolicyRules and any errors that happened while locating those rules. // Any rule returned is still valid, since rules are deny by default. If you can pass with the rules // supplied, you do not have to fail the request. If you cannot, you should indicate the error along // with your denial. RulesFor(subject user.Info, namespace string) ([]rbac.PolicyRule, error) }
Click to show internal directories.
Click to hide internal directories.