api

Documentation

Index

• Constants
• func GenerateCSRFKey() string
• func ToSelfSubjectAccessReview(namespace, name, resourceKind, verb string) *v1.SelfSubjectAccessReview
• type CanIResponse
• type ClientManager
• type CsrfTokenManager
• type ResourceVerber

Constants

const (
	// CsrfTokenSecretName is the resource information that are used as csrf token storage. Can be accessible by multiple dashboard replicas.
	CsrfTokenSecretName = "kubernetes-dashboard-csrf"

	// CsrfTokenSecretData is the name of the data var that holds the csrf token inside the secret.
	CsrfTokenSecretData = "csrf"
)

Functions

func GenerateCSRFKey

func GenerateCSRFKey() string

GenerateCSRFKey generates random csrf key

func ToSelfSubjectAccessReview

func ToSelfSubjectAccessReview(namespace, name, resourceKind, verb string) *v1.SelfSubjectAccessReview

ToSelfSubjectAccessReview creates kubernetes API object based on provided data.

Types

type CanIResponse

type CanIResponse struct {
	Allowed bool `json:"allowed"`
}

CanIResponse is used to as response to check whether or not user is allowed to access given endpoint.

type ClientManager

type ClientManager interface {
	Client(req *restful.Request) (kubernetes.Interface, error)
	InsecureClient() kubernetes.Interface
	APIExtensionsClient(req *restful.Request) (apiextensionsclientset.Interface, error)
	PluginClient(req *restful.Request) (pluginclientset.Interface, error)
	InsecureAPIExtensionsClient() apiextensionsclientset.Interface
	InsecurePluginClient() pluginclientset.Interface
	CanI(req *restful.Request, ssar *v1.SelfSubjectAccessReview) bool
	Config(req *restful.Request) (*rest.Config, error)
	ClientCmdConfig(req *restful.Request) (clientcmd.ClientConfig, error)
	CSRFKey() string
	HasAccess(authInfo api.AuthInfo) error
	VerberClient(req *restful.Request, config *rest.Config) (ResourceVerber, error)
	SetTokenManager(manager authApi.TokenManager)
}

ClientManager is responsible for initializing and creating clients to communicate with kubernetes apiserver on demand.

type CsrfTokenManager

type CsrfTokenManager interface {
	// Token returns current csrf token used for csrf signing.
	Token() string
}

CsrfTokenManager is responsible for generating, reading and updating token stored in a secret.

type ResourceVerber

type ResourceVerber interface {
	Put(kind string, namespaceSet bool, namespace string, name string,
		object *runtime.Unknown) error
	Get(kind string, namespaceSet bool, namespace string, name string) (runtime.Object, error)
	Delete(kind string, namespaceSet bool, namespace string, name string) error
}

ResourceVerber is responsible for performing generic CRUD operations on all supported resources.