Documentation
¶
Overview ¶
Package rbac implements the authorizer.Authorizer interface using roles base access control.
Index ¶
- func RuleAllows(requestAttributes authorizer.Attributes, rule *rbacv1.PolicyRule) bool
- func RulesAllow(requestAttributes authorizer.Attributes, rules ...rbacv1.PolicyRule) bool
- type ClusterRoleBindingLister
- type ClusterRoleGetter
- type RBACAuthorizer
- type RequestToRuleMapper
- type RoleBindingLister
- type RoleGetter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RuleAllows ¶
func RuleAllows(requestAttributes authorizer.Attributes, rule *rbacv1.PolicyRule) bool
func RulesAllow ¶
func RulesAllow(requestAttributes authorizer.Attributes, rules ...rbacv1.PolicyRule) bool
Types ¶
type ClusterRoleBindingLister ¶
type ClusterRoleBindingLister struct {
Lister rbaclisters.ClusterRoleBindingLister
}
func (*ClusterRoleBindingLister) ListClusterRoleBindings ¶
func (l *ClusterRoleBindingLister) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)
type ClusterRoleGetter ¶
type ClusterRoleGetter struct {
Lister rbaclisters.ClusterRoleLister
}
func (*ClusterRoleGetter) GetClusterRole ¶
func (g *ClusterRoleGetter) GetClusterRole(name string) (*rbacv1.ClusterRole, error)
type RBACAuthorizer ¶
type RBACAuthorizer struct {
// contains filtered or unexported fields
}
func New ¶
func New(roles rbacregistryvalidation.RoleGetter, roleBindings rbacregistryvalidation.RoleBindingLister, clusterRoles rbacregistryvalidation.ClusterRoleGetter, clusterRoleBindings rbacregistryvalidation.ClusterRoleBindingLister) *RBACAuthorizer
func (*RBACAuthorizer) Authorize ¶
func (r *RBACAuthorizer) Authorize(ctx context.Context, requestAttributes authorizer.Attributes) (authorizer.Decision, string, error)
func (*RBACAuthorizer) RulesFor ¶
func (r *RBACAuthorizer) RulesFor(user user.Info, namespace string) ([]authorizer.ResourceRuleInfo, []authorizer.NonResourceRuleInfo, bool, error)
type RequestToRuleMapper ¶
type RequestToRuleMapper interface {
// RulesFor returns all known PolicyRules and any errors that happened while locating those rules.
// Any rule returned is still valid, since rules are deny by default. If you can pass with the rules
// supplied, you do not have to fail the request. If you cannot, you should indicate the error along
// with your denial.
RulesFor(subject user.Info, namespace string) ([]rbacv1.PolicyRule, error)
// VisitRulesFor invokes visitor() with each rule that applies to a given user in a given namespace,
// and each error encountered resolving those rules. Rule may be nil if err is non-nil.
// If visitor() returns false, visiting is short-circuited.
VisitRulesFor(user user.Info, namespace string, visitor func(source fmt.Stringer, rule *rbacv1.PolicyRule, err error) bool)
}
type RoleBindingLister ¶
type RoleBindingLister struct {
Lister rbaclisters.RoleBindingLister
}
func (*RoleBindingLister) ListRoleBindings ¶
func (l *RoleBindingLister) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)
type RoleGetter ¶
type RoleGetter struct {
Lister rbaclisters.RoleLister
}
Source Files
Click to show internal directories.
Click to hide internal directories.