rbac

package
v0.2.6-beta.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 7, 2021 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package rbac implements the authorizer.Authorizer interface using roles base access control.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RuleAllows

func RuleAllows(requestAttributes authorizer.Attributes, rule *rbacv1.PolicyRule) bool

func RulesAllow

func RulesAllow(requestAttributes authorizer.Attributes, rules ...rbacv1.PolicyRule) bool

Types

type ClusterRoleBindingLister

type ClusterRoleBindingLister struct {
	Lister rbaclisters.ClusterRoleBindingLister
}

func (*ClusterRoleBindingLister) ListClusterRoleBindings

func (l *ClusterRoleBindingLister) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)

type ClusterRoleGetter

type ClusterRoleGetter struct {
	Lister rbaclisters.ClusterRoleLister
}

func (*ClusterRoleGetter) GetClusterRole

func (g *ClusterRoleGetter) GetClusterRole(name string) (*rbacv1.ClusterRole, error)

type RBACAuthorizer

type RBACAuthorizer struct {
	// contains filtered or unexported fields
}

func (*RBACAuthorizer) Authorize

func (r *RBACAuthorizer) Authorize(ctx context.Context, requestAttributes authorizer.Attributes) (authorizer.Decision, string, error)

func (*RBACAuthorizer) RulesFor

type RequestToRuleMapper

type RequestToRuleMapper interface {
	// RulesFor returns all known PolicyRules and any errors that happened while locating those rules.
	// Any rule returned is still valid, since rules are deny by default.  If you can pass with the rules
	// supplied, you do not have to fail the request.  If you cannot, you should indicate the error along
	// with your denial.
	RulesFor(subject user.Info, namespace string) ([]rbacv1.PolicyRule, error)

	// VisitRulesFor invokes visitor() with each rule that applies to a given user in a given namespace,
	// and each error encountered resolving those rules. Rule may be nil if err is non-nil.
	// If visitor() returns false, visiting is short-circuited.
	VisitRulesFor(user user.Info, namespace string, visitor func(source fmt.Stringer, rule *rbacv1.PolicyRule, err error) bool)
}

type RoleBindingLister

type RoleBindingLister struct {
	Lister rbaclisters.RoleBindingLister
}

func (*RoleBindingLister) ListRoleBindings

func (l *RoleBindingLister) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)

type RoleGetter

type RoleGetter struct {
	Lister rbaclisters.RoleLister
}

func (*RoleGetter) GetRole

func (g *RoleGetter) GetRole(namespace, name string) (*rbacv1.Role, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL