authzwebhook

Documentation

Index

• type Handler
• type HandlerFunc
  • func (f HandlerFunc) Handle(ctx context.Context, req Request) Response
• type Request
• type Response
  • func Allowed(reason string) Response
  • func AuthorizationResponse(allowed, denied bool, reason, evaluationError string) Response
  • func Denied(reason string) Response
  • func Errored(err error) Response
  • func NoOpinion() Response
• type Webhook
  • func NewWebhookForAuthorizer(authz authorizer.Authorizer) *Webhook
  • func (wh *Webhook) Handle(ctx context.Context, req Request) Response
  • func (wh *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request)

Types

type Handler

type Handler interface {
	// Handle yields a response to an TokenReview.
	//
	// The supplied context is extracted from the received http.Request, allowing wrapping
	// http.Handlers to inject values into and control cancelation of downstream request processing.
	Handle(context.Context, Request) Response
}

Handler can handle an TokenReview.

type HandlerFunc

type HandlerFunc func(context.Context, Request) Response

HandlerFunc implements Handler interface using a single function.

func (HandlerFunc) Handle

func (f HandlerFunc) Handle(ctx context.Context, req Request) Response

Handle process the TokenReview by invoking the underlying function.

type Request

type Request struct {
	authorizationv1.SubjectAccessReview
}

Request defines the input for an authorization handler. It contains information to identify the object in question (group, version, kind, resource, subresource, name, namespace), as well as the operation in question (e.g. Get, Create, etc), and the object itself.

type Response

type Response struct {
	authorizationv1.SubjectAccessReview
}

Response is the output of an authorization handler. It contains a response indicating if a given operation is allowed.

func Allowed

func Allowed(reason string) Response

Allowed constructs a response indicating that the given user is authorized to perform the given action. The reason parameter is optional.

func AuthorizationResponse

func AuthorizationResponse(allowed, denied bool, reason, evaluationError string) Response

AuthorizationResponse returns a response an authorization request.

func Denied

func Denied(reason string) Response

Denied constructs a response indicating that the given user is denied to perform the given action. The reason parameter is optional.

func Errored

func Errored(err error) Response

Errored creates a new Response for error-handling a request.

func NoOpinion

func NoOpinion() Response

NoOpinion constructs a response indicating that the authorizer has no rule allowing the request, but also no rule specifically denying the request

type Webhook

type Webhook struct {
	// Handler actually processes an authentication request returning whether it was authenticated or unauthenticated,
	// and potentially patches to apply to the handler.
	Handler Handler

	// WithContextFunc will allow you to take the http.Request.Context() and
	// add any additional information such as passing the request path or
	// headers thus allowing you to read them from within the handler
	WithContextFunc func(context.Context, *http.Request) context.Context
	// contains filtered or unexported fields
}

Webhook represents each individual webhook.

func NewWebhookForAuthorizer

func NewWebhookForAuthorizer(authz authorizer.Authorizer) *Webhook

func (*Webhook) Handle

func (wh *Webhook) Handle(ctx context.Context, req Request) Response

Handle processes TokenReview.

func (*Webhook) ServeHTTP

func (wh *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request)