Documentation ¶
Index ¶
- Constants
- func IsPersonalAccessReviewFromSAR(sar *authorizationapi.SubjectAccessReview) bool
- func RuleMatches(a authorizer.Attributes, rule authorizationapi.PolicyRule) (bool, error)
- func ToDefaultAuthorizationAttributes(user user.Info, namespace string, in authorizationapi.Action) authorizer.Attributes
- type AuthorizationAttributeBuilder
- type ForbiddenMessageMaker
- type ForbiddenMessageResolver
- type MessageContext
- type RequestInfoFactory
- func NewBrowserSafeRequestInfoResolver(contextMapper kapi.RequestContextMapper, authenticatedGroups sets.String, ...) RequestInfoFactory
- func NewPersonalSARRequestInfoResolver(infoFactory RequestInfoFactory) RequestInfoFactory
- func NewProjectRequestInfoResolver(infoFactory RequestInfoFactory) RequestInfoFactory
- type SubjectLocator
Constants ¶
View Source
const DefaultProjectRequestForbidden = "You may not request a new project via this API."
Variables ¶
This section is empty.
Functions ¶
func IsPersonalAccessReviewFromSAR ¶
func IsPersonalAccessReviewFromSAR(sar *authorizationapi.SubjectAccessReview) bool
IsPersonalAccessReviewFromSAR this variant handles the case where we have an SAR
func RuleMatches ¶
func RuleMatches(a authorizer.Attributes, rule authorizationapi.PolicyRule) (bool, error)
func ToDefaultAuthorizationAttributes ¶ added in v1.0.5
func ToDefaultAuthorizationAttributes(user user.Info, namespace string, in authorizationapi.Action) authorizer.Attributes
ToDefaultAuthorizationAttributes coerces Action to authorizer.Attributes.
Types ¶
type AuthorizationAttributeBuilder ¶
type AuthorizationAttributeBuilder interface {
GetAttributes(request *http.Request) (authorizer.Attributes, error)
}
func NewAuthorizationAttributeBuilder ¶
func NewAuthorizationAttributeBuilder(contextMapper kapi.RequestContextMapper, infoFactory RequestInfoFactory) AuthorizationAttributeBuilder
type ForbiddenMessageMaker ¶ added in v0.5.3
type ForbiddenMessageMaker interface {
MakeMessage(ctx MessageContext) (string, error)
}
ForbiddenMessageMaker creates a forbidden message from a MessageContext
type ForbiddenMessageResolver ¶ added in v0.5.3
type ForbiddenMessageResolver struct {
// contains filtered or unexported fields
}
func NewForbiddenMessageResolver ¶ added in v0.5.3
func NewForbiddenMessageResolver(projectRequestForbiddenTemplate string) *ForbiddenMessageResolver
func (*ForbiddenMessageResolver) MakeMessage ¶ added in v0.5.3
func (m *ForbiddenMessageResolver) MakeMessage(ctx MessageContext) (string, error)
type MessageContext ¶ added in v0.5.3
type MessageContext struct {
Attributes authorizer.Attributes
}
MessageContext contains sufficient information to create a forbidden message. It is bundled in this one object to make it easy and obvious how to build a golang template
type RequestInfoFactory ¶ added in v1.5.0
type RequestInfoFactory interface {
NewRequestInfo(req *http.Request) (*request.RequestInfo, error)
}
func NewBrowserSafeRequestInfoResolver ¶ added in v1.2.0
func NewBrowserSafeRequestInfoResolver(contextMapper kapi.RequestContextMapper, authenticatedGroups sets.String, infoFactory RequestInfoFactory) RequestInfoFactory
func NewPersonalSARRequestInfoResolver ¶
func NewPersonalSARRequestInfoResolver(infoFactory RequestInfoFactory) RequestInfoFactory
func NewProjectRequestInfoResolver ¶
func NewProjectRequestInfoResolver(infoFactory RequestInfoFactory) RequestInfoFactory
type SubjectLocator ¶
type SubjectLocator interface {
GetAllowedSubjects(attributes authorizer.Attributes) (sets.String, sets.String, error)
}
func NewAuthorizer ¶
func NewAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, forbiddenMessageMaker ForbiddenMessageMaker) (authorizer.Authorizer, SubjectLocator)
Source Files ¶
Click to show internal directories.
Click to hide internal directories.