authorizer

package

v0.3.1 Latest Latest Go to latest Published: Feb 15, 2015 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mheon/atomic-enterprise

Links

Open Source Insights

Documentation ¶

Index ¶

func GetBootstrapPolicy(masterNamespace string) *authorizationapi.Policy
func GetBootstrapPolicyBinding(masterNamespace string) *authorizationapi.PolicyBinding
type APIRequestInfo
type APIRequestInfoResolver
- func (r *APIRequestInfoResolver) GetAPIRequestInfo(req *http.Request) (APIRequestInfo, error)
type AuthorizationAttributeBuilder
- func NewAuthorizationAttributeBuilder(requestsToUsers *authcontext.RequestContextMap, ...) AuthorizationAttributeBuilder
type AuthorizationAttributes
type Authorizer
- func NewAuthorizer(masterAuthorizationNamespace string, ...) Authorizer
type DefaultAuthorizationAttributes

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetBootstrapPolicy ¶

func GetBootstrapPolicy(masterNamespace string) *authorizationapi.Policy

TODO enumerate all resources and verbs instead of using *

func GetBootstrapPolicyBinding ¶

func GetBootstrapPolicyBinding(masterNamespace string) *authorizationapi.PolicyBinding

Types ¶

type APIRequestInfo ¶ added in v0.3.1

type APIRequestInfo struct {
	// Verb is the kube verb associated with the request, not the http verb.  This includes things like list and watch.
	Verb       string
	APIVersion string
	Namespace  string
	// Resource is the name of the resource being requested.  This is not the kind.  For example: pods
	Resource string
	// Kind is the type of object being manipulated.  For example: Pod
	Kind string
	// Name is empty for some verbs, but if the request directly indicates a name (not in body content) then this field is filled in.
	Name string
	// Parts are the path parts for the request relative to /{resource}/{name}
	Parts []string
}

APIRequestInfo holds information parsed from the http.Request

type APIRequestInfoResolver ¶ added in v0.3.1

type APIRequestInfoResolver struct {
	ApiPrefixes util.StringSet
	RestMapper  meta.RESTMapper
}

func (*APIRequestInfoResolver) GetAPIRequestInfo ¶ added in v0.3.1

func (r *APIRequestInfoResolver) GetAPIRequestInfo(req *http.Request) (APIRequestInfo, error)

GetAPIRequestInfo returns the information from the http request. If error is not nil, APIRequestInfo holds the information as best it is known before the failure Valid Inputs: Storage paths /ns/{namespace}/{resource} /ns/{namespace}/{resource}/{resourceName} /{resource} /{resource}/{resourceName} /{resource}/{resourceName}?namespace={namespace} /{resource}?namespace={namespace}

Special verbs: /proxy/{resource}/{resourceName} /proxy/ns/{namespace}/{resource}/{resourceName} /redirect/ns/{namespace}/{resource}/{resourceName} /redirect/{resource}/{resourceName} /watch/{resource} /watch/ns/{namespace}/{resource}

Fully qualified paths for above: /api/{version}/* /api/{version}/*

type AuthorizationAttributeBuilder ¶

type AuthorizationAttributeBuilder interface {
	GetAttributes(request *http.Request) (AuthorizationAttributes, error)
}

func NewAuthorizationAttributeBuilder ¶

func NewAuthorizationAttributeBuilder(requestsToUsers *authcontext.RequestContextMap, infoResolver *APIRequestInfoResolver) AuthorizationAttributeBuilder

type AuthorizationAttributes ¶

type AuthorizationAttributes interface {
	GetUserInfo() user.Info
	GetVerb() string
	GetResource() string
	GetNamespace() string
	GetResourceName() string
	// GetRequestAttributes is of type interface{} because different verbs and different Authorizer/AuthorizationAttributeBuilder pairs may have different contract requirements
	GetRequestAttributes() interface{}
}

type Authorizer ¶

type Authorizer interface {
	Authorize(a AuthorizationAttributes) (allowed bool, reason string, err error)
	GetAllowedSubjects(attributes AuthorizationAttributes) ([]string, []string, error)
}

func NewAuthorizer ¶

func NewAuthorizer(masterAuthorizationNamespace string, policyRuleBindingRegistry policyregistry.Registry, policyBindingRegistry policybindingregistry.Registry) Authorizer

type DefaultAuthorizationAttributes ¶ added in v0.3.1

type DefaultAuthorizationAttributes struct {
	User              user.Info
	Verb              string
	Resource          string
	ResourceName      string
	Namespace         string
	RequestAttributes interface{}
}

func (DefaultAuthorizationAttributes) GetNamespace ¶ added in v0.3.1

func (a DefaultAuthorizationAttributes) GetNamespace() string

func (DefaultAuthorizationAttributes) GetRequestAttributes ¶ added in v0.3.1

func (a DefaultAuthorizationAttributes) GetRequestAttributes() interface{}

func (DefaultAuthorizationAttributes) GetResource ¶ added in v0.3.1

func (a DefaultAuthorizationAttributes) GetResource() string

func (DefaultAuthorizationAttributes) GetResourceName ¶ added in v0.3.1

func (a DefaultAuthorizationAttributes) GetResourceName() string

func (DefaultAuthorizationAttributes) GetUserInfo ¶ added in v0.3.1

func (a DefaultAuthorizationAttributes) GetUserInfo() user.Info

func (DefaultAuthorizationAttributes) GetVerb ¶ added in v0.3.1

func (a DefaultAuthorizationAttributes) GetVerb() string

func (DefaultAuthorizationAttributes) RuleMatches ¶ added in v0.3.1

func (a DefaultAuthorizationAttributes) RuleMatches(rule authorizationapi.PolicyRule) (bool, error)

Source Files ¶

View all Source files

authorizer.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL