authorizer

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 15, 2015 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetBootstrapPolicy

func GetBootstrapPolicy(masterNamespace string) *authorizationapi.Policy

TODO enumerate all resources and verbs instead of using *

func GetBootstrapPolicyBinding

func GetBootstrapPolicyBinding(masterNamespace string) *authorizationapi.PolicyBinding

Types

type APIRequestInfo added in v0.3.1

type APIRequestInfo struct {
	// Verb is the kube verb associated with the request, not the http verb.  This includes things like list and watch.
	Verb       string
	APIVersion string
	Namespace  string
	// Resource is the name of the resource being requested.  This is not the kind.  For example: pods
	Resource string
	// Kind is the type of object being manipulated.  For example: Pod
	Kind string
	// Name is empty for some verbs, but if the request directly indicates a name (not in body content) then this field is filled in.
	Name string
	// Parts are the path parts for the request relative to /{resource}/{name}
	Parts []string
}

APIRequestInfo holds information parsed from the http.Request

type APIRequestInfoResolver added in v0.3.1

type APIRequestInfoResolver struct {
	ApiPrefixes util.StringSet
	RestMapper  meta.RESTMapper
}

func (*APIRequestInfoResolver) GetAPIRequestInfo added in v0.3.1

func (r *APIRequestInfoResolver) GetAPIRequestInfo(req *http.Request) (APIRequestInfo, error)

GetAPIRequestInfo returns the information from the http request. If error is not nil, APIRequestInfo holds the information as best it is known before the failure Valid Inputs: Storage paths /ns/{namespace}/{resource} /ns/{namespace}/{resource}/{resourceName} /{resource} /{resource}/{resourceName} /{resource}/{resourceName}?namespace={namespace} /{resource}?namespace={namespace}

Special verbs: /proxy/{resource}/{resourceName} /proxy/ns/{namespace}/{resource}/{resourceName} /redirect/ns/{namespace}/{resource}/{resourceName} /redirect/{resource}/{resourceName} /watch/{resource} /watch/ns/{namespace}/{resource}

Fully qualified paths for above: /api/{version}/* /api/{version}/*

type AuthorizationAttributeBuilder

type AuthorizationAttributeBuilder interface {
	GetAttributes(request *http.Request) (AuthorizationAttributes, error)
}

func NewAuthorizationAttributeBuilder

func NewAuthorizationAttributeBuilder(requestsToUsers *authcontext.RequestContextMap, infoResolver *APIRequestInfoResolver) AuthorizationAttributeBuilder

type AuthorizationAttributes

type AuthorizationAttributes interface {
	GetUserInfo() user.Info
	GetVerb() string
	GetResource() string
	GetNamespace() string
	GetResourceName() string
	// GetRequestAttributes is of type interface{} because different verbs and different Authorizer/AuthorizationAttributeBuilder pairs may have different contract requirements
	GetRequestAttributes() interface{}
}

type Authorizer

type Authorizer interface {
	Authorize(a AuthorizationAttributes) (allowed bool, reason string, err error)
	GetAllowedSubjects(attributes AuthorizationAttributes) ([]string, []string, error)
}

func NewAuthorizer

func NewAuthorizer(masterAuthorizationNamespace string, policyRuleBindingRegistry policyregistry.Registry, policyBindingRegistry policybindingregistry.Registry) Authorizer

type DefaultAuthorizationAttributes added in v0.3.1

type DefaultAuthorizationAttributes struct {
	User              user.Info
	Verb              string
	Resource          string
	ResourceName      string
	Namespace         string
	RequestAttributes interface{}
}

func (DefaultAuthorizationAttributes) GetNamespace added in v0.3.1

func (a DefaultAuthorizationAttributes) GetNamespace() string

func (DefaultAuthorizationAttributes) GetRequestAttributes added in v0.3.1

func (a DefaultAuthorizationAttributes) GetRequestAttributes() interface{}

func (DefaultAuthorizationAttributes) GetResource added in v0.3.1

func (a DefaultAuthorizationAttributes) GetResource() string

func (DefaultAuthorizationAttributes) GetResourceName added in v0.3.1

func (a DefaultAuthorizationAttributes) GetResourceName() string

func (DefaultAuthorizationAttributes) GetUserInfo added in v0.3.1

func (a DefaultAuthorizationAttributes) GetUserInfo() user.Info

func (DefaultAuthorizationAttributes) GetVerb added in v0.3.1

func (DefaultAuthorizationAttributes) RuleMatches added in v0.3.1

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL