Documentation
¶
Index ¶
- Variables
- func DefaultResourceVerbs() []string
- func GenerateCode(files *manifests.Manifests, options *options.RBACOptions) (string, error)
- func GenerateMarkers(files *manifests.Manifests, options *options.RBACOptions) (string, error)
- func GenerateYAML(files *manifests.Manifests, options *options.RBACOptions) (string, error)
- func ValidResourceVerbs() []string
- type RoleRule
- type RoleRuleField
- type Rule
- type Rules
- type Verbs
Constants ¶
This section is empty.
Variables ¶
var ( ErrorProcessRoleRule = errors.New("error processing role rule") ErrorProcessRoleRuleField = errors.New("error processing role rule field") )
var ErrInvalidVerb = errors.New("verb is invalid")
Functions ¶
func DefaultResourceVerbs ¶
func DefaultResourceVerbs() []string
DefaultResourceVerbs is a helper function to define the default verbs that are allowed for resources that are managed by the scaffolded controller.
func GenerateCode ¶
GenerateCode will return the stdout form of rbac objects, given a set of input manifest, in go struct format.
func GenerateMarkers ¶
GenerateMarkers will return the stdout form of rbac objects as kubebuilder markers.
func GenerateYAML ¶
GenerateYAML will return the stdout form of rbac objects, given a set of input manifest, in YAML format.
func ValidResourceVerbs ¶ added in v0.3.0
func ValidResourceVerbs() []string
ValidResourceVerbs is a helper function to define any valid resource verbs. These may differ from the default verbs so we simply append any additional potential verbs that may be used.
Types ¶
type RoleRule ¶
type RoleRule struct {
Groups RoleRuleField
Resources RoleRuleField
ResourceName RoleRuleField
Verbs RoleRuleField
URLs RoleRuleField
}
RoleRule contains the info needed to create the kubebuilder:rbac markers in the controller when a resource that is of a role or clusterrole type is found. This is because the underlying controller needs the same permissions for the role or clusterrole that it is attempting to manage.
type RoleRuleField ¶
type RoleRuleField []string
type Rules ¶
type Rules []Rule
func ForResource ¶
func ForResource(manifest *unstructured.Unstructured, verbs ...string) (*Rules, error)
ForResource will return a set of rules for a particular kubernetes resource. This includes a rule for the resource itself, in addition to adding particular rules for whatever roles and cluster roles are requesting. This is because the controller needs to have permissions to manage the children that roles and cluster roles are requesting.
func ForResources ¶
func ForResources(manifests []*unstructured.Unstructured, verbs ...string) (*Rules, error)
ForResources will return a set of rules for particular kubernetes resources. See ForResource for more information as this is the same methodology used.
func ForWorkloads ¶
func ForWorkloads(workloads ...rbacWorkloadProcessor) *Rules
ForWorkloads will return a set of rules for a particular set of workloads. It should be noted that this only returns the specific rules for the actual workload and not the managed resources. See ForManifest for details on the rules for a particular manifest.
Source Files