rbac

package
v0.100.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 20, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AllSubjectAccessReviewsAllowed

func AllSubjectAccessReviewsAllowed(subjectAccessReviews []*v1.SubjectAccessReview) (bool, []*v1.SubjectAccessReview)

AllSubjectAccessReviewsAllowed checks if all of subjectAccessReviews are explicitly allowed. If false, the method returns the reviews that were denied.

func WarningsGroupedByResource added in v0.100.0

func WarningsGroupedByResource(reviews []*v1.SubjectAccessReview) []string

WarningsGroupedByResource is a helper to take the missing permissions and format them as warnings.

Types

type Reviewer

type Reviewer struct {
	// contains filtered or unexported fields
}

func NewReviewer

func NewReviewer(c kubernetes.Interface) *Reviewer

func (*Reviewer) CanAccess

func (r *Reviewer) CanAccess(ctx context.Context, serviceAccount, serviceAccountNamespace string, res *v1.ResourceAttributes, nonResourceAttributes *v1.NonResourceAttributes) (*v1.SubjectAccessReview, error)

CanAccess checks if the given serviceAccount is able to access a single requested resource attribute. The operator uses this functionality to ensure that users have the right RBAC configured for collector related service accounts.

func (*Reviewer) CheckPolicyRules

func (r *Reviewer) CheckPolicyRules(ctx context.Context, serviceAccount, serviceAccountNamespace string, rules ...*rbacv1.PolicyRule) ([]*v1.SubjectAccessReview, error)

CheckPolicyRules is a convenience function that lets the caller check access for a set of PolicyRules.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL