auth

package

v0.2.4-rc6 Latest Latest Go to latest Published: Jan 18, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rancher/webhook

Documentation ¶

Index ¶

Constants
func ToExtraString(extra map[string]authenticationv1.ExtraValue) map[string][]string
type EscalationChecker
- func NewEscalationChecker(ruleSolver validation.AuthorizationRuleResolver, ...) *EscalationChecker
- func (ec *EscalationChecker) ConfirmNoEscalation(response *webhook.Response, request *webhook.Request, ...) error
- func (ec *EscalationChecker) RulesFromTemplate(rt *rancherv3.RoleTemplate) ([]rbacv1.PolicyRule, error)
type RBACRestGetter

Constants ¶

View Source

const (
	CreatorIDAnn = "field.cattle.io/creatorId"
)

Variables ¶

This section is empty.

Functions ¶

func ToExtraString ¶

func ToExtraString(extra map[string]authenticationv1.ExtraValue) map[string][]string

Types ¶

type EscalationChecker ¶

type EscalationChecker struct {
	// contains filtered or unexported fields
}

func NewEscalationChecker ¶

func NewEscalationChecker(ruleSolver validation.AuthorizationRuleResolver, roleTemplates v3.RoleTemplateCache, clusterRoles k8srbacv1.ClusterRoleCache) *EscalationChecker

func (*EscalationChecker) ConfirmNoEscalation ¶

func (ec *EscalationChecker) ConfirmNoEscalation(response *webhook.Response, request *webhook.Request, rules []rbacv1.PolicyRule, namespace string) error

ConfirmNoEscalation checks that the user attempting to create a binding/role has all the permissions they are attempting to grant

func (*EscalationChecker) RulesFromTemplate ¶

func (ec *EscalationChecker) RulesFromTemplate(rt *rancherv3.RoleTemplate) ([]rbacv1.PolicyRule, error)

RulesFromTemplate gets all rules from the template and all referenced templates

type RBACRestGetter ¶

type RBACRestGetter struct {
	Roles               wranglerv1.RoleCache
	RoleBindings        wranglerv1.RoleBindingCache
	ClusterRoles        wranglerv1.ClusterRoleCache
	ClusterRoleBindings wranglerv1.ClusterRoleBindingCache
}

func (RBACRestGetter) GetClusterRole ¶

func (r RBACRestGetter) GetClusterRole(name string) (*rbacv1.ClusterRole, error)

func (RBACRestGetter) GetRole ¶

func (r RBACRestGetter) GetRole(namespace, name string) (*rbacv1.Role, error)

func (RBACRestGetter) ListClusterRoleBindings ¶

func (r RBACRestGetter) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)

func (RBACRestGetter) ListRoleBindings ¶

func (r RBACRestGetter) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL