auth

package
v0.2.7-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 7, 2022 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source
const (
	CreatorIDAnn = "field.cattle.io/creatorId"
)

Variables

This section is empty.

Functions

func ToExtraString

func ToExtraString(extra map[string]authenticationv1.ExtraValue) map[string][]string

ToExtraString will convert a map of map[string]authenticationv1.ExtraValue to map[string]string.

Types

type EscalationChecker

type EscalationChecker struct {
	// contains filtered or unexported fields
}

EscalationChecker struct used for performing privilege escalation checks.

func NewEscalationChecker

NewEscalationChecker returns a newly allocated EscalationChecker.

func (*EscalationChecker) ConfirmNoEscalation

func (ec *EscalationChecker) ConfirmNoEscalation(response *webhook.Response, request *webhook.Request, rules []rbacv1.PolicyRule, namespace string) error

ConfirmNoEscalation checks that the user attempting to create a binding/role has all the permissions they are attempting to grant.

func (*EscalationChecker) EscalationAuthorized added in v0.1.5

func (ec *EscalationChecker) EscalationAuthorized(response *webhook.Response, request *webhook.Request, gvr schema.GroupVersionResource, namespace string) (bool, error)

EscalationAuthorized checks if the user associated with the context is explicitly authorized to escalate the given GVR.

func (*EscalationChecker) RulesFromTemplate

func (ec *EscalationChecker) RulesFromTemplate(rt *rancherv3.RoleTemplate) ([]rbacv1.PolicyRule, error)

RulesFromTemplate gets all rules from the template and all referenced templates.

type RBACRestGetter

type RBACRestGetter struct {
	Roles               wranglerv1.RoleCache
	RoleBindings        wranglerv1.RoleBindingCache
	ClusterRoles        wranglerv1.ClusterRoleCache
	ClusterRoleBindings wranglerv1.ClusterRoleBindingCache
}

func (RBACRestGetter) GetClusterRole

func (r RBACRestGetter) GetClusterRole(name string) (*rbacv1.ClusterRole, error)

func (RBACRestGetter) GetRole

func (r RBACRestGetter) GetRole(namespace, name string) (*rbacv1.Role, error)

func (RBACRestGetter) ListClusterRoleBindings

func (r RBACRestGetter) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)

func (RBACRestGetter) ListRoleBindings

func (r RBACRestGetter) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL