Documentation ¶
Index ¶
- Constants
- func ToExtraString(extra map[string]authenticationv1.ExtraValue) map[string][]string
- type EscalationChecker
- func (ec *EscalationChecker) ConfirmNoEscalation(response *webhook.Response, request *webhook.Request, ...) error
- func (ec *EscalationChecker) EscalationAuthorized(response *webhook.Response, request *webhook.Request, ...) (bool, error)
- func (ec *EscalationChecker) RulesFromTemplate(rt *rancherv3.RoleTemplate) ([]rbacv1.PolicyRule, error)
- type RBACRestGetter
- func (r RBACRestGetter) GetClusterRole(name string) (*rbacv1.ClusterRole, error)
- func (r RBACRestGetter) GetRole(namespace, name string) (*rbacv1.Role, error)
- func (r RBACRestGetter) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)
- func (r RBACRestGetter) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)
Constants ¶
View Source
const (
CreatorIDAnn = "field.cattle.io/creatorId"
)
Variables ¶
This section is empty.
Functions ¶
func ToExtraString ¶
func ToExtraString(extra map[string]authenticationv1.ExtraValue) map[string][]string
ToExtraString will convert a map of map[string]authenticationv1.ExtraValue to map[string]string.
Types ¶
type EscalationChecker ¶
type EscalationChecker struct {
// contains filtered or unexported fields
}
EscalationChecker struct used for performing privilege escalation checks.
func NewEscalationChecker ¶
func NewEscalationChecker(ruleSolver validation.AuthorizationRuleResolver, roleTemplates v3.RoleTemplateCache, clusterRoles k8srbacv1.ClusterRoleCache, sar authorizationv1.SubjectAccessReviewInterface) *EscalationChecker
NewEscalationChecker returns a newly allocated EscalationChecker.
func (*EscalationChecker) ConfirmNoEscalation ¶
func (ec *EscalationChecker) ConfirmNoEscalation(response *webhook.Response, request *webhook.Request, rules []rbacv1.PolicyRule, namespace string) error
ConfirmNoEscalation checks that the user attempting to create a binding/role has all the permissions they are attempting to grant.
func (*EscalationChecker) EscalationAuthorized ¶ added in v0.1.5
func (ec *EscalationChecker) EscalationAuthorized(response *webhook.Response, request *webhook.Request, gvr schema.GroupVersionResource, namespace string) (bool, error)
EscalationAuthorized checks if the user associated with the context is explicitly authorized to escalate the given GVR.
func (*EscalationChecker) RulesFromTemplate ¶
func (ec *EscalationChecker) RulesFromTemplate(rt *rancherv3.RoleTemplate) ([]rbacv1.PolicyRule, error)
RulesFromTemplate gets all rules from the template and all referenced templates.
type RBACRestGetter ¶
type RBACRestGetter struct { Roles wranglerv1.RoleCache RoleBindings wranglerv1.RoleBindingCache ClusterRoles wranglerv1.ClusterRoleCache ClusterRoleBindings wranglerv1.ClusterRoleBindingCache }
func (RBACRestGetter) GetClusterRole ¶
func (r RBACRestGetter) GetClusterRole(name string) (*rbacv1.ClusterRole, error)
func (RBACRestGetter) GetRole ¶
func (r RBACRestGetter) GetRole(namespace, name string) (*rbacv1.Role, error)
func (RBACRestGetter) ListClusterRoleBindings ¶
func (r RBACRestGetter) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)
func (RBACRestGetter) ListRoleBindings ¶
func (r RBACRestGetter) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)
Click to show internal directories.
Click to hide internal directories.