auth

package
v0.3.2-rc10 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 13, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package auth is holds common webhook code used during authentication

Index

Constants

View Source
const (
	// CreatorIDAnn is an annotation key for the id of the creator.
	CreatorIDAnn = "field.cattle.io/creatorId"
)

Variables

This section is empty.

Functions

func ConfirmNoEscalation added in v0.1.6

func ConfirmNoEscalation(request *admission.Request, rules []rbacv1.PolicyRule, namespace string, ruleResolver validation.AuthorizationRuleResolver) error

ConfirmNoEscalation checks that the user attempting to create a binding/role has all the permissions they are attempting to grant.

func EscalationAuthorized added in v0.1.6

func EscalationAuthorized(request *admission.Request, gvr schema.GroupVersionResource, sar authorizationv1.SubjectAccessReviewInterface, namespace string) (bool, error)

EscalationAuthorized checks if the user associated with the context is explicitly authorized to escalate the given GVR.

func SetEscalationResponse added in v0.1.6

func SetEscalationResponse(response *admissionv1.AdmissionResponse, err error)

SetEscalationResponse will update the given webhook response based on the provided error from an escalation request.

func ToExtraString

func ToExtraString(extra map[string]authenticationv1.ExtraValue) map[string][]string

ToExtraString will convert a map of map[string]authenticationv1.ExtraValue to map[string]string.

Types

type RBACRestGetter

type RBACRestGetter struct {
	Roles               wranglerv1.RoleCache
	RoleBindings        wranglerv1.RoleBindingCache
	ClusterRoles        wranglerv1.ClusterRoleCache
	ClusterRoleBindings wranglerv1.ClusterRoleBindingCache
}

RBACRestGetter is used to encapsulate Getters for core RBAC resource types.

func (RBACRestGetter) GetClusterRole

func (r RBACRestGetter) GetClusterRole(name string) (*rbacv1.ClusterRole, error)

GetClusterRole gets the clusterRole with the given name.

func (RBACRestGetter) GetRole

func (r RBACRestGetter) GetRole(namespace, name string) (*rbacv1.Role, error)

GetRole gets role within the given namespace that matches the provided name.

func (RBACRestGetter) ListClusterRoleBindings

func (r RBACRestGetter) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)

ListClusterRoleBindings list all clusterRoleBindings.

func (RBACRestGetter) ListRoleBindings

func (r RBACRestGetter) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)

ListRoleBindings list all roleBindings in the given namespace.

type RoleTemplateResolver added in v0.1.6

type RoleTemplateResolver struct {
	// contains filtered or unexported fields
}

RoleTemplateResolver provides an interface to flatten role templates into slice of rules.

func NewRoleTemplateResolver added in v0.1.6

func NewRoleTemplateResolver(roleTemplates v3.RoleTemplateCache, clusterRoles v1.ClusterRoleCache) *RoleTemplateResolver

NewRoleTemplateResolver creates a newly allocated RoleTemplateResolver from the provided caches

func (*RoleTemplateResolver) RoleTemplateCache added in v0.1.6

func (r *RoleTemplateResolver) RoleTemplateCache() v3.RoleTemplateCache

RoleTemplateCache allows caller to retrieve the roleTemplateCache used by the resolver.

func (*RoleTemplateResolver) RulesFromTemplate added in v0.1.6

func (r *RoleTemplateResolver) RulesFromTemplate(roleTemplate *rancherv3.RoleTemplate) ([]rbacv1.PolicyRule, error)

RulesFromTemplate gets all rules from the template and all referenced templates.

func (*RoleTemplateResolver) RulesFromTemplateName added in v0.1.6

func (r *RoleTemplateResolver) RulesFromTemplateName(name string) ([]rbacv1.PolicyRule, error)

RulesFromTemplateName gets the rules for a roleTemplate with a given name. Simple wrapper around RulesFromTemplate.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL