auth

package

v0.3.2-rc10 Latest Latest Go to latest Published: Jan 13, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rancher/webhook

Documentation ¶

Overview ¶

Package auth is holds common webhook code used during authentication

Index ¶

Constants
func ConfirmNoEscalation(request *admission.Request, rules []rbacv1.PolicyRule, namespace string, ...) error
func EscalationAuthorized(request *admission.Request, gvr schema.GroupVersionResource, ...) (bool, error)
func SetEscalationResponse(response *admissionv1.AdmissionResponse, err error)
func ToExtraString(extra map[string]authenticationv1.ExtraValue) map[string][]string
type RBACRestGetter
type RoleTemplateResolver
- func NewRoleTemplateResolver(roleTemplates v3.RoleTemplateCache, clusterRoles v1.ClusterRoleCache) *RoleTemplateResolver

Constants ¶

View Source

const (
	// CreatorIDAnn is an annotation key for the id of the creator.
	CreatorIDAnn = "field.cattle.io/creatorId"
)

Variables ¶

This section is empty.

Functions ¶

func ConfirmNoEscalation ¶ added in v0.1.6

func ConfirmNoEscalation(request *admission.Request, rules []rbacv1.PolicyRule, namespace string, ruleResolver validation.AuthorizationRuleResolver) error

ConfirmNoEscalation checks that the user attempting to create a binding/role has all the permissions they are attempting to grant.

func EscalationAuthorized ¶ added in v0.1.6

func EscalationAuthorized(request *admission.Request, gvr schema.GroupVersionResource, sar authorizationv1.SubjectAccessReviewInterface, namespace string) (bool, error)

EscalationAuthorized checks if the user associated with the context is explicitly authorized to escalate the given GVR.

func SetEscalationResponse ¶ added in v0.1.6

func SetEscalationResponse(response *admissionv1.AdmissionResponse, err error)

SetEscalationResponse will update the given webhook response based on the provided error from an escalation request.

func ToExtraString ¶

func ToExtraString(extra map[string]authenticationv1.ExtraValue) map[string][]string

ToExtraString will convert a map of map[string]authenticationv1.ExtraValue to map[string]string.

Types ¶

type RBACRestGetter ¶

type RBACRestGetter struct {
	Roles               wranglerv1.RoleCache
	RoleBindings        wranglerv1.RoleBindingCache
	ClusterRoles        wranglerv1.ClusterRoleCache
	ClusterRoleBindings wranglerv1.ClusterRoleBindingCache
}

RBACRestGetter is used to encapsulate Getters for core RBAC resource types.

func (RBACRestGetter) GetClusterRole ¶

func (r RBACRestGetter) GetClusterRole(name string) (*rbacv1.ClusterRole, error)

GetClusterRole gets the clusterRole with the given name.

func (RBACRestGetter) GetRole ¶

func (r RBACRestGetter) GetRole(namespace, name string) (*rbacv1.Role, error)

GetRole gets role within the given namespace that matches the provided name.

func (RBACRestGetter) ListClusterRoleBindings ¶

func (r RBACRestGetter) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)

ListClusterRoleBindings list all clusterRoleBindings.

func (RBACRestGetter) ListRoleBindings ¶

func (r RBACRestGetter) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)

ListRoleBindings list all roleBindings in the given namespace.

type RoleTemplateResolver ¶ added in v0.1.6

type RoleTemplateResolver struct {
	// contains filtered or unexported fields
}

RoleTemplateResolver provides an interface to flatten role templates into slice of rules.

func NewRoleTemplateResolver ¶ added in v0.1.6

func NewRoleTemplateResolver(roleTemplates v3.RoleTemplateCache, clusterRoles v1.ClusterRoleCache) *RoleTemplateResolver

NewRoleTemplateResolver creates a newly allocated RoleTemplateResolver from the provided caches

func (*RoleTemplateResolver) RoleTemplateCache ¶ added in v0.1.6

func (r *RoleTemplateResolver) RoleTemplateCache() v3.RoleTemplateCache

RoleTemplateCache allows caller to retrieve the roleTemplateCache used by the resolver.

func (*RoleTemplateResolver) RulesFromTemplate ¶ added in v0.1.6

func (r *RoleTemplateResolver) RulesFromTemplate(roleTemplate *rancherv3.RoleTemplate) ([]rbacv1.PolicyRule, error)

RulesFromTemplate gets all rules from the template and all referenced templates.

func (*RoleTemplateResolver) RulesFromTemplateName ¶ added in v0.1.6

func (r *RoleTemplateResolver) RulesFromTemplateName(name string) ([]rbacv1.PolicyRule, error)

RulesFromTemplateName gets the rules for a roleTemplate with a given name. Simple wrapper around RulesFromTemplate.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL