rbac

package
v1.10.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 19, 2018 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package rbac implements the authorizer.Authorizer interface using roles base access control.

Package rbac implements the authorizer.Authorizer interface using roles base access control.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RuleAllows added in v1.5.1

func RuleAllows(requestAttributes authorizer.Attributes, rule *rbac.PolicyRule) bool

func RulesAllow added in v1.5.1

func RulesAllow(requestAttributes authorizer.Attributes, rules ...rbac.PolicyRule) bool

Types

type ClusterRoleBindingLister added in v1.8.0

type ClusterRoleBindingLister struct {
	Lister rbaclisters.ClusterRoleBindingLister
}

func (*ClusterRoleBindingLister) ListClusterRoleBindings added in v1.8.0

func (l *ClusterRoleBindingLister) ListClusterRoleBindings() ([]*rbac.ClusterRoleBinding, error)

type ClusterRoleGetter added in v1.8.0

type ClusterRoleGetter struct {
	Lister rbaclisters.ClusterRoleLister
}

func (*ClusterRoleGetter) GetClusterRole added in v1.8.0

func (g *ClusterRoleGetter) GetClusterRole(name string) (*rbac.ClusterRole, error)

type RBACAuthorizer

type RBACAuthorizer struct {
	// contains filtered or unexported fields
}

func (*RBACAuthorizer) Authorize

func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (authorizer.Decision, string, error)

func (*RBACAuthorizer) RulesFor added in v1.8.0

type RequestToRuleMapper added in v1.5.1

type RequestToRuleMapper interface {
	// RulesFor returns all known PolicyRules and any errors that happened while locating those rules.
	// Any rule returned is still valid, since rules are deny by default.  If you can pass with the rules
	// supplied, you do not have to fail the request.  If you cannot, you should indicate the error along
	// with your denial.
	RulesFor(subject user.Info, namespace string) ([]rbac.PolicyRule, error)

	// VisitRulesFor invokes visitor() with each rule that applies to a given user in a given namespace,
	// and each error encountered resolving those rules. Rule may be nil if err is non-nil.
	// If visitor() returns false, visiting is short-circuited.
	VisitRulesFor(user user.Info, namespace string, visitor func(source fmt.Stringer, rule *rbac.PolicyRule, err error) bool)
}

type RoleBindingLister added in v1.8.0

type RoleBindingLister struct {
	Lister rbaclisters.RoleBindingLister
}

func (*RoleBindingLister) ListRoleBindings added in v1.8.0

func (l *RoleBindingLister) ListRoleBindings(namespace string) ([]*rbac.RoleBinding, error)

type RoleGetter added in v1.8.0

type RoleGetter struct {
	Lister rbaclisters.RoleLister
}

func (*RoleGetter) GetRole added in v1.8.0

func (g *RoleGetter) GetRole(namespace, name string) (*rbac.Role, error)

type RoleToRuleMapper added in v1.6.0

type RoleToRuleMapper interface {
	// GetRoleReferenceRules attempts to resolve the role reference of a RoleBinding or ClusterRoleBinding.  The passed namespace should be the namespace
	// of the role binding, the empty string if a cluster role binding.
	GetRoleReferenceRules(roleRef rbac.RoleRef, namespace string) ([]rbac.PolicyRule, error)
}

type SubjectAccessEvaluator added in v1.6.0

type SubjectAccessEvaluator struct {
	// contains filtered or unexported fields
}

func (*SubjectAccessEvaluator) AllowedSubjects added in v1.6.0

func (r *SubjectAccessEvaluator) AllowedSubjects(requestAttributes authorizer.Attributes) ([]rbac.Subject, error)

AllowedSubjects returns the subjects that can perform an action and any errors encountered while computing the list. It is possible to have both subjects and errors returned if some rolebindings couldn't be resolved, but others could be.

type SubjectLocator added in v1.8.0

type SubjectLocator interface {
	AllowedSubjects(attributes authorizer.Attributes) ([]rbac.Subject, error)
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL