authorizer

package
v0.0.0-...-d3d374b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 15, 2018 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source
const DefaultProjectRequestForbidden = "You may not request a new project via this API."

Variables

This section is empty.

Functions

func IsPersonalAccessReview

func IsPersonalAccessReview(a Action) (bool, error)

Types

type Action

type Action interface {
	GetVerb() string
	GetAPIVersion() string
	GetAPIGroup() string
	// GetResource returns the resource type.  If IsNonResourceURL() is true, then GetResource() is "".
	GetResource() string
	GetResourceName() string
	// GetRequestAttributes is of type interface{} because different verbs and different Authorizer/AuthorizationAttributeBuilder pairs may have different contract requirements.
	GetRequestAttributes() interface{}
	// IsNonResourceURL returns true if this is not an action performed against the resource API
	IsNonResourceURL() bool
	// GetURL returns the URL path being requested, including the leading '/'
	GetURL() string
}

type AuthorizationAttributeBuilder

type AuthorizationAttributeBuilder interface {
	GetAttributes(request *http.Request) (Action, error)
}

func NewAuthorizationAttributeBuilder

func NewAuthorizationAttributeBuilder(contextMapper kapi.RequestContextMapper, infoResolver RequestInfoResolver) AuthorizationAttributeBuilder

type Authorizer

type Authorizer interface {
	Authorize(ctx kapi.Context, a Action) (allowed bool, reason string, err error)
	GetAllowedSubjects(ctx kapi.Context, attributes Action) (sets.String, sets.String, error)
}

func NewAuthorizer

func NewAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, forbiddenMessageMaker ForbiddenMessageMaker) Authorizer

type DefaultAuthorizationAttributes

type DefaultAuthorizationAttributes struct {
	Verb              string
	APIVersion        string
	APIGroup          string
	Resource          string
	ResourceName      string
	RequestAttributes interface{}
	NonResourceURL    bool
	URL               string
}

func CoerceToDefaultAuthorizationAttributes

func CoerceToDefaultAuthorizationAttributes(passedAttributes Action) *DefaultAuthorizationAttributes

TODO this may or may not be the behavior we want for managing rules. As a for instance, a verb might be specified that our attributes builder will never satisfy. For now, I think gets us close. Maybe a warning message of some kind?

func ToDefaultAuthorizationAttributes

func ToDefaultAuthorizationAttributes(in authorizationapi.Action) DefaultAuthorizationAttributes

ToDefaultAuthorizationAttributes coerces Action to DefaultAuthorizationAttributes. Namespace is not included because the authorizer takes that information on the context

func (DefaultAuthorizationAttributes) GetAPIGroup

func (a DefaultAuthorizationAttributes) GetAPIGroup() string

func (DefaultAuthorizationAttributes) GetAPIVersion

func (a DefaultAuthorizationAttributes) GetAPIVersion() string

func (DefaultAuthorizationAttributes) GetRequestAttributes

func (a DefaultAuthorizationAttributes) GetRequestAttributes() interface{}

func (DefaultAuthorizationAttributes) GetResource

func (a DefaultAuthorizationAttributes) GetResource() string

func (DefaultAuthorizationAttributes) GetResourceName

func (a DefaultAuthorizationAttributes) GetResourceName() string

func (DefaultAuthorizationAttributes) GetURL

func (DefaultAuthorizationAttributes) GetVerb

func (DefaultAuthorizationAttributes) IsNonResourceURL

func (a DefaultAuthorizationAttributes) IsNonResourceURL() bool

func (DefaultAuthorizationAttributes) RuleMatches

type ForbiddenMessageMaker

type ForbiddenMessageMaker interface {
	MakeMessage(ctx MessageContext) (string, error)
}

ForbiddenMessageMaker creates a forbidden message from a MessageContext

type ForbiddenMessageResolver

type ForbiddenMessageResolver struct {
	// contains filtered or unexported fields
}

func NewForbiddenMessageResolver

func NewForbiddenMessageResolver(projectRequestForbiddenTemplate string) *ForbiddenMessageResolver

func (*ForbiddenMessageResolver) MakeMessage

func (m *ForbiddenMessageResolver) MakeMessage(ctx MessageContext) (string, error)

type MessageContext

type MessageContext struct {
	User       user.Info
	Namespace  string
	Attributes Action
}

MessageContext contains sufficient information to create a forbidden message. It is bundled in this one object to make it easy and obvious how to build a golang template

type RequestInfoResolver

type RequestInfoResolver interface {
	GetRequestInfo(req *http.Request) (kapiserver.RequestInfo, error)
}

func NewBrowserSafeRequestInfoResolver

func NewBrowserSafeRequestInfoResolver(contextMapper kapi.RequestContextMapper, authenticatedGroups sets.String, infoResolver RequestInfoResolver) RequestInfoResolver

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL