Documentation
¶
Index ¶
- Constants
- Variables
- func GetBootstrapPolicy(masterNamespace string) *authorizationapi.Policy
- func GetBootstrapPolicyBinding(masterNamespace string) *authorizationapi.PolicyBinding
- func VerbAndKindAndNamespace(req *http.Request) (string, string, string, []string, error)
- type AuthorizationAttributeBuilder
- type AuthorizationAttributes
- type Authorizer
Constants ¶
View Source
const ( Allow = authorizationResult("allow") Deny = authorizationResult("deny") Unknown = authorizationResult("unknown") )
Variables ¶
View Source
var ErrNoStandardParts = errors.New("the provided URL does not match the standard API form")
Functions ¶
func GetBootstrapPolicy ¶
func GetBootstrapPolicy(masterNamespace string) *authorizationapi.Policy
TODO enumerate all resourceKinds and verbs instead of using *
func GetBootstrapPolicyBinding ¶
func GetBootstrapPolicyBinding(masterNamespace string) *authorizationapi.PolicyBinding
Types ¶
type AuthorizationAttributeBuilder ¶
type AuthorizationAttributeBuilder interface {
GetAttributes(request *http.Request) (AuthorizationAttributes, error)
}
func NewAuthorizationAttributeBuilder ¶
func NewAuthorizationAttributeBuilder(requestsToUsers *authcontext.RequestContextMap) AuthorizationAttributeBuilder
type AuthorizationAttributes ¶
type AuthorizationAttributes interface {
GetUserInfo() authenticationapi.UserInfo
GetVerb() string
GetNamespace() string
// GetRequestAttributes is of type interface{} because different verbs and different Authorizer/AuthorizationAttributeBuilder pairs may have different contract requirements
GetRequestAttributes() interface{}
}
type Authorizer ¶
type Authorizer interface {
Authorize(a AuthorizationAttributes) (allowed bool, reason string, err error)
}
func NewAuthorizer ¶
func NewAuthorizer(masterAuthorizationNamespace string, policyRuleBindingRegistry policyregistry.Registry, policyBindingRegistry policybindingregistry.Registry) Authorizer
Source Files
Click to show internal directories.
Click to hide internal directories.