auth

package

v0.12.0 Latest Latest Go to latest Published: Sep 15, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tektoncd/results

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AllowAll
- func (AllowAll) Check(context.Context, string, string, string) error
type Checker
type Option
- func WithImpersonation(enabled bool) Option
type RBAC
- func NewRBAC(client kubernetes.Interface, options ...Option) *RBAC
- func (r *RBAC) Check(ctx context.Context, namespace, resource, verb string) error

Constants ¶

View Source

const (
	// ResourceResults - api results resource name
	ResourceResults = "results"
	// ResourceRecords - api record resource name
	ResourceRecords = "records"
	// ResourceLogs - api logs resource name
	ResourceLogs = "logs"
	// ResourceSummary - api summary
	ResourceSummary = "summary"

	// PermissionCreate - permission name to "create" resource
	PermissionCreate = "create"
	// PermissionGet - permission name to "get" resource
	PermissionGet = "get"
	// PermissionList - permission name to "list" resource
	PermissionList = "list"
	// PermissionDelete - permission name to "delete" resource
	PermissionDelete = "delete"
	// PermissionUpdate - permission name to "update" resource
	PermissionUpdate = "update"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AllowAll ¶

type AllowAll struct{}

AllowAll is an auth check that allows every request, regardless of the params. Useful for testing or cases where you want to disable auth checks.

func (AllowAll) Check ¶

func (AllowAll) Check(context.Context, string, string, string) error

Check does nothing.

type Checker ¶

type Checker interface {
	Check(ctx context.Context, parent, resource, verb string) error
}

Checker handles authentication and authorization checks for an action on a resource.

type Option ¶ added in v0.6.0

type Option func(*RBAC)

Option is configuration option for RBAC checker.

func WithImpersonation ¶ added in v0.6.0

func WithImpersonation(enabled bool) Option

WithImpersonation is an option function to enable Impersonation

type RBAC ¶

type RBAC struct {
	// contains filtered or unexported fields
}

RBAC is a Kubernetes RBAC based auth checker. This uses the Kubernetes TokenReview and SubjectAccessReview APIs to defer auth decisions to the cluster. Users should pass in `token` metadata through the gRPC context. This checks RBAC permissions in the `results.tekton.dev` group, and assumes checks are done at the namespace

func NewRBAC ¶

func NewRBAC(client kubernetes.Interface, options ...Option) *RBAC

NewRBAC returns new instance of the Kubernetes RBAC based auth checker.

func (*RBAC) Check ¶

func (r *RBAC) Check(ctx context.Context, namespace, resource, verb string) error

Check determines if resource can be accessed with impersonation metadata stored in the context.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
impersonation

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL