Documentation ¶
Index ¶
- func NewAlwaysAllowAuthorizer() *alwaysAllowAuthorizer
- func NewAlwaysDenyAuthorizer() *alwaysDenyAuthorizer
- func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer
- func RecordRequestLatency(ctx context.Context, code string, latency float64)
- func RecordRequestTotal(ctx context.Context, code string)
- type DelegatingAuthorizerConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAlwaysAllowAuthorizer ¶
func NewAlwaysAllowAuthorizer() *alwaysAllowAuthorizer
func NewAlwaysDenyAuthorizer ¶
func NewAlwaysDenyAuthorizer() *alwaysDenyAuthorizer
func NewPrivilegedGroups ¶
func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer
NewPrivilegedGroups is for use in loopback scenarios
func RecordRequestLatency ¶
RecordRequestLatency measures request latency in seconds for the delegated authorization. Broken down by status code.
func RecordRequestTotal ¶
RecordRequestTotal increments the total number of requests for the delegated authorization.
Types ¶
type DelegatingAuthorizerConfig ¶
type DelegatingAuthorizerConfig struct { SubjectAccessReviewClient authorizationclient.AuthorizationV1Interface // AllowCacheTTL is the length of time that a successful authorization response will be cached AllowCacheTTL time.Duration // DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached. // You generally want more responsive, "deny, try again" flows. DenyCacheTTL time.Duration // WebhookRetryBackoff specifies the backoff parameters for the authorization webhook retry logic. // This allows us to configure the sleep time at each iteration and the maximum number of retries allowed // before we fail the webhook call in order to limit the fan out that ensues when the system is degraded. WebhookRetryBackoff *wait.Backoff }
DelegatingAuthorizerConfig is the minimal configuration needed to create an authenticator built to delegate authorization to a kube API server
func (DelegatingAuthorizerConfig) New ¶
func (c DelegatingAuthorizerConfig) New() (authorizer.Authorizer, error)
Click to show internal directories.
Click to hide internal directories.