whocan

package
v0.0.0-...-f8b040b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Bindings 

type Bindings struct {
	RoleBindings        []string `json:"role-bindings,omitempty"`
	ClusterRoleBindings []string `json:"cluster-role-bindings,omitempty"`
}

Bindings represents RoleBindings or ClusterRoleBindings which may be applied to a subject.

type Checker 

type Checker interface {
	// Check takes a whocan Action and returns the role bindings that allow that action to be performed.
	Check(whocancmd.Action) (roleBindings []rbac.RoleBinding, clusterRoleBindings []rbac.ClusterRoleBinding, err error)
}

Checker is the interface for running a whocan Action

func NewChecker 

func NewChecker(client *kubernetes.Clientset, restConfig *rest.Config) (Checker, error)

NewChecker creates a client which can run who-can queries.

type Config 

type Config struct {
	Namespaces []string `yaml:"namespaces"`
}

WhoCanConfig is used to configure the who-can queries

func LoadConfigFromEnv 

func LoadConfigFromEnv() (Config, error)

type Result 

type Result struct {
	Resource  string          `json:"resource"`
	Verb      string          `json:"verb"`
	Namespace string          `json:"namespace"`
	Subjects  SubjectBindings `json:"subjects"`
}

Result represents the result of a who-can query.

type Results 

type Results []Result

func (*Results) WriteResourcesReport 

func (r *Results) WriteResourcesReport(w io.Writer) error

func (*Results) WriteSonobuoyReport 

func (r *Results) WriteSonobuoyReport(w io.Writer) error

func (*Results) WriteSubjectsReport 

func (r *Results) WriteSubjectsReport(w io.Writer) error

type Runner 

type Runner struct {
	// contains filtered or unexported fields
}

func NewRunner 

func NewRunner(checker Checker) Runner

func (*Runner) Run 

func (r *Runner) Run(namespaces []string, resources []metav1.APIResource) (Results, error)

type SonobuoyResultsItem 

type SonobuoyResultsItem struct {
	Name     string                `json:"name" yaml:"name"`
	Status   string                `json:"status" yaml:"status,omitempty"`
	Metadata map[string]string     `json:"meta,omitempty" yaml:"meta,omitempty"`
	Details  map[string]string     `json:"details,omitempty" yaml:"details,omitempty"`
	Items    []SonobuoyResultsItem `json:"items,omitempty" yaml:"items,omitempty"`
}

type SubjectActionPermissions 

type SubjectActionPermissions struct {
	Resource string `json:"resource"`
	Verb     string `json:"verb"`
	Bindings
}

SubjectActionPermissions represents the role bindings that allow a particular subject to perform an action.

type SubjectBindings 

type SubjectBindings map[rbac.Subject]Bindings

SubjectBindings represents the names of all Role and ClusterRole bindings bound to a subject.

func (SubjectBindings) MarshalJSON 

func (sb SubjectBindings) MarshalJSON() ([]byte, error)

type SubjectNamespacePermissions 

type SubjectNamespacePermissions map[string][]SubjectActionPermissions

SubjectNamespacePermissions represents all permissions granted within namespaces

func (SubjectNamespacePermissions) MarshalJSON 

func (np SubjectNamespacePermissions) MarshalJSON() ([]byte, error)

MarshalJSON marshals SubjectNamespacePermissions into JSON

type SubjectResults 

type SubjectResults map[rbac.Subject]SubjectNamespacePermissions

SubjectResults represents all the permissions for a subject

func (SubjectResults) MarshalJSON 

func (spm SubjectResults) MarshalJSON() ([]byte, error)

MarshalJSON marshals SubjectResults into JSON

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.