Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var DefautltWegoAppRules = []rbacv1.PolicyRule{ { APIGroups: []string{""}, Resources: []string{"secrets", "pods", "events"}, Verbs: []string{"get", "list"}, }, { APIGroups: []string{"apps"}, Resources: []string{"deployments", "replicasets"}, Verbs: []string{"get", "list"}, }, { APIGroups: []string{"kustomize.toolkit.fluxcd.io"}, Resources: []string{"kustomizations"}, Verbs: []string{"get", "list"}, }, { APIGroups: []string{"helm.toolkit.fluxcd.io"}, Resources: []string{"helmreleases"}, Verbs: []string{"get", "list"}, }, { APIGroups: []string{"source.toolkit.fluxcd.io"}, Resources: []string{"buckets", "helmcharts", "gitrepositories", "helmrepositories"}, Verbs: []string{"get", "list"}, }, { APIGroups: []string{""}, Resources: []string{"events"}, Verbs: []string{"get", "list", "watch"}, }, }
DefautltWegoAppRules is the minimun set of permissions a user will need to use the wego-app in a given namespace
Functions ¶
This section is empty.
Types ¶
type Checker ¶
type Checker interface { // FilterAccessibleNamespaces returns a filtered list of namespaces to which a user has access to FilterAccessibleNamespaces(ctx context.Context, auth typedauth.AuthorizationV1Interface, namespaces []corev1.Namespace) ([]corev1.Namespace, error) }
Checker contains methods for validing user access to Kubernetes namespaces, based on a set of PolicyRules
func NewChecker ¶
func NewChecker(rules []rbacv1.PolicyRule) Checker
Click to show internal directories.
Click to hide internal directories.