nsaccess

package
v0.31.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 30, 2023 License: MPL-2.0 Imports: 8 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var DefautltWegoAppRules = []rbacv1.PolicyRule{
	{
		APIGroups: []string{""},
		Resources: []string{"secrets", "pods", "events"},
		Verbs:     []string{"get", "list"},
	},
	{
		APIGroups: []string{"apps"},
		Resources: []string{"deployments", "replicasets"},
		Verbs:     []string{"get", "list"},
	},
	{
		APIGroups: []string{"kustomize.toolkit.fluxcd.io"},
		Resources: []string{"kustomizations"},
		Verbs:     []string{"get", "list"},
	},
	{
		APIGroups: []string{"helm.toolkit.fluxcd.io"},
		Resources: []string{"helmreleases"},
		Verbs:     []string{"get", "list"},
	},
	{
		APIGroups: []string{"source.toolkit.fluxcd.io"},
		Resources: []string{"buckets", "helmcharts", "gitrepositories", "helmrepositories"},
		Verbs:     []string{"get", "list"},
	},
	{
		APIGroups: []string{""},
		Resources: []string{"events"},
		Verbs:     []string{"get", "list", "watch"},
	},
}

DefautltWegoAppRules is the minimun set of permissions a user will need to use the wego-app in a given namespace

Functions

This section is empty.

Types

type Checker

type Checker interface {
	// FilterAccessibleNamespaces returns a filtered list of namespaces to which a user has access to
	FilterAccessibleNamespaces(ctx context.Context, auth typedauth.AuthorizationV1Interface, namespaces []corev1.Namespace) ([]corev1.Namespace, error)
}

Checker contains methods for validing user access to Kubernetes namespaces, based on a set of PolicyRules

func NewChecker

func NewChecker(rules []rbacv1.PolicyRule) Checker

Directories

Path Synopsis
Code generated by counterfeiter.
Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL