result

package
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 24, 2022 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Access

type Access uint8
const (
	Denied Access = iota
	Allowed
	NotApplicable
	RequestErr
)

This encodes the access of the given subject to the resource+verb combination.

type ResourceAccess

type ResourceAccess map[string]map[string]Access

ResourceAccess holds the access result for all resources.

func (ResourceAccess) Table

func (ra ResourceAccess) Table(verbs []string) *printer.Table

Print implements MatrixPrinter.Print. It prints a tab-separated table with a header.

type RoleRef

type RoleRef struct {
	Name, Kind string
}

RoleRef uniquely identifies a ClusterRole or namespaced Role. The namespace is always fixed and need not be part of RoleRef to identify a namespaced Role.

type SubjectAccess

type SubjectAccess struct {
	// Resource is the kubernetes resource of this query.
	Resource string
	// ResourceName is the name of the kubernetes resource instance of this query.
	ResourceName string
	// contains filtered or unexported fields
}

SubjectAccess holds the access information of all subjects for the given resource.

func NewSubjectAccess

func NewSubjectAccess(resource, resourceName string) *SubjectAccess

NewSubjectAccess creates a new SubjectAccess with initialized fields.

func (*SubjectAccess) Empty

func (sa *SubjectAccess) Empty() bool

Empty checks if any subjects with access were found.

func (*SubjectAccess) Get

func (sa *SubjectAccess) Get() map[SubjectRef]sets.String

Get provides access to the actual result (for testing).

func (*SubjectAccess) MatchRules

func (sa *SubjectAccess) MatchRules(ref RoleRef, rule v1.PolicyRule)

MatchRules takes a RoleRef and a PolicyRule and adds the rule verbs to the allowed verbs for the RoleRef, if the sa.resource matches the rule. The RoleRef and rule usually come from a (Cluster)Role.

func (*SubjectAccess) ResolveRoleRef

func (sa *SubjectAccess) ResolveRoleRef(r RoleRef, subjects []v1.Subject)

ResolveRoleRef takes a RoleRef and a list of subjects and stores the access rights of the given role for each subject. The RoleRef and subjects usually come from a (Cluster)RoleBinding.

func (*SubjectAccess) Table

func (sa *SubjectAccess) Table(verbs []string) *printer.Table

type SubjectRef

type SubjectRef struct {
	Name, Kind, Namespace string
}

SubjectRef uniquely identifies the subject of a RoleBinding or ClusterRoleBinding

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL