Documentation ¶
Index ¶
- type Access
- type ResourceAccess
- type RoleRef
- type SubjectAccess
- func (sa *SubjectAccess) Empty() bool
- func (sa *SubjectAccess) Get() map[SubjectRef]sets.String
- func (sa *SubjectAccess) MatchRules(ref RoleRef, rule v1.PolicyRule)
- func (sa *SubjectAccess) ResolveRoleRef(r RoleRef, subjects []v1.Subject)
- func (sa *SubjectAccess) Table(verbs []string) *printer.Table
- type SubjectRef
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ResourceAccess ¶
ResourceAccess holds the access result for all resources.
type RoleRef ¶
type RoleRef struct {
Name, Kind string
}
RoleRef uniquely identifies a ClusterRole or namespaced Role. The namespace is always fixed and need not be part of RoleRef to identify a namespaced Role.
type SubjectAccess ¶
type SubjectAccess struct { // Resource is the kubernetes resource of this query. Resource string // ResourceName is the name of the kubernetes resource instance of this query. ResourceName string // contains filtered or unexported fields }
SubjectAccess holds the access information of all subjects for the given resource.
func NewSubjectAccess ¶
func NewSubjectAccess(resource, resourceName string) *SubjectAccess
NewSubjectAccess creates a new SubjectAccess with initialized fields.
func (*SubjectAccess) Empty ¶
func (sa *SubjectAccess) Empty() bool
Empty checks if any subjects with access were found.
func (*SubjectAccess) Get ¶
func (sa *SubjectAccess) Get() map[SubjectRef]sets.String
Get provides access to the actual result (for testing).
func (*SubjectAccess) MatchRules ¶
func (sa *SubjectAccess) MatchRules(ref RoleRef, rule v1.PolicyRule)
MatchRules takes a RoleRef and a PolicyRule and adds the rule verbs to the allowed verbs for the RoleRef, if the sa.resource matches the rule. The RoleRef and rule usually come from a (Cluster)Role.
func (*SubjectAccess) ResolveRoleRef ¶
func (sa *SubjectAccess) ResolveRoleRef(r RoleRef, subjects []v1.Subject)
ResolveRoleRef takes a RoleRef and a list of subjects and stores the access rights of the given role for each subject. The RoleRef and subjects usually come from a (Cluster)RoleBinding.
type SubjectRef ¶
type SubjectRef struct {
Name, Kind, Namespace string
}
SubjectRef uniquely identifies the subject of a RoleBinding or ClusterRoleBinding