scope

package

v1.3.0-alpha.2 Latest Latest Go to latest Published: Jun 21, 2016 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.imxd.top/openshift/origin

Documentation ¶

Index ¶

Constants
Variables
func NewAuthorizer(delegate defaultauthorizer.Authorizer, ...) defaultauthorizer.Authorizer
func ScopesToRules(scopes []string, namespace string, ...) ([]authorizationapi.PolicyRule, error)
func ValidateClusterRoleScopeRestrictions(scope string, restriction oauthapi.ClusterRoleScopeRestriction) error
func ValidateLiteralScopeRestrictions(scope string, literals []string) error
func ValidateScopeRestrictions(client *oauthapi.OAuthClient, scopes ...string) error
type ScopeEvaluator

Constants ¶

View Source

const (
	UserIndicator          = "user:"
	ClusterRoleIndicator   = "role:"
	ClusterWideIndicator   = "clusterwide:"
	NamespaceWideIndicator = "namespace:"
)

View Source

const (
	UserInfo        = "info"
	UserAccessCheck = "check-access"

	// UserListProject gives explicit permission to see the projects a user can see.  This is often used to prime secondary ACL systems
	// unrelated to openshift and to display projects for selection in a secondary UI.
	UserListProject = "list-projects"
)

Variables ¶

View Source

var ScopeEvaluators = []ScopeEvaluator{
	userEvaluator{},
	clusterRoleEvaluator{},
}

ScopeEvaluators map prefixes to a function that handles that prefix

Functions ¶

func NewAuthorizer ¶

func NewAuthorizer(delegate defaultauthorizer.Authorizer, clusterPolicyGetter rulevalidation.ClusterPolicyGetter, forbiddenMessageMaker defaultauthorizer.ForbiddenMessageMaker) defaultauthorizer.Authorizer

func ScopesToRules ¶

func ScopesToRules(scopes []string, namespace string, clusterPolicyGetter rulevalidation.ClusterPolicyGetter) ([]authorizationapi.PolicyRule, error)

ScopesToRules takes the scopes and return the rules back. We ALWAYS add the discovery rules and it is possible to get some rules and and an error since errors aren't fatal to evaluation

func ValidateClusterRoleScopeRestrictions ¶

func ValidateClusterRoleScopeRestrictions(scope string, restriction oauthapi.ClusterRoleScopeRestriction) error

func ValidateLiteralScopeRestrictions ¶

func ValidateLiteralScopeRestrictions(scope string, literals []string) error

func ValidateScopeRestrictions ¶

func ValidateScopeRestrictions(client *oauthapi.OAuthClient, scopes ...string) error

Types ¶

type ScopeEvaluator ¶

type ScopeEvaluator interface {
	Handles(scope string) bool
	Describe(scope string) string
	Validate(scope string) error
	ResolveRules(scope, namespace string, clusterPolicyGetter rulevalidation.ClusterPolicyGetter) ([]authorizationapi.PolicyRule, error)
}

ScopeEvaluator takes a scope and returns the rules that express it

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL