authorizerfactory

package
v0.31.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 21, 2024 License: Apache-2.0 Imports: 13 Imported by: 280

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAlwaysAllowAuthorizer

func NewAlwaysAllowAuthorizer() *alwaysAllowAuthorizer

func NewAlwaysDenyAuthorizer

func NewAlwaysDenyAuthorizer() *alwaysDenyAuthorizer

func NewDelegatingAuthorizerMetrics added in v0.30.0

func NewDelegatingAuthorizerMetrics() delegatingAuthorizerMetrics

func NewPrivilegedGroups

func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer

NewPrivilegedGroups is for use in loopback scenarios

func RegisterMetrics added in v0.30.0

func RegisterMetrics()

RegisterMetrics registers authorizer metrics.

Types

type DelegatingAuthorizerConfig

type DelegatingAuthorizerConfig struct {
	SubjectAccessReviewClient authorizationclient.AuthorizationV1Interface

	// AllowCacheTTL is the length of time that a successful authorization response will be cached
	AllowCacheTTL time.Duration

	// DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached.
	// You generally want more responsive, "deny, try again" flows.
	DenyCacheTTL time.Duration

	// WebhookRetryBackoff specifies the backoff parameters for the authorization webhook retry logic.
	// This allows us to configure the sleep time at each iteration and the maximum number of retries allowed
	// before we fail the webhook call in order to limit the fan out that ensues when the system is degraded.
	WebhookRetryBackoff *wait.Backoff
}

DelegatingAuthorizerConfig is the minimal configuration needed to create an authorizer built to delegate authorization to a kube API server

func (DelegatingAuthorizerConfig) New

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL