authorizerfactory

package

v0.29.4 Latest Latest Go to latest Published: Apr 17, 2024 License: Apache-2.0 Imports: 10 Imported by: 278

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes/apiserver

Links

Open Source Insights

Documentation ¶

Index ¶

func NewAlwaysAllowAuthorizer() *alwaysAllowAuthorizer
func NewAlwaysDenyAuthorizer() *alwaysDenyAuthorizer
func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer
func RecordRequestLatency(ctx context.Context, code string, latency float64)
func RecordRequestTotal(ctx context.Context, code string)
type DelegatingAuthorizerConfig
- func (c DelegatingAuthorizerConfig) New() (authorizer.Authorizer, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewAlwaysAllowAuthorizer ¶

func NewAlwaysAllowAuthorizer() *alwaysAllowAuthorizer

func NewAlwaysDenyAuthorizer ¶

func NewAlwaysDenyAuthorizer() *alwaysDenyAuthorizer

func NewPrivilegedGroups ¶

func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer

NewPrivilegedGroups is for use in loopback scenarios

func RecordRequestLatency ¶ added in v0.22.0

func RecordRequestLatency(ctx context.Context, code string, latency float64)

RecordRequestLatency measures request latency in seconds for the delegated authorization. Broken down by status code.

func RecordRequestTotal ¶ added in v0.22.0

func RecordRequestTotal(ctx context.Context, code string)

RecordRequestTotal increments the total number of requests for the delegated authorization.

Types ¶

type DelegatingAuthorizerConfig ¶

type DelegatingAuthorizerConfig struct {
	SubjectAccessReviewClient authorizationclient.AuthorizationV1Interface

	// AllowCacheTTL is the length of time that a successful authorization response will be cached
	AllowCacheTTL time.Duration

	// DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached.
	// You generally want more responsive, "deny, try again" flows.
	DenyCacheTTL time.Duration

	// WebhookRetryBackoff specifies the backoff parameters for the authorization webhook retry logic.
	// This allows us to configure the sleep time at each iteration and the maximum number of retries allowed
	// before we fail the webhook call in order to limit the fan out that ensues when the system is degraded.
	WebhookRetryBackoff *wait.Backoff
}

DelegatingAuthorizerConfig is the minimal configuration needed to create an authenticator built to delegate authorization to a kube API server

func (DelegatingAuthorizerConfig) New ¶

func (c DelegatingAuthorizerConfig) New() (authorizer.Authorizer, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL