Documentation ¶
Index ¶
- func RegisterMetrics()
- func ResetMetricsForTest()
- type CELMatcher
- type CompilationResult
- type Compiler
- type EvaluationResult
- type ExpressionAccessor
- type MatcherMetrics
- type NoopMatcherMetrics
- func (NoopMatcherMetrics) RecordAuthorizationMatchConditionEvaluation(ctx context.Context, authorizerType, authorizerName string, ...)
- func (NoopMatcherMetrics) RecordAuthorizationMatchConditionEvaluationFailure(ctx context.Context, authorizerType, authorizerName string)
- func (NoopMatcherMetrics) RecordAuthorizationMatchConditionExclusion(ctx context.Context, authorizerType, authorizerName string)
- type SubjectAccessReviewMatchCondition
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegisterMetrics ¶ added in v0.30.0
func RegisterMetrics()
func ResetMetricsForTest ¶ added in v0.30.0
func ResetMetricsForTest()
Types ¶
type CELMatcher ¶
type CELMatcher struct { CompilationResults []CompilationResult // These track if any expressions use fieldSelector and labelSelector, // so construction of data passed to the CEL expression can be optimized if those fields are unused. UsesLabelSelector bool UsesFieldSelector bool // These are optional fields which can be populated if metrics reporting is desired Metrics MatcherMetrics AuthorizerType string AuthorizerName string }
func (*CELMatcher) Eval ¶
func (c *CELMatcher) Eval(ctx context.Context, r *authorizationv1.SubjectAccessReview) (bool, error)
eval evaluates the given SubjectAccessReview against all cel matchCondition expression
type CompilationResult ¶
type CompilationResult struct { Program cel.Program ExpressionAccessor ExpressionAccessor // These track if a given expression uses fieldSelector and labelSelector, // so construction of data passed to the CEL expression can be optimized if those fields are unused. UsesFieldSelector bool UsesLabelSelector bool }
CompilationResult represents a compiled authorization cel expression.
type Compiler ¶
type Compiler interface {
CompileCELExpression(expressionAccessor ExpressionAccessor) (CompilationResult, error)
}
Compiler is an interface for compiling CEL expressions with the desired environment mode.
func NewCompiler ¶
func NewCompiler(env *environment.EnvSet) Compiler
NewCompiler returns a new Compiler.
type EvaluationResult ¶
type EvaluationResult struct { EvalResult ref.Val ExpressionAccessor ExpressionAccessor }
EvaluationResult contains the minimal required fields and metadata of a cel evaluation
type ExpressionAccessor ¶
type MatcherMetrics ¶ added in v0.30.0
type MatcherMetrics interface { // RecordAuthorizationMatchConditionEvaluation records the total time taken to evaluate matchConditions for an Authorize() call to the given authorizer RecordAuthorizationMatchConditionEvaluation(ctx context.Context, authorizerType, authorizerName string, elapsed time.Duration) // RecordAuthorizationMatchConditionEvaluationFailure increments if any evaluation error was encountered evaluating matchConditions for an Authorize() call to the given authorizer RecordAuthorizationMatchConditionEvaluationFailure(ctx context.Context, authorizerType, authorizerName string) // RecordAuthorizationMatchConditionExclusion records increments when at least one matchCondition evaluates to false and excludes an Authorize() call to the given authorizer RecordAuthorizationMatchConditionExclusion(ctx context.Context, authorizerType, authorizerName string) }
MatcherMetrics defines methods for reporting matchCondition metrics
func NewMatcherMetrics ¶ added in v0.30.0
func NewMatcherMetrics() MatcherMetrics
type NoopMatcherMetrics ¶ added in v0.30.0
type NoopMatcherMetrics struct{}
func (NoopMatcherMetrics) RecordAuthorizationMatchConditionEvaluation ¶ added in v0.30.0
func (NoopMatcherMetrics) RecordAuthorizationMatchConditionEvaluationFailure ¶ added in v0.30.0
func (NoopMatcherMetrics) RecordAuthorizationMatchConditionEvaluationFailure(ctx context.Context, authorizerType, authorizerName string)
func (NoopMatcherMetrics) RecordAuthorizationMatchConditionExclusion ¶ added in v0.30.0
func (NoopMatcherMetrics) RecordAuthorizationMatchConditionExclusion(ctx context.Context, authorizerType, authorizerName string)
type SubjectAccessReviewMatchCondition ¶
type SubjectAccessReviewMatchCondition struct {
Expression string
}
SubjectAccessReviewMatchCondition is a CEL expression that maps a SubjectAccessReview request to a list of values.
func (*SubjectAccessReviewMatchCondition) GetExpression ¶
func (v *SubjectAccessReviewMatchCondition) GetExpression() string
func (*SubjectAccessReviewMatchCondition) ReturnTypes ¶
func (v *SubjectAccessReviewMatchCondition) ReturnTypes() []*celgo.Type
Click to show internal directories.
Click to hide internal directories.