Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAlwaysAllowAuthorizer ¶
func NewAlwaysAllowAuthorizer() *alwaysAllowAuthorizer
func NewAlwaysDenyAuthorizer ¶
func NewAlwaysDenyAuthorizer() *alwaysDenyAuthorizer
func NewDelegatingAuthorizerMetrics ¶ added in v0.30.0
func NewDelegatingAuthorizerMetrics() delegatingAuthorizerMetrics
func NewPrivilegedGroups ¶
func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer
NewPrivilegedGroups is for use in loopback scenarios
func RegisterMetrics ¶ added in v0.30.0
func RegisterMetrics()
RegisterMetrics registers authorizer metrics.
Types ¶
type DelegatingAuthorizerConfig ¶
type DelegatingAuthorizerConfig struct {
SubjectAccessReviewClient authorizationclient.AuthorizationV1Interface
// AllowCacheTTL is the length of time that a successful authorization response will be cached
AllowCacheTTL time.Duration
// DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached.
// You generally want more responsive, "deny, try again" flows.
DenyCacheTTL time.Duration
// WebhookRetryBackoff specifies the backoff parameters for the authorization webhook retry logic.
// This allows us to configure the sleep time at each iteration and the maximum number of retries allowed
// before we fail the webhook call in order to limit the fan out that ensues when the system is degraded.
WebhookRetryBackoff *wait.Backoff
}
DelegatingAuthorizerConfig is the minimal configuration needed to create an authorizer built to delegate authorization to a kube API server
func (DelegatingAuthorizerConfig) New ¶
func (c DelegatingAuthorizerConfig) New() (authorizer.Authorizer, error)
Source Files
Click to show internal directories.
Click to hide internal directories.