Affected by GO-2022-0617 and 1 other vulnerabilities

GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

GO-2024-2994: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes

auth

package

v1.30.0 Latest Latest Go to latest Published: Apr 17, 2024 License: Apache-2.0 Imports: 12 Imported by: 24

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes/kubernetes

Links

Open Source Insights

Documentation ¶

Index ¶

func BindClusterRole(ctx context.Context, c bindingsGetter, clusterRole, ns string, ...) error
func BindClusterRoleInNamespace(ctx context.Context, c bindingsGetter, clusterRole, ns string, ...) error
func BindRoleInNamespace(ctx context.Context, c bindingsGetter, role, ns string, ...) error
func IsRBACEnabled(ctx context.Context, crGetter v1rbac.ClusterRolesGetter) bool
func WaitForAuthorizationUpdate(ctx context.Context, c v1authorization.SubjectAccessReviewsGetter, ...) error
func WaitForNamedAuthorizationUpdate(ctx context.Context, c v1authorization.SubjectAccessReviewsGetter, ...) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BindClusterRole ¶

func BindClusterRole(ctx context.Context, c bindingsGetter, clusterRole, ns string, subjects ...rbacv1.Subject) error

BindClusterRole binds the cluster role at the cluster scope. If RBAC is not enabled, nil is returned with no action.

func BindClusterRoleInNamespace ¶

func BindClusterRoleInNamespace(ctx context.Context, c bindingsGetter, clusterRole, ns string, subjects ...rbacv1.Subject) error

BindClusterRoleInNamespace binds the cluster role at the namespace scope. If RBAC is not enabled, nil is returned with no action.

func BindRoleInNamespace ¶

func BindRoleInNamespace(ctx context.Context, c bindingsGetter, role, ns string, subjects ...rbacv1.Subject) error

BindRoleInNamespace binds the role at the namespace scope. If RBAC is not enabled, nil is returned with no action.

func IsRBACEnabled ¶

func IsRBACEnabled(ctx context.Context, crGetter v1rbac.ClusterRolesGetter) bool

IsRBACEnabled returns true if RBAC is enabled. Otherwise false.

func WaitForAuthorizationUpdate ¶

func WaitForAuthorizationUpdate(ctx context.Context, c v1authorization.SubjectAccessReviewsGetter, user, namespace, verb string, resource schema.GroupResource, allowed bool) error

WaitForAuthorizationUpdate checks if the given user can perform the named verb and action. If policyCachePollTimeout is reached without the expected condition matching, an error is returned

func WaitForNamedAuthorizationUpdate ¶

func WaitForNamedAuthorizationUpdate(ctx context.Context, c v1authorization.SubjectAccessReviewsGetter, user, namespace, verb, resourceName string, resource schema.GroupResource, allowed bool) error

WaitForNamedAuthorizationUpdate checks if the given user can perform the named verb and action on the named resource. If policyCachePollTimeout is reached without the expected condition matching, an error is returned

Types ¶

This section is empty.

Source Files ¶

View all Source files

helpers.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL