Documentation ¶
Index ¶
- func GetNameForAuthorizerMode(mode string) string
- func LoadAndValidateData(data []byte, compiler authorizationcel.Compiler, ...) (*authzconfig.AuthorizationConfiguration, error)
- func LoadAndValidateFile(configFile string, compiler authorizationcel.Compiler, ...) (*authzconfig.AuthorizationConfiguration, error)
- type Config
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetNameForAuthorizerMode ¶ added in v1.30.0
GetNameForAuthorizerMode returns the name to be set for the mode in AuthorizationConfiguration For now, lower cases the mode name
func LoadAndValidateData ¶ added in v1.30.0
func LoadAndValidateData(data []byte, compiler authorizationcel.Compiler, requireNonWebhookTypes sets.Set[authzconfig.AuthorizerType]) (*authzconfig.AuthorizationConfiguration, error)
func LoadAndValidateFile ¶ added in v1.30.0
func LoadAndValidateFile(configFile string, compiler authorizationcel.Compiler, requireNonWebhookTypes sets.Set[authzconfig.AuthorizerType]) (*authzconfig.AuthorizationConfiguration, error)
Types ¶
type Config ¶ added in v1.13.0
type Config struct { // Path to an ABAC policy file. PolicyFile string // WebhookRetryBackoff specifies the backoff parameters for the authorization webhook retry logic. // This allows us to configure the sleep time at each iteration and the maximum number of retries allowed // before we fail the webhook call in order to limit the fan out that ensues when the system is degraded. WebhookRetryBackoff *wait.Backoff VersionedInformerFactory versionedinformers.SharedInformerFactory // Optional field, custom dial function used to connect to webhook CustomDial utilnet.DialFunc // ReloadFile holds the filename to reload authorization configuration from ReloadFile string // AuthorizationConfiguration stores the configuration for the Authorizer chain // It will deprecate most of the above flags when GA AuthorizationConfiguration *authzconfig.AuthorizationConfiguration }
Config contains the data on how to authorize a request to the Kube API Server
func (Config) New ¶ added in v1.13.0
func (config Config) New(ctx context.Context, serverID string) (authorizer.Authorizer, authorizer.RuleResolver, error)
New returns the right sort of union of multiple authorizer.Authorizer objects based on the authorizationMode or an error. stopCh is used to shut down config reload goroutines when the server is shutting down.
Note: the cel compiler construction depends on feature gates and the compatibility version to be initialized.
Click to show internal directories.
Click to hide internal directories.