Documentation ¶
Overview ¶
Package rbac contain libraries for generating RBAC manifests from RBAC markers in Go source files.
The markers take the form:
+kubebuilder:rbac:groups=<groups>,resources=<resources>,resourceNames=<resource names>,verbs=<verbs>,urls=<non resource urls>
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // RuleDefinition is a marker for defining RBAC rules. // Call ToRule on the value to get a Kubernetes RBAC policy rule. RuleDefinition = markers.Must(markers.MakeDefinition("kubebuilder:rbac", markers.DescribesPackage, Rule{})) )
Functions ¶
func GenerateRoles ¶ added in v0.2.0
func GenerateRoles(ctx *genall.GenerationContext, roleName string) ([]interface{}, error)
GenerateRoles generate a slice of objs representing either a ClusterRole or a Role object The order of the objs in the returned slice is stable and determined by their namespaces.
Types ¶
type Generator ¶ added in v0.2.0
type Generator struct { // RoleName sets the name of the generated ClusterRole. RoleName string }
Generator generates ClusterRole objects.
func (Generator) Generate ¶ added in v0.2.0
func (g Generator) Generate(ctx *genall.GenerationContext) error
func (Generator) Help ¶ added in v0.2.0
func (Generator) Help() *markers.DefinitionHelp
type Rule ¶ added in v0.2.0
type Rule struct { // Groups specifies the API groups that this rule encompasses. Groups []string `marker:",optional"` // Resources specifies the API resources that this rule encompasses. Resources []string `marker:",optional"` // ResourceNames specifies the names of the API resources that this rule encompasses. // // Create requests cannot be restricted by resourcename, as the object's name // is not known at authorization time. ResourceNames []string `marker:",optional"` // Verbs specifies the (lowercase) kubernetes API verbs that this rule encompasses. Verbs []string // URL specifies the non-resource URLs that this rule encompasses. URLs []string `marker:"urls,optional"` // Namespace specifies the scope of the Rule. // If not set, the Rule belongs to the generated ClusterRole. // If set, the Rule belongs to a Role, whose namespace is specified by this field. Namespace string `marker:",optional"` }
Rule specifies an RBAC rule to all access to some resources or non-resource URLs.
func (Rule) Help ¶ added in v0.2.0
func (Rule) Help() *markers.DefinitionHelp
func (*Rule) ToRule ¶ added in v0.2.0
func (r *Rule) ToRule() rbacv1.PolicyRule
ToRule converts this rule to its Kubernetes API form.
Click to show internal directories.
Click to hide internal directories.