Documentation ¶
Index ¶
- Variables
- func CheckClustersTenant(ctx context.Context, tenantID string, clusterNames []string, ...) (string, bool)
- func ConvertTKEAttributes(ctx context.Context, attr authorizer.Attributes) authorizer.Attributes
- func ExtractClusterNames(ctx context.Context, req *http.Request, resource string) []string
- func ForbiddenResponse(ctx context.Context, tkeAttributes authorizer.Attributes, ...)
- func UnprotectedAuthorized(attributes authorizer.Attributes) authorizer.Decision
- func WithInspectors(handler http.Handler, inspectors []Inspector, c *genericapiserver.Config) http.Handler
- func WithTKEAuthorization(handler http.Handler, a authorizer.Authorizer, s runtime.NegotiatedSerializer, ...) http.Handler
- type Inspector
Constants ¶
This section is empty.
Variables ¶
View Source
var (
AllowClusterNotFoundActions = sets.NewString(createClusterAction, updateProjectAction)
)
Functions ¶
func CheckClustersTenant ¶ added in v1.6.0
func CheckClustersTenant(ctx context.Context, tenantID string, clusterNames []string, platformClient platformv1.PlatformV1Interface, verb string) (string, bool)
func ConvertTKEAttributes ¶
func ConvertTKEAttributes(ctx context.Context, attr authorizer.Attributes) authorizer.Attributes
ConvertTKEAttributes converts attributes parsed by apiserver compatible with casbin enforcer
func ExtractClusterNames ¶ added in v1.6.0
func ForbiddenResponse ¶ added in v1.6.0
func ForbiddenResponse(ctx context.Context, tkeAttributes authorizer.Attributes, w http.ResponseWriter, req *http.Request, s runtime.NegotiatedSerializer, reason string)
func UnprotectedAuthorized ¶
func UnprotectedAuthorized(attributes authorizer.Attributes) authorizer.Decision
UnprotectedAuthorized checks a request attribute has privileged to pass authorization.
func WithInspectors ¶ added in v1.6.0
func WithTKEAuthorization ¶
func WithTKEAuthorization(handler http.Handler, a authorizer.Authorizer, s runtime.NegotiatedSerializer, ignoreAuthPathPrefixes []string) http.Handler
WithTKEAuthorization passes all tke-auth authorized requests on to handler, and returns a forbidden error otherwise.
Types ¶
type Inspector ¶ added in v1.6.0
func NewClusterInspector ¶ added in v1.6.0
func NewClusterInspector(platformClient platformv1.PlatformV1Interface, privilegedUsername string) Inspector
Click to show internal directories.
Click to hide internal directories.