filter

package

v1.9.0-industry.4 Latest Latest Go to latest Published: Mar 1, 2023 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 8 more Imports: 29 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tkestack/tke

Documentation ¶

Index ¶

Variables
func CheckClustersTenant(ctx context.Context, tenantID string, clusterNames []string, ...) (string, bool)
func ConvertTKEAttributes(ctx context.Context, attr authorizer.Attributes) authorizer.Attributes
func ExtractClusterNames(ctx context.Context, req *http.Request, resource string) []string
func ForbiddenResponse(ctx context.Context, tkeAttributes authorizer.Attributes, ...)
func UnprotectedAuthorized(attributes authorizer.Attributes) authorizer.Decision
func WithInspectors(handler http.Handler, inspectors []Inspector, c *genericapiserver.Config) http.Handler
func WithTKEAuthorization(handler http.Handler, a authorizer.Authorizer, s runtime.NegotiatedSerializer, ...) http.Handler
type Inspector
- func NewClusterInspector(platformClient platformv1.PlatformV1Interface, privilegedUsername string) Inspector

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	AllowClusterNotFoundActions = sets.NewString(createClusterAction, updateProjectAction)
)

Functions ¶

func CheckClustersTenant ¶ added in v1.6.0

func CheckClustersTenant(ctx context.Context, tenantID string, clusterNames []string,
	platformClient platformv1.PlatformV1Interface, verb string) (string, bool)

func ConvertTKEAttributes ¶

func ConvertTKEAttributes(ctx context.Context, attr authorizer.Attributes) authorizer.Attributes

ConvertTKEAttributes converts attributes parsed by apiserver compatible with casbin enforcer

func ExtractClusterNames ¶ added in v1.6.0

func ExtractClusterNames(ctx context.Context, req *http.Request, resource string) []string

func ForbiddenResponse ¶ added in v1.6.0

func ForbiddenResponse(ctx context.Context, tkeAttributes authorizer.Attributes,
	w http.ResponseWriter, req *http.Request, ae *auditapi.Event, s runtime.NegotiatedSerializer, reason string)

func UnprotectedAuthorized ¶

func UnprotectedAuthorized(attributes authorizer.Attributes) authorizer.Decision

UnprotectedAuthorized checks a request attribute has privileged to pass authorization.

func WithInspectors ¶ added in v1.6.0

func WithInspectors(handler http.Handler, inspectors []Inspector, c *genericapiserver.Config) http.Handler

func WithTKEAuthorization ¶

func WithTKEAuthorization(handler http.Handler, a authorizer.Authorizer, s runtime.NegotiatedSerializer, ignoreAuthPathPrefixes []string) http.Handler

WithTKEAuthorization passes all tke-auth authorized requests on to handler, and returns a forbidden error otherwise.

Types ¶

type Inspector ¶ added in v1.6.0

type Inspector interface {
	Inspect(handler http.Handler, c *genericapiserver.Config) http.Handler
}

func NewClusterInspector ¶ added in v1.6.0

func NewClusterInspector(platformClient platformv1.PlatformV1Interface, privilegedUsername string) Inspector

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL