validation

package

v1.4.12 Latest Latest Go to latest Published: Apr 20, 2017 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/GoogleCloudPlatform/kubernetes

Documentation ¶

Index ¶

func ConfirmNoEscalation(ctx api.Context, ruleResolver AuthorizationRuleResolver, ...) error
func Covers(ownerRules, servantRules []rbac.PolicyRule) (bool, []rbac.PolicyRule)
func ValidateClusterRole(policy *rbac.ClusterRole) field.ErrorList
func ValidateClusterRoleBinding(policy *rbac.ClusterRoleBinding) field.ErrorList
func ValidateClusterRoleBindingUpdate(policy *rbac.ClusterRoleBinding, oldRoleBinding *rbac.ClusterRoleBinding) field.ErrorList
func ValidateClusterRoleUpdate(policy *rbac.ClusterRole, oldRole *rbac.ClusterRole) field.ErrorList
func ValidateRole(policy *rbac.Role) field.ErrorList
func ValidateRoleBinding(policy *rbac.RoleBinding) field.ErrorList
func ValidateRoleBindingUpdate(policy *rbac.RoleBinding, oldRoleBinding *rbac.RoleBinding) field.ErrorList
func ValidateRoleUpdate(policy *rbac.Role, oldRole *rbac.Role) field.ErrorList
type AuthorizationRuleResolver
- func NewTestRuleResolver(roles []rbac.Role, roleBindings []rbac.RoleBinding, ...) AuthorizationRuleResolver
type ClusterRoleBindingLister
type ClusterRoleGetter
type DefaultRuleResolver
- func NewDefaultRuleResolver(roleGetter RoleGetter, roleBindingLister RoleBindingLister, ...) *DefaultRuleResolver
- func (r *DefaultRuleResolver) GetEffectivePolicyRules(ctx api.Context) ([]rbac.PolicyRule, error)
- func (r *DefaultRuleResolver) GetRoleReferenceRules(ctx api.Context, roleRef api.ObjectReference, bindingNamespace string) ([]rbac.PolicyRule, error)
type RoleBindingLister
type RoleGetter

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ConfirmNoEscalation ¶

func ConfirmNoEscalation(ctx api.Context, ruleResolver AuthorizationRuleResolver, rules []rbac.PolicyRule) error

ConfirmNoEscalation determines if the roles for a given user in a given namespace encompass the provided role.

func Covers ¶

func Covers(ownerRules, servantRules []rbac.PolicyRule) (bool, []rbac.PolicyRule)

Covers determines whether or not the ownerRules cover the servantRules in terms of allowed actions. It returns whether or not the ownerRules cover and a list of the rules that the ownerRules do not cover.

func ValidateClusterRole ¶

func ValidateClusterRole(policy *rbac.ClusterRole) field.ErrorList

func ValidateClusterRoleBinding ¶

func ValidateClusterRoleBinding(policy *rbac.ClusterRoleBinding) field.ErrorList

func ValidateClusterRoleBindingUpdate ¶

func ValidateClusterRoleBindingUpdate(policy *rbac.ClusterRoleBinding, oldRoleBinding *rbac.ClusterRoleBinding) field.ErrorList

func ValidateClusterRoleUpdate ¶

func ValidateClusterRoleUpdate(policy *rbac.ClusterRole, oldRole *rbac.ClusterRole) field.ErrorList

func ValidateRole ¶

func ValidateRole(policy *rbac.Role) field.ErrorList

func ValidateRoleBinding ¶

func ValidateRoleBinding(policy *rbac.RoleBinding) field.ErrorList

func ValidateRoleBindingUpdate ¶

func ValidateRoleBindingUpdate(policy *rbac.RoleBinding, oldRoleBinding *rbac.RoleBinding) field.ErrorList

func ValidateRoleUpdate ¶

func ValidateRoleUpdate(policy *rbac.Role, oldRole *rbac.Role) field.ErrorList

Types ¶

type AuthorizationRuleResolver ¶

type AuthorizationRuleResolver interface {
	// GetRoleReferenceRules attempts to resolve the role reference of a RoleBinding or ClusterRoleBinding.  The passed namespace should be the namepsace
	// of the role binding, the empty string if a cluster role binding.
	GetRoleReferenceRules(ctx api.Context, roleRef api.ObjectReference, namespace string) ([]rbac.PolicyRule, error)

	// GetEffectivePolicyRules returns the list of rules that apply to a given user in a given namespace and error.  If an error is returned, the slice of
	// PolicyRules may not be complete, but it contains all retrievable rules.  This is done because policy rules are purely additive and policy determinations
	// can be made on the basis of those rules that are found.
	GetEffectivePolicyRules(ctx api.Context) ([]rbac.PolicyRule, error)
}

func NewTestRuleResolver ¶

func NewTestRuleResolver(roles []rbac.Role, roleBindings []rbac.RoleBinding, clusterRoles []rbac.ClusterRole, clusterRoleBindings []rbac.ClusterRoleBinding) AuthorizationRuleResolver

NewTestRuleResolver returns a rule resolver from lists of role objects.

type ClusterRoleBindingLister ¶

type ClusterRoleBindingLister interface {
	ListClusterRoleBindings(ctx api.Context, options *api.ListOptions) (*rbac.ClusterRoleBindingList, error)
}

type ClusterRoleGetter ¶

type ClusterRoleGetter interface {
	GetClusterRole(ctx api.Context, id string) (*rbac.ClusterRole, error)
}

type DefaultRuleResolver ¶

type DefaultRuleResolver struct {
	// contains filtered or unexported fields
}

func NewDefaultRuleResolver ¶

func NewDefaultRuleResolver(roleGetter RoleGetter, roleBindingLister RoleBindingLister, clusterRoleGetter ClusterRoleGetter, clusterRoleBindingLister ClusterRoleBindingLister) *DefaultRuleResolver

func (*DefaultRuleResolver) GetEffectivePolicyRules ¶

func (r *DefaultRuleResolver) GetEffectivePolicyRules(ctx api.Context) ([]rbac.PolicyRule, error)

func (*DefaultRuleResolver) GetRoleReferenceRules ¶

func (r *DefaultRuleResolver) GetRoleReferenceRules(ctx api.Context, roleRef api.ObjectReference, bindingNamespace string) ([]rbac.PolicyRule, error)

GetRoleReferenceRules attempts resolve the RoleBinding or ClusterRoleBinding.

type RoleBindingLister ¶

type RoleBindingLister interface {
	ListRoleBindings(ctx api.Context, options *api.ListOptions) (*rbac.RoleBindingList, error)
}

type RoleGetter ¶

type RoleGetter interface {
	GetRole(ctx api.Context, id string) (*rbac.Role, error)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL