rbac

package

v1.16.0 Latest Latest Go to latest Published: Feb 14, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/alcideio/rbac-tool

Links

Open Source Insights

Documentation ¶

Index ¶

func DescribeSubject(s *rbacv1.Subject, bindingNamespace string) string
func ReplaceToCore(l []string)
func ReplaceToWildCard(l []string)
type ClusterRoleBindingDescriber
- func (d *ClusterRoleBindingDescriber) String() string
type NamespacedPolicyRule
type Permissions
- func NewPermissionsFromCluster(client *kube.KubeClient) (*Permissions, error)
- func NewPermissionsFromResourceList(objs []runtime.Object) (*Permissions, error)
type PolicyRule
type RoleBindingDescriber
- func (d *RoleBindingDescriber) String() string
type StaticRoles
type SubjectPermissions
- func NewSubjectPermissions(perms *Permissions) []SubjectPermissions
type SubjectPolicyList
- func NewSubjectPermissionsList(policies []SubjectPermissions) []SubjectPolicyList

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DescribeSubject ¶

func DescribeSubject(s *rbacv1.Subject, bindingNamespace string) string

func ReplaceToCore ¶ added in v0.8.0

func ReplaceToCore(l []string)

func ReplaceToWildCard ¶ added in v0.8.0

func ReplaceToWildCard(l []string)

Types ¶

type ClusterRoleBindingDescriber ¶

type ClusterRoleBindingDescriber struct {
	// contains filtered or unexported fields
}

func (*ClusterRoleBindingDescriber) String ¶

func (d *ClusterRoleBindingDescriber) String() string

type NamespacedPolicyRule ¶ added in v0.8.0

type NamespacedPolicyRule struct {
	Namespace string `json:"namespace,omitempty"`

	// Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.  VerbAll represents all kinds.
	Verb string `json:"verb"`

	// The name of the APIGroup that contains the resources.
	APIGroup string `json:"apiGroup,omitempty"`

	// Resources is a list of resources this rule applies to.  ResourceAll represents all resources.
	Resource string `json:"resource,omitempty"`

	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
	ResourceNames []string `json:"resourceNames,omitempty"`

	// NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path
	// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
	NonResourceURLs []string `json:"nonResourceURLs,omitempty"`

	//The Role/ClusterRole rule references
	OriginatedFrom []v1.RoleRef `json:"originatedFrom,omitempty"`
}

type Permissions ¶ added in v0.5.0

type Permissions struct {
	ServiceAccounts map[string]map[string]v1.ServiceAccount

	// Roles & RoleBinding maps captures Cluster & ClusterRoleBinding in namespace ""
	// - ClusterRoles are stored in Roles[""]
	// - ClusterRoleBindings are stored in RoleBindings[""]
	Roles        map[string]map[string]rbacv1.Role
	RoleBindings map[string]map[string]rbacv1.RoleBinding

	//deprecated
	PodSecurityPolicies map[string]policy.PodSecurityPolicy
}

func NewPermissionsFromCluster ¶ added in v0.5.0

func NewPermissionsFromCluster(client *kube.KubeClient) (*Permissions, error)

func NewPermissionsFromResourceList ¶ added in v0.5.0

func NewPermissionsFromResourceList(objs []runtime.Object) (*Permissions, error)

type PolicyRule ¶ added in v1.6.0

type PolicyRule struct {
	v1.PolicyRule

	//Specify the Roles or ClusterRoles this rule originated from
	OriginatedFrom []v1.RoleRef
}

type RoleBindingDescriber ¶

type RoleBindingDescriber struct {
	// contains filtered or unexported fields
}

func (*RoleBindingDescriber) String ¶

func (d *RoleBindingDescriber) String() string

type StaticRoles ¶

type StaticRoles struct {
	// contains filtered or unexported fields
}

StaticRoles is a rule resolver that resolves from lists of role objects.

func (*StaticRoles) GetClusterRole ¶

func (r *StaticRoles) GetClusterRole(name string) (*rbacv1.ClusterRole, error)

func (*StaticRoles) GetRole ¶

func (r *StaticRoles) GetRole(namespace, name string) (*rbacv1.Role, error)

func (*StaticRoles) ListClusterRoleBindings ¶

func (r *StaticRoles) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)

func (*StaticRoles) ListRoleBindings ¶

func (r *StaticRoles) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)

type SubjectPermissions ¶ added in v0.8.0

type SubjectPermissions struct {
	Subject v1.Subject

	//Rules Per Namespace ... "" means cluster-wide
	Rules map[string][]PolicyRule
}

func NewSubjectPermissions ¶ added in v0.8.0

func NewSubjectPermissions(perms *Permissions) []SubjectPermissions

type SubjectPolicyList ¶ added in v0.8.0

type SubjectPolicyList struct {
	v1.Subject

	AllowedTo []NamespacedPolicyRule `json:"allowedTo,omitempty"`
}

func NewSubjectPermissionsList ¶ added in v0.8.0

func NewSubjectPermissionsList(policies []SubjectPermissions) []SubjectPolicyList

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL