authorizer

package

v1.0.5 Latest Latest Go to latest Published: Aug 24, 2015 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/amdonov/origin

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func IsPersonalAccessReview(a AuthorizationAttributes) (bool, error)
type AuthorizationAttributeBuilder
- func NewAuthorizationAttributeBuilder(contextMapper kapi.RequestContextMapper, ...) AuthorizationAttributeBuilder
type AuthorizationAttributes
type Authorizer
- func NewAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, ...) Authorizer
type DefaultAuthorizationAttributes
- func ToDefaultAuthorizationAttributes(in authorizationapi.AuthorizationAttributes) DefaultAuthorizationAttributes
type ForbiddenMessageMaker
type ForbiddenMessageResolver
- func NewForbiddenMessageResolver(projectRequestForbiddenTemplate string) *ForbiddenMessageResolver
- func (m *ForbiddenMessageResolver) MakeMessage(ctx MessageContext) (string, error)
type MessageContext

Constants ¶

View Source

const DefaultProjectRequestForbidden = "You may not request a new project via this API."

Variables ¶

This section is empty.

Functions ¶

func IsPersonalAccessReview ¶ added in v0.4.2

func IsPersonalAccessReview(a AuthorizationAttributes) (bool, error)

Types ¶

type AuthorizationAttributeBuilder ¶

type AuthorizationAttributeBuilder interface {
	GetAttributes(request *http.Request) (AuthorizationAttributes, error)
}

func NewAuthorizationAttributeBuilder ¶

func NewAuthorizationAttributeBuilder(contextMapper kapi.RequestContextMapper, infoResolver *kapiserver.APIRequestInfoResolver) AuthorizationAttributeBuilder

type AuthorizationAttributes ¶

type AuthorizationAttributes interface {
	GetVerb() string
	GetAPIVersion() string
	// GetResource returns the resource type.  If IsNonResourceURL() is true, then GetResource() is "".
	GetResource() string
	GetResourceName() string
	// GetRequestAttributes is of type interface{} because different verbs and different Authorizer/AuthorizationAttributeBuilder pairs may have different contract requirements.
	GetRequestAttributes() interface{}
	// IsNonResourceURL returns true if this is not an action performed against the resource API
	IsNonResourceURL() bool
	// GetURL returns the URL path being requested, including the leading '/'
	GetURL() string
}

type Authorizer ¶

type Authorizer interface {
	Authorize(ctx kapi.Context, a AuthorizationAttributes) (allowed bool, reason string, err error)
	GetAllowedSubjects(ctx kapi.Context, attributes AuthorizationAttributes) (util.StringSet, util.StringSet, error)
}

func NewAuthorizer ¶

func NewAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, forbiddenMessageMaker ForbiddenMessageMaker) Authorizer

type DefaultAuthorizationAttributes ¶ added in v0.3.1

type DefaultAuthorizationAttributes struct {
	Verb              string
	APIVersion        string
	Resource          string
	ResourceName      string
	RequestAttributes interface{}
	NonResourceURL    bool
	URL               string
}

func ToDefaultAuthorizationAttributes ¶ added in v1.0.5

func ToDefaultAuthorizationAttributes(in authorizationapi.AuthorizationAttributes) DefaultAuthorizationAttributes

ToDefaultAuthorizationAttributes coerces AuthorizationAttributes to DefaultAuthorizationAttributes. Namespace is not included because the authorizer takes that information on the context

func (DefaultAuthorizationAttributes) GetAPIVersion ¶ added in v0.4.4

func (a DefaultAuthorizationAttributes) GetAPIVersion() string

func (DefaultAuthorizationAttributes) GetRequestAttributes ¶ added in v0.3.1

func (a DefaultAuthorizationAttributes) GetRequestAttributes() interface{}

func (DefaultAuthorizationAttributes) GetResource ¶ added in v0.3.1

func (a DefaultAuthorizationAttributes) GetResource() string

func (DefaultAuthorizationAttributes) GetResourceName ¶ added in v0.3.1

func (a DefaultAuthorizationAttributes) GetResourceName() string

func (DefaultAuthorizationAttributes) GetURL ¶ added in v0.3.2

func (a DefaultAuthorizationAttributes) GetURL() string

func (DefaultAuthorizationAttributes) GetVerb ¶ added in v0.3.1

func (a DefaultAuthorizationAttributes) GetVerb() string

func (DefaultAuthorizationAttributes) IsNonResourceURL ¶ added in v0.3.2

func (a DefaultAuthorizationAttributes) IsNonResourceURL() bool

func (DefaultAuthorizationAttributes) RuleMatches ¶ added in v0.3.1

func (a DefaultAuthorizationAttributes) RuleMatches(rule authorizationapi.PolicyRule) (bool, error)

type ForbiddenMessageMaker ¶ added in v0.5.3

type ForbiddenMessageMaker interface {
	MakeMessage(ctx MessageContext) (string, error)
}

ForbiddenMessageMaker creates a forbidden message from a MessageContext

type ForbiddenMessageResolver ¶ added in v0.5.3

type ForbiddenMessageResolver struct {
	// contains filtered or unexported fields
}

func NewForbiddenMessageResolver ¶ added in v0.5.3

func NewForbiddenMessageResolver(projectRequestForbiddenTemplate string) *ForbiddenMessageResolver

func (*ForbiddenMessageResolver) MakeMessage ¶ added in v0.5.3

func (m *ForbiddenMessageResolver) MakeMessage(ctx MessageContext) (string, error)

type MessageContext ¶ added in v0.5.3

type MessageContext struct {
	User       user.Info
	Namespace  string
	Attributes AuthorizationAttributes
}

MessageContext contains sufficient information to create a forbidden message. It is bundled in this one object to make it easy and obvious how to build a golang template

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL