authwrapper

package
v0.33.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authorizer 

type Authorizer struct {
	Authorizer authorizer.Authorizer
	// contains filtered or unexported fields
}

Authorizer processes authorization requests for `{rbacID.Resource}` and checks them based on rbac rules for `{rbacID}`

func NewAuthorizer 

func NewAuthorizer(rbacID metav1.GroupVersionResource, authorizer authorizer.Authorizer) Authorizer

func (Authorizer) Authorize 

func (a Authorizer) Authorize(ctx context.Context, attr authorizer.Attributes) error

Authorizer makes an authorization decision based on the Attributes. It returns nil when an action is authorized, otherwise it returns an error.

func (Authorizer) AuthorizeContext 

func (a Authorizer) AuthorizeContext(ctx context.Context) error

AuthorizerContext makes an authorization decision based on the Attributes present in the given Context. It returns nil when the context contains Attributes and the action is authorized, otherwise it returns an error.

func (Authorizer) AuthorizeGet 

func (a Authorizer) AuthorizeGet(ctx context.Context, name string) error

AuthorizerGet makes an authorization decision based on the Attributes present in the given Context, but overriding the verb to `get` and the object name to the provided values It returns nil when the context contains Attributes and the action is authorized, otherwise it returns an error.

func (Authorizer) AuthorizeVerb 

func (a Authorizer) AuthorizeVerb(ctx context.Context, verb string, name string) error

AuthorizerVerb makes an authorization decision based on the Attributes present in the given Context, but overriding the verb and object name to the provided values It returns nil when the context contains Attributes and the action is authorized, otherwise it returns an error.

type StandardStorage 

type StandardStorage interface {
	rest.Connecter
	rest.StandardStorage

	// Storage returns the underlying storage
	Storage() rest.Storage
}

type Storage 

type Storage interface {
	rest.Connecter
	rest.Storage

	// Storage returns the underlying storage
	Storage() rest.Storage
}

func NewAuthorizedStorage 

func NewAuthorizedStorage(storage StorageScoper, rbacID metav1.GroupVersionResource, auth authorizer.Authorizer) (Storage, error)

NewAuthorizedStorage returns a new wrapper around the given storage authorizing all requests based on rbacID and implementing the rest.Storage or rest.StandardStorage interface. It allows filtering list and watch results based on the user's RBAC permissions. If the storage implements rest.StandardStorage, the returned storage will implement rest.StandardStorage. If the storage implements rest.Storage, the returned storage will implement rest.Storage. Only cluster-scoped resources currently are supported. Panics if the storage is namespace-scoped.

type StorageScoper 

type StorageScoper interface {
	rest.Storage
	rest.Scoper
}

Source Files

View all Source files

Directories

Path Synopsis
Code generated by MockGen.
 Code generated by MockGen.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.