acl

package

v0.47.0 Latest Latest Go to latest Published: Apr 26, 2024 License: Apache-2.0 Imports: 9 Imported by: 18

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/fluxcd/pkg

Links

Open Source Insights

Documentation ¶

Overview ¶

Package acl provides utilities for asserting cross-namespace access to GitOps Toolkit objects.

Index ¶

func IsAccessDenied(e error) bool
type AccessDeniedError
- func (e AccessDeniedError) Error() string
type Authorization
- func NewAuthorization(kubeClient client.Client) *Authorization
- func (a *Authorization) HasAccessToRef(ctx context.Context, object client.Object, reference types.NamespacedName, ...) error
type Options
- func (o *Options) BindFlags(fs *pflag.FlagSet)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsAccessDenied ¶

func IsAccessDenied(e error) bool

IsAccessDenied returns true if the supplied error is an access denied error; e.g., as returned by HasAccessToRef.

Types ¶

type AccessDeniedError ¶

type AccessDeniedError string

AccessDeniedError represents a failed access control list check.

func (AccessDeniedError) Error ¶

func (e AccessDeniedError) Error() string

type Authorization ¶

type Authorization struct {
	// contains filtered or unexported fields
}

Authorization is an ACL helper for asserting access to cross-namespace references.

func NewAuthorization ¶

func NewAuthorization(kubeClient client.Client) *Authorization

NewAuthorization takes a controller runtime client and returns an Authorization object that allows asserting access to cross-namespace references.

func (*Authorization) HasAccessToRef ¶

func (a *Authorization) HasAccessToRef(ctx context.Context, object client.Object, reference types.NamespacedName, acl *aclapi.AccessFrom) error

HasAccessToRef checks if a namespaced object has access to a cross-namespace reference based on the ACL defined on the referenced object. It returns `nil` if access is possible, or an AccessDeniedError if it is not possible; any other kind of error indicates that the check could not be completed.

type Options ¶

type Options struct {
	// NoCrossNamespaceRefs indicates that references between custom resources are allowed
	// only if the reference and the referee are in the same namespace.
	NoCrossNamespaceRefs bool
}

Options contains the ACL configuration for a GitOps Toolkit controller.

The struct can be used in the main.go file of your controller by binding it to the main flag set, and then utilizing the configured options later:

func main() {
	var (
		// other controller specific configuration variables
		aclOptions acl.Options
	)

	// Bind the options to the main flag set, and parse it
	aclOptions.BindFlags(flag.CommandLine)
	flag.Parse()
}

func (*Options) BindFlags ¶

func (o *Options) BindFlags(fs *pflag.FlagSet)

BindFlags will parse the given pflag.FlagSet for ACL option flags and set the Options accordingly.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL