access

Documentation

Index

• Constants
• func Allowed(src resources.ClusterObjectKey, verb string, tgt resources.ClusterObjectKey) (bool, string, error)
• func CheckAccess(object resources.Object, verb string, used resources.Object) error
• func CheckAccessWithRealms(object resources.Object, verb string, used resources.Object, rtypes RealmTypes) error
• func Register(ctr AccessController, clusterId string, priority int)
• func RegisterNamespaceOnlyAccess()
• type AccessController
• type NamespaceLocalAccessOnly
  • func (this *NamespaceLocalAccessOnly) Allowed(src resources.ClusterObjectKey, verb string, tgt resources.ClusterObjectKey) (int, error)
  • func (this *NamespaceLocalAccessOnly) Name() string
• type RealmType
  • func NewRealmType(anno string) *RealmType
  • func (this *RealmType) GetAnnotation() string
  • func (this *RealmType) NewRealms(value string) *Realms
  • func (this *RealmType) RealmsForObject(obj metav1.Object) *Realms
• type RealmTypes
• type Realms
  • func (this *Realms) AnnotationValue() string
  • func (this *Realms) Contains(realm string) bool
  • func (this *Realms) ContainsAnyOf(realms *Realms) bool
  • func (this *Realms) IsDefault() bool
  • func (this *Realms) IsResponsibleFor(obj resources.Object) bool
  • func (this *Realms) Realms() utils.StringSet
  • func (this *Realms) Size() int
  • func (this *Realms) String() string

Constants

const (
	ACCESS_PROCEED = iota
	ACCESS_GRANTED
	ACCESS_DENIED
)

const (
	MAX_PRIO = 0
	MIN_PRIO = 32768
)

const ANNOTATION_IGNORE_OWNERS = "resources.gardener.cloud/ignore-owners-for-access-control"

Functions

func Allowed

func Allowed(src resources.ClusterObjectKey, verb string, tgt resources.ClusterObjectKey) (bool, string, error)

func CheckAccess

func CheckAccess(object resources.Object, verb string, used resources.Object) error

func CheckAccessWithRealms

func CheckAccessWithRealms(object resources.Object, verb string, used resources.Object, rtypes RealmTypes) error

func Register

func Register(ctr AccessController, clusterId string, priority int)

func RegisterNamespaceOnlyAccess

func RegisterNamespaceOnlyAccess()

Types

type AccessController

type AccessController interface {
	Name() string
	Allowed(src resources.ClusterObjectKey, verb string, tgt resources.ClusterObjectKey) (int, error)
}

type NamespaceLocalAccessOnly

type NamespaceLocalAccessOnly struct {
}

func (*NamespaceLocalAccessOnly) Allowed

func (this *NamespaceLocalAccessOnly) Allowed(src resources.ClusterObjectKey, verb string, tgt resources.ClusterObjectKey) (int, error)

func (*NamespaceLocalAccessOnly) Name

func (this *NamespaceLocalAccessOnly) Name() string

type RealmType

type RealmType struct {
	// contains filtered or unexported fields
}

func NewRealmType

func NewRealmType(anno string) *RealmType

func (*RealmType) GetAnnotation

func (this *RealmType) GetAnnotation() string

func (*RealmType) NewRealms

func (this *RealmType) NewRealms(value string) *Realms

func (*RealmType) RealmsForObject

func (this *RealmType) RealmsForObject(obj metav1.Object) *Realms

type RealmTypes

type RealmTypes map[string]*RealmType

type Realms

type Realms struct {
	// contains filtered or unexported fields
}

func (*Realms) AnnotationValue

func (this *Realms) AnnotationValue() string

func (*Realms) Contains

func (this *Realms) Contains(realm string) bool

func (*Realms) ContainsAnyOf

func (this *Realms) ContainsAnyOf(realms *Realms) bool

func (*Realms) IsDefault

func (this *Realms) IsDefault() bool

func (*Realms) IsResponsibleFor

func (this *Realms) IsResponsibleFor(obj resources.Object) bool

func (*Realms) Realms

func (this *Realms) Realms() utils.StringSet

func (*Realms) Size

func (this *Realms) Size() int

func (*Realms) String

func (this *Realms) String() string