authorizer

package

v1.115.1 Latest Latest Go to latest Published: Mar 26, 2025 License: Apache-2.0 Imports: 16 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/gardener/gardener

Documentation ¶

Index ¶

Variables
func Allowed() authorizationv1.SubjectAccessReviewStatus
func AuthorizationAttributesFrom(spec authorizationv1.SubjectAccessReviewSpec) auth.AttributesRecord
func Denied(reason string) authorizationv1.SubjectAccessReviewStatus
func Errored(code int32, err error) authorizationv1.SubjectAccessReviewStatus
func NoOpinion(reason string) authorizationv1.SubjectAccessReviewStatus
func NonResourceAttributesFrom(user user.Info, in authorizationv1.NonResourceAttributes) auth.AttributesRecord
func ResourceAttributesFrom(user user.Info, in authorizationv1.ResourceAttributes) auth.AttributesRecord
type Handler
- func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// DecisionTimeout is the maximum time for the authorizer to take a decision. Exposed for testing.
	DecisionTimeout = 10 * time.Second
)

Functions ¶

func Allowed ¶

func Allowed() authorizationv1.SubjectAccessReviewStatus

Allowed constructs a SubjectAccessReview and indicates in its status that the given operation is allowed.

func AuthorizationAttributesFrom ¶

func AuthorizationAttributesFrom(spec authorizationv1.SubjectAccessReviewSpec) auth.AttributesRecord

AuthorizationAttributesFrom takes a spec and returns the proper authz attributes to check it.

func Denied ¶

func Denied(reason string) authorizationv1.SubjectAccessReviewStatus

Denied constructs a SubjectAccessReview and indicates in its status that the given operation is denied and that other authenticators should not be consulted for their opinion.

func Errored ¶

func Errored(code int32, err error) authorizationv1.SubjectAccessReviewStatus

Errored constructs a SubjectAccessReview and indicates in its status that an error has occurred during the evaluation of the result.

func NoOpinion ¶

func NoOpinion(reason string) authorizationv1.SubjectAccessReviewStatus

NoOpinion constructs a SubjectAccessReview and indicates in its status that the authorizer does not have an opinion about the result, i.e., other authenticators should be consulted for their opinion.

func NonResourceAttributesFrom ¶

func NonResourceAttributesFrom(user user.Info, in authorizationv1.NonResourceAttributes) auth.AttributesRecord

NonResourceAttributesFrom combines the API object information and the user.Info from the context to build a full auth.AttributesRecord for non resource access.

func ResourceAttributesFrom ¶

func ResourceAttributesFrom(user user.Info, in authorizationv1.ResourceAttributes) auth.AttributesRecord

ResourceAttributesFrom combines the API object information and the user.Info from the context to build a full auth.AttributesRecord for resource access.

Types ¶

type Handler ¶

type Handler struct {
	Logger     logr.Logger
	Authorizer auth.Authorizer
}

Handler authorizing requests for resources.

func (*Handler) ServeHTTP ¶

func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP authorizing requests for resources.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL