seed

package
v1.86.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 26, 2024 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 35 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// HandlerName is the name of this authorization webhook handler.
	HandlerName = "seedauthorizer"
	// WebhookPath is the HTTP handler path for this authorization webhook handler.
	WebhookPath = "/webhooks/auth/seed"
)

Variables

View Source 
var (

	// DecisionTimeout is the maximum time for the authorizer to take a decision. Exposed for testing.
	DecisionTimeout = 10 * time.Second
)

Functions

func Allowed 

func Allowed() authorizationv1.SubjectAccessReviewStatus

Allowed constructs a SubjectAccessReview and indicates in its status that the given operation is allowed.

func AuthorizationAttributesFrom 

func AuthorizationAttributesFrom(spec authorizationv1.SubjectAccessReviewSpec) auth.AttributesRecord

AuthorizationAttributesFrom takes a spec and returns the proper authz attributes to check it.

func Denied 

func Denied(reason string) authorizationv1.SubjectAccessReviewStatus

Denied constructs a SubjectAccessReview and indicates in its status that the given operation is denied and that other authenticators should not be consulted for their opinion.

func Errored 

func Errored(code int32, err error) authorizationv1.SubjectAccessReviewStatus

Errored constructs a SubjectAccessReview and indicates in its status that the an error has been occurred during the evaluation of the result.

func NewAuthorizer 

func NewAuthorizer(logger logr.Logger, graph graph.Interface) *authorizer

NewAuthorizer returns a new authorizer for requests from gardenlets. It never has an opinion on the request.

func NoOpinion 

func NoOpinion(reason string) authorizationv1.SubjectAccessReviewStatus

NoOpinion constructs a SubjectAccessReview and indicates in its status that the authorizer does not have an opinion about the result, i.e., other authenticators should be consulted for their opinion.

func NonResourceAttributesFrom 

func NonResourceAttributesFrom(user user.Info, in authorizationv1.NonResourceAttributes) auth.AttributesRecord

NonResourceAttributesFrom combines the API object information and the user.Info from the context to build a full auth.AttributesRecord for non resource access.

func ResourceAttributesFrom 

func ResourceAttributesFrom(user user.Info, in authorizationv1.ResourceAttributes) auth.AttributesRecord

ResourceAttributesFrom combines the API object information and the user.Info from the context to build a full auth.AttributesRecord for resource access.

Types

type Handler added in v1.60.0 

type Handler struct {
	Logger     logr.Logger
	Authorizer auth.Authorizer
}

Handler authorizing requests for resources related to a Seed.

func (*Handler) AddToManager added in v1.60.0 

func (h *Handler) AddToManager(ctx context.Context, mgr manager.Manager, enableDebugHandlers *bool) error

AddToManager adds Handler to the given manager.

func (*Handler) Handle added in v1.60.0 

func (h *Handler) Handle(w http.ResponseWriter, r *http.Request)

Handle authorizing requests for resources related to a Seed.

Source Files

View all Source files

Directories

Path Synopsis
mock
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.