Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAPIExportsContentAuthorizer ¶
func NewAPIExportsContentAuthorizer(delegate authorizer.Authorizer, kubeClusterClient kcpkubernetesclientset.ClusterInterface) authorizer.Authorizer
NewAPIExportsContentAuthorizer creates a new authorizer that checks if the user has access to the `apiexports/content` subresource using the same verb as the requested resource. The given kube cluster client is used to execute a SAR request against the cluster of the current in-flight API export. If the SAR decision allows access, the given delegate authorizer is executed to proceed the authorizer chain, else access is denied.
func NewMaximalPermissionAuthorizer ¶
func NewMaximalPermissionAuthorizer(deepSARClient kcpkubernetesclientset.ClusterInterface, apiExportInformer apisv1alpha1informers.APIExportClusterInformer) authorizer.Authorizer
NewMaximalPermissionAuthorizer creates an authorizer that checks the maximal permission policy for the requested resource if the resource is a claimed resource in the requested API export. The check is omitted if the requested resource itself is not associated with an API export.
If the request is a cluster request the authorizer skips authorization if the request is not for a bound resource. If the request is a wildcard request this check is skipped because no unique API binding can be determined.
Types ¶
This section is empty.
Source Files