Documentation ¶
Index ¶
- Variables
- func APIGroupMatches(rule *rbacv1.PolicyRule, requestedGroup string) bool
- func ConvertSubject(namespace string, subject *rbacv1.Subject) string
- func GetAccounts(ctx context.Context, client client.Client, accounts []string) ([]*configv1alpha1.Account, error)
- func GetNamespaces(ctx context.Context, client client.Client, namespaces []string) ([]*corev1.Namespace, error)
- func NonResourceURLMatches(rule *rbacv1.PolicyRule, requestedURL string) bool
- func ResourceMatches(rule *rbacv1.PolicyRule, ...) bool
- func ResourceNameMatches(rule *rbacv1.PolicyRule, requestedName string) bool
- func RuleAllows(requestAttributes authorizer.Attributes, rule *rbacv1.PolicyRule) bool
- func RulesAllow(requestAttributes authorizer.Attributes, rules ...rbacv1.PolicyRule) bool
- func VerbMatches(rule *rbacv1.PolicyRule, requestedVerb string) bool
- type Accessor
- type AccountHandler
- type Allowed
- type Cache
- type ClusterRoleBindingHandler
- type ClusterRoleHandler
- type EnqueueSubject
- type RoleBindingHandler
- type RoleHandler
Constants ¶
This section is empty.
Variables ¶
var ( // UserPrefix is used to prefix users for the index UserPrefix = "user:" // GroupPrefix is used to prefix groups for the index GroupPrefix = "group:" )
Functions ¶
func APIGroupMatches ¶
func APIGroupMatches(rule *rbacv1.PolicyRule, requestedGroup string) bool
func ConvertSubject ¶
ConvertSubject converts the given subject into an unqiue id string
func GetAccounts ¶ added in v0.0.2
func GetAccounts(ctx context.Context, client client.Client, accounts []string) ([]*configv1alpha1.Account, error)
GetAccounts retrieves account objs for the given names
func GetNamespaces ¶ added in v0.0.2
func GetNamespaces(ctx context.Context, client client.Client, namespaces []string) ([]*corev1.Namespace, error)
GetNamespaces retrieves namespace objs for the given names
func NonResourceURLMatches ¶
func NonResourceURLMatches(rule *rbacv1.PolicyRule, requestedURL string) bool
func ResourceMatches ¶
func ResourceMatches(rule *rbacv1.PolicyRule, combinedRequestedResource, requestedSubresource string) bool
func ResourceNameMatches ¶
func ResourceNameMatches(rule *rbacv1.PolicyRule, requestedName string) bool
func RuleAllows ¶
func RuleAllows(requestAttributes authorizer.Attributes, rule *rbacv1.PolicyRule) bool
func RulesAllow ¶
func RulesAllow(requestAttributes authorizer.Attributes, rules ...rbacv1.PolicyRule) bool
func VerbMatches ¶
func VerbMatches(rule *rbacv1.PolicyRule, requestedVerb string) bool
Types ¶
type Accessor ¶
type Accessor interface { RetrieveAllowedNamespaces(ctx context.Context, subject, verb string) ([]string, error) RetrieveAllowedAccounts(ctx context.Context, subject, verb string) ([]string, error) }
Accessor is the interface for the accessor that retrieves the allowed namespaces & accounts
type AccountHandler ¶
type AccountHandler struct {
// contains filtered or unexported fields
}
func (*AccountHandler) OnAdd ¶
func (r *AccountHandler) OnAdd(obj interface{})
OnAdd implements interface
func (*AccountHandler) OnDelete ¶
func (r *AccountHandler) OnDelete(obj interface{})
OnDelete implements interface
func (*AccountHandler) OnUpdate ¶
func (r *AccountHandler) OnUpdate(oldObj, newObj interface{})
OnUpdate implements interface
type Cache ¶
type Cache interface { GetAccountsForUser(user user.Info, verb string) ([]string, error) GetNamespacesForUser(user user.Info, verb string) ([]string, error) Run(stop <-chan struct{}) }
Cache is used to retrieve and cache mappings between users / groups and namespaces and accounts
type ClusterRoleBindingHandler ¶
type ClusterRoleBindingHandler struct {
// contains filtered or unexported fields
}
func (*ClusterRoleBindingHandler) OnAdd ¶
func (r *ClusterRoleBindingHandler) OnAdd(obj interface{})
OnAdd implements interface
func (*ClusterRoleBindingHandler) OnDelete ¶
func (r *ClusterRoleBindingHandler) OnDelete(obj interface{})
OnDelete implements interface
func (*ClusterRoleBindingHandler) OnUpdate ¶
func (r *ClusterRoleBindingHandler) OnUpdate(oldObj, newObj interface{})
OnUpdate implements interface
type ClusterRoleHandler ¶
type ClusterRoleHandler struct {
// contains filtered or unexported fields
}
func (*ClusterRoleHandler) OnAdd ¶
func (r *ClusterRoleHandler) OnAdd(obj interface{})
OnAdd implements interface
func (*ClusterRoleHandler) OnDelete ¶
func (r *ClusterRoleHandler) OnDelete(obj interface{})
OnDelete implements interface
func (*ClusterRoleHandler) OnUpdate ¶
func (r *ClusterRoleHandler) OnUpdate(oldObj, newObj interface{})
OnUpdate implements interface
type EnqueueSubject ¶
type EnqueueSubject func(string)
EnqueueSubject is the function that enqueues a subject to the work queue
type RoleBindingHandler ¶
type RoleBindingHandler struct {
// contains filtered or unexported fields
}
func (*RoleBindingHandler) OnAdd ¶
func (r *RoleBindingHandler) OnAdd(obj interface{})
OnAdd implements interface
func (*RoleBindingHandler) OnDelete ¶
func (r *RoleBindingHandler) OnDelete(obj interface{})
OnDelete implements interface
func (*RoleBindingHandler) OnUpdate ¶
func (r *RoleBindingHandler) OnUpdate(oldObj, newObj interface{})
OnUpdate implements interface
type RoleHandler ¶
type RoleHandler struct {
// contains filtered or unexported fields
}
func (*RoleHandler) OnDelete ¶
func (r *RoleHandler) OnDelete(obj interface{})
OnDelete implements interface
func (*RoleHandler) OnUpdate ¶
func (r *RoleHandler) OnUpdate(oldObj, newObj interface{})
OnUpdate implements interface