Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthGate ¶ added in v1.7.2
func AuthGate(kubeappsNamespace string) negroni.HandlerFunc
AuthGate implements middleware to check if the user has access to read from the specific namespace before continuing.
- If the path being handled by the AuthGate middleware does not include the 'namespace' mux var, or the value is _all, then the check is for cluster-wide access.
- If the namespace is the global chart namespace (ie. kubeappsNamespace) then we allow read access regardless.
func ExtractToken ¶ added in v1.7.2
ExtractToken extracts the token from a correctly formatted Authorization header.
Types ¶
type Action ¶
type Action struct { APIVersion string `json:"apiGroup"` Resource string `json:"resource"` Namespace string `json:"namespace"` ClusterWide bool `json:"clusterWide"` Verbs []string `json:"verbs"` }
Action represents a specific set of verbs against a resource
func ParseForbiddenActions ¶ added in v1.8.0
ParseForbiddenActions parses a forbidden error returned by the Kubernetes API and return the list of forbidden actions
type Checker ¶
type Checker interface { ValidateForNamespace(namespace string) (bool, error) GetForbiddenActions(namespace, action, manifest string) ([]Action, error) }
Checker for the exported funcs
type CheckerForRequest ¶ added in v1.9.0
CheckerForRequest defines a function type so we can also inject a fake for tests rather than setting a context value.
type UserAuth ¶
type UserAuth struct {
// contains filtered or unexported fields
}
UserAuth contains information to check user permissions
func (*UserAuth) GetForbiddenActions ¶
GetForbiddenActions parses a K8s manifest and checks if the current user can do the action given over all the elements of the manifest. It return the list of forbidden Actions if any.