Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthGate ¶ added in v1.7.2
func AuthGate(kubeappsNamespace string) negroni.HandlerFunc
AuthGate implements middleware to check if the user has access to read from the specific namespace before continuing.
- If the path being handled by the AuthGate middleware does not include the 'namespace' mux var, or the value is _all, then the check is for cluster-wide access.
- If the namespace is the global chart namespace (ie. kubeappsNamespace) then we allow read access regardless.
func ExtractToken ¶ added in v1.7.2
ExtractToken extracts the token from a correctly formatted Authorization header.
Types ¶
type Action ¶
type Action struct {
APIVersion string `json:"apiGroup"`
Resource string `json:"resource"`
Namespace string `json:"namespace"`
ClusterWide bool `json:"clusterWide"`
Verbs []string `json:"verbs"`
}
Action represents a specific set of verbs against a resource
func ParseForbiddenActions ¶ added in v1.8.0
ParseForbiddenActions parses a forbidden error returned by the Kubernetes API and return the list of forbidden actions
type Checker ¶
type Checker interface {
ValidateForNamespace(namespace string) (bool, error)
GetForbiddenActions(namespace, action, manifest string) ([]Action, error)
}
Checker for the exported funcs
type CheckerForRequest ¶ added in v1.9.0
CheckerForRequest defines a function type so we can also inject a fake for tests rather than setting a context value.
type UserAuth ¶
type UserAuth struct {
// contains filtered or unexported fields
}
UserAuth contains information to check user permissions
func (*UserAuth) GetForbiddenActions ¶
GetForbiddenActions parses a K8s manifest and checks if the current user can do the action given over all the elements of the manifest. It return the list of forbidden Actions if any.
Source Files
Directories