Documentation ¶
Overview ¶
Package rbac implements the authorizer.Authorizer interface using roles base access control.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ConvertSubject ¶
ConvertSubject converts the given subject into an unqiue id string
func RuleAllows ¶
func RuleAllows(requestAttributes authorizer.Attributes, rule *rbacv1.PolicyRule) bool
Types ¶
type ClusterRoleBindingLister ¶
type ClusterRoleBindingLister struct {
Lister rbaclisters.ClusterRoleBindingLister
}
func (*ClusterRoleBindingLister) ListClusterRoleBindings ¶
func (l *ClusterRoleBindingLister) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)
type ClusterRoleGetter ¶
type ClusterRoleGetter struct {
Lister rbaclisters.ClusterRoleLister
}
func (*ClusterRoleGetter) GetClusterRole ¶
func (g *ClusterRoleGetter) GetClusterRole(name string) (*rbacv1.ClusterRole, error)
type DefaultRuleResolver ¶
func NewDefaultRuleResolver ¶
func NewDefaultRuleResolver(client client.Client) *DefaultRuleResolver
func (*DefaultRuleResolver) GetRoleReferenceRules ¶
func (r *DefaultRuleResolver) GetRoleReferenceRules(ctx context.Context, roleRef rbacv1.RoleRef, bindingNamespace string) ([]rbacv1.PolicyRule, error)
GetRoleReferenceRules attempts to resolve the RoleBinding or ClusterRoleBinding.
func (*DefaultRuleResolver) VisitRulesFor ¶
type RBACAuthorizer ¶
type RBACAuthorizer struct {
AuthorizationRuleResolver *DefaultRuleResolver
}
func New ¶
func New(client client.Client) *RBACAuthorizer
func (*RBACAuthorizer) Authorize ¶
func (r *RBACAuthorizer) Authorize(ctx context.Context, requestAttributes authorizer.Attributes) (authorizer.Decision, string, error)
type RoleBindingLister ¶
type RoleBindingLister struct {
Lister rbaclisters.RoleBindingLister
}
func (*RoleBindingLister) ListRoleBindings ¶
func (l *RoleBindingLister) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)
type RoleGetter ¶
type RoleGetter struct {
Lister rbaclisters.RoleLister
}
Click to show internal directories.
Click to hide internal directories.