Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CanIOptions

type CanIOptions struct {
	// contains filtered or unexported fields
}

    CanIOptions provides utility to check if user has authorization for the given operation

    func NewCanI

    func NewCanI(client *client.Client, kind, namespace, verb string, log logr.Logger) *CanIOptions

      NewCanI returns a new instance of operation access controller evaluator

      func (*CanIOptions) RunAccessCheck

      func (o *CanIOptions) RunAccessCheck() (bool, error)

        RunAccessCheck checks if the caller can perform the operation - operation is a combination of namespace, kind, verb - can only evaluate a single verb - group version resource is determined from the kind using the discovery client REST mapper - If disallowed, the reason and evaluationError is available in the logs - each can generates a SelfSubjectAccessReview resource and response is evaluated for permissions

        Source Files