Documentation
¶
Index ¶
- func GetAuthorization(ctx context.Context, req *sentryrpc.GetUserAuthorizationRequest, ...) (resp *sentryrpc.GetUserAuthorizationResponse, err error)
- func GetDefaultClusterRole() (*rbacv1.ClusterRole, error)
- func GetDefaultRole() (*rbacv1.Role, error)
- func GetFullAccessClusterRole() (*rbacv1.ClusterRole, error)
- func GetNamespace() (*corev1.Namespace, error)
- func GetReadClusterScopeClusterRole() (*rbacv1.ClusterRole, error)
- func GetReadNamespaceClusterRole() (*rbacv1.ClusterRole, error)
- func GetReadNamespaceRole() (*rbacv1.Role, error)
- func GetWriteClusterScopeClusterRole() (*rbacv1.ClusterRole, error)
- func GetWriteNamespaceClusterRole() (*rbacv1.ClusterRole, error)
- func GetWriteNamespaceRole() (*rbacv1.Role, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAuthorization ¶
func GetAuthorization(ctx context.Context, req *sentryrpc.GetUserAuthorizationRequest, bs service.BootstrapService, aps service.AccountPermissionService, gps service.GroupPermissionService, krs service.KubeconfigRevocationService, kcs service.KubectlClusterSettingsService, kss service.KubeconfigSettingService, ns service.NamespaceService) (resp *sentryrpc.GetUserAuthorizationResponse, err error)
GetAuthorization returns authorization for user, cluster The RBAC model mapped to the existing role PROJECT_ADMIN:
- Read/Write access to all cluster scoped resources
- Read/Write access to all namespace scoped resources
PROJECT_READ:
- Read access to all cluster scoped resources
- Read access to all namespace scoped resources
INFRA_ADMIN:
- Read/Write access to all cluster scoped resources
- Read/Write access to all namespace scoped resources
INFRA_READ:
- Read access to all cluster scoped resources
- Read access to all namespace scoped resources
ENV_ADMIN
- NO Access to cluster scoped resources
- Read/Write Access to namespace scoped resources (only within the environment)
ENV_READ
- NO Access to cluster scoped resources
- Read Access to namespace scoped resources (only within the environment)
func GetDefaultClusterRole ¶
func GetDefaultClusterRole() (*rbacv1.ClusterRole, error)
GetDefaultClusterRole returns default cluster role for relay user
func GetDefaultRole ¶
GetDefaultRole return default role for relay user
func GetFullAccessClusterRole ¶
func GetFullAccessClusterRole() (*rbacv1.ClusterRole, error)
GetFullAccessClusterRole gets cluster role with full access
func GetReadClusterScopeClusterRole ¶
func GetReadClusterScopeClusterRole() (*rbacv1.ClusterRole, error)
GetReadClusterScopeClusterRole gets cluster role with read access
func GetReadNamespaceClusterRole ¶
func GetReadNamespaceClusterRole() (*rbacv1.ClusterRole, error)
GetReadNamespaceClusterRole gets cluster role with read access
func GetReadNamespaceRole ¶
GetReadNamespaceRole gets cluster role with read access
func GetWriteClusterScopeClusterRole ¶
func GetWriteClusterScopeClusterRole() (*rbacv1.ClusterRole, error)
GetWriteClusterScopeClusterRole gets cluster role with write access
func GetWriteNamespaceClusterRole ¶
func GetWriteNamespaceClusterRole() (*rbacv1.ClusterRole, error)
GetWriteNamespaceClusterRole gets cluster role with write access
func GetWriteNamespaceRole ¶
GetWriteNamespaceRole gets cluster role with write access
Types ¶
This section is empty.
Source Files