Version: v1.0.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jun 30, 2015 License: Apache-2.0 Imports: 16 Imported by: 0




View Source
const DefaultProjectRequestForbidden = "You may not request a new project via this API."


This section is empty.


func IsPersonalAccessReview added in v0.4.2

func IsPersonalAccessReview(a AuthorizationAttributes) (bool, error)


type AuthorizationAttributeBuilder

type AuthorizationAttributeBuilder interface {
	GetAttributes(request *http.Request) (AuthorizationAttributes, error)

func NewAuthorizationAttributeBuilder

func NewAuthorizationAttributeBuilder(contextMapper kapi.RequestContextMapper, infoResolver *kapiserver.APIRequestInfoResolver) AuthorizationAttributeBuilder

type AuthorizationAttributes

type AuthorizationAttributes interface {
	GetVerb() string
	GetAPIVersion() string
	// GetResource returns the resource type.  If IsNonResourceURL() is true, then GetResource() is "".
	GetResource() string
	GetResourceName() string
	// GetRequestAttributes is of type interface{} because different verbs and different Authorizer/AuthorizationAttributeBuilder pairs may have different contract requirements.
	GetRequestAttributes() interface{}
	// IsNonResourceURL returns true if this is not an action performed against the resource API
	IsNonResourceURL() bool
	// GetURL returns the URL path being requested, including the leading '/'
	GetURL() string

type Authorizer

type Authorizer interface {
	Authorize(ctx kapi.Context, a AuthorizationAttributes) (allowed bool, reason string, err error)
	GetAllowedSubjects(ctx kapi.Context, attributes AuthorizationAttributes) (util.StringSet, util.StringSet, error)

func NewAuthorizer

func NewAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, forbiddenMessageMaker ForbiddenMessageMaker) Authorizer

type DefaultAuthorizationAttributes added in v0.3.1

type DefaultAuthorizationAttributes struct {
	Verb              string
	APIVersion        string
	Resource          string
	ResourceName      string
	RequestAttributes interface{}
	NonResourceURL    bool
	URL               string

func (DefaultAuthorizationAttributes) GetAPIVersion added in v0.4.4

func (a DefaultAuthorizationAttributes) GetAPIVersion() string

func (DefaultAuthorizationAttributes) GetRequestAttributes added in v0.3.1

func (a DefaultAuthorizationAttributes) GetRequestAttributes() interface{}

func (DefaultAuthorizationAttributes) GetResource added in v0.3.1

func (a DefaultAuthorizationAttributes) GetResource() string

func (DefaultAuthorizationAttributes) GetResourceName added in v0.3.1

func (a DefaultAuthorizationAttributes) GetResourceName() string

func (DefaultAuthorizationAttributes) GetURL added in v0.3.2

func (DefaultAuthorizationAttributes) GetVerb added in v0.3.1

func (DefaultAuthorizationAttributes) IsNonResourceURL added in v0.3.2

func (a DefaultAuthorizationAttributes) IsNonResourceURL() bool

func (DefaultAuthorizationAttributes) RuleMatches added in v0.3.1

type ForbiddenMessageMaker added in v0.5.3

type ForbiddenMessageMaker interface {
	MakeMessage(ctx MessageContext) (string, error)

ForbiddenMessageMaker creates a forbidden message from a MessageContext

type ForbiddenMessageResolver added in v0.5.3

type ForbiddenMessageResolver struct {
	// contains filtered or unexported fields

func NewForbiddenMessageResolver added in v0.5.3

func NewForbiddenMessageResolver(projectRequestForbiddenTemplate string) *ForbiddenMessageResolver

func (*ForbiddenMessageResolver) MakeMessage added in v0.5.3

func (m *ForbiddenMessageResolver) MakeMessage(ctx MessageContext) (string, error)

type MessageContext added in v0.5.3

type MessageContext struct {
	User       user.Info
	Namespace  string
	Attributes AuthorizationAttributes

MessageContext contains sufficient information to create a forbidden message. It is bundled in this one object to make it easy and obvious how to build a golang template

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL