whocan

package
Version: v0.0.0-...-c40310d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 7, 2021 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Bindings

type Bindings struct {
	RoleBindings        []string `json:"role-bindings,omitempty"`
	ClusterRoleBindings []string `json:"cluster-role-bindings,omitempty"`
}

Bindings represents RoleBindings or ClusterRoleBindings which may be applied to a subject.

type Checker

type Checker interface {
	// Check takes a whocan Action and returns the role bindings that allow that action to be performed.
	Check(whocancmd.Action) (roleBindings []rbac.RoleBinding, clusterRoleBindings []rbac.ClusterRoleBinding, err error)
}

Checker is the interface for running a whocan Action

func NewChecker

func NewChecker(client *kubernetes.Clientset, restConfig *rest.Config) (Checker, error)

NewChecker creates a client which can run who-can queries.

type Config

type Config struct {
	Namespaces []string `yaml:"namespaces"`
}

WhoCanConfig is used to configure the who-can queries

func LoadConfigFromEnv

func LoadConfigFromEnv() (Config, error)

type Result

type Result struct {
	Resource  string          `json:"resource"`
	Verb      string          `json:"verb"`
	Namespace string          `json:"namespace"`
	Subjects  SubjectBindings `json:"subjects"`
}

Result represents the result of a who-can query.

type Results

type Results []Result

func (*Results) WriteResourcesReport

func (r *Results) WriteResourcesReport(w io.Writer) error

func (*Results) WriteSonobuoyReport

func (r *Results) WriteSonobuoyReport(w io.Writer) error

func (*Results) WriteSubjectsReport

func (r *Results) WriteSubjectsReport(w io.Writer) error

type Runner

type Runner struct {
	// contains filtered or unexported fields
}

func NewRunner

func NewRunner(checker Checker) Runner

func (*Runner) Run

func (r *Runner) Run(namespaces []string, resources []metav1.APIResource) (Results, error)

type SonobuoyResultsItem

type SonobuoyResultsItem struct {
	Name     string                `json:"name" yaml:"name"`
	Status   string                `json:"status" yaml:"status,omitempty"`
	Metadata map[string]string     `json:"meta,omitempty" yaml:"meta,omitempty"`
	Details  map[string]string     `json:"details,omitempty" yaml:"details,omitempty"`
	Items    []SonobuoyResultsItem `json:"items,omitempty" yaml:"items,omitempty"`
}

type SubjectActionPermissions

type SubjectActionPermissions struct {
	Resource string `json:"resource"`
	Verb     string `json:"verb"`
	Bindings
}

SubjectActionPermissions represents the role bindings that allow a particular subject to perform an action.

type SubjectBindings

type SubjectBindings map[rbac.Subject]Bindings

SubjectBindings represents the names of all Role and ClusterRole bindings bound to a subject.

func (SubjectBindings) MarshalJSON

func (sb SubjectBindings) MarshalJSON() ([]byte, error)

type SubjectNamespacePermissions

type SubjectNamespacePermissions map[string][]SubjectActionPermissions

SubjectNamespacePermissions represents all permissions granted within namespaces

func (SubjectNamespacePermissions) MarshalJSON

func (np SubjectNamespacePermissions) MarshalJSON() ([]byte, error)

MarshalJSON marshals SubjectNamespacePermissions into JSON

type SubjectResults

type SubjectResults map[rbac.Subject]SubjectNamespacePermissions

SubjectResults represents all the permissions for a subject

func (SubjectResults) MarshalJSON

func (spm SubjectResults) MarshalJSON() ([]byte, error)

MarshalJSON marshals SubjectResults into JSON

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL