Documentation ¶
Overview ¶
Package subjectaccess provides functions for listing resource access in a Kubernetes cluster.
Index ¶
Constants ¶
View Source
const ( Denied int = iota Allowed Unused Error )
Variables ¶
This section is empty.
Functions ¶
func NewResourceAccess ¶
func NewResourceAccess(ctx context.Context, client authClient.SelfSubjectAccessReviewInterface, namespace string, resources []Resource, options ...ResourceAccessOption) *resourceAccess
NewResourceAccess provides a ResourceAccess object with an access map popluated from issuing SelfSubjectAccessReview requests for the list of resources and verbs provided.
Types ¶
type Resource ¶
type Resource struct { GroupVersionKind schema.GroupVersionKind APIResource metav1.APIResource }
func ResourceList ¶
func ResourceList(_ context.Context, logger *zap.Logger, client discovery.ServerResourcesInterface, namespaced bool) ([]Resource, error)
ResourceList creates a list of Resource objects using the Discovery client.
func (Resource) GroupVersionResource ¶
func (r Resource) GroupVersionResource() schema.GroupVersionResource
type ResourceAccess ¶
type ResourceAccess interface { Update(context.Context, authClient.SelfSubjectAccessReviewInterface, string, Resource, string) Allowed(namespace string, resource Resource, verb string) bool AllowedAll(namespace string, resource Resource, verbs []string) bool AllowedAny(namespace string, resource Resource, verbs []string) bool String() string }
ResourceAccess provides a way to check if a given resource and verb are allowed to be performed by the current Kubernetes client.
type ResourceAccessOption ¶
type ResourceAccessOption func(*resourceAccess)
func WithLogger ¶
func WithLogger(logger *zap.Logger) ResourceAccessOption
func WithMinimumRBAC ¶
func WithMinimumRBAC(verbs metav1.Verbs) ResourceAccessOption
Click to show internal directories.
Click to hide internal directories.