Documentation ¶
Overview ¶
Package subjectaccess provides functions for listing resource access in a Kubernetes cluster.
Index ¶
Constants ¶
View Source
const ( Denied int = iota Allowed Unused Error )
Variables ¶
View Source
var (
APIVerbs = []string{
"create",
"get",
"list",
"watch",
"update",
"patch",
"delete",
"deletecollection",
}
)
Functions ¶
func NewResourceAccess ¶
func NewResourceAccess(ctx context.Context, client authClient.SelfSubjectAccessReviewInterface, resources []Resource) *resourceAccess
NewResourceAccess provides a ResourceAccess object with an access map popluated from issuing SelfSubjectAccessReview requests for the list of resources and verbs provided.
Types ¶
type Resource ¶
type Resource struct { Namespace string GroupVersionKind schema.GroupVersionKind APIResource metav1.APIResource }
func ResourceList ¶
func ResourceList(_ context.Context, client discovery.DiscoveryInterface, namespace string) ([]Resource, error)
ResourceList creates a list of Resource objects using the Discovery client.
type ResourceAccess ¶
type ResourceAccess interface { Allowed(resource Resource, verb string) bool AllowedAll(resource Resource, verbs []string) bool AllowedAny(resource Resource, verbs []string) bool String() string }
ResourceAccess provides a way to check if a given resource and verb are allowed to be performed by the current Kubernetes client.
Click to show internal directories.
Click to hide internal directories.