Documentation
¶
Index ¶
- func NewAlwaysAllowAuthorizer() authorizer.Authorizer
- func NewAlwaysDenyAuthorizer() authorizer.Authorizer
- func NewAlwaysFailAuthorizer() authorizer.Authorizer
- func NewAuthorizerFromAuthorizationConfig(authorizationModes []string, config AuthorizationConfig) (authorizer.Authorizer, error)
- type AuthorizationConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAlwaysAllowAuthorizer ¶
func NewAlwaysAllowAuthorizer() authorizer.Authorizer
func NewAlwaysDenyAuthorizer ¶
func NewAlwaysDenyAuthorizer() authorizer.Authorizer
func NewAlwaysFailAuthorizer ¶
func NewAlwaysFailAuthorizer() authorizer.Authorizer
func NewAuthorizerFromAuthorizationConfig ¶
func NewAuthorizerFromAuthorizationConfig(authorizationModes []string, config AuthorizationConfig) (authorizer.Authorizer, error)
NewAuthorizerFromAuthorizationConfig returns the right sort of union of multiple authorizer.Authorizer objects based on the authorizationMode or an error. authorizationMode should be a comma separated values of options.AuthorizationModeChoices.
Types ¶
type AuthorizationConfig ¶
type AuthorizationConfig struct {
// Path to an ABAC policy file.
PolicyFile string
// Kubeconfig file for Webhook authorization plugin.
WebhookConfigFile string
// TTL for caching of authorized responses from the webhook server.
WebhookCacheAuthorizedTTL time.Duration
WebhookCacheUnauthorizedTTL time.Duration
// User which can bootstrap role policies
RBACSuperUser string
RBACClusterRoleRegistry clusterrole.Registry
RBACClusterRoleBindingRegistry clusterrolebinding.Registry
RBACRoleRegistry role.Registry
RBACRoleBindingRegistry rolebinding.Registry
}
Source Files
Click to show internal directories.
Click to hide internal directories.