proxyrule

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 19, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	metav1.TypeMeta `json:",inline"`
	Spec            `json:",inline"`
}

Config is a typed wrapper around a Spec. In the future Spec may be exposed as a real kube api; this type is meant for an on-disk representation given to the proxy on start and omits spec/status and other common kube trimmings.

func Parse 

func Parse(reader io.Reader) ([]Config, error)

type LockMode 

type LockMode string
const (
	PessimisticLockMode LockMode = "Pessimistic"
	OptimisticLockMode  LockMode = "Optimistic"
)

type Match 

type Match struct {
	GroupVersion string   `json:"apiVersion"`
	Resource     string   `json:"resource"`
	Verbs        []string `json:"verbs"`
}

Match determines which requests the rule applies to

type ObjectTemplate 

type ObjectTemplate struct {
	Type     string `json:"type"`
	ID       string `json:"id"`
	Relation string `json:"relation,omitempty"`
}

ObjectTemplate represents a component of a relationship where some fields may be omitted or templated.

type PreFilter 

type PreFilter struct {
	// Name is a jmespath defining how to construct an allowed Name from an
	// LR or LS response.
	Name string `json:"name"`

	// Namespace is a jmespath defining how to construct an allowed Namespace
	// from an LR or LS response.
	Namespace string `json:"namespace,omitempty"`

	// ByResource is a template defining a LookupResources request to filter on.
	// The resourceID will be ignored; unused fields should be set to `*`.
	ByResource *StringOrTemplate `json:"byResource,optional"`

	// BySubject is a template defining a LookupSubjects request to filter on.
	// The subjectID will be ignored; unused fields should be set to `*`.
	BySubject *StringOrTemplate `json:"bySubject,optional"`
}

PreFilter defines a LookupResources or LookupSubjects request the results of which are used to filter responses. Prefilters work by generating a list of allowed object (name, namespace) pairs ahead of / in parallel with the kube request.

type RelationshipTemplate 

type RelationshipTemplate struct {
	Resource ObjectTemplate `json:"resource"`
	Subject  ObjectTemplate `json:"subject"`
}

RelationshipTemplate represents a relationship where some fields may be omitted or templated.

type Spec 

type Spec struct {
	Locking    LockMode           `json:"lock,omitempty"`
	Matches    []Match            `json:"match"`
	Checks     []StringOrTemplate `json:"check,omitempty"`
	Must       []StringOrTemplate `json:"must,omitempty"`
	MustNot    []StringOrTemplate `json:"mustNot,omitempty"`
	Writes     []StringOrTemplate `json:"write,omitempty"`
	PreFilters []PreFilter        `json:"prefilter,omitempty"`
}

Spec defines a single rule for the proxy that matches incoming requests to an optional set of checks, an optional set of writes, and an optional filter.

type StringOrTemplate 

type StringOrTemplate struct {
	Template              string `json:"tpl,inline"`
	*RelationshipTemplate `json:",inline"`
}

StringOrTemplate either contains a string representing a relationship template, or a full RelationshipTemplate definition.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.