permission

package
v0.0.0-...-311e34c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 29, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package permission implements glob-based command permission checking.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DefaultRules

func DefaultRules() map[string]string

DefaultRules returns a set of safe default rules.

func KubernetesReadOnlyRules

func KubernetesReadOnlyRules() map[string]string

KubernetesReadOnlyRules returns rules for read-only Kubernetes operations.

func SafeReadOnlyRules

func SafeReadOnlyRules() map[string]string

SafeReadOnlyRules returns rules that allow read-only operations.

Types

type Action

type Action string

Action represents the permission action.

const (
	ActionAllow Action = "allow"
	ActionDeny  Action = "deny"
)

type Checker

type Checker struct {
	// contains filtered or unexported fields
}

Checker checks command permissions against configured rules.

func NewChecker

func NewChecker(patterns map[string]string) *Checker

NewChecker creates a new permission checker from a map of patterns to actions. The "*" pattern is processed first as the default rule, followed by other patterns in sorted order.

func (*Checker) Check

func (c *Checker) Check(command string) error

Check checks if a command is allowed. Returns nil if allowed, error with reason if denied.

func (*Checker) IsAllowed

func (c *Checker) IsAllowed(command string) bool

IsAllowed is a convenience method that returns true if command is allowed.

type Rule

type Rule struct {
	Pattern string
	Action  Action
}

Rule represents a single permission rule.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL