Documentation
¶
Index ¶
- func CheckNamespace(log logr.Logger, attrs auth.Attributes, allowedNamespaces ...string) (bool, string)
- func CheckSubresource(log logr.Logger, attrs auth.Attributes, allowedSubresources ...string) (bool, string)
- func CheckVerb(log logr.Logger, attrs auth.Attributes, allowedVerbs ...string) (bool, string)
- func WithAllowedNamespaces(namespaceNames ...string) configFunc
- func WithAllowedSubresources(resources ...string) configFunc
- func WithAllowedVerbs(verbs ...string) configFunc
- func WithAlwaysAllowedVerbs(verbs ...string) configFunc
- func WithFieldSelectors(fields map[string]string) configFunc
- func WithLabelSelectors(labels map[string]string) configFunc
- type RequestAuthorizer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckNamespace ¶ added in v1.130.0
func CheckNamespace(log logr.Logger, attrs auth.Attributes, allowedNamespaces ...string) (bool, string)
CheckNamespace checks if namespace verbs in the attributes is allowed for the resource type.
func CheckSubresource ¶
func CheckSubresource(log logr.Logger, attrs auth.Attributes, allowedSubresources ...string) (bool, string)
CheckSubresource checks if the subresource in the attributes is allowed for the resource type. If no subresource is provided in the attributes, the check always passes.
func WithAllowedNamespaces ¶ added in v1.130.0
func WithAllowedNamespaces(namespaceNames ...string) configFunc
WithAllowedNamespaces is a config function for setting the allowed namespaces.
func WithAllowedSubresources ¶
func WithAllowedSubresources(resources ...string) configFunc
WithAllowedSubresources is a config function for setting the allowed subresources.
func WithAllowedVerbs ¶
func WithAllowedVerbs(verbs ...string) configFunc
WithAllowedVerbs is a config function for setting the allowed verbs.
func WithAlwaysAllowedVerbs ¶
func WithAlwaysAllowedVerbs(verbs ...string) configFunc
WithAlwaysAllowedVerbs is a config function for setting the always allowed verbs.
func WithFieldSelectors ¶ added in v1.130.0
WithFieldSelectors is a config function for setting the field selector field keys and values. In case multiple fields are provided, they are OR-ed, i.e., it is enough for a request to be authorized if one of the selectors matches.
func WithLabelSelectors ¶ added in v1.130.0
WithLabelSelectors is a config function for setting the label selector keys and values. In case multiple pairs are provided, they are OR-ed, i.e., it is enough for a request to be authorized if one of the selectors matches. TODO(rfranzke): Remove this 'nolint' annotation once the function is used.
Types ¶
type RequestAuthorizer ¶
type RequestAuthorizer struct {
Log logr.Logger
Graph graph.Interface
AuthorizeWithSelectors authorizerwebhook.WithSelectorsChecker
ToType graph.VertexType
ToNamespace string
ToName string
}
RequestAuthorizer contains common fields that can be used to authorize requests based on graph relationships.
func (*RequestAuthorizer) Check ¶
func (a *RequestAuthorizer) Check(fromType graph.VertexType, attrs auth.Attributes, fns ...configFunc) (auth.Decision, string, error)
Check checks if a request is allowed based on the graph relationships and the provided attributes.
func (*RequestAuthorizer) CheckRead ¶
func (a *RequestAuthorizer) CheckRead(fromType graph.VertexType, attrs auth.Attributes) (auth.Decision, string, error)
CheckRead checks if a read request (get, list, watch) is allowed based on the graph relationships and the provided attributes.
Source Files
Directories