auth

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 15, 2022 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Package auth provides mechanisms for enforcing authorization to Workspace resources in KCP This package is largely insired from openshift/openshift-apiserver/pkg/project/auth https://github.com/openshift/openshift-apiserver/blob/9271466bfd02a9eb02fb5a43c8b9ff1ced76aca9/pkg/project/auth

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RBACSubjectsToUsersAndGroups 

func RBACSubjectsToUsersAndGroups(subjects []rbacv1.Subject) (users []string, groups []string)

Types

type AuthorizationCache 

type AuthorizationCache struct {
	// contains filtered or unexported fields
}

AuthorizationCache maintains a cache on the set of workspaces a user or group can access.

func NewAuthorizationCache 

func NewAuthorizationCache(
	workspaceLister workspacelisters.WorkspaceLister,
	workspaceLastSyncResourceVersioner LastSyncResourceVersioner,
	reviewer Reviewer,
	informers rbacv1informers.Interface,
) *AuthorizationCache

NewAuthorizationCache creates a new AuthorizationCache

func (*AuthorizationCache) GetClusterRoleLister 

func (ac *AuthorizationCache) GetClusterRoleLister() SyncedClusterRoleLister

func (*AuthorizationCache) List 

func (ac *AuthorizationCache) List(userInfo user.Info, selector labels.Selector) (*workspaceapi.WorkspaceList, error)

List returns the set of workspace names the user has access to view

func (*AuthorizationCache) ReadyForAccess 

func (ac *AuthorizationCache) ReadyForAccess() bool

func (*AuthorizationCache) Run 

func (ac *AuthorizationCache) Run(period time.Duration)

Run begins watching and synchronizing the cache

type LastSyncResourceVersioner 

type LastSyncResourceVersioner interface {
	LastSyncResourceVersion() string
}

LastSyncResourceVersioner is any object that can divulge a LastSyncResourceVersion

type Lister 

type Lister interface {
	// List returns the list of Workspace items that the user can access
	List(user user.Info, selector labels.Selector) (*workspaceapi.WorkspaceList, error)
}

Lister enforces ability to enumerate a resource based on role

type Review 

type Review interface {
	Users() []string
	Groups() []string
	EvaluationError() string
}

Review is a list of users and groups that can access a resource

type Reviewer 

type Reviewer interface {
	Review(name string) (Review, error)
}

Reviewer performs access reviews for a workspace by name

type ReviewerProvider 

type ReviewerProvider interface {
	ForVerb(checkedVerb string) Reviewer
}

func NewAuthorizerReviewerProvider 

func NewAuthorizerReviewerProvider(policyChecker rbac.SubjectLocator) ReviewerProvider

type SyncedClusterRoleBindingLister 

type SyncedClusterRoleBindingLister interface {
	rbacv1listers.ClusterRoleBindingLister
	LastSyncResourceVersioner
}

type SyncedClusterRoleLister 

type SyncedClusterRoleLister interface {
	rbacv1listers.ClusterRoleLister
	LastSyncResourceVersioner
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.