crossnamespace

package

v2.1.2 Latest Latest Go to latest Published: Mar 5, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kong/kong-operator

Links

Open Source Insights

Documentation ¶

Index ¶

func CheckKongReferenceGrantForResource(ctx context.Context, cl client.Client, fromNamespace string, ...) error
func IsReferenceNotGranted(err error) bool
func ReferenceGrantsAllow(grants []configurationv1alpha1.KongReferenceGrant, fromNamespace string, ...) bool
type ErrReferenceNotGranted
- func (e *ErrReferenceNotGranted) Error() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckKongReferenceGrantForResource ¶

func CheckKongReferenceGrantForResource(
	ctx context.Context,
	cl client.Client,
	fromNamespace string,
	toNamespace string,
	toName string,
	fromGVK,
	toGVK metav1.GroupVersionKind,
) error

CheckKongReferenceGrantForResource verifies that a cross-namespace reference is permitted by checking for an appropriate KongReferenceGrant. It validates whether a resource in one namespace (from) is allowed to reference a resource in another namespace (to).

Parameters:

cl: The Kubernetes client used to query KongReferenceGrant resources
ctx: The context for the operation
fromNamespace: The namespace containing the resource making the reference
toNamespace: The namespace containing the resource being referenced
toName: The name of the resource being referenced
fromGVK: The GroupVersionKind of the resource making the reference
toGVK: The GroupVersionKind of the resource being referenced

Returns an error if:

The verification of the KongReferenceGrant fails
No valid KongReferenceGrant exists that permits the cross-namespace reference

Returns nil if the cross-namespace reference is properly granted.

func IsReferenceNotGranted ¶

func IsReferenceNotGranted(err error) bool

IsReferenceNotGranted checks if the provided error is or wraps an ErrReferenceNotGranted error, indicating that a cross-namespace reference was attempted without the proper ReferenceGrant permissions. It returns true if the error matches this type, false otherwise.

func ReferenceGrantsAllow ¶

func ReferenceGrantsAllow(grants []configurationv1alpha1.KongReferenceGrant, fromNamespace string, toName string, fromGVK, toGVK metav1.GroupVersionKind) bool

ReferenceGrantsAllow checks if any of the provided KongReferenceGrants allow a reference from a resource in fromNamespace with the specified fromGVK to a resource named toName with the specified toGVK.

The function iterates through all grants and returns true if it finds a grant that:

Has a matching 'from' entry with the specified namespace, group, and kind
Has a matching 'to' entry with the specified name (or no name specified), group, and kind

Parameters:

grants: slice of KongReferenceGrants to check
fromNamespace: namespace of the referencing resource
toName: name of the referenced resource
fromGVK: GroupVersionKind of the referencing resource
toGVK: GroupVersionKind of the referenced resource

Returns true if at least one grant allows the reference, false otherwise.

Types ¶

type ErrReferenceNotGranted ¶

type ErrReferenceNotGranted struct {
	FromNamespace string
	FromGVK       metav1.GroupVersionKind
	ToNamespace   string
	ToName        string
	ToGVK         metav1.GroupVersionKind
}

ErrReferenceNotGranted is an error type that indicates a cross-namespace reference is not granted by any KongReferenceGrant.

func (*ErrReferenceNotGranted) Error ¶

func (e *ErrReferenceNotGranted) Error() string

Error returns a formatted error message indicating that a cross-namespace reference is not permitted.

Source Files ¶

View all Source files

kongreferencegrant.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL