Documentation
¶
Overview ¶
Package authz enforces virtual-side Gateway API reference authorization.
Index ¶
- func GatewayCertificate(ctx *synccontext.SyncContext, gatewayNamespace string, ...) error
- func HTTPRouteAttachment(ctx *synccontext.SyncContext, routeNamespace string, ...) error
- func HTTPRouteBackend(ctx *synccontext.SyncContext, routeNamespace string, ...) error
- func IsNotPermitted(err error) bool
- func RegisterHTTPRouteWatches(ctx *synccontext.RegisterContext, builder *builder.Builder) *builder.Builder
- func RegisterTLSRouteWatches(ctx *synccontext.RegisterContext, builder *builder.Builder) *builder.Builder
- func TLSRouteAttachment(ctx *synccontext.SyncContext, routeNamespace string, ...) error
- func TLSRouteBackend(ctx *synccontext.SyncContext, routeNamespace string, ...) error
- type NotPermittedError
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GatewayCertificate ¶
func GatewayCertificate(ctx *synccontext.SyncContext, gatewayNamespace string, ref *gatewayv1.SecretObjectReference) error
GatewayCertificate checks whether a Gateway certificateRef is allowed by virtual ReferenceGrants.
func HTTPRouteAttachment ¶
func HTTPRouteAttachment(ctx *synccontext.SyncContext, routeNamespace string, ref *gatewayv1.ParentReference) error
HTTPRouteAttachment checks whether an HTTPRoute parentRef is allowed by the virtual Gateway configuration.
func HTTPRouteBackend ¶
func HTTPRouteBackend(ctx *synccontext.SyncContext, routeNamespace string, ref *gatewayv1.BackendObjectReference) error
HTTPRouteBackend checks whether an HTTPRoute backendRef is allowed by virtual ReferenceGrants.
func IsNotPermitted ¶
IsNotPermitted reports whether err indicates a denied virtual Gateway API reference.
func RegisterHTTPRouteWatches ¶
func RegisterHTTPRouteWatches(ctx *synccontext.RegisterContext, builder *builder.Builder) *builder.Builder
RegisterHTTPRouteWatches requeues HTTPRoutes when authz inputs change.
func RegisterTLSRouteWatches ¶
func RegisterTLSRouteWatches(ctx *synccontext.RegisterContext, builder *builder.Builder) *builder.Builder
RegisterTLSRouteWatches requeues TLSRoutes when authz inputs change.
func TLSRouteAttachment ¶
func TLSRouteAttachment(ctx *synccontext.SyncContext, routeNamespace string, ref *gatewayv1.ParentReference) error
TLSRouteAttachment checks whether a TLSRoute parentRef is allowed by the virtual Gateway configuration.
func TLSRouteBackend ¶
func TLSRouteBackend(ctx *synccontext.SyncContext, routeNamespace string, ref *gatewayv1.BackendObjectReference) error
TLSRouteBackend checks whether a TLSRoute backendRef is allowed by virtual ReferenceGrants.
Types ¶
type NotPermittedError ¶
type NotPermittedError struct {
// contains filtered or unexported fields
}
NotPermittedError is returned when a virtual Gateway API reference is not allowed.
func (*NotPermittedError) Error ¶
func (e *NotPermittedError) Error() string
Error returns the not-permitted error message.
func (*NotPermittedError) Is ¶
func (e *NotPermittedError) Is(target error) bool
Is reports whether target is the package not-permitted sentinel.