authz

package
v0.35.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 19, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package authz enforces virtual-side Gateway API reference authorization.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GatewayCertificate

func GatewayCertificate(ctx *synccontext.SyncContext, gatewayNamespace string, ref *gatewayv1.SecretObjectReference) error

GatewayCertificate checks whether a Gateway certificateRef is allowed by virtual ReferenceGrants.

func HTTPRouteAttachment

func HTTPRouteAttachment(ctx *synccontext.SyncContext, routeNamespace string, ref *gatewayv1.ParentReference) error

HTTPRouteAttachment checks whether an HTTPRoute parentRef is allowed by the virtual Gateway configuration.

func HTTPRouteBackend

func HTTPRouteBackend(ctx *synccontext.SyncContext, routeNamespace string, ref *gatewayv1.BackendObjectReference) error

HTTPRouteBackend checks whether an HTTPRoute backendRef is allowed by virtual ReferenceGrants.

func IsNotPermitted

func IsNotPermitted(err error) bool

IsNotPermitted reports whether err indicates a denied virtual Gateway API reference.

func RegisterHTTPRouteWatches

func RegisterHTTPRouteWatches(ctx *synccontext.RegisterContext, builder *builder.Builder) *builder.Builder

RegisterHTTPRouteWatches requeues HTTPRoutes when authz inputs change.

func RegisterTLSRouteWatches

func RegisterTLSRouteWatches(ctx *synccontext.RegisterContext, builder *builder.Builder) *builder.Builder

RegisterTLSRouteWatches requeues TLSRoutes when authz inputs change.

func TLSRouteAttachment

func TLSRouteAttachment(ctx *synccontext.SyncContext, routeNamespace string, ref *gatewayv1.ParentReference) error

TLSRouteAttachment checks whether a TLSRoute parentRef is allowed by the virtual Gateway configuration.

func TLSRouteBackend

func TLSRouteBackend(ctx *synccontext.SyncContext, routeNamespace string, ref *gatewayv1.BackendObjectReference) error

TLSRouteBackend checks whether a TLSRoute backendRef is allowed by virtual ReferenceGrants.

Types

type NotPermittedError

type NotPermittedError struct {
	// contains filtered or unexported fields
}

NotPermittedError is returned when a virtual Gateway API reference is not allowed.

func (*NotPermittedError) Error

func (e *NotPermittedError) Error() string

Error returns the not-permitted error message.

func (*NotPermittedError) Is

func (e *NotPermittedError) Is(target error) bool

Is reports whether target is the package not-permitted sentinel.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL