rbac

package

v0.4.6 Latest Latest Go to latest Published: Jan 28, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/minio/controller-tools

Links

Open Source Insights

Documentation ¶

Overview ¶

Package rbac contain libraries for generating RBAC manifests from RBAC markers in Go source files.

The markers take the form:

+kubebuilder:rbac:groups=<groups>,resources=<resources>,resourceNames=<resource names>,verbs=<verbs>,urls=<non resource urls>

Index ¶

Variables
func GenerateRoles(ctx *genall.GenerationContext, roleName string) ([]interface{}, error)
type Generator
type Rule
- func (Rule) Help() *markers.DefinitionHelp
- func (r *Rule) ToRule() rbacv1.PolicyRule

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// RuleDefinition is a marker for defining RBAC rules.
	// Call ToRule on the value to get a Kubernetes RBAC policy rule.
	RuleDefinition = markers.Must(markers.MakeDefinition("kubebuilder:rbac", markers.DescribesPackage, Rule{}))
)

Functions ¶

func GenerateRoles ¶ added in v0.4.3

func GenerateRoles(ctx *genall.GenerationContext, roleName string) ([]interface{}, error)

GenerateRoles generate a slice of objs representing either a ClusterRole or a Role object The order of the objs in the returned slice is stable and determined by their namespaces.

Types ¶

type Generator ¶ added in v0.4.3

type Generator struct {
	// RoleName sets the name of the generated ClusterRole.
	RoleName string
}

Generator generates ClusterRole objects.

func (Generator) Generate ¶ added in v0.4.3

func (g Generator) Generate(ctx *genall.GenerationContext) error

func (Generator) Help ¶ added in v0.4.3

func (Generator) Help() *markers.DefinitionHelp

func (Generator) RegisterMarkers ¶ added in v0.4.3

func (Generator) RegisterMarkers(into *markers.Registry) error

type Rule ¶ added in v0.4.3

type Rule struct {
	// Groups specifies the API groups that this rule encompasses.
	Groups []string `marker:",optional"`
	// Resources specifies the API resources that this rule encompasses.
	Resources []string `marker:",optional"`
	// ResourceNames specifies the names of the API resources that this rule encompasses.
	//
	// Create requests cannot be restricted by resourcename, as the object's name
	// is not known at authorization time.
	ResourceNames []string `marker:",optional"`
	// Verbs specifies the (lowercase) kubernetes API verbs that this rule encompasses.
	Verbs []string
	// URL specifies the non-resource URLs that this rule encompasses.
	URLs []string `marker:"urls,optional"`
	// Namespace specifies the scope of the Rule.
	// If not set, the Rule belongs to the generated ClusterRole.
	// If set, the Rule belongs to a Role, whose namespace is specified by this field.
	Namespace string `marker:",optional"`
}

Rule specifies an RBAC rule to all access to some resources or non-resource URLs.

func (Rule) Help ¶ added in v0.4.3

func (Rule) Help() *markers.DefinitionHelp

func (*Rule) ToRule ¶ added in v0.4.3

func (r *Rule) ToRule() rbacv1.PolicyRule

ToRule converts this rule to its Kubernetes API form.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL