Documentation
¶
Index ¶
- type Helper
- func (h *Helper) GetUserAllowedModels(user kuser.Info) (map[string]bool, bool, error)
- func (h *Helper) GetUserAllowedTargetModels(user kuser.Info, provider string) (allowed map[string]bool, allowAll bool, _ error)
- func (h *Helper) ResolveTargetModel(provider, targetModel string) (*v1.Model, error)
- func (h *Helper) UserHasAccessToModel(user kuser.Info, modelID string) (bool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Helper ¶
type Helper struct {
// contains filtered or unexported fields
}
func (*Helper) GetUserAllowedModels ¶
getUserAllowedModels returns a set of model IDs that a user can access. If a user is an owner/admin or has been granted access to all models via a wildcard model selector, this method returns nil and true.
func (*Helper) GetUserAllowedTargetModels ¶
func (h *Helper) GetUserAllowedTargetModels(user kuser.Info, provider string) (allowed map[string]bool, allowAll bool, _ error)
GetUserAllowedTargetModels returns the set of provider-native target model ids (v1.Model.Spec.Manifest.TargetModel) for provider that the user is allowed to use. A target is included iff a configured, active model maps to it and the user is allowed that model. This mirrors the access check enforced by the LLM passthrough: a target appears here iff a request for it would succeed.
allowAll reports that the user may use every model (admin/owner or a wildcard model selector). In that case there's nothing to enumerate, so the returned map is nil and callers should skip filtering entirely rather than treat the nil map as "allow nothing".
func (*Helper) ResolveTargetModel ¶
ResolveTargetModel returns the active Model served by provider whose TargetModel matches targetModel, preferring the most recently created when more than one matches. The lookup is served directly from the (provider, targetModel) index, so it doesn't scan all of a provider's models. It is used to resolve external clients' provider-native model ids (e.g. "claude-sonnet-4-5") to a configured model. Returns a NotFound error if no active model matches. The returned Model is owned by the informer cache; treat it as read-only.
func (*Helper) UserHasAccessToModel ¶
UserHasAccessToModel returns true if the user has access to the model. Access is granted when: - The user is an admin or owner - A ModelAccessPolicy with wildcard subject selector (*) includes the model (or uses wildcard model selector) - A ModelAccessPolicy directly references the user and includes the model (or uses wildcard model selector) - A ModelAccessPolicy references a group the user belongs to and includes the model (or uses wildcard model selector)
Source Files