Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PreAuthorizer ¶
type PreAuthorizer interface {
// PreAuthorize validates whether the user satisfies the necessary permissions
// as defined by the RBAC policy. It examines the user’s roles, resource identifiers, and
// the intended action to determine if the operation is allowed. Optional additional required permissions are also evaluated
// against user.
//
// Return Value:
// - nil: indicates that the authorization check passed and the operation is permitted.
// - non-nil error: indicates that an error occurred during the permission evaluation process
// (for example, a failure decoding the manifest or other internal issues). If the evaluation
// completes successfully but identifies missing rules, then a nil error is returned along with
// the list (or slice) of missing rules. Note that in some cases the error may encapsulate multiple
// evaluation failures
PreAuthorize(ctx context.Context, user user.Info, manifestReader io.Reader, additionalRequiredPerms ...UserAuthorizerAttributesFactory) ([]ScopedPolicyRules, error)
}
func NewRBACPreAuthorizer ¶
func NewRBACPreAuthorizer(cl client.Client) PreAuthorizer
type ScopedPolicyRules ¶
type ScopedPolicyRules struct {
Namespace string
MissingRules []rbacv1.PolicyRule
}
type UserAuthorizerAttributesFactory ¶ added in v1.8.0
type UserAuthorizerAttributesFactory func(user user.Info) []authorizer.AttributesRecord
UserAuthorizerAttributesFactory is a function that produces a slice of AttributesRecord for user
Source Files
Click to show internal directories.
Click to hide internal directories.