Documentation
¶
Index ¶
- Constants
- func IsPersonalAccessReview(a AuthorizationAttributes) (bool, error)
- type AuthorizationAttributeBuilder
- type AuthorizationAttributes
- type Authorizer
- type DefaultAuthorizationAttributes
- func (a DefaultAuthorizationAttributes) GetAPIGroup() string
- func (a DefaultAuthorizationAttributes) GetAPIVersion() string
- func (a DefaultAuthorizationAttributes) GetRequestAttributes() interface{}
- func (a DefaultAuthorizationAttributes) GetResource() string
- func (a DefaultAuthorizationAttributes) GetResourceName() string
- func (a DefaultAuthorizationAttributes) GetURL() string
- func (a DefaultAuthorizationAttributes) GetVerb() string
- func (a DefaultAuthorizationAttributes) IsNonResourceURL() bool
- func (a DefaultAuthorizationAttributes) RuleMatches(rule authorizationapi.PolicyRule) (bool, error)
- type ForbiddenMessageMaker
- type ForbiddenMessageResolver
- type MessageContext
- type RequestInfoResolver
Constants ¶
View Source
const DefaultProjectRequestForbidden = "You may not request a new project via this API."
Variables ¶
This section is empty.
Functions ¶
func IsPersonalAccessReview ¶
func IsPersonalAccessReview(a AuthorizationAttributes) (bool, error)
Types ¶
type AuthorizationAttributeBuilder ¶
type AuthorizationAttributeBuilder interface {
GetAttributes(request *http.Request) (AuthorizationAttributes, error)
}
func NewAuthorizationAttributeBuilder ¶
func NewAuthorizationAttributeBuilder(contextMapper kapi.RequestContextMapper, infoResolver RequestInfoResolver) AuthorizationAttributeBuilder
type AuthorizationAttributes ¶
type AuthorizationAttributes interface {
GetVerb() string
GetAPIVersion() string
GetAPIGroup() string
// GetResource returns the resource type. If IsNonResourceURL() is true, then GetResource() is "".
GetResource() string
GetResourceName() string
// GetRequestAttributes is of type interface{} because different verbs and different Authorizer/AuthorizationAttributeBuilder pairs may have different contract requirements.
GetRequestAttributes() interface{}
// IsNonResourceURL returns true if this is not an action performed against the resource API
IsNonResourceURL() bool
// GetURL returns the URL path being requested, including the leading '/'
GetURL() string
}
type Authorizer ¶
type Authorizer interface {
Authorize(ctx kapi.Context, a AuthorizationAttributes) (allowed bool, reason string, err error)
GetAllowedSubjects(ctx kapi.Context, attributes AuthorizationAttributes) (sets.String, sets.String, error)
}
func NewAuthorizer ¶
func NewAuthorizer(ruleResolver rulevalidation.AuthorizationRuleResolver, forbiddenMessageMaker ForbiddenMessageMaker) Authorizer
type DefaultAuthorizationAttributes ¶
type DefaultAuthorizationAttributes struct {
Verb string
APIVersion string
APIGroup string
Resource string
ResourceName string
RequestAttributes interface{}
NonResourceURL bool
URL string
}
func ToDefaultAuthorizationAttributes ¶ added in v1.0.6
func ToDefaultAuthorizationAttributes(in authorizationapi.AuthorizationAttributes) DefaultAuthorizationAttributes
ToDefaultAuthorizationAttributes coerces AuthorizationAttributes to DefaultAuthorizationAttributes. Namespace is not included because the authorizer takes that information on the context
func (DefaultAuthorizationAttributes) GetAPIGroup ¶ added in v1.0.8
func (a DefaultAuthorizationAttributes) GetAPIGroup() string
func (DefaultAuthorizationAttributes) GetAPIVersion ¶
func (a DefaultAuthorizationAttributes) GetAPIVersion() string
func (DefaultAuthorizationAttributes) GetRequestAttributes ¶
func (a DefaultAuthorizationAttributes) GetRequestAttributes() interface{}
func (DefaultAuthorizationAttributes) GetResource ¶
func (a DefaultAuthorizationAttributes) GetResource() string
func (DefaultAuthorizationAttributes) GetResourceName ¶
func (a DefaultAuthorizationAttributes) GetResourceName() string
func (DefaultAuthorizationAttributes) GetURL ¶
func (a DefaultAuthorizationAttributes) GetURL() string
func (DefaultAuthorizationAttributes) GetVerb ¶
func (a DefaultAuthorizationAttributes) GetVerb() string
func (DefaultAuthorizationAttributes) IsNonResourceURL ¶
func (a DefaultAuthorizationAttributes) IsNonResourceURL() bool
func (DefaultAuthorizationAttributes) RuleMatches ¶
func (a DefaultAuthorizationAttributes) RuleMatches(rule authorizationapi.PolicyRule) (bool, error)
type ForbiddenMessageMaker ¶
type ForbiddenMessageMaker interface {
MakeMessage(ctx MessageContext) (string, error)
}
ForbiddenMessageMaker creates a forbidden message from a MessageContext
type ForbiddenMessageResolver ¶
type ForbiddenMessageResolver struct {
// contains filtered or unexported fields
}
func NewForbiddenMessageResolver ¶
func NewForbiddenMessageResolver(projectRequestForbiddenTemplate string) *ForbiddenMessageResolver
func (*ForbiddenMessageResolver) MakeMessage ¶
func (m *ForbiddenMessageResolver) MakeMessage(ctx MessageContext) (string, error)
type MessageContext ¶
type MessageContext struct {
User user.Info
Namespace string
Attributes AuthorizationAttributes
}
MessageContext contains sufficient information to create a forbidden message. It is bundled in this one object to make it easy and obvious how to build a golang template
type RequestInfoResolver ¶ added in v1.2.0
type RequestInfoResolver interface {
GetRequestInfo(req *http.Request) (kapiserver.RequestInfo, error)
}
func NewBrowserSafeRequestInfoResolver ¶ added in v1.2.0
func NewBrowserSafeRequestInfoResolver(contextMapper kapi.RequestContextMapper, authenticatedGroups sets.String, infoResolver RequestInfoResolver) RequestInfoResolver
Source Files
¶
- attributes.go
- attributes_builder.go
- authorizer.go
- browser_safe_request_info_resolver.go
- interfaces.go
- messages.go
- personal_subjectaccessreview.go
Directories
Click to show internal directories.
Click to hide internal directories.