authorization

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 23, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	BearerScheme  string = "bearer"
	CertScheme    string = "clientcert"
	UnknownScheme string = "unknown"
)

Variables

This section is empty.

Functions

func HasServiceAccountPrefix added in v0.7.0 

func HasServiceAccountPrefix(idName string) bool

func NewContext 

func NewContext(ctx context.Context, info *Info) context.Context

func SameSubject added in v0.7.0 

func SameSubject(subject rbacv1.Subject, identity Identity) (bool, error)

func ServiceAccountNSAndName added in v0.7.0 

func ServiceAccountNSAndName(serviceAccountSubjectName string) (string, string)

Types

type CachingIdentityProvider 

type CachingIdentityProvider struct {
	// contains filtered or unexported fields
}

func NewCachingIdentityProvider 

func NewCachingIdentityProvider(identityProvider IdentityProvider, identityCache *cache.Expiring) *CachingIdentityProvider

func (*CachingIdentityProvider) GetIdentity 

func (p *CachingIdentityProvider) GetIdentity(ctx context.Context, info Info) (Identity, error)

type CertIdentityInspector 

type CertIdentityInspector interface {
	WhoAmI(context.Context, []byte) (Identity, error)
}

type CertInspector 

type CertInspector struct {
	// contains filtered or unexported fields
}

func NewCertInspector 

func NewCertInspector(restConfig *rest.Config) *CertInspector

func (*CertInspector) WhoAmI 

func (c *CertInspector) WhoAmI(ctx context.Context, certPEM []byte) (Identity, error)

type CertTokenIdentityProvider 

type CertTokenIdentityProvider struct {
	// contains filtered or unexported fields
}

func NewCertTokenIdentityProvider 

func NewCertTokenIdentityProvider(tokenInspector TokenIdentityInspector, certInspector CertIdentityInspector) *CertTokenIdentityProvider

func (*CertTokenIdentityProvider) GetIdentity 

func (p *CertTokenIdentityProvider) GetIdentity(ctx context.Context, info Info) (Identity, error)

type Identity 

type Identity struct {
	Name string
	Kind string
}

func (*Identity) Hash added in v0.5.0 

func (i *Identity) Hash() string

type IdentityProvider 

type IdentityProvider interface {
	GetIdentity(context.Context, Info) (Identity, error)
}

type Info 

type Info struct {
	Token    string
	CertData []byte
}

func InfoFromContext 

func InfoFromContext(ctx context.Context) (Info, bool)

func (Info) Hash 

func (i Info) Hash() string

func (Info) Scheme 

func (i Info) Scheme() string

type InfoParser 

type InfoParser struct{}

func NewInfoParser 

func NewInfoParser() *InfoParser

func (*InfoParser) Parse 

func (p *InfoParser) Parse(authorizationHeader string) (Info, error)

type NamespacePermissions 

type NamespacePermissions struct {
	// contains filtered or unexported fields
}

func NewNamespacePermissions 

func NewNamespacePermissions(privilegedClient client.Client, identityProvider IdentityProvider) *NamespacePermissions

func (*NamespacePermissions) AuthorizedIn 

func (o *NamespacePermissions) AuthorizedIn(ctx context.Context, identity Identity, namespace string) (bool, error)

func (*NamespacePermissions) GetAuthorizedOrgNamespaces 

func (o *NamespacePermissions) GetAuthorizedOrgNamespaces(ctx context.Context, info Info) (map[string]bool, error)

func (*NamespacePermissions) GetAuthorizedSpaceNamespaces 

func (o *NamespacePermissions) GetAuthorizedSpaceNamespaces(ctx context.Context, info Info) (map[string]bool, error)

type TokenIdentityInspector 

type TokenIdentityInspector interface {
	WhoAmI(context.Context, string) (Identity, error)
}

type TokenReviewer 

type TokenReviewer struct {
	// contains filtered or unexported fields
}

func NewTokenReviewer 

func NewTokenReviewer(privilegedClient client.Client) *TokenReviewer

func (*TokenReviewer) WhoAmI 

func (r *TokenReviewer) WhoAmI(ctx context.Context, token string) (Identity, error)

type UnprivilegedClientFactory 

type UnprivilegedClientFactory struct {
	// contains filtered or unexported fields
}

func NewUnprivilegedClientFactory 

func NewUnprivilegedClientFactory(config *rest.Config, mapper meta.RESTMapper, backoff wait.Backoff) UnprivilegedClientFactory

func (UnprivilegedClientFactory) BuildClient 

func (f UnprivilegedClientFactory) BuildClient(authInfo Info) (client.WithWatch, error)

func (UnprivilegedClientFactory) BuildK8sClient 

func (f UnprivilegedClientFactory) BuildK8sClient(authInfo Info) (k8sclient.Interface, error)

type UserK8sClientFactory 

type UserK8sClientFactory interface {
	BuildClient(Info) (client.WithWatch, error)
	BuildK8sClient(info Info) (k8sclient.Interface, error)
}

Source Files

View all Source files

Directories

Path Synopsis
Code generated by counterfeiter.
 Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.