delegated

package

v0.24.0 Latest Latest Go to latest Published: Apr 22, 2024 License: Apache-2.0 Imports: 9 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kcp-dev/kcp

Links

Open Source Insights

Documentation ¶

Index ¶

func NewCachingAuthorizer(client kcpkubernetesclientset.ClusterInterface, auth CachingAuthorizerFunc, ...) *cachingAuthorizer
func NewDelegatedAuthorizer(clusterName logicalcluster.Name, client kcpkubernetesclient.ClusterInterface, ...) (authorizer.Authorizer, error)
type Cache
type CachingAuthorizerFunc
type CachingOptions
type DelegatedAuthorizerFactory
type Options

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewCachingAuthorizer ¶ added in v0.11.0

func NewCachingAuthorizer(client kcpkubernetesclientset.ClusterInterface, auth CachingAuthorizerFunc, opts CachingOptions) *cachingAuthorizer

NewCachingAuthorizer creates a new Authorizer that holds an internal cache of Delegated Authorizer(s).

func NewDelegatedAuthorizer ¶

func NewDelegatedAuthorizer(clusterName logicalcluster.Name, client kcpkubernetesclient.ClusterInterface, opts Options) (authorizer.Authorizer, error)

NewDelegatedAuthorizer returns a new authorizer for use in e.g. admission plugins that delegates to the kube API server via SubjectAccessReview.

Types ¶

type Cache ¶ added in v0.11.0

type Cache interface {
	// Get returns the delegated authorizer for the given logical cluster.
	Get(clusterName logicalcluster.Name) (authorizer.Authorizer, error)
}

Cache contains methods that define a delegated caching authorizer.

type CachingAuthorizerFunc ¶ added in v0.11.0

type CachingAuthorizerFunc func(ctx context.Context, cache Cache, a authorizer.Attributes) (authorizer.Decision, string, error)

CachingAuthorizerFunc looks similar to authorizer.AuthorizerFunc with the additional cache parameter for delegated authorizers.

type CachingOptions ¶ added in v0.11.0

type CachingOptions struct {
	Options

	// TTL is the default time-to-live when a delegated authorizer
	// is stored in the internal cache.
	TTL time.Duration
}

CachingOptions contains options to create a new Delegated Caching Authorizer.

type DelegatedAuthorizerFactory ¶

type DelegatedAuthorizerFactory func(clusterName logicalcluster.Name, client kcpkubernetesclient.ClusterInterface, opts Options) (authorizer.Authorizer, error)

type Options ¶ added in v0.11.0

type Options struct {
	// AllowCacheTTL is the length of time that a successful authorization response will be cached
	AllowCacheTTL time.Duration

	// DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached.
	// You generally want more responsive, "deny, try again" flows.
	DenyCacheTTL time.Duration
}

Options provides options to customize the created DelegatedAuthorizer.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL