rbac

package

v0.15.1-0...-d7b79a7 Latest Latest Go to latest Published: Mar 16, 2017 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mbruzek/kubernetes

Documentation ¶

Overview ¶

Package rbac implements the authorizer.Authorizer interface using roles base access control.

Index ¶

func RuleAllows(requestAttributes authorizer.Attributes, rule rbac.PolicyRule) bool
func RulesAllow(requestAttributes authorizer.Attributes, rules ...rbac.PolicyRule) bool
type RBACAuthorizer
- func New(roles rbacregistryvalidation.RoleGetter, ...) *RBACAuthorizer
- func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (bool, string, error)
type RequestToRuleMapper
type RoleToRuleMapper
type SubjectAccessEvaluator
- func NewSubjectAccessEvaluator(roles rbacregistryvalidation.RoleGetter, ...) *SubjectAccessEvaluator
- func (r *SubjectAccessEvaluator) AllowedSubjects(requestAttributes authorizer.Attributes) ([]rbac.Subject, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RuleAllows ¶

func RuleAllows(requestAttributes authorizer.Attributes, rule rbac.PolicyRule) bool

func RulesAllow ¶

func RulesAllow(requestAttributes authorizer.Attributes, rules ...rbac.PolicyRule) bool

Types ¶

type RBACAuthorizer ¶

type RBACAuthorizer struct {
	// contains filtered or unexported fields
}

func New ¶

func New(roles rbacregistryvalidation.RoleGetter, roleBindings rbacregistryvalidation.RoleBindingLister, clusterRoles rbacregistryvalidation.ClusterRoleGetter, clusterRoleBindings rbacregistryvalidation.ClusterRoleBindingLister) *RBACAuthorizer

func (*RBACAuthorizer) Authorize ¶

func (r *RBACAuthorizer) Authorize(requestAttributes authorizer.Attributes) (bool, string, error)

type RequestToRuleMapper ¶

type RequestToRuleMapper interface {
	// RulesFor returns all known PolicyRules and any errors that happened while locating those rules.
	// Any rule returned is still valid, since rules are deny by default.  If you can pass with the rules
	// supplied, you do not have to fail the request.  If you cannot, you should indicate the error along
	// with your denial.
	RulesFor(subject user.Info, namespace string) ([]rbac.PolicyRule, error)
}

type RoleToRuleMapper ¶

type RoleToRuleMapper interface {
	// GetRoleReferenceRules attempts to resolve the role reference of a RoleBinding or ClusterRoleBinding.  The passed namespace should be the namespace
	// of the role binding, the empty string if a cluster role binding.
	GetRoleReferenceRules(roleRef rbac.RoleRef, namespace string) ([]rbac.PolicyRule, error)
}

type SubjectAccessEvaluator ¶

type SubjectAccessEvaluator struct {
	// contains filtered or unexported fields
}

func NewSubjectAccessEvaluator ¶

func NewSubjectAccessEvaluator(roles rbacregistryvalidation.RoleGetter, roleBindings rbacregistryvalidation.RoleBindingLister, clusterRoles rbacregistryvalidation.ClusterRoleGetter, clusterRoleBindings rbacregistryvalidation.ClusterRoleBindingLister, superUser string) *SubjectAccessEvaluator

func (*SubjectAccessEvaluator) AllowedSubjects ¶

func (r *SubjectAccessEvaluator) AllowedSubjects(requestAttributes authorizer.Attributes) ([]rbac.Subject, error)

AllowedSubjects returns the subjects that can perform an action and any errors encountered while computing the list. It is possible to have both subjects and errors returned if some rolebindings couldn't be resolved, but others could be.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
bootstrappolicy

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL