rbac

package

v0.15.0 Latest Latest Go to latest Published: Apr 22, 2024 License: Apache-2.0 Imports: 7 Imported by: 11

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/controller-tools

Links

Open Source Insights

Documentation ¶

Overview ¶

Package rbac contain libraries for generating RBAC manifests from RBAC markers in Go source files.

The markers take the form:

+kubebuilder:rbac:groups=<groups>,resources=<resources>,resourceNames=<resource names>,verbs=<verbs>,urls=<non resource urls>

Index ¶

Variables
func GenerateRoles(ctx *genall.GenerationContext, roleName string) ([]interface{}, error)
type Generator
type Rule
- func (Rule) Help() *markers.DefinitionHelp
- func (r *Rule) ToRule() rbacv1.PolicyRule

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// RuleDefinition is a marker for defining RBAC rules.
	// Call ToRule on the value to get a Kubernetes RBAC policy rule.
	RuleDefinition = markers.Must(markers.MakeDefinition("kubebuilder:rbac", markers.DescribesPackage, Rule{}))
)

Functions ¶

func GenerateRoles ¶ added in v0.2.0

func GenerateRoles(ctx *genall.GenerationContext, roleName string) ([]interface{}, error)

GenerateRoles generate a slice of objs representing either a ClusterRole or a Role object The order of the objs in the returned slice is stable and determined by their namespaces.

Types ¶

type Generator ¶ added in v0.2.0

type Generator struct {
	// RoleName sets the name of the generated ClusterRole.
	RoleName string

	// HeaderFile specifies the header text (e.g. license) to prepend to generated files.
	HeaderFile string `marker:",optional"`

	// Year specifies the year to substitute for " YEAR" in the header file.
	Year string `marker:",optional"`
}

Generator generates ClusterRole objects.

func (Generator) Generate ¶ added in v0.2.0

func (g Generator) Generate(ctx *genall.GenerationContext) error

func (Generator) Help ¶ added in v0.2.0

func (Generator) Help() *markers.DefinitionHelp

func (Generator) RegisterMarkers ¶ added in v0.2.0

func (Generator) RegisterMarkers(into *markers.Registry) error

type Rule ¶ added in v0.2.0

type Rule struct {
	// Groups specifies the API groups that this rule encompasses.
	Groups []string `marker:",optional"`
	// Resources specifies the API resources that this rule encompasses.
	Resources []string `marker:",optional"`
	// ResourceNames specifies the names of the API resources that this rule encompasses.
	//
	// Create requests cannot be restricted by resourcename, as the object's name
	// is not known at authorization time.
	ResourceNames []string `marker:",optional"`
	// Verbs specifies the (lowercase) kubernetes API verbs that this rule encompasses.
	Verbs []string
	// URL specifies the non-resource URLs that this rule encompasses.
	URLs []string `marker:"urls,optional"`
	// Namespace specifies the scope of the Rule.
	// If not set, the Rule belongs to the generated ClusterRole.
	// If set, the Rule belongs to a Role, whose namespace is specified by this field.
	Namespace string `marker:",optional"`
}

Rule specifies an RBAC rule to all access to some resources or non-resource URLs.

func (Rule) Help ¶ added in v0.2.0

func (Rule) Help() *markers.DefinitionHelp

func (*Rule) ToRule ¶ added in v0.2.0

func (r *Rule) ToRule() rbacv1.PolicyRule

ToRule converts this rule to its Kubernetes API form.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL