Documentation
¶
Index ¶
- func NewAlwaysAllowAuthorizer() authorizer.Authorizer
- func NewAlwaysDenyAuthorizer() authorizer.Authorizer
- func NewAlwaysFailAuthorizer() authorizer.Authorizer
- func NewAuthorizerFromAuthorizationConfig(authorizationModes []string, config AuthorizationConfig) (authorizer.Authorizer, error)
- func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer
- type AuthorizationConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAlwaysAllowAuthorizer ¶
func NewAlwaysAllowAuthorizer() authorizer.Authorizer
func NewAlwaysDenyAuthorizer ¶
func NewAlwaysDenyAuthorizer() authorizer.Authorizer
func NewAlwaysFailAuthorizer ¶
func NewAlwaysFailAuthorizer() authorizer.Authorizer
func NewAuthorizerFromAuthorizationConfig ¶
func NewAuthorizerFromAuthorizationConfig(authorizationModes []string, config AuthorizationConfig) (authorizer.Authorizer, error)
NewAuthorizerFromAuthorizationConfig returns the right sort of union of multiple authorizer.Authorizer objects based on the authorizationMode or an error. authorizationMode should be a comma separated values of options.AuthorizationModeChoices.
func NewPrivilegedGroups ¶ added in v1.5.0
func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer
NewPrivilegedGroups is for use in loopback scenarios
Types ¶
type AuthorizationConfig ¶
type AuthorizationConfig struct {
// Path to an ABAC policy file.
PolicyFile string
// Kubeconfig file for Webhook authorization plugin.
WebhookConfigFile string
// TTL for caching of authorized responses from the webhook server.
WebhookCacheAuthorizedTTL time.Duration
// TTL for caching of unauthorized responses from the webhook server.
WebhookCacheUnauthorizedTTL time.Duration
// User which can bootstrap role policies
RBACSuperUser string
InformerFactory informers.SharedInformerFactory
}
Source Files
Click to show internal directories.
Click to hide internal directories.