Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Validate ¶
func Validate(config *AuthorizationConfig) error
Validate validates the authorization configuration.
Types ¶
type AuthorizationConfig ¶
type AuthorizationConfig struct {
// Admin contains the configuration for the admin role.
Admin RoleConfig `json:"admin,omitempty"`
// View contains the configuration for the view role.
View RoleConfig `json:"view,omitempty"`
// ProtectedNamespaces contains the list of namespaces that are protected from being modified by the user.
ProtectedNamespaces []ProtectedNamespace `json:"protectedNamespaces,omitempty"`
// ClusterAdmin contains the configuration for the cluster admin role.
ClusterAdmin ClusterAdmin `json:"clusterAdmin,omitempty"`
}
AuthorizationConfig contains the configuration for the authorization controller.
func LoadConfig ¶
func LoadConfig(path string) (*AuthorizationConfig, error)
LoadConfig reads the configuration file from a given path and parses it into an AuthorizationConfig object.
func (*AuthorizationConfig) GetRulesConfig ¶
func (ac *AuthorizationConfig) GetRulesConfig(clusterRoleName string) *RulesConfig
GetRulesConfig returns the rules configuration for the given cluster role name.
func (*AuthorizationConfig) IsAllowedNamespaceName ¶
func (ac *AuthorizationConfig) IsAllowedNamespaceName(name string) bool
IsAllowedNamespaceName returns true if the given namespace name is allowed to be modified by the user.
func (*AuthorizationConfig) SetDefaults ¶
func (ac *AuthorizationConfig) SetDefaults()
SetDefaults sets the default values for the authorization configuration when not set.
type ClusterAdmin ¶
type ClusterAdmin struct {
// ActiveDuration is the duration for which the cluster admin role is active.
ActiveDuration metav1.Duration `json:"activeDuration,omitempty"`
}
ClusterAdmin contains the configuration for the cluster admin role.
type ProtectedNamespace ¶
type ProtectedNamespace struct {
// Exact is the exact namespace name.
Exact string `json:"exact,omitempty"`
// Prefix is the prefix of the namespace name.
Prefix string `json:"prefix,omitempty"`
// Postfix is the postfix of the namespace name.
Postfix string `json:"postfix,omitempty"`
// Pattern is the pattern of the namespace name.
Pattern string `json:"pattern,omitempty"`
// CompiledPattern is the compiled pattern of the namespace name.
// Not serialized.
CompiledPattern *regexp.Regexp `json:"-"`
}
ProtectedNamespace contains the configuration for a protected namespace. If any of the non-empty fields is matched, the namespace is considered protected. The ordering of the matching is as follows: 1. Exact 2. Prefix 3. Postfix 4. Pattern
type RoleConfig ¶
type RoleConfig struct {
// AdditionalSubjects contains the additional subjects for the role.
// They are added to a MCP alongside the subjects specified by the user.
AdditionalSubjects []rbacv1.Subject `json:"additionalSubjects,omitempty"`
// NamespaceScoped contains the configuration for the namespace scoped rules of the role.
NamespaceScoped RulesConfig `json:"namespaceScoped,omitempty"`
// ClusterScoped contains the configuration for the cluster scoped rules of the role.
ClusterScoped RulesConfig `json:"clusterScoped,omitempty"`
}
RoleConfig contains the configuration for a role.
type RulesConfig ¶
type RulesConfig struct {
// Labels are added to the `ClusterRole` that defines the common rules for a user.
Labels map[string]string `json:"labels,omitempty"`
// ClusterRoleSelectors define label selector which aggregate specific `Cluster` to the common `ClusterRole`.
ClusterRoleSelectors []metav1.LabelSelector `json:"clusterRoleSelectors,omitempty"`
// Rules specifies the rules for the role.
Rules []rbacv1.PolicyRule `json:"rules,omitempty"`
}
RulesConfig contains the configuration for the rules of a role.
Source Files