- Sort Score
- Result 10 results
- Languages All
Results 1 - 4 of 4 for IsAuthorizedForSignerName (0.27 sec)
-
plugin/pkg/admission/certificates/util.go
*/ package certificates import ( "context" "strings" "k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/klog/v2" ) // IsAuthorizedForSignerName returns true if 'info' is authorized to perform the given // 'verb' on the synthetic 'signers' resource with the given signerName. // If the user does not have permission to perform the 'verb' on the given signerName,
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat May 16 11:54:27 UTC 2020 - 2.6K bytes - Viewed (0) -
plugin/pkg/admission/certificates/approval/admission.go
csr, ok := a.GetOldObject().(*api.CertificateSigningRequest) if !ok { return admission.NewForbidden(a, fmt.Errorf("expected type CertificateSigningRequest, got: %T", a.GetOldObject())) } if !certificates.IsAuthorizedForSignerName(ctx, p.authz, a.GetUserInfo(), "approve", csr.Spec.SignerName) { klog.V(4).Infof("user not permitted to approve CertificateSigningRequest %q with signerName %q", csr.Name, csr.Spec.SignerName)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat May 16 11:54:27 UTC 2020 - 3.2K bytes - Viewed (0) -
plugin/pkg/admission/certificates/signing/admission.go
if reflect.DeepEqual(oldCSR.Status.Certificate, csr.Status.Certificate) && apiequality.Semantic.DeepEqual(oldCSR.Status.Conditions, csr.Status.Conditions) { return nil } if !certificates.IsAuthorizedForSignerName(ctx, p.authz, a.GetUserInfo(), "sign", oldCSR.Spec.SignerName) { klog.V(4).Infof("user not permitted to sign CertificateSigningRequest %q with signerName %q", oldCSR.Name, oldCSR.Spec.SignerName)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu May 28 16:20:40 UTC 2020 - 3.5K bytes - Viewed (0) -
plugin/pkg/admission/certificates/ctbattest/admission.go
if a.GetOperation() == admission.Update && rbac.IsOnlyMutatingGCFields(a.GetObject(), a.GetOldObject(), kapihelper.Semantic) { return nil } if !certificates.IsAuthorizedForSignerName(ctx, p.authz, a.GetUserInfo(), "attest", newBundle.Spec.SignerName) { klog.V(4).Infof("user not permitted to attest ClusterTrustBundle %q with signerName %q", newBundle.Name, newBundle.Spec.SignerName)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Sep 20 16:26:11 UTC 2023 - 4K bytes - Viewed (0)