authorizationv1 - Code Search

staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go

			version,
			authorizationv1.SchemeGroupVersion.Version,
			authorizationv1beta1.SchemeGroupVersion.Version,
		)
	}
}

type subjectAccessReviewV1Client struct {
	client rest.Interface
}

func (t *subjectAccessReviewV1Client) Create(ctx context.Context, subjectAccessReview *authorizationv1.SubjectAccessReview, opts metav1.CreateOptions) (result *authorizationv1.SubjectAccessReview, statusCode int, err error) {

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Mon Mar 04 19:01:15 UTC 2024

- 18.4K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook_v1_test.go

type recorderV1Service struct {
	last authorizationv1.SubjectAccessReview
	err  error
}

func (rec *recorderV1Service) Review(r *authorizationv1.SubjectAccessReview) {
	rec.last = authorizationv1.SubjectAccessReview{}
	rec.last = *r
	r.Status.Allowed = true
}

func (rec *recorderV1Service) Last() (authorizationv1.SubjectAccessReview, error) {
	return rec.last, rec.err
}

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Wed Apr 24 18:25:29 UTC 2024

- 43.2K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/credentials/kube/secrets.go

		return cached
	}
	err := func() error {
		resp, err := s.sar.Create(context.Background(), &authorizationv1.SubjectAccessReview{
			ObjectMeta: metav1.ObjectMeta{},
			Spec: authorizationv1.SubjectAccessReviewSpec{
				ResourceAttributes: &authorizationv1.ResourceAttributes{
					Namespace: namespace,
					Verb:      "list",
					Resource:  "secrets",
				},
				User: user,
			},

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Fri Feb 23 19:18:21 UTC 2024

- 10K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/credentials/kube/secrets_test.go

		a := action.(k8stesting.CreateAction).GetObject().(*authorizationv1.SubjectAccessReview)
		if allowed.Contains(a.Spec.User) {
			return true, &authorizationv1.SubjectAccessReview{
				Status: authorizationv1.SubjectAccessReviewStatus{
					Allowed: true,
				},
			}, nil
		}
		return true, &authorizationv1.SubjectAccessReview{
			Status: authorizationv1.SubjectAccessReviewStatus{
				Allowed: false,

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Fri Feb 23 19:18:21 UTC 2024

- 18.4K bytes

- Viewed (0)

github.com/istio/istio

pilot/test/xds/fake.go

}

// DisableAuthorizationForSecret makes the authorization check always pass. Should be used only for tests.
func DisableAuthorizationForSecret(fake *fake.Clientset) {
	fake.Fake.PrependReactor("create", "subjectaccessreviews", func(action k8stesting.Action) (bool, runtime.Object, error) {
		return true, &authorizationv1.SubjectAccessReview{
			Status: authorizationv1.SubjectAccessReviewStatus{
				Allowed: true,
			},
		}, nil

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Mon Jun 10 16:08:52 UTC 2024

- 18.4K bytes

- Viewed (0)

github.com/istio/istio

istioctl/pkg/precheck/precheck.go

		version   string
		resource  string
	}{
		{
			version:  "v1",
			resource: "namespaces",
		},
		{
			group:    "rbac.authorization.k8s.io",
			version:  "v1",
			resource: "clusterroles",
		},
		{
			group:    "rbac.authorization.k8s.io",
			version:  "v1",
			resource: "clusterrolebindings",
		},
		{
			group:    "apiextensions.k8s.io",
			version:  "v1",

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Fri Apr 12 02:57:30 UTC 2024

- 19.3K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

pkg/kubeapiserver/options/authorization.go

	authorizationModeFlag                   = "authorization-mode"
	authorizationWebhookConfigFileFlag      = "authorization-webhook-config-file"
	authorizationWebhookVersionFlag         = "authorization-webhook-version"
	authorizationWebhookAuthorizedTTLFlag   = "authorization-webhook-cache-authorized-ttl"
	authorizationWebhookUnauthorizedTTLFlag = "authorization-webhook-cache-unauthorized-ttl"

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Wed Feb 14 23:09:15 UTC 2024

- 12K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/serviceregistry/kube/controller/ambient/authorization.go

		l = len(requested)
	}
	res := make([]model.WorkloadAuthorization, 0, l)
	for _, cfg := range cfgs {
		k := model.ConfigKey{
			Kind:      kind.AuthorizationPolicy,
			Name:      cfg.Authorization.Name,
			Namespace: cfg.Authorization.Namespace,
		}

		if len(requested) > 0 && !requested.Contains(k) {
			continue
		}
		res = append(res, cfg)
	}
	return res
}

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Mon Apr 15 16:23:36 UTC 2024

- 18.4K bytes

- Viewed (0)

github.com/istio/istio

pkg/workloadapi/security/authorization.pb.go

func (*Authorization) Descriptor() ([]byte, []int) {
	return file_workloadapi_security_authorization_proto_rawDescGZIP(), []int{0}
}

func (x *Authorization) GetName() string {
	if x != nil {
		return x.Name
	}
	return ""
}

func (x *Authorization) GetNamespace() string {
	if x != nil {
		return x.Namespace
	}
	return ""
}

func (x *Authorization) GetScope() Scope {
	if x != nil {
		return x.Scope

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Fri May 31 02:27:10 UTC 2024

- 29.7K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-role-bindings.yaml

apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    creationTimestamp: null
    labels:
      kubernetes.io/bootstrapping: rbac-defaults
    name: system:controller:attachdetach-controller
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: system:controller:attachdetach-controller

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Wed Mar 06 00:00:21 UTC 2024

- 16.9K bytes

- Viewed (0)

Search Options