Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 6 of 6 for RuleResolver (0.14 sec)

  2. github.com/kubernetes/kubernetes

    pkg/controlplane/apiserver/config.go 

    		if string(a.Type) == modes.ModeRBAC {
			enablesRBAC = true
			break
		}
	}

	authorizer, ruleResolver, err := authorizationConfig.New(ctx, apiserverID)

	return authorizer, ruleResolver, enablesRBAC, err
}

// CreateConfig takes the generic controlplane apiserver options and
// creates a config for the generic Kube APIs out of it.
func CreateConfig(
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri Jun 07 17:57:37 UTC 2024
    - 14.9K bytes
    - Viewed (0)
  3. github.com/kubernetes/kubernetes

    pkg/registry/rbac/validation/rule.go 

    func ConfirmNoEscalation(ctx context.Context, ruleResolver AuthorizationRuleResolver, rules []rbacv1.PolicyRule) error {
	ruleResolutionErrors := []error{}

	user, ok := genericapirequest.UserFrom(ctx)
	if !ok {
		return fmt.Errorf("no user on context")
	}
	namespace, _ := genericapirequest.NamespaceFrom(ctx)

	ownerRules, err := ruleResolver.RulesFor(user, namespace)
	if err != nil {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Nov 02 16:51:16 UTC 2020
    - 11.6K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    plugin/pkg/auth/authorizer/rbac/rbac_test.go 

    				&defaultAttributes{"admin", "", "get", "pods", "", "ns1", ""},
			},
		},
	}
	for i, tt := range tests {
		ruleResolver, _ := rbacregistryvalidation.NewTestRuleResolver(tt.roles, tt.roleBindings, tt.clusterRoles, tt.clusterRoleBindings)
		a := RBACAuthorizer{ruleResolver}
		for _, attr := range tt.shouldPass {
			if decision, _, _ := a.Authorize(context.Background(), attr); decision != authorizer.DecisionAllow {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue Sep 24 15:14:54 UTC 2019
    - 21.1K bytes
    - Viewed (0)
  5. github.com/kubernetes/kubernetes

    pkg/controlplane/instance.go 

    		authorizationrest.RESTStorageProvider{Authorizer: c.ControlPlane.Generic.Authorization.Authorizer, RuleResolver: c.ControlPlane.Generic.RuleResolver},
		autoscalingrest.RESTStorageProvider{},
		batchrest.RESTStorageProvider{},
		certificatesrest.RESTStorageProvider{},
		coordinationrest.RESTStorageProvider{},
		discoveryrest.StorageProvider{},
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Jun 03 11:50:04 UTC 2024
    - 21.2K bytes
    - Viewed (0)
  6. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/server/config.go 

    	// It does so based on a EgressSelectorConfiguration which was read at startup.
	EgressSelector *egressselector.EgressSelector

	// RuleResolver is required to get the list of rules that apply to a given user
	// in a given namespace
	RuleResolver authorizer.RuleResolver
	// AdmissionControl performs deep inspection of a given request (including content)
	// to set values and determine whether its allowed
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue May 28 08:48:22 UTC 2024
    - 47.7K bytes
    - Viewed (0)
  7. github.com/kubernetes/kubernetes

    plugin/pkg/auth/authorizer/node/node_authorizer.go 

    	nodeRules  []rbacv1.PolicyRule

	// allows overriding for testing
	features featuregate.FeatureGate
}

var _ = authorizer.Authorizer(&NodeAuthorizer{})
var _ = authorizer.RuleResolver(&NodeAuthorizer{})

// NewAuthorizer returns a new node authorizer
func NewAuthorizer(graph *Graph, identifier nodeidentifier.NodeIdentifier, rules []rbacv1.PolicyRule) *NodeAuthorizer {
	return &NodeAuthorizer{
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Thu Mar 07 21:22:55 UTC 2024
    - 16K bytes
    - Viewed (0)
Back to top