- Sort Score
- Result 10 results
- Languages All
Results 1 - 6 of 6 for RuleResolver (0.14 sec)
-
pkg/controlplane/apiserver/config.go
if string(a.Type) == modes.ModeRBAC { enablesRBAC = true break } } authorizer, ruleResolver, err := authorizationConfig.New(ctx, apiserverID) return authorizer, ruleResolver, enablesRBAC, err } // CreateConfig takes the generic controlplane apiserver options and // creates a config for the generic Kube APIs out of it. func CreateConfig(
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Jun 07 17:57:37 UTC 2024 - 14.9K bytes - Viewed (0) -
pkg/registry/rbac/validation/rule.go
func ConfirmNoEscalation(ctx context.Context, ruleResolver AuthorizationRuleResolver, rules []rbacv1.PolicyRule) error { ruleResolutionErrors := []error{} user, ok := genericapirequest.UserFrom(ctx) if !ok { return fmt.Errorf("no user on context") } namespace, _ := genericapirequest.NamespaceFrom(ctx) ownerRules, err := ruleResolver.RulesFor(user, namespace) if err != nil {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Nov 02 16:51:16 UTC 2020 - 11.6K bytes - Viewed (0) -
plugin/pkg/auth/authorizer/rbac/rbac_test.go
&defaultAttributes{"admin", "", "get", "pods", "", "ns1", ""}, }, }, } for i, tt := range tests { ruleResolver, _ := rbacregistryvalidation.NewTestRuleResolver(tt.roles, tt.roleBindings, tt.clusterRoles, tt.clusterRoleBindings) a := RBACAuthorizer{ruleResolver} for _, attr := range tt.shouldPass { if decision, _, _ := a.Authorize(context.Background(), attr); decision != authorizer.DecisionAllow {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Sep 24 15:14:54 UTC 2019 - 21.1K bytes - Viewed (0) -
pkg/controlplane/instance.go
authorizationrest.RESTStorageProvider{Authorizer: c.ControlPlane.Generic.Authorization.Authorizer, RuleResolver: c.ControlPlane.Generic.RuleResolver}, autoscalingrest.RESTStorageProvider{}, batchrest.RESTStorageProvider{}, certificatesrest.RESTStorageProvider{}, coordinationrest.RESTStorageProvider{}, discoveryrest.StorageProvider{},
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Jun 03 11:50:04 UTC 2024 - 21.2K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/config.go
// It does so based on a EgressSelectorConfiguration which was read at startup. EgressSelector *egressselector.EgressSelector // RuleResolver is required to get the list of rules that apply to a given user // in a given namespace RuleResolver authorizer.RuleResolver // AdmissionControl performs deep inspection of a given request (including content) // to set values and determine whether its allowed
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 28 08:48:22 UTC 2024 - 47.7K bytes - Viewed (0) -
plugin/pkg/auth/authorizer/node/node_authorizer.go
nodeRules []rbacv1.PolicyRule // allows overriding for testing features featuregate.FeatureGate } var _ = authorizer.Authorizer(&NodeAuthorizer{}) var _ = authorizer.RuleResolver(&NodeAuthorizer{}) // NewAuthorizer returns a new node authorizer func NewAuthorizer(graph *Graph, identifier nodeidentifier.NodeIdentifier, rules []rbacv1.PolicyRule) *NodeAuthorizer { return &NodeAuthorizer{
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Mar 07 21:22:55 UTC 2024 - 16K bytes - Viewed (0)