- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 20 for RuleResolver (0.4 sec)
-
pkg/controlplane/apiserver/config.go
if string(a.Type) == modes.ModeRBAC { enablesRBAC = true break } } authorizer, ruleResolver, err := authorizationConfig.New(ctx, apiserverID) return authorizer, ruleResolver, enablesRBAC, err } // CreateConfig takes the generic controlplane apiserver options and // creates a config for the generic Kube APIs out of it. func CreateConfig(
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Jun 07 17:57:37 UTC 2024 - 14.9K bytes - Viewed (0) -
plugin/pkg/auth/authorizer/rbac/subject_locator_test.go
}, }, }, }, } for _, tt := range tests { ruleResolver, lister := rbacregistryvalidation.NewTestRuleResolver(tt.roles, tt.roleBindings, tt.clusterRoles, tt.clusterRoleBindings) a := SubjectAccessEvaluator{tt.superUser, lister, lister, ruleResolver} for i, action := range tt.actionsToSubjects { actualSubjects, err := a.AllowedSubjects(action.action) if err != nil {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 22 12:17:05 UTC 2018 - 5.6K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/authorization/authorizer/interfaces.go
func (f AuthorizerFunc) Authorize(ctx context.Context, a Attributes) (Decision, string, error) { return f(ctx, a) } // RuleResolver provides a mechanism for resolving the list of rules that apply to a given user within a namespace. type RuleResolver interface { // RulesFor get the list of cluster wide rules, the list of rules in the specific namespace, incomplete status and errors.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jun 06 14:36:14 UTC 2023 - 4.8K bytes - Viewed (0) -
pkg/controlplane/apiserver/apis.go
authorizationrest.RESTStorageProvider{Authorizer: c.Generic.Authorization.Authorizer, RuleResolver: c.Generic.RuleResolver}, certificatesrest.RESTStorageProvider{}, coordinationrest.RESTStorageProvider{}, rbacrest.RESTStorageProvider{Authorizer: c.Generic.Authorization.Authorizer}, svmrest.RESTStorageProvider{},
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Jun 03 11:50:04 UTC 2024 - 6.8K bytes - Viewed (0) -
pkg/registry/rbac/validation/rule_test.go
}, { StaticRoles: staticRoles1, user: &user.DefaultInfo{}, effectiveRules: nil, }, } for i, tc := range tests { ruleResolver := newMockRuleResolver(&tc.StaticRoles) rules, err := ruleResolver.RulesFor(tc.user, tc.namespace) if err != nil { t.Errorf("case %d: GetEffectivePolicyRules(context)=%v", i, err) continue } // Sort for deep equals
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 12 15:46:12 UTC 2023 - 7.9K bytes - Viewed (0) -
pkg/registry/rbac/validation/rule.go
func ConfirmNoEscalation(ctx context.Context, ruleResolver AuthorizationRuleResolver, rules []rbacv1.PolicyRule) error { ruleResolutionErrors := []error{} user, ok := genericapirequest.UserFrom(ctx) if !ok { return fmt.Errorf("no user on context") } namespace, _ := genericapirequest.NamespaceFrom(ctx) ownerRules, err := ruleResolver.RulesFor(user, namespace) if err != nil {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Nov 02 16:51:16 UTC 2020 - 11.6K bytes - Viewed (0) -
plugin/pkg/auth/authorizer/rbac/rbac_test.go
&defaultAttributes{"admin", "", "get", "pods", "", "ns1", ""}, }, }, } for i, tt := range tests { ruleResolver, _ := rbacregistryvalidation.NewTestRuleResolver(tt.roles, tt.roleBindings, tt.clusterRoles, tt.clusterRoleBindings) a := RBACAuthorizer{ruleResolver} for _, attr := range tt.shouldPass { if decision, _, _ := a.Authorize(context.Background(), attr); decision != authorizer.DecisionAllow {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Sep 24 15:14:54 UTC 2019 - 21.1K bytes - Viewed (0) -
pkg/controlplane/instance.go
authorizationrest.RESTStorageProvider{Authorizer: c.ControlPlane.Generic.Authorization.Authorizer, RuleResolver: c.ControlPlane.Generic.RuleResolver}, autoscalingrest.RESTStorageProvider{}, batchrest.RESTStorageProvider{}, certificatesrest.RESTStorageProvider{}, coordinationrest.RESTStorageProvider{}, discoveryrest.StorageProvider{},
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Jun 03 11:50:04 UTC 2024 - 21.2K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/config.go
// It does so based on a EgressSelectorConfiguration which was read at startup. EgressSelector *egressselector.EgressSelector // RuleResolver is required to get the list of rules that apply to a given user // in a given namespace RuleResolver authorizer.RuleResolver // AdmissionControl performs deep inspection of a given request (including content) // to set values and determine whether its allowed
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 28 08:48:22 UTC 2024 - 47.7K bytes - Viewed (0) -
plugin/pkg/auth/authorizer/node/node_authorizer.go
nodeRules []rbacv1.PolicyRule // allows overriding for testing features featuregate.FeatureGate } var _ = authorizer.Authorizer(&NodeAuthorizer{}) var _ = authorizer.RuleResolver(&NodeAuthorizer{}) // NewAuthorizer returns a new node authorizer func NewAuthorizer(graph *Graph, identifier nodeidentifier.NodeIdentifier, rules []rbacv1.PolicyRule) *NodeAuthorizer { return &NodeAuthorizer{
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Mar 07 21:22:55 UTC 2024 - 16K bytes - Viewed (0)