package authorizerfactory

apiserver – k8s.io/apiserver/pkg/authorization/authorizerfactory Index | Files

import "k8s.io/apiserver/pkg/authorization/authorizerfactory"

Index ¶

func NewAlwaysAllowAuthorizer() *alwaysAllowAuthorizer
func NewAlwaysDenyAuthorizer() *alwaysDenyAuthorizer
func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer
func RecordRequestLatency(ctx context.Context, code string, latency float64)
func RecordRequestTotal(ctx context.Context, code string)
type DelegatingAuthorizerConfig

func (c DelegatingAuthorizerConfig) New() (authorizer.Authorizer, error)

Functions ¶

func NewAlwaysAllowAuthorizer ¶

func NewAlwaysAllowAuthorizer() *alwaysAllowAuthorizer

func NewAlwaysDenyAuthorizer ¶

func NewAlwaysDenyAuthorizer() *alwaysDenyAuthorizer

func NewPrivilegedGroups ¶

func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer

NewPrivilegedGroups is for use in loopback scenarios

func RecordRequestLatency ¶

func RecordRequestLatency(ctx context.Context, code string, latency float64)

RecordRequestLatency measures request latency in seconds for the delegated authorization. Broken down by status code.

func RecordRequestTotal ¶

func RecordRequestTotal(ctx context.Context, code string)

RecordRequestTotal increments the total number of requests for the delegated authorization.

Types ¶

type DelegatingAuthorizerConfig ¶

type DelegatingAuthorizerConfig struct {
	SubjectAccessReviewClient authorizationclient.AuthorizationV1Interface

	// AllowCacheTTL is the length of time that a successful authorization response will be cached
	AllowCacheTTL time.Duration

	// DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached.
	// You generally want more responsive, "deny, try again" flows.
	DenyCacheTTL time.Duration

	// WebhookRetryBackoff specifies the backoff parameters for the authorization webhook retry logic.
	// This allows us to configure the sleep time at each iteration and the maximum number of retries allowed
	// before we fail the webhook call in order to limit the fan out that ensues when the system is degraded.
	WebhookRetryBackoff *wait.Backoff
}

DelegatingAuthorizerConfig is the minimal configuration needed to create an authenticator built to delegate authorization to a kube API server

func (DelegatingAuthorizerConfig) New ¶

func (c DelegatingAuthorizerConfig) New() (authorizer.Authorizer, error)

Source Files ¶

builtin.go delegating.go metrics.go

Version: v0.27.0-rc.1
Published: Apr 7, 2023
Platform: js/wasm
Imports: 10 packages
Last checked: 38 seconds ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples