package authorizer
import "k8s.io/kubernetes/pkg/kubeapiserver/authorizer"
Index ¶
- func GetNameForAuthorizerMode(mode string) string
- func LoadAndValidateData(data []byte, compiler authorizationcel.Compiler, requireNonWebhookTypes sets.Set[authzconfig.AuthorizerType]) (*authzconfig.AuthorizationConfiguration, error)
- func LoadAndValidateFile(configFile string, compiler authorizationcel.Compiler, requireNonWebhookTypes sets.Set[authzconfig.AuthorizerType]) (*authzconfig.AuthorizationConfiguration, error)
- type Config
Functions ¶
func GetNameForAuthorizerMode ¶
GetNameForAuthorizerMode returns the name to be set for the mode in AuthorizationConfiguration For now, lower cases the mode name
func LoadAndValidateData ¶
func LoadAndValidateData(data []byte, compiler authorizationcel.Compiler, requireNonWebhookTypes sets.Set[authzconfig.AuthorizerType]) (*authzconfig.AuthorizationConfiguration, error)
func LoadAndValidateFile ¶
func LoadAndValidateFile(configFile string, compiler authorizationcel.Compiler, requireNonWebhookTypes sets.Set[authzconfig.AuthorizerType]) (*authzconfig.AuthorizationConfiguration, error)
Types ¶
type Config ¶
type Config struct {
// Path to an ABAC policy file.
PolicyFile string
// WebhookRetryBackoff specifies the backoff parameters for the authorization webhook retry logic.
// This allows us to configure the sleep time at each iteration and the maximum number of retries allowed
// before we fail the webhook call in order to limit the fan out that ensues when the system is degraded.
WebhookRetryBackoff *wait.Backoff
VersionedInformerFactory versionedinformers.SharedInformerFactory
// Optional field, custom dial function used to connect to webhook
CustomDial utilnet.DialFunc
// ReloadFile holds the filename to reload authorization configuration from
ReloadFile string
// AuthorizationConfiguration stores the configuration for the Authorizer chain
// It will deprecate most of the above flags when GA
AuthorizationConfiguration *authzconfig.AuthorizationConfiguration
}
Config contains the data on how to authorize a request to the Kube API Server
func (Config) New ¶
func (config Config) New(ctx context.Context, serverID string) (authorizer.Authorizer, authorizer.RuleResolver, error)
New returns the right sort of union of multiple authorizer.Authorizer objects based on the authorizationMode or an error. stopCh is used to shut down config reload goroutines when the server is shutting down.
Note: the cel compiler construction depends on feature gates and the compatibility version to be initialized.
Source Files ¶
config.go reload.go
Directories ¶
| Path | Synopsis |
|---|---|
| pkg/kubeapiserver/authorizer/modes |
- Version
- v1.33.0 (latest)
- Published
- Apr 23, 2025
- Platform
- linux/amd64
- Imports
- 39 packages
- Last checked
- 3 hours ago –
Tools for package owners.